Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: riscv/sha256 - implement library instead of shash

Instead of providing crypto_shash algorithms for the arch-optimized
SHA-256 code, instead implement the SHA-256 library. This is much
simpler, it makes the SHA-256 library functions be arch-optimized, and
it fixes the longstanding issue where the arch-optimized SHA-256 was
disabled by default. SHA-256 still remains available through
crypto_shash, but individual architectures no longer need to handle it.

To match sha256_blocks_arch(), change the type of the nblocks parameter
of the assembly function from int to size_t. The assembly function
actually already treated it as size_t.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu
bf52d938 1a49c573

+74 -141
-11
arch/riscv/crypto/Kconfig
··· 28 28 Architecture: riscv64 using: 29 29 - Zvkg vector crypto extension 30 30 31 - config CRYPTO_SHA256_RISCV64 32 - tristate "Hash functions: SHA-224 and SHA-256" 33 - depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO 34 - select CRYPTO_SHA256 35 - help 36 - SHA-224 and SHA-256 secure hash algorithm (FIPS 180) 37 - 38 - Architecture: riscv64 using: 39 - - Zvknha or Zvknhb vector crypto extensions 40 - - Zvkb vector crypto extension 41 - 42 31 config CRYPTO_SHA512_RISCV64 43 32 tristate "Hash functions: SHA-384 and SHA-512" 44 33 depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO
-3
arch/riscv/crypto/Makefile
··· 7 7 obj-$(CONFIG_CRYPTO_GHASH_RISCV64) += ghash-riscv64.o 8 8 ghash-riscv64-y := ghash-riscv64-glue.o ghash-riscv64-zvkg.o 9 9 10 - obj-$(CONFIG_CRYPTO_SHA256_RISCV64) += sha256-riscv64.o 11 - sha256-riscv64-y := sha256-riscv64-glue.o sha256-riscv64-zvknha_or_zvknhb-zvkb.o 12 - 13 10 obj-$(CONFIG_CRYPTO_SHA512_RISCV64) += sha512-riscv64.o 14 11 sha512-riscv64-y := sha512-riscv64-glue.o sha512-riscv64-zvknhb-zvkb.o 15 12
-125
arch/riscv/crypto/sha256-riscv64-glue.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-or-later 2 - /* 3 - * SHA-256 and SHA-224 using the RISC-V vector crypto extensions 4 - * 5 - * Copyright (C) 2022 VRULL GmbH 6 - * Author: Heiko Stuebner <heiko.stuebner@vrull.eu> 7 - * 8 - * Copyright (C) 2023 SiFive, Inc. 9 - * Author: Jerry Shih <jerry.shih@sifive.com> 10 - */ 11 - 12 - #include <asm/simd.h> 13 - #include <asm/vector.h> 14 - #include <crypto/internal/hash.h> 15 - #include <crypto/internal/simd.h> 16 - #include <crypto/sha256_base.h> 17 - #include <linux/kernel.h> 18 - #include <linux/module.h> 19 - 20 - /* 21 - * Note: the asm function only uses the 'state' field of struct sha256_state. 22 - * It is assumed to be the first field. 23 - */ 24 - asmlinkage void sha256_transform_zvknha_or_zvknhb_zvkb( 25 - struct crypto_sha256_state *state, const u8 *data, int num_blocks); 26 - 27 - static void sha256_block(struct crypto_sha256_state *state, const u8 *data, 28 - int num_blocks) 29 - { 30 - /* 31 - * Ensure struct crypto_sha256_state begins directly with the SHA-256 32 - * 256-bit internal state, as this is what the asm function expects. 33 - */ 34 - BUILD_BUG_ON(offsetof(struct crypto_sha256_state, state) != 0); 35 - 36 - if (crypto_simd_usable()) { 37 - kernel_vector_begin(); 38 - sha256_transform_zvknha_or_zvknhb_zvkb(state, data, num_blocks); 39 - kernel_vector_end(); 40 - } else 41 - sha256_transform_blocks(state, data, num_blocks); 42 - } 43 - 44 - static int riscv64_sha256_update(struct shash_desc *desc, const u8 *data, 45 - unsigned int len) 46 - { 47 - return sha256_base_do_update_blocks(desc, data, len, sha256_block); 48 - } 49 - 50 - static int riscv64_sha256_finup(struct shash_desc *desc, const u8 *data, 51 - unsigned int len, u8 *out) 52 - { 53 - sha256_base_do_finup(desc, data, len, sha256_block); 54 - return sha256_base_finish(desc, out); 55 - } 56 - 57 - static int riscv64_sha256_digest(struct shash_desc *desc, const u8 *data, 58 - unsigned int len, u8 *out) 59 - { 60 - return sha256_base_init(desc) ?: 61 - riscv64_sha256_finup(desc, data, len, out); 62 - } 63 - 64 - static struct shash_alg riscv64_sha256_algs[] = { 65 - { 66 - .init = sha256_base_init, 67 - .update = riscv64_sha256_update, 68 - .finup = riscv64_sha256_finup, 69 - .digest = riscv64_sha256_digest, 70 - .descsize = sizeof(struct crypto_sha256_state), 71 - .digestsize = SHA256_DIGEST_SIZE, 72 - .base = { 73 - .cra_blocksize = SHA256_BLOCK_SIZE, 74 - .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | 75 - CRYPTO_AHASH_ALG_FINUP_MAX, 76 - .cra_priority = 300, 77 - .cra_name = "sha256", 78 - .cra_driver_name = "sha256-riscv64-zvknha_or_zvknhb-zvkb", 79 - .cra_module = THIS_MODULE, 80 - }, 81 - }, { 82 - .init = sha224_base_init, 83 - .update = riscv64_sha256_update, 84 - .finup = riscv64_sha256_finup, 85 - .descsize = sizeof(struct crypto_sha256_state), 86 - .digestsize = SHA224_DIGEST_SIZE, 87 - .base = { 88 - .cra_blocksize = SHA224_BLOCK_SIZE, 89 - .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | 90 - CRYPTO_AHASH_ALG_FINUP_MAX, 91 - .cra_priority = 300, 92 - .cra_name = "sha224", 93 - .cra_driver_name = "sha224-riscv64-zvknha_or_zvknhb-zvkb", 94 - .cra_module = THIS_MODULE, 95 - }, 96 - }, 97 - }; 98 - 99 - static int __init riscv64_sha256_mod_init(void) 100 - { 101 - /* Both zvknha and zvknhb provide the SHA-256 instructions. */ 102 - if ((riscv_isa_extension_available(NULL, ZVKNHA) || 103 - riscv_isa_extension_available(NULL, ZVKNHB)) && 104 - riscv_isa_extension_available(NULL, ZVKB) && 105 - riscv_vector_vlen() >= 128) 106 - return crypto_register_shashes(riscv64_sha256_algs, 107 - ARRAY_SIZE(riscv64_sha256_algs)); 108 - 109 - return -ENODEV; 110 - } 111 - 112 - static void __exit riscv64_sha256_mod_exit(void) 113 - { 114 - crypto_unregister_shashes(riscv64_sha256_algs, 115 - ARRAY_SIZE(riscv64_sha256_algs)); 116 - } 117 - 118 - module_init(riscv64_sha256_mod_init); 119 - module_exit(riscv64_sha256_mod_exit); 120 - 121 - MODULE_DESCRIPTION("SHA-256 (RISC-V accelerated)"); 122 - MODULE_AUTHOR("Heiko Stuebner <heiko.stuebner@vrull.eu>"); 123 - MODULE_LICENSE("GPL"); 124 - MODULE_ALIAS_CRYPTO("sha256"); 125 - MODULE_ALIAS_CRYPTO("sha224");
+2 -2
arch/riscv/crypto/sha256-riscv64-zvknha_or_zvknhb-zvkb.S arch/riscv/lib/crypto/sha256-riscv64-zvknha_or_zvknhb-zvkb.S
··· 106 106 sha256_4rounds \last, \k3, W3, W0, W1, W2 107 107 .endm 108 108 109 - // void sha256_transform_zvknha_or_zvknhb_zvkb(u32 state[8], const u8 *data, 110 - // int num_blocks); 109 + // void sha256_transform_zvknha_or_zvknhb_zvkb(u32 state[SHA256_STATE_WORDS], 110 + // const u8 *data, size_t nblocks); 111 111 SYM_FUNC_START(sha256_transform_zvknha_or_zvknhb_zvkb) 112 112 113 113 // Load the round constants into K0-K15.
+7
arch/riscv/lib/crypto/Kconfig
··· 6 6 default CRYPTO_LIB_CHACHA 7 7 select CRYPTO_ARCH_HAVE_LIB_CHACHA 8 8 select CRYPTO_LIB_CHACHA_GENERIC 9 + 10 + config CRYPTO_SHA256_RISCV64 11 + tristate 12 + depends on 64BIT && RISCV_ISA_V && TOOLCHAIN_HAS_VECTOR_CRYPTO 13 + default CRYPTO_LIB_SHA256 14 + select CRYPTO_ARCH_HAVE_LIB_SHA256 15 + select CRYPTO_LIB_SHA256_GENERIC
+3
arch/riscv/lib/crypto/Makefile
··· 2 2 3 3 obj-$(CONFIG_CRYPTO_CHACHA_RISCV64) += chacha-riscv64.o 4 4 chacha-riscv64-y := chacha-riscv64-glue.o chacha-riscv64-zvkb.o 5 + 6 + obj-$(CONFIG_CRYPTO_SHA256_RISCV64) += sha256-riscv64.o 7 + sha256-riscv64-y := sha256.o sha256-riscv64-zvknha_or_zvknhb-zvkb.o
+62
arch/riscv/lib/crypto/sha256.c
··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* 3 + * SHA-256 (RISC-V accelerated) 4 + * 5 + * Copyright (C) 2022 VRULL GmbH 6 + * Author: Heiko Stuebner <heiko.stuebner@vrull.eu> 7 + * 8 + * Copyright (C) 2023 SiFive, Inc. 9 + * Author: Jerry Shih <jerry.shih@sifive.com> 10 + */ 11 + 12 + #include <asm/simd.h> 13 + #include <asm/vector.h> 14 + #include <crypto/internal/sha2.h> 15 + #include <crypto/internal/simd.h> 16 + #include <linux/kernel.h> 17 + #include <linux/module.h> 18 + 19 + asmlinkage void sha256_transform_zvknha_or_zvknhb_zvkb( 20 + u32 state[SHA256_STATE_WORDS], const u8 *data, size_t nblocks); 21 + 22 + static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_extensions); 23 + 24 + void sha256_blocks_arch(u32 state[SHA256_STATE_WORDS], 25 + const u8 *data, size_t nblocks) 26 + { 27 + if (static_branch_likely(&have_extensions) && crypto_simd_usable()) { 28 + kernel_vector_begin(); 29 + sha256_transform_zvknha_or_zvknhb_zvkb(state, data, nblocks); 30 + kernel_vector_end(); 31 + } else { 32 + sha256_blocks_generic(state, data, nblocks); 33 + } 34 + } 35 + EXPORT_SYMBOL(sha256_blocks_arch); 36 + 37 + bool sha256_is_arch_optimized(void) 38 + { 39 + return static_key_enabled(&have_extensions); 40 + } 41 + EXPORT_SYMBOL(sha256_is_arch_optimized); 42 + 43 + static int __init riscv64_sha256_mod_init(void) 44 + { 45 + /* Both zvknha and zvknhb provide the SHA-256 instructions. */ 46 + if ((riscv_isa_extension_available(NULL, ZVKNHA) || 47 + riscv_isa_extension_available(NULL, ZVKNHB)) && 48 + riscv_isa_extension_available(NULL, ZVKB) && 49 + riscv_vector_vlen() >= 128) 50 + static_branch_enable(&have_extensions); 51 + return 0; 52 + } 53 + arch_initcall(riscv64_sha256_mod_init); 54 + 55 + static void __exit riscv64_sha256_mod_exit(void) 56 + { 57 + } 58 + module_exit(riscv64_sha256_mod_exit); 59 + 60 + MODULE_DESCRIPTION("SHA-256 (RISC-V accelerated)"); 61 + MODULE_AUTHOR("Heiko Stuebner <heiko.stuebner@vrull.eu>"); 62 + MODULE_LICENSE("GPL");