From patchwork Mon Mar 30 09:48:20 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 6119361 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 0510DBF4A6 for ; Mon, 30 Mar 2015 09:48:58 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id EDD7920353 for ; Mon, 30 Mar 2015 09:48:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B22EB2035B for ; Mon, 30 Mar 2015 09:48:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752491AbbC3Jsz (ORCPT ); Mon, 30 Mar 2015 05:48:55 -0400 Received: from mail-wi0-f179.google.com ([209.85.212.179]:32990 "EHLO mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751482AbbC3Jsy (ORCPT ); Mon, 30 Mar 2015 05:48:54 -0400 Received: by wixm2 with SMTP id m2so82139399wix.0 for ; Mon, 30 Mar 2015 02:48:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=blFImqKYmZtJT801hVJ3bP/AfMIular33cUuxUyQg9c=; b=O0zdI0EM+ILr3umJa8lrstaL/KmV1S2W0h2q7EzUXPHJAbw2SzRF3Fj2ZLNxAdOXh4 N5apS/Lsr4rKeFc2/G28qBu7m+IxqzpilNOP0KIHkiFt/Abf80roDrnK+rLPPUF+nwQQ /RKUT3qT+Z8+Q6pe78CdSRplnuJYPwV3OleYu53rcz/NtxLToXoJrjexaSA/ks2igtgn 4BT51Ts8rBeSJwVsymNLwt1fF2MaLnNlriDflFufWc6bwPnpQdbcTVzI/l4YkWUlQVAZ wDwl93LuzbDT0QcHbfaiO4JjV9lrH1zzECXSlmzXOnKm6UkvQOdqI80O1dvb5vacfoUP cMCA== X-Gm-Message-State: ALoCoQmtFWckxSIPpjyHfjiCa4oXtX4I1Wi9sJYFMn7peK0U4KHE3oPY3w6ZhL+sULAbVQkxVrGp X-Received: by 10.194.109.9 with SMTP id ho9mr60960977wjb.29.1427708933079; Mon, 30 Mar 2015 02:48:53 -0700 (PDT) Received: from ards-macbook-pro.local (129.20.90.92.rev.sfr.net. [92.90.20.129]) by mx.google.com with ESMTPSA id eo1sm14912443wib.16.2015.03.30.02.48.49 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 30 Mar 2015 02:48:52 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, samitolvanen@google.com, herbert@gondor.apana.org.au, jussi.kivilinna@iki.fi, stockhausen@collogia.de, x86@kernel.org Cc: Ard Biesheuvel Subject: [PATCH v2 resend 01/14] crypto: sha512: implement base layer for SHA-512 Date: Mon, 30 Mar 2015 11:48:20 +0200 Message-Id: <1427708913-29678-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org> References: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP To reduce the number of copies of boilerplate code throughout the tree, this patch implements generic glue for the SHA-512 algorithm. This allows a specific arch or hardware implementation to only implement the special handling that it needs. Signed-off-by: Ard Biesheuvel --- crypto/Kconfig | 3 ++ crypto/Makefile | 1 + crypto/sha512_base.c | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++ include/crypto/sha.h | 20 +++++++ 4 files changed, 167 insertions(+) create mode 100644 crypto/sha512_base.c diff --git a/crypto/Kconfig b/crypto/Kconfig index 88639937a934..3400cf4e3cdb 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -641,6 +641,9 @@ config CRYPTO_SHA256_SPARC64 SHA-256 secure hash standard (DFIPS 180-2) implemented using sparc64 crypto instructions, when available. +config CRYPTO_SHA512_BASE + tristate + config CRYPTO_SHA512 tristate "SHA384 and SHA512 digest algorithms" select CRYPTO_HASH diff --git a/crypto/Makefile b/crypto/Makefile index 97b7d3ac87e7..6174bf2592fe 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -45,6 +45,7 @@ obj-$(CONFIG_CRYPTO_RMD256) += rmd256.o obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o +obj-$(CONFIG_CRYPTO_SHA512_BASE) += sha512_base.o obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o obj-$(CONFIG_CRYPTO_WP512) += wp512.o obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o diff --git a/crypto/sha512_base.c b/crypto/sha512_base.c new file mode 100644 index 000000000000..9a60829e06c4 --- /dev/null +++ b/crypto/sha512_base.c @@ -0,0 +1,143 @@ +/* + * sha512_base.c - core logic for SHA-512 implementations + * + * Copyright (C) 2015 Linaro Ltd + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include +#include +#include +#include + +#include + +int crypto_sha384_base_init(struct shash_desc *desc) +{ + static const u64 sha384_init_state[] = { + SHA384_H0, SHA384_H1, SHA384_H2, SHA384_H3, + SHA384_H4, SHA384_H5, SHA384_H6, SHA384_H7, + }; + struct sha512_state *sctx = shash_desc_ctx(desc); + + memcpy(sctx->state, sha384_init_state, sizeof(sctx->state)); + sctx->count[0] = sctx->count[1] = 0; + return 0; +} +EXPORT_SYMBOL(crypto_sha384_base_init); + +int crypto_sha512_base_init(struct shash_desc *desc) +{ + static const u64 sha512_init_state[] = { + SHA512_H0, SHA512_H1, SHA512_H2, SHA512_H3, + SHA512_H4, SHA512_H5, SHA512_H6, SHA512_H7, + }; + struct sha512_state *sctx = shash_desc_ctx(desc); + + memcpy(sctx->state, sha512_init_state, sizeof(sctx->state)); + sctx->count[0] = sctx->count[1] = 0; + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_init); + +int crypto_sha512_base_export(struct shash_desc *desc, void *out) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + struct sha512_state *dst = out; + + *dst = *sctx; + + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_export); + +int crypto_sha512_base_import(struct shash_desc *desc, const void *in) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + struct sha512_state const *src = in; + + *sctx = *src; + + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_import); + +int crypto_sha512_base_do_update(struct shash_desc *desc, const u8 *data, + unsigned int len, sha512_block_fn *block_fn, + void *p) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; + + sctx->count[0] += len; + if (sctx->count[0] < len) + sctx->count[1]++; + + if (unlikely((partial + len) >= SHA512_BLOCK_SIZE)) { + int blocks; + + if (partial) { + int p = SHA512_BLOCK_SIZE - partial; + + memcpy(sctx->buf + partial, data, p); + data += p; + len -= p; + } + + blocks = len / SHA512_BLOCK_SIZE; + len %= SHA512_BLOCK_SIZE; + + block_fn(blocks, data, sctx->state, + partial ? sctx->buf : NULL, p); + data += blocks * SHA512_BLOCK_SIZE; + partial = 0; + } + if (len) + memcpy(sctx->buf + partial, data, len); + + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_do_update); + +int crypto_sha512_base_do_finalize(struct shash_desc *desc, + sha512_block_fn *block_fn, void *p) +{ + const int bit_offset = SHA512_BLOCK_SIZE - sizeof(__be64[2]); + struct sha512_state *sctx = shash_desc_ctx(desc); + __be64 *bits = (__be64 *)(sctx->buf + bit_offset); + unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; + + sctx->buf[partial++] = 0x80; + if (partial > bit_offset) { + memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial); + partial = 0; + + block_fn(1, sctx->buf, sctx->state, NULL, p); + } + + memset(sctx->buf + partial, 0x0, bit_offset - partial); + bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61); + bits[1] = cpu_to_be64(sctx->count[0] << 3); + block_fn(1, sctx->buf, sctx->state, NULL, p); + + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_do_finalize); + +int crypto_sha512_base_finish(struct shash_desc *desc, u8 *out) +{ + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); + struct sha512_state *sctx = shash_desc_ctx(desc); + __be64 *digest = (__be64 *)out; + int i; + + for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64)) + put_unaligned_be64(sctx->state[i], digest++); + + *sctx = (struct sha512_state){}; + return 0; +} +EXPORT_SYMBOL(crypto_sha512_base_finish); diff --git a/include/crypto/sha.h b/include/crypto/sha.h index 190f8a0e0242..85997a17d4e2 100644 --- a/include/crypto/sha.h +++ b/include/crypto/sha.h @@ -82,6 +82,9 @@ struct sha512_state { u8 buf[SHA512_BLOCK_SIZE]; }; +typedef void (sha512_block_fn)(int blocks, u8 const *src, u64 *state, + const u8 *head, void *p); + struct shash_desc; extern int crypto_sha1_update(struct shash_desc *desc, const u8 *data, @@ -92,4 +95,21 @@ extern int crypto_sha256_update(struct shash_desc *desc, const u8 *data, extern int crypto_sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len); + + +extern int crypto_sha384_base_init(struct shash_desc *desc); +extern int crypto_sha512_base_init(struct shash_desc *desc); + +extern int crypto_sha512_base_export(struct shash_desc *desc, void *out); +extern int crypto_sha512_base_import(struct shash_desc *desc, const void *in); + +extern int crypto_sha512_base_do_update(struct shash_desc *desc, const u8 *data, + unsigned int len, sha512_block_fn *block_fn, + void *p); + +extern int crypto_sha512_base_do_finalize(struct shash_desc *desc, + sha512_block_fn *block_fn, void *p); + +extern int crypto_sha512_base_finish(struct shash_desc *desc, u8 *out); + #endif