2015-10-20 07:34:11

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH v2] crypto: add precalculated hash for zero message length

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Changes since v1:
- Added missing sha/md5 header in testmgr.h
- indented a block comment in CCP
- moved precalculated hash from header to .c files

Regards


2015-10-20 07:34:14

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 2/8] crypto: niagara: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/n2_core.c | 33 ++++++---------------------------
1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 2e8dab9..8ea6c32 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue *qp, int this_len)

struct n2_ahash_alg {
struct list_head entry;
- const char *hash_zero;
+ const u8 *hash_zero;
const u32 *hash_init;
u8 hw_op_hashsz;
u8 digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);

struct n2_hash_tmpl {
const char *name;
- const char *hash_zero;
+ const u8 *hash_zero;
const u32 *hash_init;
u8 hw_op_hashsz;
u8 digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
u8 hmac_type;
};

-static const char md5_zero[MD5_DIGEST_SIZE] = {
- 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
- 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
static const u32 md5_init[MD5_HASH_WORDS] = {
cpu_to_le32(MD5_H0),
cpu_to_le32(MD5_H1),
cpu_to_le32(MD5_H2),
cpu_to_le32(MD5_H3),
};
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
- 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
- 0x07, 0x09
-};
static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
};
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
- 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
- 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
- 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
};
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
- 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
- 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
- 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
- 0x2f
-};
static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {

static const struct n2_hash_tmpl hash_tmpls[] = {
{ .name = "md5",
- .hash_zero = md5_zero,
+ .hash_zero = md5_zero_message_hash,
.hash_init = md5_init,
.auth_type = AUTH_TYPE_MD5,
.hmac_type = AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = MD5_DIGEST_SIZE,
.block_size = MD5_HMAC_BLOCK_SIZE },
{ .name = "sha1",
- .hash_zero = sha1_zero,
+ .hash_zero = sha1_zero_message_hash,
.hash_init = sha1_init,
.auth_type = AUTH_TYPE_SHA1,
.hmac_type = AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = SHA1_DIGEST_SIZE,
.block_size = SHA1_BLOCK_SIZE },
{ .name = "sha256",
- .hash_zero = sha256_zero,
+ .hash_zero = sha256_zero_message_hash,
.hash_init = sha256_init,
.auth_type = AUTH_TYPE_SHA256,
.hmac_type = AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = SHA256_DIGEST_SIZE,
.block_size = SHA256_BLOCK_SIZE },
{ .name = "sha224",
- .hash_zero = sha224_zero,
+ .hash_zero = sha224_zero_message_hash,
.hash_init = sha224_init,
.auth_type = AUTH_TYPE_SHA256,
.hmac_type = AUTH_TYPE_RESERVED,
--
2.4.10

2015-10-20 07:34:04

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
crypto/testmgr.h | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..7a8f51e 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -28,6 +28,8 @@
#include <linux/zlib.h>

#include <crypto/compress.h>
+#include <crypto/md5.h>
+#include <crypto/sha.h>

#define MAX_DIGEST_SIZE 64
#define MAX_TAP 8
@@ -367,8 +369,7 @@ static struct hash_testvec md4_tv_template [] = {

static struct hash_testvec md5_tv_template[] = {
{
- .digest = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
- "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+ .digest = md5_zero_message_hash,
}, {
.plaintext = "a",
.psize = 1,
@@ -713,8 +714,7 @@ static struct hash_testvec sha1_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
- "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+ .digest = sha1_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
@@ -905,10 +905,7 @@ static struct hash_testvec sha224_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
- "\x47\x61\x02\xbb\x28\x82\x34\xc4"
- "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
- "\xc5\xb3\xe4\x2f",
+ .digest = sha224_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
@@ -1079,10 +1076,7 @@ static struct hash_testvec sha256_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
- "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
- "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
- "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+ .digest = sha256_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
--
2.4.10

2015-10-20 07:34:02

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

All cryptoAPI setkey function set the key parameter as const u8 *.
This patch make the crypto_akcipher_setkey parameters like others.

Signed-off-by: LABBE Corentin <[email protected]>
---
include/crypto/akcipher.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 0c9fa68..ade053b 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -330,7 +330,8 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
*
* Return: zero on success; error code in case of error
*/
-static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm, void *key,
+static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
+ const u8 *key,
unsigned int keylen)
{
struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
--
2.4.10

2015-10-20 07:34:00

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 4/8] crypto: ux500: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/ux500/hash/hash_core.c | 20 ++------------------
1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c b/drivers/crypto/ux500/hash/hash_core.c
index 8b9391f..0de5f59 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
module_param(hash_mode, int, 0);
MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");

-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
- 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
- 0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
- 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
- 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
/* HMAC-SHA1, no key */
static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(

if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
- memcpy(zero_hash, &zero_message_hash_sha1[0],
+ memcpy(zero_hash, &sha1_zero_message_hash[0],
SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
- memcpy(zero_hash, &zero_message_hash_sha256[0],
+ memcpy(zero_hash, &sha256_zero_message_hash[0],
SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
--
2.4.10

2015-10-20 07:34:03

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 7/8] crypto: testmgr: Constify tested key/iv/plaintext/digest

All key/iv/plaintext/digest in testmgr are constant data.
Furthermore the testmgr will never modify thoses data.
This patch set all members of xxx_testvec as pointer to const.

Signed-off-by: LABBE Corentin <[email protected]>
---
crypto/testmgr.h | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a80..03b2f19 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -37,9 +37,9 @@

struct hash_testvec {
/* only used with keyed hash algorithms */
- char *key;
- char *plaintext;
- char *digest;
+ const char *key;
+ const char *plaintext;
+ const char *digest;
unsigned char tap[MAX_TAP];
unsigned short psize;
unsigned char np;
@@ -65,10 +65,10 @@ struct hash_testvec {
*/

struct cipher_testvec {
- char *key;
- char *iv;
- char *input;
- char *result;
+ const char *key;
+ const char *iv;
+ const char *input;
+ const char *result;
unsigned short tap[MAX_TAP];
int np;
unsigned char also_non_np;
@@ -80,11 +80,11 @@ struct cipher_testvec {
};

struct aead_testvec {
- char *key;
- char *iv;
- char *input;
- char *assoc;
- char *result;
+ const char *key;
+ const char *iv;
+ const char *input;
+ const char *assoc;
+ const char *result;
unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP];
int np;
@@ -99,10 +99,10 @@ struct aead_testvec {
};

struct cprng_testvec {
- char *key;
- char *dt;
- char *v;
- char *result;
+ const char *key;
+ const char *dt;
+ const char *v;
+ const char *result;
unsigned char klen;
unsigned short dtlen;
unsigned short vlen;
@@ -126,7 +126,7 @@ struct drbg_testvec {
};

struct akcipher_testvec {
- unsigned char *key;
+ const unsigned char *key;
unsigned char *m;
unsigned char *c;
unsigned int key_len;
--
2.4.10

2015-10-20 07:33:59

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/ccp/ccp-ops.c | 39 ++++++++-------------------------------
1 file changed, 8 insertions(+), 31 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..64fac2b 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
};

-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation. However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
- 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
- 0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
- 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
- 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
- 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
- 0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
- 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
- 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
static u32 ccp_addr_lo(struct ccp_dma_info *info)
{
return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
if (sha->msg_bits)
return -EINVAL;

- /* A sha operation for a message with a total length of zero,
- * return known result.
+ /* The CCP cannot perform zero-length sha operations so the
+ * caller is required to buffer data for the final operation.
+ * However, a sha operation for a message with a total length
+ * of zero is valid so known values are required to supply
+ * the result.
*/
switch (sha->type) {
case CCP_SHA_TYPE_1:
- sha_zero = ccp_sha1_zero;
+ sha_zero = sha1_zero_message_hash;
break;
case CCP_SHA_TYPE_224:
- sha_zero = ccp_sha224_zero;
+ sha_zero = sha224_zero_message_hash;
break;
case CCP_SHA_TYPE_256:
- sha_zero = ccp_sha256_zero;
+ sha_zero = sha256_zero_message_hash;
break;
default:
return -EINVAL;
--
2.4.10

2015-10-20 07:34:01

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin <[email protected]>
---
include/crypto/akcipher.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e..0c9fa68 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -19,12 +19,12 @@
*
* @base: Common attributes for async crypto requests
* @src: Pointer to memory containing the input parameters
- * The format of the parameter(s) is expeted to be Octet String
- * @dst: Pointer to memory whare the result will be stored
+ * The format of the parameter(s) is expected to be Octet String
+ * @dst: Pointer to memory where the result will be stored
* @src_len: Size of the input parameter
- * @dst_len: Size of the output buffer. It needs to be at leaset
+ * @dst_len: Size of the output buffer. It needs to be at least
* as big as the expected result depending on the operation
- * After operation it will be updated with the acctual size of the
+ * After operation it will be updated with the actual size of the
* result. In case of error, where the dst_len was insufficient,
* it will be updated to the size required for the operation.
* @__ctx: Start of private context data
@@ -59,7 +59,7 @@ struct crypto_akcipher {
* algorithm. In case of error, where the dst_len was insufficient,
* the req->dst_len will be updated to the size required for the
* operation
- * @encrypt: Function performs an encrytp operation as defined by public key
+ * @encrypt: Function performs an encrypt operation as defined by public key
* algorithm. In case of error, where the dst_len was insufficient,
* the req->dst_len will be updated to the size required for the
* operation
@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
}

/**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
*
* Sets parameters required by crypto operation
*
@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
* @dst: ptr of output parameter
* @src_len: size of the input buffer
* @dst_len: size of the output buffer. It will be updated by the
- * implementation to reflect the acctual size of the result
+ * implementation to reflect the actual size of the result
*/
static inline void akcipher_request_set_crypt(struct akcipher_request *req,
void *src, void *dst,
--
2.4.10

2015-10-20 07:33:57

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin <[email protected]>
---
crypto/md5.c | 6 ++++++
crypto/sha1_generic.c | 7 +++++++
crypto/sha256_generic.c | 16 ++++++++++++++++
include/crypto/md5.h | 2 ++
include/crypto/sha.h | 6 ++++++
5 files changed, 37 insertions(+)

diff --git a/crypto/md5.c b/crypto/md5.c
index 33d17e9..2355a7c 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -24,6 +24,12 @@
#include <linux/cryptohash.h>
#include <asm/byteorder.h>

+const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+ 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+ 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+EXPORT_SYMBOL_GPL(md5_zero_message_hash);
+
/* XXX: this stuff can be optimized */
static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
{
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 39e3acc..6877cbb 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -26,6 +26,13 @@
#include <crypto/sha1_base.h>
#include <asm/byteorder.h>

+const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+ 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+ 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+ 0xaf, 0xd8, 0x07, 0x09
+};
+EXPORT_SYMBOL_GPL(sha1_zero_message_hash);
+
static void sha1_generic_block_fn(struct sha1_state *sst, u8 const *src,
int blocks)
{
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 7843116..8f9c47e 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -27,6 +27,22 @@
#include <asm/byteorder.h>
#include <asm/unaligned.h>

+const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+ 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+ 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+ 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+ 0x2f
+};
+EXPORT_SYMBOL_GPL(sha224_zero_message_hash);
+
+const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+ 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+ 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
+
static inline u32 Ch(u32 x, u32 y, u32 z)
{
return z ^ (x & (y ^ z));
diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..327deac 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,8 @@
#define MD5_H2 0x98badcfeUL
#define MD5_H3 0x10325476UL

+extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];
+
struct md5_state {
u32 hash[MD5_HASH_WORDS];
u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..c94d3eb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,12 @@
#define SHA512_H6 0x1f83d9abfb41bd6bULL
#define SHA512_H7 0x5be0cd19137e2179ULL

+extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
+
+extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
+
+extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
+
struct sha1_state {
u32 state[SHA1_DIGEST_SIZE / 4];
u64 count;
--
2.4.10

2015-10-20 07:57:24

by Stephan Müller

[permalink] [raw]
Subject: Re: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

Am Dienstag, 20. Oktober 2015, 09:34:01 schrieb LABBE Corentin:

Hi LABBE,

>Fix numerous spelling error in include/crypto/akcipher.h
>
>Signed-off-by: LABBE Corentin <[email protected]>
>---
> include/crypto/akcipher.h | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
>diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
>index 69d163e..0c9fa68 100644
>--- a/include/crypto/akcipher.h
>+++ b/include/crypto/akcipher.h
>@@ -19,12 +19,12 @@
> *
> * @base: Common attributes for async crypto requests
> * @src: Pointer to memory containing the input parameters
>- * The format of the parameter(s) is expeted to be Octet String
>- * @dst: Pointer to memory whare the result will be stored
>+ * The format of the parameter(s) is expected to be Octet String
>+ * @dst: Pointer to memory where the result will be stored
> * @src_len: Size of the input parameter
>- * @dst_len: Size of the output buffer. It needs to be at leaset
>+ * @dst_len: Size of the output buffer. It needs to be at least
> * as big as the expected result depending on the operation
>- * After operation it will be updated with the acctual size of
the
>+ * After operation it will be updated with the actual size of the
> * result. In case of error, where the dst_len was insufficient,
> * it will be updated to the size required for the operation.
> * @__ctx: Start of private context data
>@@ -59,7 +59,7 @@ struct crypto_akcipher {
> * algorithm. In case of error, where the dst_len was
insufficient,
> * the req->dst_len will be updated to the size required for the
> * operation
>- * @encrypt: Function performs an encrytp operation as defined by public
key
>+ * @encrypt: Function performs an encrypt operation as defined by public
>key * algorithm. In case of error, where the dst_len was
insufficient,
>* the req->dst_len will be updated to the size required for the
> * operation
>@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, }
>
> /**
>- * akcipher_request_set_crypt() -- Sets reqest parameters
>+ * akcipher_request_set_crypt() -- Sets request parameters

Note, this patch will clash with my patch that I sent 2 days ago: I removed
the double slashes from these lines here as they do not look good in a
DocBook.
> *
> * Sets parameters required by crypto operation
> *
>@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, * @dst: ptr of output parameter
> * @src_len: size of the input buffer
> * @dst_len: size of the output buffer. It will be updated by the
>- * implementation to reflect the acctual size of the result
>+ * implementation to reflect the actual size of the result
> */
> static inline void akcipher_request_set_crypt(struct akcipher_request *req,
> void *src, void *dst,


Ciao
Stephan

2015-10-21 03:13:17

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH 4/8] crypto: ux500: Use precalculated hash from headers

Hi LABBE,

[auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]

url: https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151020-154222
config: arm-u8500_defconfig (attached as .config)
reproduce:
wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm

All errors (new ones prefixed by >>):

drivers/built-in.o: In function `get_empty_message_digest':
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to `sha1_zero_message_hash'
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to `sha1_zero_message_hash'

vim +229 drivers/crypto/ux500/hash/hash_core.c

223 /**
224 * Caller responsible for ctx != NULL.
225 */
226
227 if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
228 if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
> 229 memcpy(zero_hash, &sha1_zero_message_hash[0],
230 SHA1_DIGEST_SIZE);
231 *zero_hash_size = SHA1_DIGEST_SIZE;
232 *zero_digest = true;

---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation


Attachments:
(No filename) (1.41 kB)
.config.gz (19.48 kB)
Download all attachments

2015-10-22 18:18:30

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

On 10/20/2015 02:33 AM, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <[email protected]>

Tested-by: Tom Lendacky <[email protected]>
Acked-by: Tom Lendacky <[email protected]>

> ---
> drivers/crypto/ccp/ccp-ops.c | 39 ++++++++-------------------------------
> 1 file changed, 8 insertions(+), 31 deletions(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index d09c6c4..64fac2b 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
> cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
> };
>
> -/* The CCP cannot perform zero-length sha operations so the caller
> - * is required to buffer data for the final operation. However, a
> - * sha operation for a message with a total length of zero is valid
> - * so known values are required to supply the result.
> - */
> -static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
> - 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> - 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> - 0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
> - 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
> - 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
> - 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
> - 0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
> - 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
> - 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
> - 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
> - 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
> -};
> -
> static u32 ccp_addr_lo(struct ccp_dma_info *info)
> {
> return lower_32_bits(info->address + info->offset);
> @@ -1388,18 +1362,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
> if (sha->msg_bits)
> return -EINVAL;
>
> - /* A sha operation for a message with a total length of zero,
> - * return known result.
> + /* The CCP cannot perform zero-length sha operations so the
> + * caller is required to buffer data for the final operation.
> + * However, a sha operation for a message with a total length
> + * of zero is valid so known values are required to supply
> + * the result.
> */
> switch (sha->type) {
> case CCP_SHA_TYPE_1:
> - sha_zero = ccp_sha1_zero;
> + sha_zero = sha1_zero_message_hash;
> break;
> case CCP_SHA_TYPE_224:
> - sha_zero = ccp_sha224_zero;
> + sha_zero = sha224_zero_message_hash;
> break;
> case CCP_SHA_TYPE_256:
> - sha_zero = ccp_sha256_zero;
> + sha_zero = sha256_zero_message_hash;
> break;
> default:
> return -EINVAL;
>

2015-11-17 09:51:48

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 2/8] crypto: niagara: Use precalculated hash from headers

On Tue, Oct 20, 2015 at 09:33:58AM +0200, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <[email protected]>

You need to select CRYPTO_MD5 and CRYPTO_SHA*. Please add the
corresponding Kconfig changes and resubmit.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-11-17 09:52:02

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

On Tue, Oct 20, 2015 at 09:34:02AM +0200, LABBE Corentin wrote:
> All cryptoAPI setkey function set the key parameter as const u8 *.
> This patch make the crypto_akcipher_setkey parameters like others.
>
> Signed-off-by: LABBE Corentin <[email protected]>

This patch no longer applies.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-11-17 09:56:57

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

On Tue, Oct 20, 2015 at 09:34:04AM +0200, LABBE Corentin wrote:
> Since md5/shaxxx headers have hash for zero message length, just use them.
>
> Signed-off-by: LABBE Corentin <[email protected]>

This too would need a dependency on the MD5/SHA Kconfig options.

However, for now this is just too hard as it would result in a
circular dependency. Let's revisit this after we move the test
vectors into the generic implementations.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt