tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: qat - Use library to prepare HMAC keys

To prepare HMAC keys, just use the library functions instead of
crypto_shash. This is much simpler, avoids depending on the fragile
export_core and import_core methods, and is faster too.

Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu 408cf485 a710a71c

+63 -139
+3 -4
drivers/crypto/intel/qat/Kconfig
··· 6 6 select CRYPTO_SKCIPHER 7 7 select CRYPTO_AKCIPHER 8 8 select CRYPTO_DH 9 - select CRYPTO_HMAC 10 9 select CRYPTO_RSA 11 - select CRYPTO_SHA1 12 - select CRYPTO_SHA256 13 - select CRYPTO_SHA512 14 10 select CRYPTO_LIB_AES 11 + select CRYPTO_LIB_SHA1 12 + select CRYPTO_LIB_SHA256 13 + select CRYPTO_LIB_SHA512 15 14 select FW_LOADER 16 15 select CRC8 17 16
+60 -135
drivers/crypto/intel/qat/qat_common/qat_algs.c
··· 5 5 #include <linux/crypto.h> 6 6 #include <crypto/internal/aead.h> 7 7 #include <crypto/internal/cipher.h> 8 - #include <crypto/internal/hash.h> 9 8 #include <crypto/internal/skcipher.h> 10 9 #include <crypto/aes.h> 11 10 #include <crypto/sha1.h> 12 11 #include <crypto/sha2.h> 13 - #include <crypto/hmac.h> 14 12 #include <crypto/algapi.h> 15 13 #include <crypto/authenc.h> 16 14 #include <crypto/scatterwalk.h> ··· 66 68 dma_addr_t dec_cd_paddr; 67 69 struct icp_qat_fw_la_bulk_req enc_fw_req; 68 70 struct icp_qat_fw_la_bulk_req dec_fw_req; 69 - struct crypto_shash *hash_tfm; 70 71 enum icp_qat_hw_auth_algo qat_hash_alg; 72 + unsigned int hash_digestsize; 73 + unsigned int hash_blocksize; 71 74 struct qat_crypto_instance *inst; 72 - union { 73 - struct sha1_state sha1; 74 - struct sha256_state sha256; 75 - struct sha512_state sha512; 76 - }; 77 - char ipad[SHA512_BLOCK_SIZE]; /* sufficient for SHA-1/SHA-256 as well */ 78 - char opad[SHA512_BLOCK_SIZE]; 79 75 }; 80 76 81 77 struct qat_alg_skcipher_ctx { ··· 86 94 int mode; 87 95 }; 88 96 89 - static int qat_get_inter_state_size(enum icp_qat_hw_auth_algo qat_hash_alg) 90 - { 91 - switch (qat_hash_alg) { 92 - case ICP_QAT_HW_AUTH_ALGO_SHA1: 93 - return ICP_QAT_HW_SHA1_STATE1_SZ; 94 - case ICP_QAT_HW_AUTH_ALGO_SHA256: 95 - return ICP_QAT_HW_SHA256_STATE1_SZ; 96 - case ICP_QAT_HW_AUTH_ALGO_SHA512: 97 - return ICP_QAT_HW_SHA512_STATE1_SZ; 98 - default: 99 - return -EFAULT; 100 - } 101 - } 102 - 103 97 static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, 104 98 struct qat_alg_aead_ctx *ctx, 105 99 const u8 *auth_key, 106 100 unsigned int auth_keylen) 107 101 { 108 - SHASH_DESC_ON_STACK(shash, ctx->hash_tfm); 109 - int block_size = crypto_shash_blocksize(ctx->hash_tfm); 110 - int digest_size = crypto_shash_digestsize(ctx->hash_tfm); 111 - __be32 *hash_state_out; 112 - __be64 *hash512_state_out; 113 - int i, offset; 114 - 115 - memset(ctx->ipad, 0, block_size); 116 - memset(ctx->opad, 0, block_size); 117 - shash->tfm = ctx->hash_tfm; 118 - 119 - if (auth_keylen > block_size) { 120 - int ret = crypto_shash_digest(shash, auth_key, 121 - auth_keylen, ctx->ipad); 122 - if (ret) 123 - return ret; 124 - 125 - memcpy(ctx->opad, ctx->ipad, digest_size); 126 - } else { 127 - memcpy(ctx->ipad, auth_key, auth_keylen); 128 - memcpy(ctx->opad, auth_key, auth_keylen); 129 - } 130 - 131 - for (i = 0; i < block_size; i++) { 132 - char *ipad_ptr = ctx->ipad + i; 133 - char *opad_ptr = ctx->opad + i; 134 - *ipad_ptr ^= HMAC_IPAD_VALUE; 135 - *opad_ptr ^= HMAC_OPAD_VALUE; 136 - } 137 - 138 - if (crypto_shash_init(shash)) 139 - return -EFAULT; 140 - 141 - if (crypto_shash_update(shash, ctx->ipad, block_size)) 142 - return -EFAULT; 143 - 144 - hash_state_out = (__be32 *)hash->sha.state1; 145 - hash512_state_out = (__be64 *)hash_state_out; 146 - 147 102 switch (ctx->qat_hash_alg) { 148 - case ICP_QAT_HW_AUTH_ALGO_SHA1: 149 - if (crypto_shash_export_core(shash, &ctx->sha1)) 150 - return -EFAULT; 151 - for (i = 0; i < digest_size >> 2; i++, hash_state_out++) 152 - *hash_state_out = cpu_to_be32(ctx->sha1.state[i]); 153 - break; 154 - case ICP_QAT_HW_AUTH_ALGO_SHA256: 155 - if (crypto_shash_export_core(shash, &ctx->sha256)) 156 - return -EFAULT; 157 - for (i = 0; i < digest_size >> 2; i++, hash_state_out++) 158 - *hash_state_out = cpu_to_be32(ctx->sha256.state[i]); 159 - break; 160 - case ICP_QAT_HW_AUTH_ALGO_SHA512: 161 - if (crypto_shash_export_core(shash, &ctx->sha512)) 162 - return -EFAULT; 163 - for (i = 0; i < digest_size >> 3; i++, hash512_state_out++) 164 - *hash512_state_out = cpu_to_be64(ctx->sha512.state[i]); 165 - break; 103 + case ICP_QAT_HW_AUTH_ALGO_SHA1: { 104 + struct hmac_sha1_key key; 105 + __be32 *istate = (__be32 *)hash->sha.state1; 106 + __be32 *ostate = (__be32 *)(hash->sha.state1 + 107 + round_up(sizeof(key.istate.h), 8)); 108 + 109 + hmac_sha1_preparekey(&key, auth_key, auth_keylen); 110 + for (int i = 0; i < ARRAY_SIZE(key.istate.h); i++) { 111 + istate[i] = cpu_to_be32(key.istate.h[i]); 112 + ostate[i] = cpu_to_be32(key.ostate.h[i]); 113 + } 114 + memzero_explicit(&key, sizeof(key)); 115 + return 0; 116 + } 117 + case ICP_QAT_HW_AUTH_ALGO_SHA256: { 118 + struct hmac_sha256_key key; 119 + __be32 *istate = (__be32 *)hash->sha.state1; 120 + __be32 *ostate = (__be32 *)(hash->sha.state1 + 121 + sizeof(key.key.istate.h)); 122 + 123 + hmac_sha256_preparekey(&key, auth_key, auth_keylen); 124 + for (int i = 0; i < ARRAY_SIZE(key.key.istate.h); i++) { 125 + istate[i] = cpu_to_be32(key.key.istate.h[i]); 126 + ostate[i] = cpu_to_be32(key.key.ostate.h[i]); 127 + } 128 + memzero_explicit(&key, sizeof(key)); 129 + return 0; 130 + } 131 + case ICP_QAT_HW_AUTH_ALGO_SHA512: { 132 + struct hmac_sha512_key key; 133 + __be64 *istate = (__be64 *)hash->sha.state1; 134 + __be64 *ostate = (__be64 *)(hash->sha.state1 + 135 + sizeof(key.key.istate.h)); 136 + 137 + hmac_sha512_preparekey(&key, auth_key, auth_keylen); 138 + for (int i = 0; i < ARRAY_SIZE(key.key.istate.h); i++) { 139 + istate[i] = cpu_to_be64(key.key.istate.h[i]); 140 + ostate[i] = cpu_to_be64(key.key.ostate.h[i]); 141 + } 142 + memzero_explicit(&key, sizeof(key)); 143 + return 0; 144 + } 166 145 default: 167 146 return -EFAULT; 168 147 } 169 - 170 - if (crypto_shash_init(shash)) 171 - return -EFAULT; 172 - 173 - if (crypto_shash_update(shash, ctx->opad, block_size)) 174 - return -EFAULT; 175 - 176 - offset = round_up(qat_get_inter_state_size(ctx->qat_hash_alg), 8); 177 - if (offset < 0) 178 - return -EFAULT; 179 - 180 - hash_state_out = (__be32 *)(hash->sha.state1 + offset); 181 - hash512_state_out = (__be64 *)hash_state_out; 182 - 183 - switch (ctx->qat_hash_alg) { 184 - case ICP_QAT_HW_AUTH_ALGO_SHA1: 185 - if (crypto_shash_export_core(shash, &ctx->sha1)) 186 - return -EFAULT; 187 - for (i = 0; i < digest_size >> 2; i++, hash_state_out++) 188 - *hash_state_out = cpu_to_be32(ctx->sha1.state[i]); 189 - break; 190 - case ICP_QAT_HW_AUTH_ALGO_SHA256: 191 - if (crypto_shash_export_core(shash, &ctx->sha256)) 192 - return -EFAULT; 193 - for (i = 0; i < digest_size >> 2; i++, hash_state_out++) 194 - *hash_state_out = cpu_to_be32(ctx->sha256.state[i]); 195 - break; 196 - case ICP_QAT_HW_AUTH_ALGO_SHA512: 197 - if (crypto_shash_export_core(shash, &ctx->sha512)) 198 - return -EFAULT; 199 - for (i = 0; i < digest_size >> 3; i++, hash512_state_out++) 200 - *hash512_state_out = cpu_to_be64(ctx->sha512.state[i]); 201 - break; 202 - default: 203 - return -EFAULT; 204 - } 205 - memzero_explicit(ctx->ipad, block_size); 206 - memzero_explicit(ctx->opad, block_size); 207 - return 0; 208 148 } 209 149 210 150 static void qat_alg_init_common_hdr(struct icp_qat_fw_comn_req_hdr *header) ··· 183 259 ICP_QAT_HW_AUTH_CONFIG_BUILD(ICP_QAT_HW_AUTH_MODE1, 184 260 ctx->qat_hash_alg, digestsize); 185 261 hash->sha.inner_setup.auth_counter.counter = 186 - cpu_to_be32(crypto_shash_blocksize(ctx->hash_tfm)); 262 + cpu_to_be32(ctx->hash_blocksize); 187 263 188 264 if (qat_alg_do_precomputes(hash, ctx, keys->authkey, keys->authkeylen)) 189 265 return -EFAULT; ··· 250 326 struct icp_qat_hw_cipher_algo_blk *cipher = 251 327 (struct icp_qat_hw_cipher_algo_blk *)((char *)dec_ctx + 252 328 sizeof(struct icp_qat_hw_auth_setup) + 253 - roundup(crypto_shash_digestsize(ctx->hash_tfm), 8) * 2); 329 + roundup(ctx->hash_digestsize, 8) * 2); 254 330 struct icp_qat_fw_la_bulk_req *req_tmpl = &ctx->dec_fw_req; 255 331 struct icp_qat_fw_comn_req_hdr_cd_pars *cd_pars = &req_tmpl->cd_pars; 256 332 struct icp_qat_fw_comn_req_hdr *header = &req_tmpl->comn_hdr; ··· 270 346 ctx->qat_hash_alg, 271 347 digestsize); 272 348 hash->sha.inner_setup.auth_counter.counter = 273 - cpu_to_be32(crypto_shash_blocksize(ctx->hash_tfm)); 349 + cpu_to_be32(ctx->hash_blocksize); 274 350 275 351 if (qat_alg_do_precomputes(hash, ctx, keys->authkey, keys->authkeylen)) 276 352 return -EFAULT; ··· 292 368 cipher_cd_ctrl->cipher_state_sz = AES_BLOCK_SIZE >> 3; 293 369 cipher_cd_ctrl->cipher_cfg_offset = 294 370 (sizeof(struct icp_qat_hw_auth_setup) + 295 - roundup(crypto_shash_digestsize(ctx->hash_tfm), 8) * 2) >> 3; 371 + roundup(ctx->hash_digestsize, 8) * 2) >> 3; 296 372 ICP_QAT_FW_COMN_CURR_ID_SET(cipher_cd_ctrl, ICP_QAT_FW_SLICE_CIPHER); 297 373 ICP_QAT_FW_COMN_NEXT_ID_SET(cipher_cd_ctrl, ICP_QAT_FW_SLICE_DRAM_WR); 298 374 ··· 1074 1150 } 1075 1151 1076 1152 static int qat_alg_aead_init(struct crypto_aead *tfm, 1077 - enum icp_qat_hw_auth_algo hash, 1078 - const char *hash_name) 1153 + enum icp_qat_hw_auth_algo hash_alg, 1154 + unsigned int hash_digestsize, 1155 + unsigned int hash_blocksize) 1079 1156 { 1080 1157 struct qat_alg_aead_ctx *ctx = crypto_aead_ctx(tfm); 1081 1158 1082 - ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0); 1083 - if (IS_ERR(ctx->hash_tfm)) 1084 - return PTR_ERR(ctx->hash_tfm); 1085 - ctx->qat_hash_alg = hash; 1159 + ctx->qat_hash_alg = hash_alg; 1160 + ctx->hash_digestsize = hash_digestsize; 1161 + ctx->hash_blocksize = hash_blocksize; 1086 1162 crypto_aead_set_reqsize(tfm, sizeof(struct qat_crypto_request)); 1087 1163 return 0; 1088 1164 } 1089 1165 1090 1166 static int qat_alg_aead_sha1_init(struct crypto_aead *tfm) 1091 1167 { 1092 - return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA1, "sha1"); 1168 + return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA1, 1169 + SHA1_DIGEST_SIZE, SHA1_BLOCK_SIZE); 1093 1170 } 1094 1171 1095 1172 static int qat_alg_aead_sha256_init(struct crypto_aead *tfm) 1096 1173 { 1097 - return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA256, "sha256"); 1174 + return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA256, 1175 + SHA256_DIGEST_SIZE, SHA256_BLOCK_SIZE); 1098 1176 } 1099 1177 1100 1178 static int qat_alg_aead_sha512_init(struct crypto_aead *tfm) 1101 1179 { 1102 - return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA512, "sha512"); 1180 + return qat_alg_aead_init(tfm, ICP_QAT_HW_AUTH_ALGO_SHA512, 1181 + SHA512_DIGEST_SIZE, SHA512_BLOCK_SIZE); 1103 1182 } 1104 1183 1105 1184 static void qat_alg_aead_exit(struct crypto_aead *tfm) ··· 1110 1183 struct qat_alg_aead_ctx *ctx = crypto_aead_ctx(tfm); 1111 1184 struct qat_crypto_instance *inst = ctx->inst; 1112 1185 struct device *dev; 1113 - 1114 - crypto_free_shash(ctx->hash_tfm); 1115 1186 1116 1187 if (!inst) 1117 1188 return;