Commit b646b782 authored by Eric Biggers's avatar Eric Biggers
Browse files

lib/crypto: poly1305: Consolidate into single module 



Consolidate the Poly1305 code into a single module, similar to various
other algorithms (SHA-1, SHA-256, SHA-512, etc.):

- Each arch now provides a header file lib/crypto/$(SRCARCH)/poly1305.h,
  replacing lib/crypto/$(SRCARCH)/poly1305*.c.  The header defines
  poly1305_block_init(), poly1305_blocks(), poly1305_emit(), and
  optionally poly1305_mod_init_arch().  It is included by
  lib/crypto/poly1305.c, and thus the code gets built into the single
  libpoly1305 module, with improved inlining in some cases.

- Whether arch-optimized Poly1305 is buildable is now controlled
  centrally by lib/crypto/Kconfig instead of by
  lib/crypto/$(SRCARCH)/Kconfig.  The conditions for enabling it remain
  the same as before, and it remains enabled by default.  (The PPC64 one
  remains unconditionally disabled due to 'depends on BROKEN'.)

- Any additional arch-specific translation units for the optimized
  Poly1305 code, such as assembly files, are now compiled by
  lib/crypto/Makefile instead of lib/crypto/$(SRCARCH)/Makefile.

A special consideration is needed because the Adiantum code uses the
poly1305_core_*() functions directly.  For now, just carry forward that
approach.  This means retaining the CRYPTO_LIB_POLY1305_GENERIC kconfig
symbol, and keeping the poly1305_core_*() functions in separate
translation units.  So it's not quite as streamlined I've done with the
other hash functions, but we still get a single libpoly1305 module.

Note: to see the diff from the arm, arm64, and x86 .c files to the new
.h files, view this commit with 'git show -M10'.

Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250829152513.92459-3-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
parent df220cc5

crypto/Kconfig

+2 −0
Original line number Diff line number Diff line
@@ -609,6 +609,7 @@ menu "Length-preserving ciphers and modes" 
config CRYPTO_ADIANTUM

	tristate "Adiantum"

	select CRYPTO_CHACHA20

	select CRYPTO_LIB_POLY1305

	select CRYPTO_LIB_POLY1305_GENERIC

	select CRYPTO_NHPOLY1305

	select CRYPTO_MANAGER
@@ -770,6 +771,7 @@ config CRYPTO_XTS 
config CRYPTO_NHPOLY1305

	tristate

	select CRYPTO_HASH

	select CRYPTO_LIB_POLY1305

	select CRYPTO_LIB_POLY1305_GENERIC



endmenu

include/crypto/internal/poly1305.h

+7 −9
Original line number Diff line number Diff line
@@ -30,12 +30,13 @@ void poly1305_core_blocks(struct poly1305_state *state, 
void poly1305_core_emit(const struct poly1305_state *state, const u32 nonce[4],

			void *dst);



void poly1305_block_init_arch(struct poly1305_block_state *state,

			      const u8 raw_key[POLY1305_BLOCK_SIZE]);

void poly1305_block_init_generic(struct poly1305_block_state *state,

				 const u8 raw_key[POLY1305_BLOCK_SIZE]);

void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,

			  unsigned int len, u32 padbit);

static inline void

poly1305_block_init_generic(struct poly1305_block_state *desc,

			    const u8 raw_key[POLY1305_BLOCK_SIZE])

{

	poly1305_core_init(&desc->h);

	poly1305_core_setkey(&desc->core_r, raw_key);

}



static inline void poly1305_blocks_generic(struct poly1305_block_state *state,

					   const u8 *src, unsigned int len,
@@ -45,9 +46,6 @@ static inline void poly1305_blocks_generic(struct poly1305_block_state *state, 
			     len / POLY1305_BLOCK_SIZE, padbit);

}



void poly1305_emit_arch(const struct poly1305_state *state,

			u8 digest[POLY1305_DIGEST_SIZE], const u32 nonce[4]);



static inline void poly1305_emit_generic(const struct poly1305_state *state,

					 u8 digest[POLY1305_DIGEST_SIZE],

					 const u32 nonce[4])

lib/crypto/Kconfig

+27 −23
Original line number Diff line number Diff line
@@ -114,6 +114,33 @@ config CRYPTO_LIB_MD5_ARCH 
	default y if PPC

	default y if SPARC64



config CRYPTO_LIB_POLY1305

	tristate

	help

	  The Poly1305 library functions.  Select this if your module uses any

	  of the functions from <crypto/poly1305.h>.



config CRYPTO_LIB_POLY1305_ARCH

	bool

	depends on CRYPTO_LIB_POLY1305 && !UML

	default y if ARM

	default y if ARM64 && KERNEL_MODE_NEON

	default y if MIPS

	# The PPC64 code needs to be fixed to work in softirq context.

	default y if PPC64 && CPU_LITTLE_ENDIAN && VSX && BROKEN

	default y if X86_64



# This symbol controls the inclusion of the Poly1305 generic code.  This differs

# from most of the other algorithms, which handle the generic code

# "automatically" via __maybe_unused.  This is needed so that the Adiantum code,

# which calls the poly1305_core_*() functions directly, can enable them.

config CRYPTO_LIB_POLY1305_GENERIC

	bool

	depends on CRYPTO_LIB_POLY1305

	# Enable if there's no arch impl or the arch impl requires the generic

	# impl as a fallback.  (Or if selected explicitly.)

	default y if !CRYPTO_LIB_POLY1305_ARCH || PPC64



config CRYPTO_LIB_POLY1305_RSIZE

	int

	default 2 if MIPS
@@ -121,29 +148,6 @@ config CRYPTO_LIB_POLY1305_RSIZE 
	default 9 if ARM || ARM64

	default 1



config CRYPTO_ARCH_HAVE_LIB_POLY1305

	bool

	help

	  Declares whether the architecture provides an arch-specific

	  accelerated implementation of the Poly1305 library interface,

	  either builtin or as a module.



config CRYPTO_LIB_POLY1305_GENERIC

	tristate

	default CRYPTO_LIB_POLY1305 if !CRYPTO_ARCH_HAVE_LIB_POLY1305

	help

	  This symbol can be selected by arch implementations of the Poly1305

	  library interface that require the generic code as a fallback, e.g.,

	  for SIMD implementations. If no arch specific implementation is

	  enabled, this implementation serves the users of CRYPTO_LIB_POLY1305.



config CRYPTO_LIB_POLY1305

	tristate

	help

	  Enable the Poly1305 library interface. This interface may be fulfilled

	  by either the generic implementation or an arch-specific one, if one

	  is available and enabled.



config CRYPTO_LIB_CHACHA20POLY1305

	tristate

	select CRYPTO_LIB_CHACHA

lib/crypto/Makefile

+53 −6
Original line number Diff line number Diff line
@@ -72,12 +72,59 @@ endif # CONFIG_CRYPTO_LIB_MD5_ARCH 
################################################################################



obj-$(CONFIG_CRYPTO_LIB_POLY1305) += libpoly1305.o

libpoly1305-y					+= poly1305.o

libpoly1305-y := poly1305.o

ifeq ($(CONFIG_ARCH_SUPPORTS_INT128),y)

libpoly1305-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC) += poly1305-donna64.o

else

libpoly1305-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC) += poly1305-donna32.o

endif



ifeq ($(CONFIG_CRYPTO_LIB_POLY1305_ARCH),y)

CFLAGS_poly1305.o += -I$(src)/$(SRCARCH)



ifeq ($(CONFIG_ARM),y)

libpoly1305-y += arm/poly1305-core.o

$(obj)/arm/poly1305-core.S: $(src)/arm/poly1305-armv4.pl

	$(call cmd,perlasm)

# massage the perlasm code a bit so we only get the NEON routine if we need it

poly1305-aflags-$(CONFIG_CPU_V7) := -U__LINUX_ARM_ARCH__ -D__LINUX_ARM_ARCH__=5

poly1305-aflags-$(CONFIG_KERNEL_MODE_NEON) := -U__LINUX_ARM_ARCH__ -D__LINUX_ARM_ARCH__=7

AFLAGS_arm/poly1305-core.o += $(poly1305-aflags-y) $(aflags-thumb2-y)

endif



ifeq ($(CONFIG_ARM64),y)

libpoly1305-y += arm64/poly1305-core.o

$(obj)/arm64/poly1305-core.S: $(src)/arm64/poly1305-armv8.pl

	$(call cmd,perlasm_with_args)

endif



ifeq ($(CONFIG_MIPS),y)

libpoly1305-y += mips/poly1305-core.o

poly1305-perlasm-flavour-$(CONFIG_32BIT) := o32

poly1305-perlasm-flavour-$(CONFIG_64BIT) := 64

quiet_cmd_perlasm_poly1305 = PERLASM $@

      cmd_perlasm_poly1305 = $(PERL) $< $(poly1305-perlasm-flavour-y) $@

# Use if_changed instead of cmd, in case the flavour changed.

$(obj)/mips/poly1305-core.S: $(src)/mips/poly1305-mips.pl FORCE

	$(call if_changed,perlasm_poly1305)

targets += mips/poly1305-core.S

endif



obj-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC)	+= libpoly1305-generic.o

libpoly1305-generic-y				:= poly1305-donna32.o

libpoly1305-generic-$(CONFIG_ARCH_SUPPORTS_INT128) := poly1305-donna64.o

libpoly1305-generic-y				+= poly1305-generic.o

libpoly1305-$(CONFIG_PPC) += powerpc/poly1305-p10le_64.o



ifeq ($(CONFIG_X86),y)

libpoly1305-y += x86/poly1305-x86_64-cryptogams.o

$(obj)/x86/poly1305-x86_64-cryptogams.S: $(src)/x86/poly1305-x86_64-cryptogams.pl

	$(call cmd,perlasm)

endif



endif # CONFIG_CRYPTO_LIB_POLY1305_ARCH



# clean-files must be defined unconditionally

clean-files += arm/poly1305-core.S \

	       arm64/poly1305-core.S \

	       mips/poly1305-core.S \

	       x86/poly1305-x86_64-cryptogams.S



################################################################################

lib/crypto/arm/Kconfig

+0 −5
Original line number Diff line number Diff line
@@ -17,8 +17,3 @@ config CRYPTO_CHACHA20_NEON 
	tristate

	default CRYPTO_LIB_CHACHA

	select CRYPTO_ARCH_HAVE_LIB_CHACHA
 


config CRYPTO_POLY1305_ARM

	tristate

	default CRYPTO_LIB_POLY1305

	select CRYPTO_ARCH_HAVE_LIB_POLY1305