Commit 00d549bb authored by Eric Biggers's avatar Eric Biggers
Browse files

lib/crypto: arm64/sha1: Migrate optimized code into library 



Instead of exposing the arm64-optimized SHA-1 code via arm64-specific
crypto_shash algorithms, instead just implement the sha1_blocks()
library function.  This is much simpler, it makes the SHA-1 library
functions be arm64-optimized, and it fixes the longstanding issue where
the arm64-optimized SHA-1 code was disabled by default.  SHA-1 still
remains available through crypto_shash, but individual architectures no
longer need to handle it.

Remove support for SHA-1 finalization from assembly code, since the
library does not yet support architecture-specific overrides of the
finalization.  (Support for that has been omitted for now, for
simplicity and because usually it isn't performance-critical.)

To match sha1_blocks(), change the type of the nblocks parameter and the
return value of __sha1_ce_transform() from int to size_t.  Update the
assembly code accordingly.

Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250712232329.818226-9-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
parent 70cb6ca5

arch/arm64/configs/defconfig

+0 −1
Original line number Diff line number Diff line
@@ -1743,7 +1743,6 @@ CONFIG_CRYPTO_MICHAEL_MIC=m 
CONFIG_CRYPTO_ANSI_CPRNG=y

CONFIG_CRYPTO_USER_API_RNG=m

CONFIG_CRYPTO_GHASH_ARM64_CE=y

CONFIG_CRYPTO_SHA1_ARM64_CE=y

CONFIG_CRYPTO_SHA3_ARM64=m

CONFIG_CRYPTO_SM3_ARM64_CE=m

CONFIG_CRYPTO_AES_ARM64_CE_BLK=y

arch/arm64/crypto/Kconfig

+0 −11
Original line number Diff line number Diff line
@@ -25,17 +25,6 @@ config CRYPTO_NHPOLY1305_NEON 
	  Architecture: arm64 using:

	  - NEON (Advanced SIMD) extensions



config CRYPTO_SHA1_ARM64_CE

	tristate "Hash functions: SHA-1 (ARMv8 Crypto Extensions)"

	depends on KERNEL_MODE_NEON

	select CRYPTO_HASH

	select CRYPTO_SHA1

	help

	  SHA-1 secure hash algorithm (FIPS 180)



	  Architecture: arm64 using:

	  - ARMv8 Crypto Extensions



config CRYPTO_SHA3_ARM64

	tristate "Hash functions: SHA-3 (ARMv8.2 Crypto Extensions)"

	depends on KERNEL_MODE_NEON

arch/arm64/crypto/Makefile

+0 −3
Original line number Diff line number Diff line
@@ -5,9 +5,6 @@ 
# Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>

#



obj-$(CONFIG_CRYPTO_SHA1_ARM64_CE) += sha1-ce.o

sha1-ce-y := sha1-ce-glue.o sha1-ce-core.o



obj-$(CONFIG_CRYPTO_SHA3_ARM64) += sha3-ce.o

sha3-ce-y := sha3-ce-glue.o sha3-ce-core.o

arch/arm64/crypto/sha1-ce-glue.c

deleted100644 → 0
+0 −118
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * sha1-ce-glue.c - SHA-1 secure hash using ARMv8 Crypto Extensions

 *

 * Copyright (C) 2014 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>

 */



#include <asm/neon.h>

#include <asm/simd.h>

#include <crypto/internal/hash.h>

#include <crypto/internal/simd.h>

#include <crypto/sha1.h>

#include <crypto/sha1_base.h>

#include <linux/cpufeature.h>

#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/string.h>



MODULE_DESCRIPTION("SHA1 secure hash using ARMv8 Crypto Extensions");

MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");

MODULE_LICENSE("GPL v2");

MODULE_ALIAS_CRYPTO("sha1");



struct sha1_ce_state {

	struct sha1_state	sst;

	u32			finalize;

};



extern const u32 sha1_ce_offsetof_count;

extern const u32 sha1_ce_offsetof_finalize;



asmlinkage int __sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,

				   int blocks);



static void sha1_ce_transform(struct sha1_state *sst, u8 const *src,

			      int blocks)

{

	while (blocks) {

		int rem;



		kernel_neon_begin();

		rem = __sha1_ce_transform(container_of(sst,

						       struct sha1_ce_state,

						       sst), src, blocks);

		kernel_neon_end();

		src += (blocks - rem) * SHA1_BLOCK_SIZE;

		blocks = rem;

	}

}



const u32 sha1_ce_offsetof_count = offsetof(struct sha1_ce_state, sst.count);

const u32 sha1_ce_offsetof_finalize = offsetof(struct sha1_ce_state, finalize);



static int sha1_ce_update(struct shash_desc *desc, const u8 *data,

			  unsigned int len)

{

	struct sha1_ce_state *sctx = shash_desc_ctx(desc);



	sctx->finalize = 0;

	return sha1_base_do_update_blocks(desc, data, len, sha1_ce_transform);

}



static int sha1_ce_finup(struct shash_desc *desc, const u8 *data,

			 unsigned int len, u8 *out)

{

	struct sha1_ce_state *sctx = shash_desc_ctx(desc);

	bool finalized = false;



	/*

	 * Allow the asm code to perform the finalization if there is no

	 * partial data and the input is a round multiple of the block size.

	 */

	if (len >= SHA1_BLOCK_SIZE) {

		unsigned int remain = len - round_down(len, SHA1_BLOCK_SIZE);



		finalized = !remain;

		sctx->finalize = finalized;

		sha1_base_do_update_blocks(desc, data, len, sha1_ce_transform);

		data += len - remain;

		len = remain;

	}

	if (!finalized) {

		sctx->finalize = 0;

		sha1_base_do_finup(desc, data, len, sha1_ce_transform);

	}

	return sha1_base_finish(desc, out);

}



static struct shash_alg alg = {

	.init			= sha1_base_init,

	.update			= sha1_ce_update,

	.finup			= sha1_ce_finup,

	.descsize		= sizeof(struct sha1_ce_state),

	.statesize		= SHA1_STATE_SIZE,

	.digestsize		= SHA1_DIGEST_SIZE,

	.base			= {

		.cra_name		= "sha1",

		.cra_driver_name	= "sha1-ce",

		.cra_priority		= 200,

		.cra_flags		= CRYPTO_AHASH_ALG_BLOCK_ONLY |

					  CRYPTO_AHASH_ALG_FINUP_MAX,

		.cra_blocksize		= SHA1_BLOCK_SIZE,

		.cra_module		= THIS_MODULE,

	}

};



static int __init sha1_ce_mod_init(void)

{

	return crypto_register_shash(&alg);

}



static void __exit sha1_ce_mod_fini(void)

{

	crypto_unregister_shash(&alg);

}



module_cpu_feature_match(SHA1, sha1_ce_mod_init);

module_exit(sha1_ce_mod_fini);

lib/crypto/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -147,6 +147,7 @@ config CRYPTO_LIB_SHA1_ARCH 
	bool

	depends on CRYPTO_LIB_SHA1 && !UML

	default y if ARM

	default y if ARM64 && KERNEL_MODE_NEON



config CRYPTO_LIB_SHA256

	tristate