From patchwork Sat Mar 28 22:10:24 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 6114401 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id A89C3BF4A6 for ; Sat, 28 Mar 2015 22:10:49 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 9D87C2035E for ; Sat, 28 Mar 2015 22:10:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9335A2034B for ; Sat, 28 Mar 2015 22:10:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752425AbbC1WKr (ORCPT ); Sat, 28 Mar 2015 18:10:47 -0400 Received: from mail-wi0-f174.google.com ([209.85.212.174]:36205 "EHLO mail-wi0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752389AbbC1WKq (ORCPT ); Sat, 28 Mar 2015 18:10:46 -0400 Received: by wibg7 with SMTP id g7so63066063wib.1 for ; Sat, 28 Mar 2015 15:10:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=j4yJZfDrIKoXr9iCHbCFondl5b7hiy9ENZK9hZVn+l8=; b=dFqjj9lAqOc+C2urzXdQM9Xqf22JTHVmlmH4B/EoblazO/QNw/eUVcUCGwbeTiRb10 c4gb2pdxdPrkBZ7AA1lJ8XYFoqDqufOQ39+qe6I4bXXf23Csu2H4eV3ykVnP0jHSe55Z 3tIpEU506fOZGuqPNotPTPsAIRrOu04ouymAF8qxXUWdPQJjmh6/+H2/zQtEEyX8HmZE Dqr+vE0FviSMZO0nAQXRVnUwzk0DlhyI7Q0wnwZ/BCSosYd1FpibrwB7Ds8MmP+4mj4o 1+j1Hqvz0KZ2xp/6zlYxDkCXrdGR4PmLI1+AnW3zsuifj8fpLi1lA6e8DDEnAwNo03yv X+cQ== X-Gm-Message-State: ALoCoQlUZ2xyyhKYTgP3MP0OT7scQQ1lWMALjbJER2iACiwfOtn8x1crBOxdeZPEfalQ9v4HKy+L X-Received: by 10.180.78.202 with SMTP id d10mr8838464wix.25.1427580645250; Sat, 28 Mar 2015 15:10:45 -0700 (PDT) Received: from ards-macbook-pro.local ([90.174.5.202]) by mx.google.com with ESMTPSA id i5sm8776803wiz.0.2015.03.28.15.10.42 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 28 Mar 2015 15:10:44 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, samitolvanen@google.com, herbert@gondor.apana.org.au, jussi.kivilinna@iki.fi Cc: Ard Biesheuvel Subject: [RFC PATCH 2/6] crypto: sha512-generic: move to generic glue implementation Date: Sat, 28 Mar 2015 23:10:24 +0100 Message-Id: <1427580628-7128-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1427580628-7128-1-git-send-email-ard.biesheuvel@linaro.org> References: <1427580628-7128-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This updated the generic SHA-512 implementation to use the generic shared SHA-512 glue code. Signed-off-by: Ard Biesheuvel --- crypto/Kconfig | 1 + crypto/sha512_generic.c | 117 +++++++----------------------------------------- 2 files changed, 16 insertions(+), 102 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 3400cf4e3cdb..880aa518c2eb 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -646,6 +646,7 @@ config CRYPTO_SHA512_BASE config CRYPTO_SHA512 tristate "SHA384 and SHA512 digest algorithms" + select CRYPTO_SHA512_BASE select CRYPTO_HASH help SHA512 secure hash standard (DFIPS 180-2). diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c index 1c3c3767e079..0d8e973d0d4b 100644 --- a/crypto/sha512_generic.c +++ b/crypto/sha512_generic.c @@ -130,123 +130,36 @@ sha512_transform(u64 *state, const u8 *input) a = b = c = d = e = f = g = h = t1 = t2 = 0; } -static int -sha512_init(struct shash_desc *desc) -{ - struct sha512_state *sctx = shash_desc_ctx(desc); - sctx->state[0] = SHA512_H0; - sctx->state[1] = SHA512_H1; - sctx->state[2] = SHA512_H2; - sctx->state[3] = SHA512_H3; - sctx->state[4] = SHA512_H4; - sctx->state[5] = SHA512_H5; - sctx->state[6] = SHA512_H6; - sctx->state[7] = SHA512_H7; - sctx->count[0] = sctx->count[1] = 0; - - return 0; -} - -static int -sha384_init(struct shash_desc *desc) +static void sha512_generic_block_fn(int blocks, u8 const *src, u64 *state, + const u8 *head, void *p) { - struct sha512_state *sctx = shash_desc_ctx(desc); - sctx->state[0] = SHA384_H0; - sctx->state[1] = SHA384_H1; - sctx->state[2] = SHA384_H2; - sctx->state[3] = SHA384_H3; - sctx->state[4] = SHA384_H4; - sctx->state[5] = SHA384_H5; - sctx->state[6] = SHA384_H6; - sctx->state[7] = SHA384_H7; - sctx->count[0] = sctx->count[1] = 0; + if (head) + sha512_transform(state, head); - return 0; + while (blocks--) { + sha512_transform(state, src); + src += SHA512_BLOCK_SIZE; + } } int crypto_sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len) { - struct sha512_state *sctx = shash_desc_ctx(desc); - - unsigned int i, index, part_len; - - /* Compute number of bytes mod 128 */ - index = sctx->count[0] & 0x7f; - - /* Update number of bytes */ - if ((sctx->count[0] += len) < len) - sctx->count[1]++; - - part_len = 128 - index; - - /* Transform as many times as possible. */ - if (len >= part_len) { - memcpy(&sctx->buf[index], data, part_len); - sha512_transform(sctx->state, sctx->buf); - - for (i = part_len; i + 127 < len; i+=128) - sha512_transform(sctx->state, &data[i]); - - index = 0; - } else { - i = 0; - } - - /* Buffer remaining input */ - memcpy(&sctx->buf[index], &data[i], len - i); - - return 0; + return sha512_base_do_update(desc, data, len, sha512_generic_block_fn, + NULL); } EXPORT_SYMBOL(crypto_sha512_update); static int sha512_final(struct shash_desc *desc, u8 *hash) { - struct sha512_state *sctx = shash_desc_ctx(desc); - static u8 padding[128] = { 0x80, }; - __be64 *dst = (__be64 *)hash; - __be64 bits[2]; - unsigned int index, pad_len; - int i; - - /* Save number of bits */ - bits[1] = cpu_to_be64(sctx->count[0] << 3); - bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61); - - /* Pad out to 112 mod 128. */ - index = sctx->count[0] & 0x7f; - pad_len = (index < 112) ? (112 - index) : ((128+112) - index); - crypto_sha512_update(desc, padding, pad_len); - - /* Append length (before padding) */ - crypto_sha512_update(desc, (const u8 *)bits, sizeof(bits)); - - /* Store state in digest */ - for (i = 0; i < 8; i++) - dst[i] = cpu_to_be64(sctx->state[i]); - - /* Zeroize sensitive information. */ - memset(sctx, 0, sizeof(struct sha512_state)); - - return 0; -} - -static int sha384_final(struct shash_desc *desc, u8 *hash) -{ - u8 D[64]; - - sha512_final(desc, D); - - memcpy(hash, D, 48); - memzero_explicit(D, 64); - - return 0; + sha512_base_do_finalize(desc, sha512_generic_block_fn, NULL); + return sha512_base_finish(desc, hash); } static struct shash_alg sha512_algs[2] = { { .digestsize = SHA512_DIGEST_SIZE, - .init = sha512_init, + .init = sha512_base_init, .update = crypto_sha512_update, .final = sha512_final, .descsize = sizeof(struct sha512_state), @@ -259,9 +172,9 @@ static struct shash_alg sha512_algs[2] = { { } }, { .digestsize = SHA384_DIGEST_SIZE, - .init = sha384_init, + .init = sha384_base_init, .update = crypto_sha512_update, - .final = sha384_final, + .final = sha512_final, .descsize = sizeof(struct sha512_state), .base = { .cra_name = "sha384",