Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp108714imm; Tue, 18 Sep 2018 17:43:48 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaqQJCmJohUNHuVSKYpQU0u4s4DL3zZEeoY04vuonqBEnzHHKwQLPoSWctGQDtcct13LeT5 X-Received: by 2002:a17:902:b595:: with SMTP id a21-v6mr31805082pls.23.1537317828236; Tue, 18 Sep 2018 17:43:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537317828; cv=none; d=google.com; s=arc-20160816; b=cr5Iqgy5l1SmTO4ru1HyimU6KXehd9sFSK57x0+ig3frVI3WLoN7KVLl3egGdX9+Ve BhVnfGPPkxg4g5M7W10yZXipqbdNsw9Mt6u+2fOBo1hCvNpz+RXdc1+t1f81CtKqhPfH DvOPFaDEM1MVFhjcTB/dkP9EpizXjjtQy+SRp/r9LCOOQo8bf6IVCRCGkP8Et7ZdrDOj Z5hwN5oemosIg3EoKfy7aazDb2QhEMD//yG9rpcUxJEu72N/KKJleosiitnUcQlWlYR8 1zNrZbWu/+9zJco4SrAVV3f0t3K6ldIL4bPgAuimZOEQR9/AykX456rc9T5pBZCnURtk 0cwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=TrZqUIo9Jv2YqQk17d2auhuAVNvdjNd6iu0qrrFRYEo=; b=xEUwpy3HXgMjjOz2uTYRmx/bgg+AFpPjon/QCY7hIgUHdGIyPzcMxJlioBoqiJ0Kqi 82aNUcjl4dNUK1Ujja9dy4aVBUvQeRLo0ws5hdOQIQNQ1YVbzkKJW3oOhw/jhRk9AU24 Ckjxb1SYFg8kdLq1EDqtMWSCSjfGqJFiTsgXlsXC8SATSLwyR/XrZdmuxC2x719tIjEl DIkH3qQuis3oThU4ceptaML5cGlE4cY6VGSozBVOxLXWF/qA8ni9v4Pvd0PUpUUA8wA9 q+BEZm30vLdZUNsssTrKCmy5tAWzLx5uedNC/JUw45SqW176gI2w2TdEzpkekXO6r661 ot0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pnAHXx1o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v188-v6si19789640pgb.96.2018.09.18.17.43.03; Tue, 18 Sep 2018 17:43:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=pnAHXx1o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730619AbeISGQo (ORCPT + 99 others); Wed, 19 Sep 2018 02:16:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:52224 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730395AbeISGQo (ORCPT ); Wed, 19 Sep 2018 02:16:44 -0400 Received: from gmail.com (unknown [104.132.51.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3A8E0214DA; Wed, 19 Sep 2018 00:41:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1537317694; bh=Ny5jjUmKAXAXH8KUwjWEYfFp912aOpsRjcvmu62V6QE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pnAHXx1oGaEw8g2zJ0p3aIgGqZH14/n7j+AsGVb3evMRhfSX8vKJQoX3qE4Rf+qJY K85PPVFkyiCHFvHBMfhvtr4A/j5gpvfZ6OF3eSt/zbcWFufI8v0vQN+BWLPjbNwseb PS7ESSXs3izIMK1Nt/WwEW5iyzHelrB/UWY+F/78= Date: Tue, 18 Sep 2018 17:41:33 -0700 From: Eric Biggers To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-crypto@vger.kernel.org, davem@davemloft.net, gregkh@linuxfoundation.org, Samuel Neves , Andy Lutomirski , Jean-Philippe Aumasson Subject: Re: [PATCH net-next v5 12/20] zinc: BLAKE2s generic C implementation and selftest Message-ID: <20180919004132.GB74746@gmail.com> References: <20180918161646.19105-1-Jason@zx2c4.com> <20180918161646.19105-13-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180918161646.19105-13-Jason@zx2c4.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 18, 2018 at 06:16:38PM +0200, Jason A. Donenfeld wrote: > The C implementation was originally based on Samuel Neves' public > domain reference implementation but has since been heavily modified > for the kernel. We're able to do compile-time optimizations by moving > some scaffolding around the final function into the header file. > > Information: https://blake2.net/ > > Signed-off-by: Jason A. Donenfeld > Signed-off-by: Samuel Neves > Cc: Andy Lutomirski > Cc: Greg KH > Cc: Jean-Philippe Aumasson > --- > include/zinc/blake2s.h | 95 ++ > lib/zinc/Kconfig | 3 + > lib/zinc/Makefile | 3 + > lib/zinc/blake2s/blake2s.c | 301 +++++ > lib/zinc/selftest/blake2s.h | 2095 +++++++++++++++++++++++++++++++++++ > 5 files changed, 2497 insertions(+) > create mode 100644 include/zinc/blake2s.h > create mode 100644 lib/zinc/blake2s/blake2s.c > create mode 100644 lib/zinc/selftest/blake2s.h > > diff --git a/include/zinc/blake2s.h b/include/zinc/blake2s.h > new file mode 100644 > index 000000000000..951281596274 > --- /dev/null > +++ b/include/zinc/blake2s.h > @@ -0,0 +1,95 @@ > +/* SPDX-License-Identifier: MIT > + * > + * Copyright (C) 2015-2018 Jason A. Donenfeld . All Rights Reserved. > + */ > + > +#ifndef _ZINC_BLAKE2S_H > +#define _ZINC_BLAKE2S_H > + > +#include > +#include > +#include > + > +enum blake2s_lengths { > + BLAKE2S_BLOCKBYTES = 64, > + BLAKE2S_OUTBYTES = 32, > + BLAKE2S_KEYBYTES = 32 > +}; > + > +struct blake2s_state { > + u32 h[8]; > + u32 t[2]; > + u32 f[2]; > + u8 buf[BLAKE2S_BLOCKBYTES]; > + size_t buflen; > + u8 last_node; > +}; > + > +void blake2s_init(struct blake2s_state *state, const size_t outlen); > +void blake2s_init_key(struct blake2s_state *state, const size_t outlen, > + const void *key, const size_t keylen); > +void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen); > +void __blake2s_final(struct blake2s_state *state); > +static inline void blake2s_final(struct blake2s_state *state, u8 *out, > + const size_t outlen) > +{ > + int i; > + > +#ifdef DEBUG > + BUG_ON(!out || !outlen || outlen > BLAKE2S_OUTBYTES); > +#endif > + __blake2s_final(state); > + > + if (__builtin_constant_p(outlen) && !(outlen % sizeof(u32))) { > + if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) || > + IS_ALIGNED((unsigned long)out, __alignof__(u32))) { > + __le32 *outwords = (__le32 *)out; > + > + for (i = 0; i < outlen / sizeof(u32); ++i) > + outwords[i] = cpu_to_le32(state->h[i]); > + } else { > + __le32 buffer[BLAKE2S_OUTBYTES]; This buffer is 4 times too long. > + > + for (i = 0; i < outlen / sizeof(u32); ++i) > + buffer[i] = cpu_to_le32(state->h[i]); > + memcpy(out, buffer, outlen); > + memzero_explicit(buffer, sizeof(buffer)); > + } > + } else { > + u8 buffer[BLAKE2S_OUTBYTES] __aligned(__alignof__(u32)); > + __le32 *outwords = (__le32 *)buffer; > + > + for (i = 0; i < 8; ++i) > + outwords[i] = cpu_to_le32(state->h[i]); > + memcpy(out, buffer, outlen); > + memzero_explicit(buffer, sizeof(buffer)); > + } > + > + memzero_explicit(state, sizeof(*state)); > +} Or how about something much simpler: static inline void blake2s_final(struct blake2s_state *state, u8 *out, const size_t outlen) { #ifdef DEBUG BUG_ON(!out || !outlen || outlen > BLAKE2S_OUTBYTES); #endif __blake2s_final(state); cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); memcpy(out, state->h, outlen); memzero_explicit(state, sizeof(*state)); }