[v2,2/9] crypto: sha256 - Use the partial block API for generic

Message ID	a248551af87676eebc2fdc88f77c1851f082885e.1746162259.git.herbert@gondor.apana.org.au
State	New
Headers	show Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C8A719FA8D for <linux-crypto@vger.kernel.org>; Fri, 2 May 2025 05:31:05 +0000 (UTC) Date: Fri, 02 May 2025 13:30:56 +0800 Message-Id: <a248551af87676eebc2fdc88f77c1851f082885e.1746162259.git.herbert@gondor.apana.org.au> In-Reply-To: <cover.1746162259.git.herbert@gondor.apana.org.au> References: <cover.1746162259.git.herbert@gondor.apana.org.au> From: Herbert Xu <herbert@gondor.apana.org.au> Subject: [v2 PATCH 2/9] crypto: sha256 - Use the partial block API for generic To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org> Precedence: bulk
Series	crypto: sha256 - Use partial block API \| expand [v2,0/9] crypto: sha256 - Use partial block API [v2,1/9] crypto: lib/sha256 - Add helpers for block-based shash [v2,2/9] crypto: sha256 - Use the partial block API for generic [v2,3/9] crypto: arch/sha256 - Export block functions as GPL only [v2,4/9] crypto: arm/sha256 - Add simd block function [v2,5/9] crypto: arm64/sha256 - Add simd block function [v2,6/9] crypto: riscv/sha256 - Add simd block function [v2,7/9] crypto: x86/sha256 - Add simd block function [v2,8/9] crypto: lib/sha256 - Use generic block helper [v2,9/9] crypto: sha256 - Use the partial block API

diff --git a/crypto/sha256.c b/crypto/sha256.c index c2588d08ee3e..d6b90c6ea63d 100644 --- a/crypto/sha256.c +++ b/crypto/sha256.c @@ -30,15 +30,26 @@ EXPORT_SYMBOL_GPL(sha256_zero_message_hash); static int crypto_sha256_init(struct shash_desc *desc) { - sha256_init(shash_desc_ctx(desc)); + sha256_block_init(shash_desc_ctx(desc)); return 0; } +static inline int crypto_sha256_update(struct shash_desc *desc, const u8 *data, + unsigned int len, bool force_generic) +{ + struct crypto_sha256_state *sctx = shash_desc_ctx(desc); + int remain = len % SHA256_BLOCK_SIZE; + + sctx->count += len - remain; + sha256_choose_blocks(sctx->state, data, len / SHA256_BLOCK_SIZE, + force_generic, !force_generic); + return remain; +} + static int crypto_sha256_update_generic(struct shash_desc *desc, const u8 *data, unsigned int len) { - sha256_update_generic(shash_desc_ctx(desc), data, len); - return 0; + return crypto_sha256_update(desc, data, len, true); } static int crypto_sha256_update_arch(struct shash_desc *desc, const u8 *data, @@ -48,26 +59,35 @@ static int crypto_sha256_update_arch(struct shash_desc *desc, const u8 *data, return 0; } -static int crypto_sha256_final_generic(struct shash_desc *desc, u8 *out) -{ - sha256_final_generic(shash_desc_ctx(desc), out); - return 0; -} - static int crypto_sha256_final_arch(struct shash_desc *desc, u8 *out) { sha256_final(shash_desc_ctx(desc), out); return 0; } +static __always_inline int crypto_sha256_finup(struct shash_desc *desc, + const u8 *data, + unsigned int len, u8 *out, + bool force_generic) +{ + struct crypto_sha256_state *sctx = shash_desc_ctx(desc); + unsigned int remain = len; + u8 *buf; + + if (len >= SHA256_BLOCK_SIZE) + remain = crypto_sha256_update(desc, data, len, force_generic); + sctx->count += remain; + buf = memcpy(sctx + 1, data + len - remain, remain); + sha256_finup(sctx, buf, remain, out, + crypto_shash_digestsize(desc->tfm), force_generic, + !force_generic); + return 0; +} + static int crypto_sha256_finup_generic(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out) { - struct sha256_state *sctx = shash_desc_ctx(desc); - - sha256_update_generic(sctx, data, len); - sha256_final_generic(sctx, out); - return 0; + return crypto_sha256_finup(desc, data, len, out, true); } static int crypto_sha256_finup_arch(struct shash_desc *desc, const u8 *data, @@ -83,12 +103,8 @@ static int crypto_sha256_finup_arch(struct shash_desc *desc, const u8 *data, static int crypto_sha256_digest_generic(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out) { - struct sha256_state *sctx = shash_desc_ctx(desc); - - sha256_init(sctx); - sha256_update_generic(sctx, data, len); - sha256_final_generic(sctx, out); - return 0; + crypto_sha256_init(desc); + return crypto_sha256_finup_generic(desc, data, len, out); } static int crypto_sha256_digest_arch(struct shash_desc *desc, const u8 *data, @@ -100,13 +116,7 @@ static int crypto_sha256_digest_arch(struct shash_desc *desc, const u8 *data, static int crypto_sha224_init(struct shash_desc *desc) { - sha224_init(shash_desc_ctx(desc)); - return 0; -} - -static int crypto_sha224_final_generic(struct shash_desc *desc, u8 *out) -{ - sha224_final_generic(shash_desc_ctx(desc), out); + sha224_block_init(shash_desc_ctx(desc)); return 0; } @@ -147,35 +157,30 @@ static struct shash_alg algs[] = { .base.cra_name = "sha256", .base.cra_driver_name = "sha256-generic", .base.cra_priority = 100, + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | + CRYPTO_AHASH_ALG_FINUP_MAX, .base.cra_blocksize = SHA256_BLOCK_SIZE, .base.cra_module = THIS_MODULE, .digestsize = SHA256_DIGEST_SIZE, .init = crypto_sha256_init, .update = crypto_sha256_update_generic, - .final = crypto_sha256_final_generic, .finup = crypto_sha256_finup_generic, .digest = crypto_sha256_digest_generic, - .descsize = sizeof(struct sha256_state), - .statesize = sizeof(struct crypto_sha256_state) + - SHA256_BLOCK_SIZE + 1, - .import = crypto_sha256_import_lib, - .export = crypto_sha256_export_lib, + .descsize = sizeof(struct crypto_sha256_state), }, { .base.cra_name = "sha224", .base.cra_driver_name = "sha224-generic", .base.cra_priority = 100, + .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY | + CRYPTO_AHASH_ALG_FINUP_MAX, .base.cra_blocksize = SHA224_BLOCK_SIZE, .base.cra_module = THIS_MODULE, .digestsize = SHA224_DIGEST_SIZE, .init = crypto_sha224_init, .update = crypto_sha256_update_generic, - .final = crypto_sha224_final_generic, - .descsize = sizeof(struct sha256_state), - .statesize = sizeof(struct crypto_sha256_state) + - SHA256_BLOCK_SIZE + 1, - .import = crypto_sha256_import_lib, - .export = crypto_sha256_export_lib, + .finup = crypto_sha256_finup_generic, + .descsize = sizeof(struct crypto_sha256_state), }, { .base.cra_name = "sha256", diff --git a/include/crypto/sha2.h b/include/crypto/sha2.h index 9853cd2d1291..4912572578dc 100644 --- a/include/crypto/sha2.h +++ b/include/crypto/sha2.h @@ -88,7 +88,7 @@ struct sha512_state { u8 buf[SHA512_BLOCK_SIZE]; }; -static inline void sha256_init(struct sha256_state *sctx) +static inline void sha256_block_init(struct crypto_sha256_state *sctx) { sctx->state[0] = SHA256_H0; sctx->state[1] = SHA256_H1; @@ -100,11 +100,16 @@ static inline void sha256_init(struct sha256_state *sctx) sctx->state[7] = SHA256_H7; sctx->count = 0; } + +static inline void sha256_init(struct sha256_state *sctx) +{ + sha256_block_init(&sctx->ctx); +} void sha256_update(struct sha256_state *sctx, const u8 *data, size_t len); void sha256_final(struct sha256_state *sctx, u8 out[SHA256_DIGEST_SIZE]); void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); -static inline void sha224_init(struct sha256_state *sctx) +static inline void sha224_block_init(struct crypto_sha256_state *sctx) { sctx->state[0] = SHA224_H0; sctx->state[1] = SHA224_H1; @@ -116,6 +121,11 @@ static inline void sha224_init(struct sha256_state *sctx) sctx->state[7] = SHA224_H7; sctx->count = 0; } + +static inline void sha224_init(struct sha256_state *sctx) +{ + sha224_block_init(&sctx->ctx); +} /* Simply use sha256_update as it is equivalent to sha224_update. */ void sha224_final(struct sha256_state *sctx, u8 out[SHA224_DIGEST_SIZE]);

[v2,2/9] crypto: sha256 - Use the partial block API for generic

Commit Message

Patch