From patchwork Mon Mar 30 09:48:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 6119381
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
X-Original-To: patchwork-linux-crypto@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 93BA99F32E
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 30 Mar 2015 09:49:03 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 9009C20373
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 30 Mar 2015 09:49:02 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 66BF62035B
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 30 Mar 2015 09:49:01 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752597AbbC3JtA (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Mon, 30 Mar 2015 05:49:00 -0400
Received: from mail-wi0-f178.google.com ([209.85.212.178]:37636 "EHLO
	mail-wi0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752657AbbC3JtA (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Mon, 30 Mar 2015 05:49:00 -0400
Received: by wiaa2 with SMTP id a2so120826524wia.0
	for <linux-crypto@vger.kernel.org>;
	Mon, 30 Mar 2015 02:48:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=MEHDrq0nQ1zGYdT4W/nMbMvg205FbNUrlLcoX3yeMHo=;
	b=RryI3n79Hn94rkP9kfZNDHKpRZmj7mU8BiBlp+yuVuG+n6p1KeVwwCu6aXq/U7Wako
	dkRGuTLXoIYGwT8yGykGyyV/QXXs1hFlMnEf/Q9qi000QaV6ApRi1YIR11GtHLaO4zfx
	bUVTFEDPWXUUGtpOvffSl7CLxMWbV7ACKXV//rgJ4v3R5uaeVtLH//3PfF3w6j3MIuif
	CSDNw0z0ZirjlzvVQezeBP1opdQ6cSkipZPGkREMLKuFDCoOy2moAg6T3N/Qkjm/RZ99
	vNyWVGLBr+HXI9XXz+JARYAZQ8lhu80qXCoD38UhYBqUqoQAAuS1+gKLLLU0uo4gOMfn
	8QWw==
X-Gm-Message-State: 
 ALoCoQkMznbdoq4Ewoeb3GExMg6WvkF2Z26QvsArUwxa5PQJcKdWm0vz3zBkShgKIThQm+TbXmFH
X-Received: by 10.180.7.196 with SMTP id l4mr20473998wia.44.1427708939076;
	Mon, 30 Mar 2015 02:48:59 -0700 (PDT)
Received: from ards-macbook-pro.local (129.20.90.92.rev.sfr.net.
	[92.90.20.129]) by mx.google.com with ESMTPSA id
	eo1sm14912443wib.16.2015.03.30.02.48.56
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Mon, 30 Mar 2015 02:48:58 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org,
	samitolvanen@google.com, herbert@gondor.apana.org.au,
	jussi.kivilinna@iki.fi, stockhausen@collogia.de, x86@kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH v2 resend 03/14] crypto: sha1: implement base layer for SHA-1
Date: Mon, 30 Mar 2015 11:48:22 +0200
Message-Id: <1427708913-29678-4-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 1.8.3.2
In-Reply-To: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

To reduce the number of copies of boilerplate code throughout
the tree, this patch implements generic glue for the SHA-1
algorithm. This allows a specific arch or hardware implementation
to only implement the special handling that it needs.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 crypto/Kconfig       |   3 ++
 crypto/Makefile      |   1 +
 crypto/sha1_base.c   | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/sha.h |  17 +++++++
 4 files changed, 146 insertions(+)
 create mode 100644 crypto/sha1_base.c

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1664bd68b97d..155cc15c2719 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -516,6 +516,9 @@ config CRYPTO_RMD320
 	  Developed by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.
 	  See <http://homes.esat.kuleuven.be/~bosselae/ripemd160.html>
 
+config CRYPTO_SHA1_BASE
+	tristate
+
 config CRYPTO_SHA1
 	tristate "SHA1 digest algorithm"
 	select CRYPTO_HASH
diff --git a/crypto/Makefile b/crypto/Makefile
index bb9bafeb3ac7..42446cab15f3 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -43,6 +43,7 @@ obj-$(CONFIG_CRYPTO_RMD128) += rmd128.o
 obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o
 obj-$(CONFIG_CRYPTO_RMD256) += rmd256.o
 obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
+obj-$(CONFIG_CRYPTO_SHA1_BASE) += sha1_base.o
 obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
 obj-$(CONFIG_CRYPTO_SHA256_BASE) += sha256_base.o
 obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
diff --git a/crypto/sha1_base.c b/crypto/sha1_base.c
new file mode 100644
index 000000000000..30fb0f9b47cf
--- /dev/null
+++ b/crypto/sha1_base.c
@@ -0,0 +1,125 @@
+/*
+ * sha1_base.c - core logic for SHA-1 implementations
+ *
+ * Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <crypto/internal/hash.h>
+#include <crypto/sha.h>
+#include <linux/crypto.h>
+#include <linux/module.h>
+
+#include <asm/unaligned.h>
+
+int crypto_sha1_base_init(struct shash_desc *desc)
+{
+	static const u32 sha1_init_state[] = {
+		SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
+	};
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+
+	memcpy(sctx->state, sha1_init_state, sizeof(sctx->state));
+	sctx->count = 0;
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_init);
+
+int crypto_sha1_base_export(struct shash_desc *desc, void *out)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	struct sha1_state *dst = out;
+
+	*dst = *sctx;
+
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_export);
+
+int crypto_sha1_base_import(struct shash_desc *desc, const void *in)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	struct sha1_state const *src = in;
+
+	*sctx = *src;
+
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_import);
+
+int crypto_sha1_base_do_update(struct shash_desc *desc, const u8 *data,
+				 unsigned int len, sha1_block_fn *block_fn,
+				 void *p)
+{
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
+
+	sctx->count += len;
+
+	if (unlikely((partial + len) >= SHA1_BLOCK_SIZE)) {
+		int blocks;
+
+		if (partial) {
+			int p = SHA1_BLOCK_SIZE - partial;
+
+			memcpy(sctx->buffer + partial, data, p);
+			data += p;
+			len -= p;
+		}
+
+		blocks = len / SHA1_BLOCK_SIZE;
+		len %= SHA1_BLOCK_SIZE;
+
+		block_fn(blocks, data, sctx->state,
+			 partial ? sctx->buffer : NULL, p);
+		data += blocks * SHA1_BLOCK_SIZE;
+		partial = 0;
+	}
+	if (len)
+		memcpy(sctx->buffer + partial, data, len);
+
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_do_update);
+
+int crypto_sha1_base_do_finalize(struct shash_desc *desc,
+				 sha1_block_fn *block_fn, void *p)
+{
+	const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	__be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
+	unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
+
+	sctx->buffer[partial++] = 0x80;
+	if (partial > bit_offset) {
+		memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
+		partial = 0;
+
+		block_fn(1, sctx->buffer, sctx->state, NULL, p);
+	}
+
+	memset(sctx->buffer + partial, 0x0, bit_offset - partial);
+	*bits = cpu_to_be64(sctx->count << 3);
+	block_fn(1, sctx->buffer, sctx->state, NULL, p);
+
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_do_finalize);
+
+int crypto_sha1_base_finish(struct shash_desc *desc, u8 *out)
+{
+	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
+	struct sha1_state *sctx = shash_desc_ctx(desc);
+	__be32 *digest = (__be32 *)out;
+	int i;
+
+	for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be32))
+		put_unaligned_be32(sctx->state[i], digest++);
+
+	*sctx = (struct sha1_state){};
+	return 0;
+}
+EXPORT_SYMBOL(crypto_sha1_base_finish);
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index 0ed6630d7c40..63cba0bbf3bc 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -82,6 +82,8 @@ struct sha512_state {
 	u8 buf[SHA512_BLOCK_SIZE];
 };
 
+typedef void (sha1_block_fn)(int blocks, u8 const *src, u32 *state,
+			     const u8 *head, void *p);
 typedef void (sha256_block_fn)(int blocks, u8 const *src, u32 *state,
 			       const u8 *head, void *p);
 typedef void (sha512_block_fn)(int blocks, u8 const *src, u64 *state,
@@ -129,4 +131,19 @@ extern int crypto_sha256_base_do_finalize(struct shash_desc *desc,
 
 extern int crypto_sha256_base_finish(struct shash_desc *desc, u8 *out);
 
+extern int crypto_sha1_base_init(struct shash_desc *desc);
+extern int crypto_sha1_base_init(struct shash_desc *desc);
+
+extern int crypto_sha1_base_export(struct shash_desc *desc, void *out);
+extern int crypto_sha1_base_import(struct shash_desc *desc, const void *in);
+
+extern int crypto_sha1_base_do_update(struct shash_desc *desc, const u8 *data,
+			         unsigned int len, sha1_block_fn *block_fn,
+			         void *p);
+
+extern int crypto_sha1_base_do_finalize(struct shash_desc *desc,
+				   sha1_block_fn *block_fn, void *p);
+
+extern int crypto_sha1_base_finish(struct shash_desc *desc, u8 *out);
+
 #endif