tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: s390/sha512 - Use API partial block handling

Use the Crypto API partial block handling.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu 572b5c46 2d0d18d8

+47 -136
+9 -5
arch/s390/crypto/sha.h
··· 10 10 #ifndef _CRYPTO_ARCH_S390_SHA_H 11 11 #define _CRYPTO_ARCH_S390_SHA_H 12 12 13 + #include <crypto/sha2.h> 13 14 #include <crypto/sha3.h> 14 15 #include <linux/types.h> 15 16 16 17 /* must be big enough for the largest SHA variant */ 17 18 #define CPACF_MAX_PARMBLOCK_SIZE SHA3_STATE_SIZE 18 19 #define SHA_MAX_BLOCK_SIZE SHA3_224_BLOCK_SIZE 19 - #define S390_SHA_CTX_SIZE offsetof(struct s390_sha_ctx, buf) 20 + #define S390_SHA_CTX_SIZE sizeof(struct s390_sha_ctx) 20 21 21 22 struct s390_sha_ctx { 22 23 u64 count; /* message length in bytes */ 23 - u32 state[CPACF_MAX_PARMBLOCK_SIZE / sizeof(u32)]; 24 + union { 25 + u32 state[CPACF_MAX_PARMBLOCK_SIZE / sizeof(u32)]; 26 + struct { 27 + u64 state[SHA512_DIGEST_SIZE]; 28 + u64 count_hi; 29 + } sha512; 30 + }; 24 31 int func; /* KIMD function to use */ 25 32 bool first_message_part; 26 - u8 buf[SHA_MAX_BLOCK_SIZE]; 27 33 }; 28 34 29 35 struct shash_desc; 30 36 31 - int s390_sha_update(struct shash_desc *desc, const u8 *data, unsigned int len); 32 37 int s390_sha_update_blocks(struct shash_desc *desc, const u8 *data, 33 38 unsigned int len); 34 - int s390_sha_final(struct shash_desc *desc, u8 *out); 35 39 int s390_sha_finup(struct shash_desc *desc, const u8 *src, unsigned int len, 36 40 u8 *out); 37 41
+23 -22
arch/s390/crypto/sha512_s390.c
··· 7 7 * Copyright IBM Corp. 2007 8 8 * Author(s): Jan Glauber (jang@de.ibm.com) 9 9 */ 10 + #include <asm/cpacf.h> 10 11 #include <crypto/internal/hash.h> 11 12 #include <crypto/sha2.h> 13 + #include <linux/cpufeature.h> 12 14 #include <linux/errno.h> 13 - #include <linux/init.h> 14 15 #include <linux/kernel.h> 15 16 #include <linux/module.h> 16 - #include <linux/cpufeature.h> 17 - #include <asm/cpacf.h> 18 17 19 18 #include "sha.h" 20 19 ··· 21 22 { 22 23 struct s390_sha_ctx *ctx = shash_desc_ctx(desc); 23 24 24 - *(__u64 *)&ctx->state[0] = SHA512_H0; 25 - *(__u64 *)&ctx->state[2] = SHA512_H1; 26 - *(__u64 *)&ctx->state[4] = SHA512_H2; 27 - *(__u64 *)&ctx->state[6] = SHA512_H3; 28 - *(__u64 *)&ctx->state[8] = SHA512_H4; 29 - *(__u64 *)&ctx->state[10] = SHA512_H5; 30 - *(__u64 *)&ctx->state[12] = SHA512_H6; 31 - *(__u64 *)&ctx->state[14] = SHA512_H7; 25 + ctx->sha512.state[0] = SHA512_H0; 26 + ctx->sha512.state[2] = SHA512_H1; 27 + ctx->sha512.state[4] = SHA512_H2; 28 + ctx->sha512.state[6] = SHA512_H3; 29 + ctx->sha512.state[8] = SHA512_H4; 30 + ctx->sha512.state[10] = SHA512_H5; 31 + ctx->sha512.state[12] = SHA512_H6; 32 + ctx->sha512.state[14] = SHA512_H7; 32 33 ctx->count = 0; 34 + ctx->sha512.count_hi = 0; 33 35 ctx->func = CPACF_KIMD_SHA_512; 34 36 35 37 return 0; ··· 42 42 struct sha512_state *octx = out; 43 43 44 44 octx->count[0] = sctx->count; 45 - octx->count[1] = 0; 45 + octx->count[1] = sctx->sha512.count_hi; 46 46 memcpy(octx->state, sctx->state, sizeof(octx->state)); 47 - memcpy(octx->buf, sctx->buf, sizeof(octx->buf)); 48 47 return 0; 49 48 } 50 49 ··· 52 53 struct s390_sha_ctx *sctx = shash_desc_ctx(desc); 53 54 const struct sha512_state *ictx = in; 54 55 55 - if (unlikely(ictx->count[1])) 56 - return -ERANGE; 57 56 sctx->count = ictx->count[0]; 57 + sctx->sha512.count_hi = ictx->count[1]; 58 58 59 59 memcpy(sctx->state, ictx->state, sizeof(ictx->state)); 60 - memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); 61 60 sctx->func = CPACF_KIMD_SHA_512; 62 61 return 0; 63 62 } ··· 63 66 static struct shash_alg sha512_alg = { 64 67 .digestsize = SHA512_DIGEST_SIZE, 65 68 .init = sha512_init, 66 - .update = s390_sha_update, 67 - .final = s390_sha_final, 69 + .update = s390_sha_update_blocks, 70 + .finup = s390_sha_finup, 68 71 .export = sha512_export, 69 72 .import = sha512_import, 70 73 .descsize = sizeof(struct s390_sha_ctx), 71 - .statesize = sizeof(struct sha512_state), 74 + .statesize = SHA512_STATE_SIZE, 72 75 .base = { 73 76 .cra_name = "sha512", 74 77 .cra_driver_name= "sha512-s390", 75 78 .cra_priority = 300, 79 + .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | 80 + CRYPTO_AHASH_ALG_FINUP_MAX, 76 81 .cra_blocksize = SHA512_BLOCK_SIZE, 77 82 .cra_module = THIS_MODULE, 78 83 } ··· 103 104 static struct shash_alg sha384_alg = { 104 105 .digestsize = SHA384_DIGEST_SIZE, 105 106 .init = sha384_init, 106 - .update = s390_sha_update, 107 - .final = s390_sha_final, 107 + .update = s390_sha_update_blocks, 108 + .finup = s390_sha_finup, 108 109 .export = sha512_export, 109 110 .import = sha512_import, 110 111 .descsize = sizeof(struct s390_sha_ctx), 111 - .statesize = sizeof(struct sha512_state), 112 + .statesize = SHA512_STATE_SIZE, 112 113 .base = { 113 114 .cra_name = "sha384", 114 115 .cra_driver_name= "sha384-s390", 115 116 .cra_priority = 300, 116 117 .cra_blocksize = SHA384_BLOCK_SIZE, 118 + .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | 119 + CRYPTO_AHASH_ALG_FINUP_MAX, 117 120 .cra_ctxsize = sizeof(struct s390_sha_ctx), 118 121 .cra_module = THIS_MODULE, 119 122 }
+15 -109
arch/s390/crypto/sha_common.c
··· 13 13 #include <asm/cpacf.h> 14 14 #include "sha.h" 15 15 16 - int s390_sha_update(struct shash_desc *desc, const u8 *data, unsigned int len) 17 - { 18 - struct s390_sha_ctx *ctx = shash_desc_ctx(desc); 19 - unsigned int bsize = crypto_shash_blocksize(desc->tfm); 20 - unsigned int index, n; 21 - int fc; 22 - 23 - /* how much is already in the buffer? */ 24 - index = ctx->count % bsize; 25 - ctx->count += len; 26 - 27 - if ((index + len) < bsize) 28 - goto store; 29 - 30 - fc = ctx->func; 31 - if (ctx->first_message_part) 32 - fc |= CPACF_KIMD_NIP; 33 - 34 - /* process one stored block */ 35 - if (index) { 36 - memcpy(ctx->buf + index, data, bsize - index); 37 - cpacf_kimd(fc, ctx->state, ctx->buf, bsize); 38 - ctx->first_message_part = 0; 39 - fc &= ~CPACF_KIMD_NIP; 40 - data += bsize - index; 41 - len -= bsize - index; 42 - index = 0; 43 - } 44 - 45 - /* process as many blocks as possible */ 46 - if (len >= bsize) { 47 - n = (len / bsize) * bsize; 48 - cpacf_kimd(fc, ctx->state, data, n); 49 - ctx->first_message_part = 0; 50 - data += n; 51 - len -= n; 52 - } 53 - store: 54 - if (len) 55 - memcpy(ctx->buf + index , data, len); 56 - 57 - return 0; 58 - } 59 - EXPORT_SYMBOL_GPL(s390_sha_update); 60 - 61 16 int s390_sha_update_blocks(struct shash_desc *desc, const u8 *data, 62 17 unsigned int len) 63 18 { ··· 28 73 /* process as many blocks as possible */ 29 74 n = (len / bsize) * bsize; 30 75 ctx->count += n; 76 + switch (ctx->func) { 77 + case CPACF_KLMD_SHA_512: 78 + case CPACF_KLMD_SHA3_384: 79 + if (ctx->count < n) 80 + ctx->sha512.count_hi++; 81 + break; 82 + } 31 83 cpacf_kimd(fc, ctx->state, data, n); 32 84 ctx->first_message_part = 0; 33 85 return len - n; ··· 60 98 } 61 99 } 62 100 63 - int s390_sha_final(struct shash_desc *desc, u8 *out) 64 - { 65 - struct s390_sha_ctx *ctx = shash_desc_ctx(desc); 66 - unsigned int bsize = crypto_shash_blocksize(desc->tfm); 67 - u64 bits; 68 - unsigned int n; 69 - int mbl_offset, fc; 70 - 71 - n = ctx->count % bsize; 72 - bits = ctx->count * 8; 73 - mbl_offset = s390_crypto_shash_parmsize(ctx->func); 74 - if (mbl_offset < 0) 75 - return -EINVAL; 76 - 77 - mbl_offset = mbl_offset / sizeof(u32); 78 - 79 - /* set total msg bit length (mbl) in CPACF parmblock */ 80 - switch (ctx->func) { 81 - case CPACF_KLMD_SHA_1: 82 - case CPACF_KLMD_SHA_256: 83 - memcpy(ctx->state + mbl_offset, &bits, sizeof(bits)); 84 - break; 85 - case CPACF_KLMD_SHA_512: 86 - /* 87 - * the SHA512 parmblock has a 128-bit mbl field, clear 88 - * high-order u64 field, copy bits to low-order u64 field 89 - */ 90 - memset(ctx->state + mbl_offset, 0x00, sizeof(bits)); 91 - mbl_offset += sizeof(u64) / sizeof(u32); 92 - memcpy(ctx->state + mbl_offset, &bits, sizeof(bits)); 93 - break; 94 - case CPACF_KLMD_SHA3_224: 95 - case CPACF_KLMD_SHA3_256: 96 - case CPACF_KLMD_SHA3_384: 97 - case CPACF_KLMD_SHA3_512: 98 - break; 99 - default: 100 - return -EINVAL; 101 - } 102 - 103 - fc = ctx->func; 104 - fc |= test_facility(86) ? CPACF_KLMD_DUFOP : 0; 105 - if (ctx->first_message_part) 106 - fc |= CPACF_KLMD_NIP; 107 - cpacf_klmd(fc, ctx->state, ctx->buf, n); 108 - 109 - /* copy digest to out */ 110 - memcpy(out, ctx->state, crypto_shash_digestsize(desc->tfm)); 111 - /* wipe context */ 112 - memset(ctx, 0, sizeof *ctx); 113 - 114 - return 0; 115 - } 116 - EXPORT_SYMBOL_GPL(s390_sha_final); 117 - 118 101 int s390_sha_finup(struct shash_desc *desc, const u8 *src, unsigned int len, 119 102 u8 *out) 120 103 { ··· 78 171 79 172 /* set total msg bit length (mbl) in CPACF parmblock */ 80 173 switch (ctx->func) { 174 + case CPACF_KLMD_SHA_512: 175 + /* The SHA512 parmblock has a 128-bit mbl field. */ 176 + if (ctx->count < len) 177 + ctx->sha512.count_hi++; 178 + ctx->sha512.count_hi <<= 3; 179 + ctx->sha512.count_hi |= ctx->count >> 61; 180 + mbl_offset += sizeof(u64) / sizeof(u32); 181 + fallthrough; 81 182 case CPACF_KLMD_SHA_1: 82 183 case CPACF_KLMD_SHA_256: 83 - memcpy(ctx->state + mbl_offset, &bits, sizeof(bits)); 84 - break; 85 - case CPACF_KLMD_SHA_512: 86 - /* 87 - * the SHA512 parmblock has a 128-bit mbl field, clear 88 - * high-order u64 field, copy bits to low-order u64 field 89 - */ 90 - memset(ctx->state + mbl_offset, 0x00, sizeof(bits)); 91 - mbl_offset += sizeof(u64) / sizeof(u32); 92 184 memcpy(ctx->state + mbl_offset, &bits, sizeof(bits)); 93 185 break; 94 186 case CPACF_KLMD_SHA3_224: