2015-10-12 16:53:54

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH] crypto: add precalculated hash for zero message length

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Regards


2015-10-12 16:53:40

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 2/8] crypto: niagara: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/n2_core.c | 33 ++++++---------------------------
1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 2e8dab9..8ea6c32 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue *qp, int this_len)

struct n2_ahash_alg {
struct list_head entry;
- const char *hash_zero;
+ const u8 *hash_zero;
const u32 *hash_init;
u8 hw_op_hashsz;
u8 digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);

struct n2_hash_tmpl {
const char *name;
- const char *hash_zero;
+ const u8 *hash_zero;
const u32 *hash_init;
u8 hw_op_hashsz;
u8 digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
u8 hmac_type;
};

-static const char md5_zero[MD5_DIGEST_SIZE] = {
- 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
- 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
static const u32 md5_init[MD5_HASH_WORDS] = {
cpu_to_le32(MD5_H0),
cpu_to_le32(MD5_H1),
cpu_to_le32(MD5_H2),
cpu_to_le32(MD5_H3),
};
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
- 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
- 0x07, 0x09
-};
static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
};
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
- 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
- 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
- 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
};
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
- 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
- 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
- 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
- 0x2f
-};
static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {

static const struct n2_hash_tmpl hash_tmpls[] = {
{ .name = "md5",
- .hash_zero = md5_zero,
+ .hash_zero = md5_zero_message_hash,
.hash_init = md5_init,
.auth_type = AUTH_TYPE_MD5,
.hmac_type = AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = MD5_DIGEST_SIZE,
.block_size = MD5_HMAC_BLOCK_SIZE },
{ .name = "sha1",
- .hash_zero = sha1_zero,
+ .hash_zero = sha1_zero_message_hash,
.hash_init = sha1_init,
.auth_type = AUTH_TYPE_SHA1,
.hmac_type = AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = SHA1_DIGEST_SIZE,
.block_size = SHA1_BLOCK_SIZE },
{ .name = "sha256",
- .hash_zero = sha256_zero,
+ .hash_zero = sha256_zero_message_hash,
.hash_init = sha256_init,
.auth_type = AUTH_TYPE_SHA256,
.hmac_type = AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
.digest_size = SHA256_DIGEST_SIZE,
.block_size = SHA256_BLOCK_SIZE },
{ .name = "sha224",
- .hash_zero = sha224_zero,
+ .hash_zero = sha224_zero_message_hash,
.hash_init = sha224_init,
.auth_type = AUTH_TYPE_SHA256,
.hmac_type = AUTH_TYPE_RESERVED,
--
2.4.9

2015-10-12 16:53:41

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
1 file changed, 8 insertions(+), 32 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..3002b418 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
};

-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation. However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
- 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
- 0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
- 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
- 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
- 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
- 0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
- 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
- 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
static u32 ccp_addr_lo(struct ccp_dma_info *info)
{
return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
if (sha->msg_bits)
return -EINVAL;

- /* A sha operation for a message with a total length of zero,
- * return known result.
- */
+/* The CCP cannot perform zero-length sha operations so the caller
+ * is required to buffer data for the final operation. However, a
+ * sha operation for a message with a total length of zero is valid
+ * so known values are required to supply the result.
+ */
switch (sha->type) {
case CCP_SHA_TYPE_1:
- sha_zero = ccp_sha1_zero;
+ sha_zero = sha1_zero_message_hash;
break;
case CCP_SHA_TYPE_224:
- sha_zero = ccp_sha224_zero;
+ sha_zero = sha224_zero_message_hash;
break;
case CCP_SHA_TYPE_256:
- sha_zero = ccp_sha256_zero;
+ sha_zero = sha256_zero_message_hash;
break;
default:
return -EINVAL;
--
2.4.9

2015-10-12 16:53:43

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin <[email protected]>
---
include/crypto/akcipher.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e..0c9fa68 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -19,12 +19,12 @@
*
* @base: Common attributes for async crypto requests
* @src: Pointer to memory containing the input parameters
- * The format of the parameter(s) is expeted to be Octet String
- * @dst: Pointer to memory whare the result will be stored
+ * The format of the parameter(s) is expected to be Octet String
+ * @dst: Pointer to memory where the result will be stored
* @src_len: Size of the input parameter
- * @dst_len: Size of the output buffer. It needs to be at leaset
+ * @dst_len: Size of the output buffer. It needs to be at least
* as big as the expected result depending on the operation
- * After operation it will be updated with the acctual size of the
+ * After operation it will be updated with the actual size of the
* result. In case of error, where the dst_len was insufficient,
* it will be updated to the size required for the operation.
* @__ctx: Start of private context data
@@ -59,7 +59,7 @@ struct crypto_akcipher {
* algorithm. In case of error, where the dst_len was insufficient,
* the req->dst_len will be updated to the size required for the
* operation
- * @encrypt: Function performs an encrytp operation as defined by public key
+ * @encrypt: Function performs an encrypt operation as defined by public key
* algorithm. In case of error, where the dst_len was insufficient,
* the req->dst_len will be updated to the size required for the
* operation
@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
}

/**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
*
* Sets parameters required by crypto operation
*
@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
* @dst: ptr of output parameter
* @src_len: size of the input buffer
* @dst_len: size of the output buffer. It will be updated by the
- * implementation to reflect the acctual size of the result
+ * implementation to reflect the actual size of the result
*/
static inline void akcipher_request_set_crypt(struct akcipher_request *req,
void *src, void *dst,
--
2.4.9

2015-10-12 16:53:45

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 7/8] crypto: testmgr: Constify tested key/iv/plaintext/digest

All key/iv/plaintext/digest in testmgr are constant data.
Furthermore the testmgr will never modify thoses data.
This patch set all members of xxx_testvec as pointer to const.

Signed-off-by: LABBE Corentin <[email protected]>
---
crypto/testmgr.h | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a80..03b2f19 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -37,9 +37,9 @@

struct hash_testvec {
/* only used with keyed hash algorithms */
- char *key;
- char *plaintext;
- char *digest;
+ const char *key;
+ const char *plaintext;
+ const char *digest;
unsigned char tap[MAX_TAP];
unsigned short psize;
unsigned char np;
@@ -65,10 +65,10 @@ struct hash_testvec {
*/

struct cipher_testvec {
- char *key;
- char *iv;
- char *input;
- char *result;
+ const char *key;
+ const char *iv;
+ const char *input;
+ const char *result;
unsigned short tap[MAX_TAP];
int np;
unsigned char also_non_np;
@@ -80,11 +80,11 @@ struct cipher_testvec {
};

struct aead_testvec {
- char *key;
- char *iv;
- char *input;
- char *assoc;
- char *result;
+ const char *key;
+ const char *iv;
+ const char *input;
+ const char *assoc;
+ const char *result;
unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP];
int np;
@@ -99,10 +99,10 @@ struct aead_testvec {
};

struct cprng_testvec {
- char *key;
- char *dt;
- char *v;
- char *result;
+ const char *key;
+ const char *dt;
+ const char *v;
+ const char *result;
unsigned char klen;
unsigned short dtlen;
unsigned short vlen;
@@ -126,7 +126,7 @@ struct drbg_testvec {
};

struct akcipher_testvec {
- unsigned char *key;
+ const unsigned char *key;
unsigned char *m;
unsigned char *c;
unsigned int key_len;
--
2.4.9

2015-10-12 16:53:46

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
crypto/testmgr.h | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..9585854 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -367,8 +367,7 @@ static struct hash_testvec md4_tv_template [] = {

static struct hash_testvec md5_tv_template[] = {
{
- .digest = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
- "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+ .digest = md5_zero_message_hash,
}, {
.plaintext = "a",
.psize = 1,
@@ -713,8 +712,7 @@ static struct hash_testvec sha1_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
- "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+ .digest = sha1_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
@@ -905,10 +903,7 @@ static struct hash_testvec sha224_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
- "\x47\x61\x02\xbb\x28\x82\x34\xc4"
- "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
- "\xc5\xb3\xe4\x2f",
+ .digest = sha224_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
@@ -1079,10 +1074,7 @@ static struct hash_testvec sha256_tv_template[] = {
{
.plaintext = "",
.psize = 0,
- .digest = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
- "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
- "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
- "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+ .digest = sha256_zero_message_hash,
}, {
.plaintext = "abc",
.psize = 3,
--
2.4.9

2015-10-12 16:54:32

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

All cryptoAPI setkey function set the key parameter as const u8 *.
This patch make the crypto_akcipher_setkey parameters like others.

Signed-off-by: LABBE Corentin <[email protected]>
---
include/crypto/akcipher.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 0c9fa68..ade053b 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -330,7 +330,8 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
*
* Return: zero on success; error code in case of error
*/
-static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm, void *key,
+static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
+ const u8 *key,
unsigned int keylen)
{
struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
--
2.4.9

2015-10-12 16:53:42

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 4/8] crypto: ux500: Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <[email protected]>
---
drivers/crypto/ux500/hash/hash_core.c | 20 ++------------------
1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c b/drivers/crypto/ux500/hash/hash_core.c
index 8b9391f..0de5f59 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
module_param(hash_mode, int, 0);
MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");

-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
- 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
- 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
- 0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
- 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
- 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
- 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
- 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
/* HMAC-SHA1, no key */
static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(

if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
- memcpy(zero_hash, &zero_message_hash_sha1[0],
+ memcpy(zero_hash, &sha1_zero_message_hash[0],
SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
- memcpy(zero_hash, &zero_message_hash_sha256[0],
+ memcpy(zero_hash, &sha256_zero_message_hash[0],
SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
--
2.4.9

2015-10-12 16:53:39

by Corentin Labbe

[permalink] [raw]
Subject: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin <[email protected]>
---
include/crypto/md5.h | 5 +++++
include/crypto/sha.h | 20 ++++++++++++++++++++
2 files changed, 25 insertions(+)

diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..6496ee0 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,11 @@
#define MD5_H2 0x98badcfeUL
#define MD5_H3 0x10325476UL

+static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+ 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+ 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+
struct md5_state {
u32 hash[MD5_HASH_WORDS];
u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..02d7ffb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,26 @@
#define SHA512_H6 0x1f83d9abfb41bd6bULL
#define SHA512_H7 0x5be0cd19137e2179ULL

+static const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+ 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+ 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+ 0xaf, 0xd8, 0x07, 0x09
+};
+
+static const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+ 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+ 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+ 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+ 0x2f
+};
+
+static const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+ 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+ 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+ 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+
struct sha1_state {
u32 state[SHA1_DIGEST_SIZE / 4];
u64 count;
--
2.4.9

2015-10-12 19:25:04

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

Hi LABBE,

[auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]

url: https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151013-005943
config: arm-mmp (attached as .config)
reproduce:
wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm

All errors (new ones prefixed by >>):

In file included from crypto/testmgr.c:48:0:
>> crypto/testmgr.h:370:13: error: 'md5_zero_message_hash' undeclared here (not in a function)
.digest = md5_zero_message_hash,
^
>> crypto/testmgr.h:715:13: error: 'sha1_zero_message_hash' undeclared here (not in a function)
.digest = sha1_zero_message_hash,
^
>> crypto/testmgr.h:715:3: error: initializer element is not constant
.digest = sha1_zero_message_hash,
^
crypto/testmgr.h:715:3: error: (near initialization for 'sha1_tv_template[0].digest')
>> crypto/testmgr.h:906:13: error: 'sha224_zero_message_hash' undeclared here (not in a function)
.digest = sha224_zero_message_hash,
^
crypto/testmgr.h:906:3: error: initializer element is not constant
.digest = sha224_zero_message_hash,
^
crypto/testmgr.h:906:3: error: (near initialization for 'sha224_tv_template[0].digest')
>> crypto/testmgr.h:1077:13: error: 'sha256_zero_message_hash' undeclared here (not in a function)
.digest = sha256_zero_message_hash,
^
crypto/testmgr.h:1077:3: error: initializer element is not constant
.digest = sha256_zero_message_hash,
^
crypto/testmgr.h:1077:3: error: (near initialization for 'sha256_tv_template[0].digest')

vim +/md5_zero_message_hash +370 crypto/testmgr.h

364 * MD5 test vectors from RFC1321
365 */
366 #define MD5_TEST_VECTORS 7
367
368 static struct hash_testvec md5_tv_template[] = {
369 {
> 370 .digest = md5_zero_message_hash,
371 }, {
372 .plaintext = "a",
373 .psize = 1,

---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation


Attachments:
(No filename) (2.33 kB)
.config.gz (23.63 kB)
Download all attachments

2015-10-12 19:31:24

by Corentin Labbe

[permalink] [raw]
Subject: Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

Le 12/10/2015 21:24, kbuild test robot a ?crit :
> Hi LABBE,
>
> [auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]
>
> url: https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151013-005943
> config: arm-mmp (attached as .config)
> reproduce:
> wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # save the attached .config to linux build tree
> make.cross ARCH=arm
>
> All errors (new ones prefixed by >>):
>
> In file included from crypto/testmgr.c:48:0:
>>> crypto/testmgr.h:370:13: error: 'md5_zero_message_hash' undeclared here (not in a function)
> .digest = md5_zero_message_hash,
> ^
>>> crypto/testmgr.h:715:13: error: 'sha1_zero_message_hash' undeclared here (not in a function)
> .digest = sha1_zero_message_hash,
> ^
>>> crypto/testmgr.h:715:3: error: initializer element is not constant
> .digest = sha1_zero_message_hash,
> ^
> crypto/testmgr.h:715:3: error: (near initialization for 'sha1_tv_template[0].digest')
>>> crypto/testmgr.h:906:13: error: 'sha224_zero_message_hash' undeclared here (not in a function)
> .digest = sha224_zero_message_hash,
> ^
> crypto/testmgr.h:906:3: error: initializer element is not constant
> .digest = sha224_zero_message_hash,
> ^
> crypto/testmgr.h:906:3: error: (near initialization for 'sha224_tv_template[0].digest')
>>> crypto/testmgr.h:1077:13: error: 'sha256_zero_message_hash' undeclared here (not in a function)
> .digest = sha256_zero_message_hash,
> ^
> crypto/testmgr.h:1077:3: error: initializer element is not constant
> .digest = sha256_zero_message_hash,
> ^
> crypto/testmgr.h:1077:3: error: (near initialization for 'sha256_tv_template[0].digest')
>
> vim +/md5_zero_message_hash +370 crypto/testmgr.h
>
> 364 * MD5 test vectors from RFC1321
> 365 */
> 366 #define MD5_TEST_VECTORS 7
> 367
> 368 static struct hash_testvec md5_tv_template[] = {
> 369 {
> > 370 .digest = md5_zero_message_hash,
> 371 }, {
> 372 .plaintext = "a",
> 373 .psize = 1,
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>

Oups I forgot to add sha and md5 header, I will resend tomorow.

Regards

2015-10-12 21:17:00

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

On 10/12/2015 11:53 AM, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <[email protected]>

Just a minor comment below.

Tested-by: Tom Lendacky <[email protected]>
Acked-by: Tom Lendacky <[email protected]>

> ---
> drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
> 1 file changed, 8 insertions(+), 32 deletions(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index d09c6c4..3002b418 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
> cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
> };
>
> -/* The CCP cannot perform zero-length sha operations so the caller
> - * is required to buffer data for the final operation. However, a
> - * sha operation for a message with a total length of zero is valid
> - * so known values are required to supply the result.
> - */
> -static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
> - 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> - 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> - 0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
> - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
> - 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
> - 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
> - 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
> - 0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
> - 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
> - 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
> - 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
> - 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
> -};
> -
> static u32 ccp_addr_lo(struct ccp_dma_info *info)
> {
> return lower_32_bits(info->address + info->offset);
> @@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
> if (sha->msg_bits)
> return -EINVAL;
>
> - /* A sha operation for a message with a total length of zero,
> - * return known result.
> - */
> +/* The CCP cannot perform zero-length sha operations so the caller
> + * is required to buffer data for the final operation. However, a
> + * sha operation for a message with a total length of zero is valid
> + * so known values are required to supply the result.
> + */

This comment should be indented and re-flowed to be consistent with
previous comments in this same section.

Thanks,
Tom

> switch (sha->type) {
> case CCP_SHA_TYPE_1:
> - sha_zero = ccp_sha1_zero;
> + sha_zero = sha1_zero_message_hash;
> break;
> case CCP_SHA_TYPE_224:
> - sha_zero = ccp_sha224_zero;
> + sha_zero = sha224_zero_message_hash;
> break;
> case CCP_SHA_TYPE_256:
> - sha_zero = ccp_sha256_zero;
> + sha_zero = sha256_zero_message_hash;
> break;
> default:
> return -EINVAL;
>

2015-10-14 10:08:29

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
> Some crypto drivers cannot process empty data message and return a
> precalculated hash for md5/sha1/sha224/sha256.
>
> This patch add thoses precalculated hash in include/crypto.
>
> Signed-off-by: LABBE Corentin <[email protected]>
> ---
> include/crypto/md5.h | 5 +++++
> include/crypto/sha.h | 20 ++++++++++++++++++++
> 2 files changed, 25 insertions(+)
>
> diff --git a/include/crypto/md5.h b/include/crypto/md5.h
> index 146af82..6496ee0 100644
> --- a/include/crypto/md5.h
> +++ b/include/crypto/md5.h
> @@ -13,6 +13,11 @@
> #define MD5_H2 0x98badcfeUL
> #define MD5_H3 0x10325476UL
>
> +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
> + 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
> + 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
> +};
> +

This potentially creates this structure in every file that includes
md5.h. How about putting it into md5_generic and exporting it?

> diff --git a/include/crypto/sha.h b/include/crypto/sha.h
> index dd7905a..02d7ffb 100644
> --- a/include/crypto/sha.h
> +++ b/include/crypto/sha.h
> @@ -64,6 +64,26 @@
> #define SHA512_H6 0x1f83d9abfb41bd6bULL
> #define SHA512_H7 0x5be0cd19137e2179ULL
>
> +static const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
> + 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> + 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> + 0xaf, 0xd8, 0x07, 0x09
> +};

Ditto.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

2015-10-15 09:42:10

by LABBE Corentin

[permalink] [raw]
Subject: Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

On Wed, Oct 14, 2015 at 06:08:02PM +0800, Herbert Xu wrote:
> On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
> > Some crypto drivers cannot process empty data message and return a
> > precalculated hash for md5/sha1/sha224/sha256.
> >
> > This patch add thoses precalculated hash in include/crypto.
> >
> > Signed-off-by: LABBE Corentin <[email protected]>
> > ---
> > include/crypto/md5.h | 5 +++++
> > include/crypto/sha.h | 20 ++++++++++++++++++++
> > 2 files changed, 25 insertions(+)
> >
> > diff --git a/include/crypto/md5.h b/include/crypto/md5.h
> > index 146af82..6496ee0 100644
> > --- a/include/crypto/md5.h
> > +++ b/include/crypto/md5.h
> > @@ -13,6 +13,11 @@
> > #define MD5_H2 0x98badcfeUL
> > #define MD5_H3 0x10325476UL
> >
> > +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
> > + 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
> > + 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
> > +};
> > +
>
> This potentially creates this structure in every file that includes
> md5.h. How about putting it into md5_generic and exporting it?
>

md5_generic does not exists, do you mean md5.c ?
I have made some try with EXPORT_SYMBOL() but without success.
Do you have any example of how to do that ?

Regards

2015-10-16 11:26:10

by Ulf Hansson

[permalink] [raw]
Subject: Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

On 15 October 2015 at 11:42, LABBE Corentin <[email protected]> wrote:
> On Wed, Oct 14, 2015 at 06:08:02PM +0800, Herbert Xu wrote:
>> On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
>> > Some crypto drivers cannot process empty data message and return a
>> > precalculated hash for md5/sha1/sha224/sha256.
>> >
>> > This patch add thoses precalculated hash in include/crypto.
>> >
>> > Signed-off-by: LABBE Corentin <[email protected]>
>> > ---
>> > include/crypto/md5.h | 5 +++++
>> > include/crypto/sha.h | 20 ++++++++++++++++++++
>> > 2 files changed, 25 insertions(+)
>> >
>> > diff --git a/include/crypto/md5.h b/include/crypto/md5.h
>> > index 146af82..6496ee0 100644
>> > --- a/include/crypto/md5.h
>> > +++ b/include/crypto/md5.h
>> > @@ -13,6 +13,11 @@
>> > #define MD5_H2 0x98badcfeUL
>> > #define MD5_H3 0x10325476UL
>> >
>> > +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
>> > + 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
>> > + 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
>> > +};
>> > +
>>
>> This potentially creates this structure in every file that includes
>> md5.h. How about putting it into md5_generic and exporting it?
>>
>
> md5_generic does not exists, do you mean md5.c ?
> I have made some try with EXPORT_SYMBOL() but without success.
> Do you have any example of how to do that ?
>

In the header file:
extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];

In the c-file:
const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
};
EXPORT_SYMBOL(md5_zero_message_hash);

Kind regards
Uffe