tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: arm64/sha3-ce - Use API partial block handling

Use the Crypto API partial block handling.

Also remove the unnecessary SIMD fallback path.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu b333c273 8ba81fef

+49 -63
+46 -61
arch/arm64/crypto/sha3-ce-glue.c
··· 12 12 #include <asm/hwcap.h> 13 13 #include <asm/neon.h> 14 14 #include <asm/simd.h> 15 - #include <linux/unaligned.h> 16 15 #include <crypto/internal/hash.h> 17 - #include <crypto/internal/simd.h> 18 16 #include <crypto/sha3.h> 19 17 #include <linux/cpufeature.h> 20 - #include <linux/crypto.h> 18 + #include <linux/kernel.h> 21 19 #include <linux/module.h> 20 + #include <linux/string.h> 21 + #include <linux/unaligned.h> 22 22 23 23 MODULE_DESCRIPTION("SHA3 secure hash using ARMv8 Crypto Extensions"); 24 24 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); ··· 35 35 unsigned int len) 36 36 { 37 37 struct sha3_state *sctx = shash_desc_ctx(desc); 38 - unsigned int digest_size = crypto_shash_digestsize(desc->tfm); 38 + struct crypto_shash *tfm = desc->tfm; 39 + unsigned int bs, ds; 40 + int blocks; 39 41 40 - if (!crypto_simd_usable()) 41 - return crypto_sha3_update(desc, data, len); 42 + ds = crypto_shash_digestsize(tfm); 43 + bs = crypto_shash_blocksize(tfm); 44 + blocks = len / bs; 45 + len -= blocks * bs; 46 + do { 47 + int rem; 42 48 43 - if ((sctx->partial + len) >= sctx->rsiz) { 44 - int blocks; 45 - 46 - if (sctx->partial) { 47 - int p = sctx->rsiz - sctx->partial; 48 - 49 - memcpy(sctx->buf + sctx->partial, data, p); 50 - kernel_neon_begin(); 51 - sha3_ce_transform(sctx->st, sctx->buf, 1, digest_size); 52 - kernel_neon_end(); 53 - 54 - data += p; 55 - len -= p; 56 - sctx->partial = 0; 57 - } 58 - 59 - blocks = len / sctx->rsiz; 60 - len %= sctx->rsiz; 61 - 62 - while (blocks) { 63 - int rem; 64 - 65 - kernel_neon_begin(); 66 - rem = sha3_ce_transform(sctx->st, data, blocks, 67 - digest_size); 68 - kernel_neon_end(); 69 - data += (blocks - rem) * sctx->rsiz; 70 - blocks = rem; 71 - } 72 - } 73 - 74 - if (len) { 75 - memcpy(sctx->buf + sctx->partial, data, len); 76 - sctx->partial += len; 77 - } 78 - return 0; 49 + kernel_neon_begin(); 50 + rem = sha3_ce_transform(sctx->st, data, blocks, ds); 51 + kernel_neon_end(); 52 + data += (blocks - rem) * bs; 53 + blocks = rem; 54 + } while (blocks); 55 + return len; 79 56 } 80 57 81 - static int sha3_final(struct shash_desc *desc, u8 *out) 58 + static int sha3_finup(struct shash_desc *desc, const u8 *src, unsigned int len, 59 + u8 *out) 82 60 { 83 61 struct sha3_state *sctx = shash_desc_ctx(desc); 84 - unsigned int digest_size = crypto_shash_digestsize(desc->tfm); 62 + struct crypto_shash *tfm = desc->tfm; 85 63 __le64 *digest = (__le64 *)out; 64 + u8 block[SHA3_224_BLOCK_SIZE]; 65 + unsigned int bs, ds; 86 66 int i; 87 67 88 - if (!crypto_simd_usable()) 89 - return crypto_sha3_final(desc, out); 68 + ds = crypto_shash_digestsize(tfm); 69 + bs = crypto_shash_blocksize(tfm); 70 + memcpy(block, src, len); 90 71 91 - sctx->buf[sctx->partial++] = 0x06; 92 - memset(sctx->buf + sctx->partial, 0, sctx->rsiz - sctx->partial); 93 - sctx->buf[sctx->rsiz - 1] |= 0x80; 72 + block[len++] = 0x06; 73 + memset(block + len, 0, bs - len); 74 + block[bs - 1] |= 0x80; 94 75 95 76 kernel_neon_begin(); 96 - sha3_ce_transform(sctx->st, sctx->buf, 1, digest_size); 77 + sha3_ce_transform(sctx->st, block, 1, ds); 97 78 kernel_neon_end(); 79 + memzero_explicit(block , sizeof(block)); 98 80 99 - for (i = 0; i < digest_size / 8; i++) 81 + for (i = 0; i < ds / 8; i++) 100 82 put_unaligned_le64(sctx->st[i], digest++); 101 83 102 - if (digest_size & 4) 84 + if (ds & 4) 103 85 put_unaligned_le32(sctx->st[i], (__le32 *)digest); 104 86 105 - memzero_explicit(sctx, sizeof(*sctx)); 106 87 return 0; 107 88 } 108 89 ··· 91 110 .digestsize = SHA3_224_DIGEST_SIZE, 92 111 .init = crypto_sha3_init, 93 112 .update = sha3_update, 94 - .final = sha3_final, 95 - .descsize = sizeof(struct sha3_state), 113 + .finup = sha3_finup, 114 + .descsize = SHA3_STATE_SIZE, 96 115 .base.cra_name = "sha3-224", 97 116 .base.cra_driver_name = "sha3-224-ce", 117 + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 98 118 .base.cra_blocksize = SHA3_224_BLOCK_SIZE, 99 119 .base.cra_module = THIS_MODULE, 100 120 .base.cra_priority = 200, ··· 103 121 .digestsize = SHA3_256_DIGEST_SIZE, 104 122 .init = crypto_sha3_init, 105 123 .update = sha3_update, 106 - .final = sha3_final, 107 - .descsize = sizeof(struct sha3_state), 124 + .finup = sha3_finup, 125 + .descsize = SHA3_STATE_SIZE, 108 126 .base.cra_name = "sha3-256", 109 127 .base.cra_driver_name = "sha3-256-ce", 128 + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 110 129 .base.cra_blocksize = SHA3_256_BLOCK_SIZE, 111 130 .base.cra_module = THIS_MODULE, 112 131 .base.cra_priority = 200, ··· 115 132 .digestsize = SHA3_384_DIGEST_SIZE, 116 133 .init = crypto_sha3_init, 117 134 .update = sha3_update, 118 - .final = sha3_final, 119 - .descsize = sizeof(struct sha3_state), 135 + .finup = sha3_finup, 136 + .descsize = SHA3_STATE_SIZE, 120 137 .base.cra_name = "sha3-384", 121 138 .base.cra_driver_name = "sha3-384-ce", 139 + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 122 140 .base.cra_blocksize = SHA3_384_BLOCK_SIZE, 123 141 .base.cra_module = THIS_MODULE, 124 142 .base.cra_priority = 200, ··· 127 143 .digestsize = SHA3_512_DIGEST_SIZE, 128 144 .init = crypto_sha3_init, 129 145 .update = sha3_update, 130 - .final = sha3_final, 131 - .descsize = sizeof(struct sha3_state), 146 + .finup = sha3_finup, 147 + .descsize = SHA3_STATE_SIZE, 132 148 .base.cra_name = "sha3-512", 133 149 .base.cra_driver_name = "sha3-512-ce", 150 + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 134 151 .base.cra_blocksize = SHA3_512_BLOCK_SIZE, 135 152 .base.cra_module = THIS_MODULE, 136 153 .base.cra_priority = 200,
-1
arch/s390/crypto/sha.h
··· 14 14 #include <linux/types.h> 15 15 16 16 /* must be big enough for the largest SHA variant */ 17 - #define SHA3_STATE_SIZE 200 18 17 #define CPACF_MAX_PARMBLOCK_SIZE SHA3_STATE_SIZE 19 18 #define SHA_MAX_BLOCK_SIZE SHA3_224_BLOCK_SIZE 20 19 #define S390_SHA_CTX_SIZE offsetof(struct s390_sha_ctx, buf)
+3 -1
include/crypto/sha3.h
··· 17 17 #define SHA3_512_DIGEST_SIZE (512 / 8) 18 18 #define SHA3_512_BLOCK_SIZE (200 - 2 * SHA3_512_DIGEST_SIZE) 19 19 20 + #define SHA3_STATE_SIZE 200 21 + 20 22 struct sha3_state { 21 - u64 st[25]; 23 + u64 st[SHA3_STATE_SIZE / 8]; 22 24 unsigned int rsiz; 23 25 unsigned int rsizw; 24 26