This series contains the fixed up patches to convert the remaining hash
algorithms to use the new shash interface.
The first patch is left unchanged and removes the message schedule W from
struct sha512_ctx.
The last three patches now contain the needed Kconfig dependencies.
Adrian
The message schedule W[80] is calculated anew when sha512_transform
is executed. Therefore it is local to that function and does not need
to be defined in struct sha512_ctx.
Note: the sha256 algorithm already does it this way.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/sha512_generic.c | 13 +++++--------
1 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index bc36861..e0b0303 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -25,7 +25,6 @@ struct sha512_ctx {
u64 state[8];
u32 count[4];
u8 buf[128];
- u64 W[80];
};
static inline u64 Ch(u64 x, u64 y, u64 z)
@@ -89,10 +88,10 @@ static inline void BLEND_OP(int I, u64 *W)
}
static void
-sha512_transform(u64 *state, u64 *W, const u8 *input)
+sha512_transform(u64 *state, const u8 *input)
{
u64 a, b, c, d, e, f, g, h, t1, t2;
-
+ u64 W[80];
int i;
/* load the input */
@@ -132,6 +131,7 @@ sha512_transform(u64 *state, u64 *W, const u8 *input)
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
+ memset(W, 0, 80 * sizeof(u64));
}
static void
@@ -187,10 +187,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Transform as many times as possible. */
if (len >= part_len) {
memcpy(&sctx->buf[index], data, part_len);
- sha512_transform(sctx->state, sctx->W, sctx->buf);
+ sha512_transform(sctx->state, sctx->buf);
for (i = part_len; i + 127 < len; i+=128)
- sha512_transform(sctx->state, sctx->W, &data[i]);
+ sha512_transform(sctx->state, &data[i]);
index = 0;
} else {
@@ -199,9 +199,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
This patch changes sha512 and sha384 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/sha512_generic.c | 107 ++++++++++++++++++++++++----------------------
2 files changed, 57 insertions(+), 52 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index eb0b3db..372805c 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -340,7 +340,7 @@ config CRYPTO_SHA256
config CRYPTO_SHA512
tristate "SHA384 and SHA512 digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA512 secure hash standard (DFIPS 180-2).
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index e0b0303..2834e55 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -10,12 +10,11 @@
* later version.
*
*/
-
+#include <crypto/internal/hash.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/init.h>
-#include <linux/crypto.h>
#include <linux/types.h>
#include <crypto/sha.h>
@@ -134,10 +133,10 @@ sha512_transform(u64 *state, const u8 *input)
memset(W, 0, 80 * sizeof(u64));
}
-static void
-sha512_init(struct crypto_tfm *tfm)
+static int
+sha512_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA512_H0;
sctx->state[1] = SHA512_H1;
sctx->state[2] = SHA512_H2;
@@ -147,12 +146,14 @@ sha512_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA512_H6;
sctx->state[7] = SHA512_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha384_init(struct crypto_tfm *tfm)
+static int
+sha384_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA384_H0;
sctx->state[1] = SHA384_H1;
sctx->state[2] = SHA384_H2;
@@ -162,12 +163,14 @@ sha384_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA384_H6;
sctx->state[7] = SHA384_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
+static int
+sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
unsigned int i, index, part_len;
@@ -199,12 +202,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
+
+ return 0;
}
-static void
-sha512_final(struct crypto_tfm *tfm, u8 *hash)
+static int
+sha512_final(struct shash_desc *desc, u8 *hash)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
static u8 padding[128] = { 0x80, };
__be64 *dst = (__be64 *)hash;
__be32 bits[4];
@@ -220,10 +225,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Pad out to 112 mod 128. */
index = (sctx->count[0] >> 3) & 0x7f;
pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
- sha512_update(tfm, padding, pad_len);
+ sha512_update(desc, padding, pad_len);
/* Append length (before padding) */
- sha512_update(tfm, (const u8 *)bits, sizeof(bits));
+ sha512_update(desc, (const u8 *)bits, sizeof(bits));
/* Store state in digest */
for (i = 0; i < 8; i++)
@@ -231,66 +236,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Zeroize sensitive information. */
memset(sctx, 0, sizeof(struct sha512_ctx));
+
+ return 0;
}
-static void sha384_final(struct crypto_tfm *tfm, u8 *hash)
+static int sha384_final(struct shash_desc *desc, u8 *hash)
{
u8 D[64];
- sha512_final(tfm, D);
+ sha512_final(desc, D);
memcpy(hash, D, 48);
memset(D, 0, 64);
+
+ return 0;
}
-static struct crypto_alg sha512 = {
- .cra_name = "sha512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(sha512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA512_DIGEST_SIZE,
- .dia_init = sha512_init,
- .dia_update = sha512_update,
- .dia_final = sha512_final }
- }
+static struct shash_alg sha512 = {
+ .digestsize = SHA512_DIGEST_SIZE,
+ .init = sha512_init,
+ .update = sha512_update,
+ .final = sha512_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg sha384 = {
- .cra_name = "sha384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA384_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_alignmask = 3,
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(sha384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA384_DIGEST_SIZE,
- .dia_init = sha384_init,
- .dia_update = sha512_update,
- .dia_final = sha384_final }
- }
+static struct shash_alg sha384 = {
+ .digestsize = SHA384_DIGEST_SIZE,
+ .init = sha384_init,
+ .update = sha512_update,
+ .final = sha384_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA384_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init sha512_generic_mod_init(void)
{
int ret = 0;
- if ((ret = crypto_register_alg(&sha384)) < 0)
+ if ((ret = crypto_register_shash(&sha384)) < 0)
goto out;
- if ((ret = crypto_register_alg(&sha512)) < 0)
- crypto_unregister_alg(&sha384);
+ if ((ret = crypto_register_shash(&sha512)) < 0)
+ crypto_unregister_shash(&sha384);
out:
return ret;
}
static void __exit sha512_generic_mod_fini(void)
{
- crypto_unregister_alg(&sha384);
- crypto_unregister_alg(&sha512);
+ crypto_unregister_shash(&sha384);
+ crypto_unregister_shash(&sha512);
}
module_init(sha512_generic_mod_init);
--
1.5.2.5
This patch changes wp512, wp384 and wp256 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/wp512.c | 121 ++++++++++++++++++++++++++++++--------------------------
2 files changed, 66 insertions(+), 57 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 372805c..e2b903d 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -365,7 +365,7 @@ config CRYPTO_TGR192
config CRYPTO_WP512
tristate "Whirlpool digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Whirlpool hash algorithm 512, 384 and 256-bit hashes
diff --git a/crypto/wp512.c b/crypto/wp512.c
index bff2856..7234272 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -19,11 +19,11 @@
* (at your option) any later version.
*
*/
+#include <crypto/internal/hash.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <asm/byteorder.h>
-#include <linux/crypto.h>
#include <linux/types.h>
#define WP512_DIGEST_SIZE 64
@@ -980,8 +980,8 @@ static void wp512_process_buffer(struct wp512_ctx *wctx) {
}
-static void wp512_init(struct crypto_tfm *tfm) {
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+static int wp512_init(struct shash_desc *desc) {
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int i;
memset(wctx->bitLength, 0, 32);
@@ -990,12 +990,14 @@ static void wp512_init(struct crypto_tfm *tfm) {
for (i = 0; i < 8; i++) {
wctx->hash[i] = 0L;
}
+
+ return 0;
}
-static void wp512_update(struct crypto_tfm *tfm, const u8 *source,
+static int wp512_update(struct shash_desc *desc, const u8 *source,
unsigned int len)
{
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int sourcePos = 0;
unsigned int bits_len = len * 8; // convert to number of bits
int sourceGap = (8 - ((int)bits_len & 7)) & 7;
@@ -1051,11 +1053,12 @@ static void wp512_update(struct crypto_tfm *tfm, const u8 *source,
wctx->bufferBits = bufferBits;
wctx->bufferPos = bufferPos;
+ return 0;
}
-static void wp512_final(struct crypto_tfm *tfm, u8 *out)
+static int wp512_final(struct shash_desc *desc, u8 *out)
{
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int i;
u8 *buffer = wctx->buffer;
u8 *bitLength = wctx->bitLength;
@@ -1084,89 +1087,95 @@ static void wp512_final(struct crypto_tfm *tfm, u8 *out)
digest[i] = cpu_to_be64(wctx->hash[i]);
wctx->bufferBits = bufferBits;
wctx->bufferPos = bufferPos;
+
+ return 0;
}
-static void wp384_final(struct crypto_tfm *tfm, u8 *out)
+static int wp384_final(struct shash_desc *desc, u8 *out)
{
u8 D[64];
- wp512_final(tfm, D);
+ wp512_final(desc, D);
memcpy (out, D, WP384_DIGEST_SIZE);
memset (D, 0, WP512_DIGEST_SIZE);
+
+ return 0;
}
-static void wp256_final(struct crypto_tfm *tfm, u8 *out)
+static int wp256_final(struct shash_desc *desc, u8 *out)
{
u8 D[64];
- wp512_final(tfm, D);
+ wp512_final(desc, D);
memcpy (out, D, WP256_DIGEST_SIZE);
memset (D, 0, WP512_DIGEST_SIZE);
+
+ return 0;
}
-static struct crypto_alg wp512 = {
- .cra_name = "wp512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP512_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp512_final } }
+static struct shash_alg wp512 = {
+ .digestsize = WP512_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp512_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg wp384 = {
- .cra_name = "wp384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP384_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp384_final } }
+static struct shash_alg wp384 = {
+ .digestsize = WP384_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp384_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg wp256 = {
- .cra_name = "wp256",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp256.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP256_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp256_final } }
+static struct shash_alg wp256 = {
+ .digestsize = WP256_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp256_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp256",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init wp512_mod_init(void)
{
int ret = 0;
- ret = crypto_register_alg(&wp512);
+ ret = crypto_register_shash(&wp512);
if (ret < 0)
goto out;
- ret = crypto_register_alg(&wp384);
+ ret = crypto_register_shash(&wp384);
if (ret < 0)
{
- crypto_unregister_alg(&wp512);
+ crypto_unregister_shash(&wp512);
goto out;
}
- ret = crypto_register_alg(&wp256);
+ ret = crypto_register_shash(&wp256);
if (ret < 0)
{
- crypto_unregister_alg(&wp512);
- crypto_unregister_alg(&wp384);
+ crypto_unregister_shash(&wp512);
+ crypto_unregister_shash(&wp384);
}
out:
return ret;
@@ -1174,9 +1183,9 @@ out:
static void __exit wp512_mod_fini(void)
{
- crypto_unregister_alg(&wp512);
- crypto_unregister_alg(&wp384);
- crypto_unregister_alg(&wp256);
+ crypto_unregister_shash(&wp512);
+ crypto_unregister_shash(&wp384);
+ crypto_unregister_shash(&wp256);
}
MODULE_ALIAS("wp384");
--
1.5.2.5
This patch changes michael_mic to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/michael_mic.c | 72 ++++++++++++++++++++++++++++---------------------
2 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index e2b903d..9003f11 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -259,7 +259,7 @@ config CRYPTO_MD5
config CRYPTO_MICHAEL_MIC
tristate "Michael MIC keyed digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Michael MIC is used for message integrity protection in TKIP
(IEEE 802.11i). This algorithm is required for TKIP, but it
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
index 9e917b8..079b761 100644
--- a/crypto/michael_mic.c
+++ b/crypto/michael_mic.c
@@ -9,23 +9,25 @@
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#include <crypto/internal/hash.h>
#include <asm/byteorder.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/string.h>
-#include <linux/crypto.h>
#include <linux/types.h>
struct michael_mic_ctx {
+ u32 l, r;
+};
+
+struct michael_mic_desc_ctx {
u8 pending[4];
size_t pending_len;
u32 l, r;
};
-
static inline u32 xswap(u32 val)
{
return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
@@ -45,17 +47,22 @@ do { \
} while (0)
-static void michael_init(struct crypto_tfm *tfm)
+static int michael_init(struct shash_desc *desc)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
+ struct michael_mic_ctx *ctx = crypto_shash_ctx(desc->tfm);
mctx->pending_len = 0;
+ mctx->l = ctx->l;
+ mctx->r = ctx->r;
+
+ return 0;
}
-static void michael_update(struct crypto_tfm *tfm, const u8 *data,
+static int michael_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
const __le32 *src;
if (mctx->pending_len) {
@@ -68,7 +75,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data,
len -= flen;
if (mctx->pending_len < 4)
- return;
+ return 0;
src = (const __le32 *)mctx->pending;
mctx->l ^= le32_to_cpup(src);
@@ -88,12 +95,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data,
mctx->pending_len = len;
memcpy(mctx->pending, src, len);
}
+
+ return 0;
}
-static void michael_final(struct crypto_tfm *tfm, u8 *out)
+static int michael_final(struct shash_desc *desc, u8 *out)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
u8 *data = mctx->pending;
__le32 *dst = (__le32 *)out;
@@ -119,17 +128,20 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out)
dst[0] = cpu_to_le32(mctx->l);
dst[1] = cpu_to_le32(mctx->r);
+
+ return 0;
}
-static int michael_setkey(struct crypto_tfm *tfm, const u8 *key,
+static int michael_setkey(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm);
+
const __le32 *data = (const __le32 *)key;
if (keylen != 8) {
- tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
@@ -138,33 +150,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key,
return 0;
}
-
-static struct crypto_alg michael_mic_alg = {
- .cra_name = "michael_mic",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = 8,
- .cra_ctxsize = sizeof(struct michael_mic_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = 8,
- .dia_init = michael_init,
- .dia_update = michael_update,
- .dia_final = michael_final,
- .dia_setkey = michael_setkey } }
+static struct shash_alg alg = {
+ .digestsize = 8,
+ .setkey = michael_setkey,
+ .init = michael_init,
+ .update = michael_update,
+ .final = michael_final,
+ .descsize = sizeof(struct michael_mic_desc_ctx),
+ .base = {
+ .cra_name = "michael_mic",
+ .cra_blocksize = 8,
+ .cra_alignmask = 3,
+ .cra_ctxsize = sizeof(struct michael_mic_ctx),
+ .cra_module = THIS_MODULE,
+ }
};
On Thu, Dec 04, 2008 at 10:32:07AM +0100, Adrian-Ken Rueegsegger wrote:
>
> static void
> -sha512_transform(u64 *state, u64 *W, const u8 *input)
> +sha512_transform(u64 *state, const u8 *input)
> {
> u64 a, b, c, d, e, f, g, h, t1, t2;
> -
> + u64 W[80];
This is too big for the stack. So we need to put it somewhere
else. A static per-cpu area is one choice.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Herbert Xu wrote:
> On Thu, Dec 04, 2008 at 10:32:07AM +0100, Adrian-Ken Rueegsegger wrote:
>> static void
>> -sha512_transform(u64 *state, u64 *W, const u8 *input)
>> +sha512_transform(u64 *state, const u8 *input)
>> {
>> u64 a, b, c, d, e, f, g, h, t1, t2;
>> -
>> + u64 W[80];
>
> This is too big for the stack. So we need to put it somewhere
> else. A static per-cpu area is one choice.
Yes, sorry about that. I didn't properly read your previous mail. I will
redo the sha512 patches.
Thanks for the review,
Adrian
This series contains the fixed up patches to convert the remaining hash
algorithms to use shash.
The first patch now moves the message schedule W from struct sha512_ctx to
a static percpu area.
The sha512 patch is adjusted to accomodate the changes from patch 1 while
the last two patches remain unchanged since v2.
Adrian
This patch changes wp512, wp384 and wp256 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/wp512.c | 121 ++++++++++++++++++++++++++++++--------------------------
2 files changed, 66 insertions(+), 57 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index c8fb468..0583a26 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -366,7 +366,7 @@ config CRYPTO_TGR192
config CRYPTO_WP512
tristate "Whirlpool digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Whirlpool hash algorithm 512, 384 and 256-bit hashes
diff --git a/crypto/wp512.c b/crypto/wp512.c
index bff2856..7234272 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -19,11 +19,11 @@
* (at your option) any later version.
*
*/
+#include <crypto/internal/hash.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <asm/byteorder.h>
-#include <linux/crypto.h>
#include <linux/types.h>
#define WP512_DIGEST_SIZE 64
@@ -980,8 +980,8 @@ static void wp512_process_buffer(struct wp512_ctx *wctx) {
}
-static void wp512_init(struct crypto_tfm *tfm) {
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+static int wp512_init(struct shash_desc *desc) {
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int i;
memset(wctx->bitLength, 0, 32);
@@ -990,12 +990,14 @@ static void wp512_init(struct crypto_tfm *tfm) {
for (i = 0; i < 8; i++) {
wctx->hash[i] = 0L;
}
+
+ return 0;
}
-static void wp512_update(struct crypto_tfm *tfm, const u8 *source,
+static int wp512_update(struct shash_desc *desc, const u8 *source,
unsigned int len)
{
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int sourcePos = 0;
unsigned int bits_len = len * 8; // convert to number of bits
int sourceGap = (8 - ((int)bits_len & 7)) & 7;
@@ -1051,11 +1053,12 @@ static void wp512_update(struct crypto_tfm *tfm, const u8 *source,
wctx->bufferBits = bufferBits;
wctx->bufferPos = bufferPos;
+ return 0;
}
-static void wp512_final(struct crypto_tfm *tfm, u8 *out)
+static int wp512_final(struct shash_desc *desc, u8 *out)
{
- struct wp512_ctx *wctx = crypto_tfm_ctx(tfm);
+ struct wp512_ctx *wctx = shash_desc_ctx(desc);
int i;
u8 *buffer = wctx->buffer;
u8 *bitLength = wctx->bitLength;
@@ -1084,89 +1087,95 @@ static void wp512_final(struct crypto_tfm *tfm, u8 *out)
digest[i] = cpu_to_be64(wctx->hash[i]);
wctx->bufferBits = bufferBits;
wctx->bufferPos = bufferPos;
+
+ return 0;
}
-static void wp384_final(struct crypto_tfm *tfm, u8 *out)
+static int wp384_final(struct shash_desc *desc, u8 *out)
{
u8 D[64];
- wp512_final(tfm, D);
+ wp512_final(desc, D);
memcpy (out, D, WP384_DIGEST_SIZE);
memset (D, 0, WP512_DIGEST_SIZE);
+
+ return 0;
}
-static void wp256_final(struct crypto_tfm *tfm, u8 *out)
+static int wp256_final(struct shash_desc *desc, u8 *out)
{
u8 D[64];
- wp512_final(tfm, D);
+ wp512_final(desc, D);
memcpy (out, D, WP256_DIGEST_SIZE);
memset (D, 0, WP512_DIGEST_SIZE);
+
+ return 0;
}
-static struct crypto_alg wp512 = {
- .cra_name = "wp512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP512_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp512_final } }
+static struct shash_alg wp512 = {
+ .digestsize = WP512_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp512_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg wp384 = {
- .cra_name = "wp384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP384_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp384_final } }
+static struct shash_alg wp384 = {
+ .digestsize = WP384_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp384_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg wp256 = {
- .cra_name = "wp256",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct wp512_ctx),
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(wp256.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = WP256_DIGEST_SIZE,
- .dia_init = wp512_init,
- .dia_update = wp512_update,
- .dia_final = wp256_final } }
+static struct shash_alg wp256 = {
+ .digestsize = WP256_DIGEST_SIZE,
+ .init = wp512_init,
+ .update = wp512_update,
+ .final = wp256_final,
+ .descsize = sizeof(struct wp512_ctx),
+ .base = {
+ .cra_name = "wp256",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init wp512_mod_init(void)
{
int ret = 0;
- ret = crypto_register_alg(&wp512);
+ ret = crypto_register_shash(&wp512);
if (ret < 0)
goto out;
- ret = crypto_register_alg(&wp384);
+ ret = crypto_register_shash(&wp384);
if (ret < 0)
{
- crypto_unregister_alg(&wp512);
+ crypto_unregister_shash(&wp512);
goto out;
}
- ret = crypto_register_alg(&wp256);
+ ret = crypto_register_shash(&wp256);
if (ret < 0)
{
- crypto_unregister_alg(&wp512);
- crypto_unregister_alg(&wp384);
+ crypto_unregister_shash(&wp512);
+ crypto_unregister_shash(&wp384);
}
out:
return ret;
@@ -1174,9 +1183,9 @@ out:
static void __exit wp512_mod_fini(void)
{
- crypto_unregister_alg(&wp512);
- crypto_unregister_alg(&wp384);
- crypto_unregister_alg(&wp256);
+ crypto_unregister_shash(&wp512);
+ crypto_unregister_shash(&wp384);
+ crypto_unregister_shash(&wp256);
}
MODULE_ALIAS("wp384");
--
1.5.2.5
The message schedule W (u64[80]) is too big for the stack. In order
for this algorithm to be used with shash it is moved to a static
percpu area.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/sha512_generic.c | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index bc36861..660c5c3 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -18,16 +18,17 @@
#include <linux/crypto.h>
#include <linux/types.h>
#include <crypto/sha.h>
-
+#include <linux/percpu.h>
#include <asm/byteorder.h>
struct sha512_ctx {
u64 state[8];
u32 count[4];
u8 buf[128];
- u64 W[80];
};
+static DEFINE_PER_CPU(u64[80], msg_schedule);
+
static inline u64 Ch(u64 x, u64 y, u64 z)
{
return z ^ (x & (y ^ z));
@@ -89,11 +90,12 @@ static inline void BLEND_OP(int I, u64 *W)
}
static void
-sha512_transform(u64 *state, u64 *W, const u8 *input)
+sha512_transform(u64 *state, const u8 *input)
{
u64 a, b, c, d, e, f, g, h, t1, t2;
int i;
+ u64 *W = __get_cpu_var(msg_schedule);
/* load the input */
for (i = 0; i < 16; i++)
@@ -132,6 +134,8 @@ sha512_transform(u64 *state, u64 *W, const u8 *input)
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
+ memset(W, 0, sizeof(__get_cpu_var(msg_schedule)));
+ put_cpu_var(msg_schedule);
}
static void
@@ -187,10 +191,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Transform as many times as possible. */
if (len >= part_len) {
memcpy(&sctx->buf[index], data, part_len);
- sha512_transform(sctx->state, sctx->W, sctx->buf);
+ sha512_transform(sctx->state, sctx->buf);
for (i = part_len; i + 127 < len; i+=128)
- sha512_transform(sctx->state, sctx->W, &data[i]);
+ sha512_transform(sctx->state, &data[i]);
index = 0;
} else {
@@ -199,9 +203,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
This patch changes michael_mic to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/michael_mic.c | 72 ++++++++++++++++++++++++++++---------------------
2 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 0583a26..6593b5a 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -260,7 +260,7 @@ config CRYPTO_MD5
config CRYPTO_MICHAEL_MIC
tristate "Michael MIC keyed digest algorithm"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
Michael MIC is used for message integrity protection in TKIP
(IEEE 802.11i). This algorithm is required for TKIP, but it
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
index 9e917b8..079b761 100644
--- a/crypto/michael_mic.c
+++ b/crypto/michael_mic.c
@@ -9,23 +9,25 @@
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#include <crypto/internal/hash.h>
#include <asm/byteorder.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/string.h>
-#include <linux/crypto.h>
#include <linux/types.h>
struct michael_mic_ctx {
+ u32 l, r;
+};
+
+struct michael_mic_desc_ctx {
u8 pending[4];
size_t pending_len;
u32 l, r;
};
-
static inline u32 xswap(u32 val)
{
return ((val & 0x00ff00ff) << 8) | ((val & 0xff00ff00) >> 8);
@@ -45,17 +47,22 @@ do { \
} while (0)
-static void michael_init(struct crypto_tfm *tfm)
+static int michael_init(struct shash_desc *desc)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
+ struct michael_mic_ctx *ctx = crypto_shash_ctx(desc->tfm);
mctx->pending_len = 0;
+ mctx->l = ctx->l;
+ mctx->r = ctx->r;
+
+ return 0;
}
-static void michael_update(struct crypto_tfm *tfm, const u8 *data,
+static int michael_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
const __le32 *src;
if (mctx->pending_len) {
@@ -68,7 +75,7 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data,
len -= flen;
if (mctx->pending_len < 4)
- return;
+ return 0;
src = (const __le32 *)mctx->pending;
mctx->l ^= le32_to_cpup(src);
@@ -88,12 +95,14 @@ static void michael_update(struct crypto_tfm *tfm, const u8 *data,
mctx->pending_len = len;
memcpy(mctx->pending, src, len);
}
+
+ return 0;
}
-static void michael_final(struct crypto_tfm *tfm, u8 *out)
+static int michael_final(struct shash_desc *desc, u8 *out)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_desc_ctx *mctx = shash_desc_ctx(desc);
u8 *data = mctx->pending;
__le32 *dst = (__le32 *)out;
@@ -119,17 +128,20 @@ static void michael_final(struct crypto_tfm *tfm, u8 *out)
dst[0] = cpu_to_le32(mctx->l);
dst[1] = cpu_to_le32(mctx->r);
+
+ return 0;
}
-static int michael_setkey(struct crypto_tfm *tfm, const u8 *key,
+static int michael_setkey(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen)
{
- struct michael_mic_ctx *mctx = crypto_tfm_ctx(tfm);
+ struct michael_mic_ctx *mctx = crypto_shash_ctx(tfm);
+
const __le32 *data = (const __le32 *)key;
if (keylen != 8) {
- tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
@@ -138,33 +150,31 @@ static int michael_setkey(struct crypto_tfm *tfm, const u8 *key,
return 0;
}
-
-static struct crypto_alg michael_mic_alg = {
- .cra_name = "michael_mic",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = 8,
- .cra_ctxsize = sizeof(struct michael_mic_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(michael_mic_alg.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = 8,
- .dia_init = michael_init,
- .dia_update = michael_update,
- .dia_final = michael_final,
- .dia_setkey = michael_setkey } }
+static struct shash_alg alg = {
+ .digestsize = 8,
+ .setkey = michael_setkey,
+ .init = michael_init,
+ .update = michael_update,
+ .final = michael_final,
+ .descsize = sizeof(struct michael_mic_desc_ctx),
+ .base = {
+ .cra_name = "michael_mic",
+ .cra_blocksize = 8,
+ .cra_alignmask = 3,
+ .cra_ctxsize = sizeof(struct michael_mic_ctx),
+ .cra_module = THIS_MODULE,
+ }
};
This patch changes sha512 and sha384 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/sha512_generic.c | 112 +++++++++++++++++++++++++----------------------
1 files changed, 59 insertions(+), 53 deletions(-)
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index 660c5c3..ec9cef3 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -10,7 +10,7 @@
* later version.
*
*/
-
+#include <crypto/internal/hash.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mm.h>
@@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input)
put_cpu_var(msg_schedule);
}
-static void
-sha512_init(struct crypto_tfm *tfm)
+static int
+sha512_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA512_H0;
sctx->state[1] = SHA512_H1;
sctx->state[2] = SHA512_H2;
@@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA512_H6;
sctx->state[7] = SHA512_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha384_init(struct crypto_tfm *tfm)
+static int
+sha384_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA384_H0;
sctx->state[1] = SHA384_H1;
sctx->state[2] = SHA384_H2;
@@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA384_H6;
sctx->state[7] = SHA384_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
+static int
+sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
unsigned int i, index, part_len;
@@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
+
+ return 0;
}
-static void
-sha512_final(struct crypto_tfm *tfm, u8 *hash)
+static int
+sha512_final(struct shash_desc *desc, u8 *hash)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
static u8 padding[128] = { 0x80, };
__be64 *dst = (__be64 *)hash;
__be32 bits[4];
@@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Pad out to 112 mod 128. */
index = (sctx->count[0] >> 3) & 0x7f;
pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
- sha512_update(tfm, padding, pad_len);
+ sha512_update(desc, padding, pad_len);
/* Append length (before padding) */
- sha512_update(tfm, (const u8 *)bits, sizeof(bits));
+ sha512_update(desc, (const u8 *)bits, sizeof(bits));
/* Store state in digest */
for (i = 0; i < 8; i++)
@@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Zeroize sensitive information. */
memset(sctx, 0, sizeof(struct sha512_ctx));
+
+ return 0;
}
-static void sha384_final(struct crypto_tfm *tfm, u8 *hash)
+static int sha384_final(struct shash_desc *desc, u8 *hash)
{
- u8 D[64];
+ u8 D[64];
- sha512_final(tfm, D);
+ sha512_final(desc, D);
- memcpy(hash, D, 48);
- memset(D, 0, 64);
+ memcpy(hash, D, 48);
+ memset(D, 0, 64);
+
+ return 0;
}
-static struct crypto_alg sha512 = {
- .cra_name = "sha512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(sha512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA512_DIGEST_SIZE,
- .dia_init = sha512_init,
- .dia_update = sha512_update,
- .dia_final = sha512_final }
- }
+static struct shash_alg sha512 = {
+ .digestsize = SHA512_DIGEST_SIZE,
+ .init = sha512_init,
+ .update = sha512_update,
+ .final = sha512_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg sha384 = {
- .cra_name = "sha384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA384_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_alignmask = 3,
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(sha384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA384_DIGEST_SIZE,
- .dia_init = sha384_init,
- .dia_update = sha512_update,
- .dia_final = sha384_final }
- }
+static struct shash_alg sha384 = {
+ .digestsize = SHA384_DIGEST_SIZE,
+ .init = sha384_init,
+ .update = sha512_update,
+ .final = sha384_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA384_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init sha512_generic_mod_init(void)
{
int ret = 0;
- if ((ret = crypto_register_alg(&sha384)) < 0)
+ if ((ret = crypto_register_shash(&sha384)) < 0)
goto out;
- if ((ret = crypto_register_alg(&sha512)) < 0)
- crypto_unregister_alg(&sha384);
+ if ((ret = crypto_register_shash(&sha512)) < 0)
+ crypto_unregister_shash(&sha384);
out:
return ret;
}
static void __exit sha512_generic_mod_fini(void)
{
- crypto_unregister_alg(&sha384);
- crypto_unregister_alg(&sha512);
+ crypto_unregister_shash(&sha384);
+ crypto_unregister_shash(&sha512);
}
module_init(sha512_generic_mod_init);
--
1.5.2.5
I am resending patch 2 of the series since I accidentially submitted
the sha512 shash patch which does not contain the needed Kconfig changes.
My apologies for the mixup,
Adrian
This patch changes sha512 and sha384 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/sha512_generic.c | 112 +++++++++++++++++++++++++----------------------
2 files changed, 60 insertions(+), 54 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index c8fb468..6d2c5bf 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -341,7 +341,7 @@ config CRYPTO_SHA256
config CRYPTO_SHA512
tristate "SHA384 and SHA512 digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA512 secure hash standard (DFIPS 180-2).
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index 660c5c3..ec9cef3 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -10,7 +10,7 @@
* later version.
*
*/
-
+#include <crypto/internal/hash.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mm.h>
@@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input)
put_cpu_var(msg_schedule);
}
-static void
-sha512_init(struct crypto_tfm *tfm)
+static int
+sha512_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA512_H0;
sctx->state[1] = SHA512_H1;
sctx->state[2] = SHA512_H2;
@@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA512_H6;
sctx->state[7] = SHA512_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha384_init(struct crypto_tfm *tfm)
+static int
+sha384_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA384_H0;
sctx->state[1] = SHA384_H1;
sctx->state[2] = SHA384_H2;
@@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA384_H6;
sctx->state[7] = SHA384_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
+static int
+sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
unsigned int i, index, part_len;
@@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
+
+ return 0;
}
-static void
-sha512_final(struct crypto_tfm *tfm, u8 *hash)
+static int
+sha512_final(struct shash_desc *desc, u8 *hash)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
static u8 padding[128] = { 0x80, };
__be64 *dst = (__be64 *)hash;
__be32 bits[4];
@@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Pad out to 112 mod 128. */
index = (sctx->count[0] >> 3) & 0x7f;
pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
- sha512_update(tfm, padding, pad_len);
+ sha512_update(desc, padding, pad_len);
/* Append length (before padding) */
- sha512_update(tfm, (const u8 *)bits, sizeof(bits));
+ sha512_update(desc, (const u8 *)bits, sizeof(bits));
/* Store state in digest */
for (i = 0; i < 8; i++)
@@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Zeroize sensitive information. */
memset(sctx, 0, sizeof(struct sha512_ctx));
+
+ return 0;
}
-static void sha384_final(struct crypto_tfm *tfm, u8 *hash)
+static int sha384_final(struct shash_desc *desc, u8 *hash)
{
- u8 D[64];
+ u8 D[64];
- sha512_final(tfm, D);
+ sha512_final(desc, D);
- memcpy(hash, D, 48);
- memset(D, 0, 64);
+ memcpy(hash, D, 48);
+ memset(D, 0, 64);
+
+ return 0;
}
-static struct crypto_alg sha512 = {
- .cra_name = "sha512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(sha512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA512_DIGEST_SIZE,
- .dia_init = sha512_init,
- .dia_update = sha512_update,
- .dia_final = sha512_final }
- }
+static struct shash_alg sha512 = {
+ .digestsize = SHA512_DIGEST_SIZE,
+ .init = sha512_init,
+ .update = sha512_update,
+ .final = sha512_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg sha384 = {
- .cra_name = "sha384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA384_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_alignmask = 3,
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(sha384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA384_DIGEST_SIZE,
- .dia_init = sha384_init,
- .dia_update = sha512_update,
- .dia_final = sha384_final }
- }
+static struct shash_alg sha384 = {
+ .digestsize = SHA384_DIGEST_SIZE,
+ .init = sha384_init,
+ .update = sha512_update,
+ .final = sha384_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA384_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init sha512_generic_mod_init(void)
{
int ret = 0;
- if ((ret = crypto_register_alg(&sha384)) < 0)
+ if ((ret = crypto_register_shash(&sha384)) < 0)
goto out;
- if ((ret = crypto_register_alg(&sha512)) < 0)
- crypto_unregister_alg(&sha384);
+ if ((ret = crypto_register_shash(&sha512)) < 0)
+ crypto_unregister_shash(&sha384);
out:
return ret;
}
static void __exit sha512_generic_mod_fini(void)
{
- crypto_unregister_alg(&sha384);
- crypto_unregister_alg(&sha512);
+ crypto_unregister_shash(&sha384);
+ crypto_unregister_shash(&sha512);
}
module_init(sha512_generic_mod_init);
--
1.5.2.5
On Thu, Dec 04, 2008 at 11:43:45PM +0100, Adrian-Ken Rueegsegger wrote:
>
> int i;
> + u64 *W = __get_cpu_var(msg_schedule);
That should be get_cpu_var unless you've already disabled preemption
somewhere.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Thu, Dec 04, 2008 at 11:43:44PM +0100, Adrian-Ken Rueegsegger wrote:
> This series contains the fixed up patches to convert the remaining hash
> algorithms to use shash.
I've applied patches 3-4.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
This resend contains the fixed up sha512 patches to switch the last
remaining algorithm to shash.
The first patch is now correct also in the case of preemption. The
second patch remains unchanged.
Adrian
The message schedule W (u64[80]) is too big for the stack. In order
for this algorithm to be used with shash it is moved to a static
percpu area.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/sha512_generic.c | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index bc36861..cb85516 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -18,16 +18,17 @@
#include <linux/crypto.h>
#include <linux/types.h>
#include <crypto/sha.h>
-
+#include <linux/percpu.h>
#include <asm/byteorder.h>
struct sha512_ctx {
u64 state[8];
u32 count[4];
u8 buf[128];
- u64 W[80];
};
+static DEFINE_PER_CPU(u64[80], msg_schedule);
+
static inline u64 Ch(u64 x, u64 y, u64 z)
{
return z ^ (x & (y ^ z));
@@ -89,11 +90,12 @@ static inline void BLEND_OP(int I, u64 *W)
}
static void
-sha512_transform(u64 *state, u64 *W, const u8 *input)
+sha512_transform(u64 *state, const u8 *input)
{
u64 a, b, c, d, e, f, g, h, t1, t2;
int i;
+ u64 *W = get_cpu_var(msg_schedule);
/* load the input */
for (i = 0; i < 16; i++)
@@ -132,6 +134,8 @@ sha512_transform(u64 *state, u64 *W, const u8 *input)
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
+ memset(W, 0, sizeof(__get_cpu_var(msg_schedule)));
+ put_cpu_var(msg_schedule);
}
static void
@@ -187,10 +191,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Transform as many times as possible. */
if (len >= part_len) {
memcpy(&sctx->buf[index], data, part_len);
- sha512_transform(sctx->state, sctx->W, sctx->buf);
+ sha512_transform(sctx->state, sctx->buf);
for (i = part_len; i + 127 < len; i+=128)
- sha512_transform(sctx->state, sctx->W, &data[i]);
+ sha512_transform(sctx->state, &data[i]);
index = 0;
} else {
@@ -199,9 +203,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
This patch changes sha512 and sha384 to the new shash interface.
Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
---
crypto/Kconfig | 2 +-
crypto/sha512_generic.c | 112 +++++++++++++++++++++++++----------------------
2 files changed, 60 insertions(+), 54 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 6593b5a..017a044 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -341,7 +341,7 @@ config CRYPTO_SHA256
config CRYPTO_SHA512
tristate "SHA384 and SHA512 digest algorithms"
- select CRYPTO_ALGAPI
+ select CRYPTO_HASH
help
SHA512 secure hash standard (DFIPS 180-2).
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index cb85516..3bea38d 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -10,7 +10,7 @@
* later version.
*
*/
-
+#include <crypto/internal/hash.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mm.h>
@@ -138,10 +138,10 @@ sha512_transform(u64 *state, const u8 *input)
put_cpu_var(msg_schedule);
}
-static void
-sha512_init(struct crypto_tfm *tfm)
+static int
+sha512_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA512_H0;
sctx->state[1] = SHA512_H1;
sctx->state[2] = SHA512_H2;
@@ -151,12 +151,14 @@ sha512_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA512_H6;
sctx->state[7] = SHA512_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha384_init(struct crypto_tfm *tfm)
+static int
+sha384_init(struct shash_desc *desc)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA384_H0;
sctx->state[1] = SHA384_H1;
sctx->state[2] = SHA384_H2;
@@ -166,12 +168,14 @@ sha384_init(struct crypto_tfm *tfm)
sctx->state[6] = SHA384_H6;
sctx->state[7] = SHA384_H7;
sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
+
+ return 0;
}
-static void
-sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
+static int
+sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
unsigned int i, index, part_len;
@@ -203,12 +207,14 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
+
+ return 0;
}
-static void
-sha512_final(struct crypto_tfm *tfm, u8 *hash)
+static int
+sha512_final(struct shash_desc *desc, u8 *hash)
{
- struct sha512_ctx *sctx = crypto_tfm_ctx(tfm);
+ struct sha512_ctx *sctx = shash_desc_ctx(desc);
static u8 padding[128] = { 0x80, };
__be64 *dst = (__be64 *)hash;
__be32 bits[4];
@@ -224,10 +230,10 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Pad out to 112 mod 128. */
index = (sctx->count[0] >> 3) & 0x7f;
pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
- sha512_update(tfm, padding, pad_len);
+ sha512_update(desc, padding, pad_len);
/* Append length (before padding) */
- sha512_update(tfm, (const u8 *)bits, sizeof(bits));
+ sha512_update(desc, (const u8 *)bits, sizeof(bits));
/* Store state in digest */
for (i = 0; i < 8; i++)
@@ -235,66 +241,66 @@ sha512_final(struct crypto_tfm *tfm, u8 *hash)
/* Zeroize sensitive information. */
memset(sctx, 0, sizeof(struct sha512_ctx));
+
+ return 0;
}
-static void sha384_final(struct crypto_tfm *tfm, u8 *hash)
+static int sha384_final(struct shash_desc *desc, u8 *hash)
{
- u8 D[64];
+ u8 D[64];
- sha512_final(tfm, D);
+ sha512_final(desc, D);
- memcpy(hash, D, 48);
- memset(D, 0, 64);
+ memcpy(hash, D, 48);
+ memset(D, 0, 64);
+
+ return 0;
}
-static struct crypto_alg sha512 = {
- .cra_name = "sha512",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA512_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_module = THIS_MODULE,
- .cra_alignmask = 3,
- .cra_list = LIST_HEAD_INIT(sha512.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA512_DIGEST_SIZE,
- .dia_init = sha512_init,
- .dia_update = sha512_update,
- .dia_final = sha512_final }
- }
+static struct shash_alg sha512 = {
+ .digestsize = SHA512_DIGEST_SIZE,
+ .init = sha512_init,
+ .update = sha512_update,
+ .final = sha512_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha512",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
-static struct crypto_alg sha384 = {
- .cra_name = "sha384",
- .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
- .cra_blocksize = SHA384_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct sha512_ctx),
- .cra_alignmask = 3,
- .cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(sha384.cra_list),
- .cra_u = { .digest = {
- .dia_digestsize = SHA384_DIGEST_SIZE,
- .dia_init = sha384_init,
- .dia_update = sha512_update,
- .dia_final = sha384_final }
- }
+static struct shash_alg sha384 = {
+ .digestsize = SHA384_DIGEST_SIZE,
+ .init = sha384_init,
+ .update = sha512_update,
+ .final = sha384_final,
+ .descsize = sizeof(struct sha512_ctx),
+ .base = {
+ .cra_name = "sha384",
+ .cra_flags = CRYPTO_ALG_TYPE_SHASH,
+ .cra_blocksize = SHA384_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
};
static int __init sha512_generic_mod_init(void)
{
int ret = 0;
- if ((ret = crypto_register_alg(&sha384)) < 0)
+ if ((ret = crypto_register_shash(&sha384)) < 0)
goto out;
- if ((ret = crypto_register_alg(&sha512)) < 0)
- crypto_unregister_alg(&sha384);
+ if ((ret = crypto_register_shash(&sha512)) < 0)
+ crypto_unregister_shash(&sha384);
out:
return ret;
}
static void __exit sha512_generic_mod_fini(void)
{
- crypto_unregister_alg(&sha384);
- crypto_unregister_alg(&sha512);
+ crypto_unregister_shash(&sha384);
+ crypto_unregister_shash(&sha512);
}
module_init(sha512_generic_mod_init);
--
1.5.2.5
Hi.
On Sun, Dec 07, 2008 at 11:17:28PM +0100, Adrian-Ken Rueegsegger ([email protected]) wrote:
> The message schedule W (u64[80]) is too big for the stack. In order
> for this algorithm to be used with shash it is moved to a static
> percpu area.
>
> Signed-off-by: Adrian-Ken Rueegsegger <[email protected]>
> +static DEFINE_PER_CPU(u64[80], msg_schedule);
> +
> static inline u64 Ch(u64 x, u64 y, u64 z)
> {
> return z ^ (x & (y ^ z));
> @@ -89,11 +90,12 @@ static inline void BLEND_OP(int I, u64 *W)
> }
>
> static void
> -sha512_transform(u64 *state, u64 *W, const u8 *input)
> +sha512_transform(u64 *state, const u8 *input)
> {
> u64 a, b, c, d, e, f, g, h, t1, t2;
>
> int i;
> + u64 *W = get_cpu_var(msg_schedule);
This should be protected by preempt_disable(), shouldn't it?
--
Evgeniy Polyakov
On Mon, Dec 08, 2008 at 03:09:19AM +0300, Evgeniy Polyakov wrote:
>
> > static void
> > -sha512_transform(u64 *state, u64 *W, const u8 *input)
> > +sha512_transform(u64 *state, const u8 *input)
> > {
> > u64 a, b, c, d, e, f, g, h, t1, t2;
> >
> > int i;
> > + u64 *W = get_cpu_var(msg_schedule);
>
> This should be protected by preempt_disable(), shouldn't it?
get_cpu_var does it implicitly.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Mon, Dec 08, 2008 at 08:24:35AM +0800, Herbert Xu ([email protected]) wrote:
> > > + u64 *W = get_cpu_var(msg_schedule);
> >
> > This should be protected by preempt_disable(), shouldn't it?
>
> get_cpu_var does it implicitly.
Yeah, that simple!
--
Evgeniy Polyakov
On Sun, Dec 07, 2008 at 11:17:27PM +0100, Adrian-Ken Rueegsegger wrote:
> This resend contains the fixed up sha512 patches to switch the last
> remaining algorithm to shash.
>
> The first patch is now correct also in the case of preemption. The
> second patch remains unchanged.
Both applied. Thanks a lot Adrian!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt