mbox series

[00/67] crypto: shash - Handle partial blocks in API

Message ID cover.1744784515.git.herbert@gondor.apana.org.au
Headers show
Series crypto: shash - Handle partial blocks in API | expand

Message

Herbert Xu April 16, 2025, 6:42 a.m. UTC 
This series is based on

	https://lore.kernel.org/linux-crypto/Z_8-y1NkOSm7HY8C@gondor.apana.org.au

Most hash algorithms are block-based and data is held back until
a whole block can be fed into the algorithm.  Currently, this
retention is entirely handled in the low-level algorithm code,
with the API and the user oblivious to it.

As a comparison, the block ciphers defer this retention entirely
to the user and the API, who is expected to provide input with
no partial data until the very end.

The result of this is that every shash algorithm has to implement
partial block handling, and it gets many times worse when you look
at ahash drivers.

This patch series adds optional handling of partial blocks to the
shash API and converts some of the shash algorithms to it.  In
particular, all the algorithms used by ahash drivers have been
converted.  This ensures that when the ahash drivers themselves
are converted the export format will be consistent.

As this touches so many shash algorithms, two extra changes have
been made at the same time: removal of SIMD fallback paths on
arm/arm64/x86 and exporting in the same format as that of the
generic algorithm.

Herbert Xu (67):
  crypto: shash - Handle partial blocks in API
  crypto: blake2b-generic - Use API partial block handling
  crypto: arm/blake2b - Use API partial block handling
  crypto: ghash-generic - Use API partial block handling
  crypto: powerpc/ghash - Use API partial block handling
  crypto: arm/ghash - Use API partial block handling
  crypto: arm64/ghash - Use API partial block handling
  crypto: riscv/ghash - Use API partial block handling
  crypto: s390/ghash - Use API partial block handling
  crypto: x86/ghash - Use API partial block handling
  crypto: md5-generic - Use API partial block handling
  crypto: mips/octeon-md5 - Use API partial block handling
  crypto: powerpc/md5 - Use API partial block handling
  crypto: sparc/md5 - Use API partial block handling
  crypto: x86/sha1 - Use API partial block handling
  crypto: arm64/sha1 - Use API partial block handling
  crypto: mips/octeon-sha1 - Use API partial block handling
  crypto: sha1-generic - Use API partial block handling
  crypto: arm/sha1-ce - Use API partial block handling
  crypto: arm/sha1-neon - Use API partial block handling
  crypto: arm/sha1-asm - Use API partial block handling
  crypto: powerpc/sha1 - Use API partial block handling
  crypto: powerpc/sha1-spe - Use API partial block handling
  crypto: s390/sha1 - Use API partial block handling
  crypto: sparc/sha1 - Use API partial block handling
  crypto: sha1_base - Remove partial block helpers
  crypto: x86/sha256 - Use API partial block handling
  crypto: mips/octeon-sha256 - Use API partial block handling
  crypto: riscv/sha256 - Use API partial block handling
  crypto: sha256-generic - Use API partial block handling
  crypto: arm/sha256-ce - Use API partial block handling
  crypto: arm/sha256-neon - Use API partial block handling
  crypto: arm/sha256-asm - Use API partial block handling
  crypto: arm64/sha256-ce - Use API partial block handling
  crypto: arm64/sha256 - Use API partial block handling
  crypto: powerpc/sha256-spe - Use API partial block handling
  crypto: s390/sha256 - Use API partial block handling
  crypto: sparc/sha256 - Use API partial block handling
  crypto: sha256_base - Remove partial block helpers
  crypto: arm64/sha3-ce - Use API partial block handling
  crypto: s390/sha3 - Use API partial block handling
  crypto: sha3-generic - Use API partial block handling
  crypto: zynqmp-sha - Use API partial block handling
  crypto: x86/sha512 - Use API partial block handling
  crypto: mips/octeon-sha512 - Use API partial block handling
  crypto: riscv/sha512 - Use API partial block handling
  crypto: sha512-generic - Use API partial block handling
  crypto: arm/sha512-neon - Use API partial block handling
  crypto: arm/sha512-asm - Use API partial block handling
  crypto: arm64/sha512-ce - Use API partial block handling
  crypto: arm/sha512 - Use API partial block handling
  crypto: s390/sha512 - Use API partial block handling
  crypto: sparc/sha512 - Use API partial block handling
  crypto: sha512_base - Remove partial block helpers
  crypto: sm3-generic - Use API partial block handling
  crypto: arm64/sm3-ce - Use API partial block handling
  crypto: arm64/sm3-neon - Use API partial block handling
  crypto: riscv/sm3 - Use API partial block handling
  crypto: x86/sm3 - Use API partial block handling
  crypto: lib/sm3 - Remove partial block helpers
  crypto: cbcmac - Use API partial block handling
  crypto: cmac - Use API partial block handling
  crypto: xcbc - Use API partial block handling
  crypto: arm64/aes - Use API partial block handling
  crypto: arm64/sm4 - Use API partial block handling
  crypto: nx - Use API partial block handling
  crypto: padlock-sha - Use API partial block handling

 arch/arm/crypto/blake2b-neon-glue.c           |  20 +-
 arch/arm/crypto/ghash-ce-glue.c               | 110 ++---
 arch/arm/crypto/sha1-ce-glue.c                |  36 +-
 arch/arm/crypto/sha1.h                        |  14 -
 arch/arm/crypto/sha1_glue.c                   |  33 +-
 arch/arm/crypto/sha1_neon_glue.c              |  39 +-
 arch/arm/crypto/sha2-ce-glue.c                |  52 +-
 arch/arm/crypto/sha256_glue.c                 |  46 +-
 arch/arm/crypto/sha256_glue.h                 |   8 +-
 arch/arm/crypto/sha256_neon_glue.c            |  49 +-
 arch/arm/crypto/sha512-glue.c                 |  36 +-
 arch/arm/crypto/sha512-neon-glue.c            |  43 +-
 arch/arm/crypto/sha512.h                      |   6 -
 arch/arm64/crypto/aes-glue.c                  | 122 ++---
 arch/arm64/crypto/ghash-ce-glue.c             | 151 +++---
 arch/arm64/crypto/sha1-ce-glue.c              |  66 +--
 arch/arm64/crypto/sha2-ce-glue.c              |  90 +---
 arch/arm64/crypto/sha256-glue.c               |  97 ++--
 arch/arm64/crypto/sha3-ce-glue.c              | 107 ++--
 arch/arm64/crypto/sha512-ce-glue.c            |  49 +-
 arch/arm64/crypto/sha512-glue.c               |  28 +-
 arch/arm64/crypto/sm3-ce-glue.c               |  48 +-
 arch/arm64/crypto/sm3-neon-glue.c             |  48 +-
 arch/arm64/crypto/sm4-ce-glue.c               |  98 ++--
 arch/mips/cavium-octeon/crypto/octeon-md5.c   | 119 ++---
 arch/mips/cavium-octeon/crypto/octeon-sha1.c  | 136 ++---
 .../mips/cavium-octeon/crypto/octeon-sha256.c | 161 ++----
 .../mips/cavium-octeon/crypto/octeon-sha512.c | 155 ++----
 arch/powerpc/crypto/ghash.c                   |  87 ++--
 arch/powerpc/crypto/md5-glue.c                |  99 +---
 arch/powerpc/crypto/sha1-spe-glue.c           | 132 +----
 arch/powerpc/crypto/sha1.c                    | 101 +---
 arch/powerpc/crypto/sha256-spe-glue.c         | 167 ++-----
 arch/riscv/crypto/ghash-riscv64-glue.c        |  58 +--
 arch/riscv/crypto/sha256-riscv64-glue.c       |  68 ++-
 arch/riscv/crypto/sha512-riscv64-glue.c       |  47 +-
 arch/riscv/crypto/sm3-riscv64-glue.c          |  49 +-
 arch/s390/crypto/ghash_s390.c                 | 110 ++---
 arch/s390/crypto/sha.h                        |  22 +-
 arch/s390/crypto/sha1_s390.c                  |  22 +-
 arch/s390/crypto/sha256_s390.c                |  35 +-
 arch/s390/crypto/sha3_256_s390.c              |  60 +--
 arch/s390/crypto/sha3_512_s390.c              |  67 +--
 arch/s390/crypto/sha512_s390.c                |  45 +-
 arch/s390/crypto/sha_common.c                 |  84 ++--
 arch/sparc/crypto/md5_glue.c                  | 141 +++---
 arch/sparc/crypto/sha1_glue.c                 | 109 +---
 arch/sparc/crypto/sha256_glue.c               | 121 +----
 arch/sparc/crypto/sha512_glue.c               | 102 +---
 arch/x86/crypto/ghash-clmulni-intel_asm.S     |   5 +-
 arch/x86/crypto/ghash-clmulni-intel_glue.c    | 301 ++----------
 arch/x86/crypto/sha1_ssse3_glue.c             |  81 +--
 arch/x86/crypto/sha256_ssse3_glue.c           | 104 ++--
 arch/x86/crypto/sha512_ssse3_glue.c           |  79 +--
 arch/x86/crypto/sm3_avx_glue.c                |  54 +-
 crypto/blake2b_generic.c                      |  31 +-
 crypto/ccm.c                                  |  59 +--
 crypto/cmac.c                                 |  92 +---
 crypto/ghash-generic.c                        |  56 +--
 crypto/md5.c                                  | 102 ++--
 crypto/sha1_generic.c                         |  33 +-
 crypto/sha256_generic.c                       |  50 +-
 crypto/sha3_generic.c                         | 101 ++--
 crypto/sha512_generic.c                       |  56 +--
 crypto/shash.c                                | 229 +++++++--
 crypto/sm3_generic.c                          |  31 +-
 crypto/xcbc.c                                 |  92 +---
 drivers/crypto/nx/nx-aes-xcbc.c               | 128 ++---
 drivers/crypto/nx/nx-sha256.c                 | 130 ++---
 drivers/crypto/nx/nx-sha512.c                 | 143 +++---
 drivers/crypto/nx/nx.c                        |  15 +-
 drivers/crypto/nx/nx.h                        |   6 +-
 drivers/crypto/padlock-sha.c                  | 464 ++++++------------
 drivers/crypto/xilinx/zynqmp-sha.c            |  71 +--
 include/crypto/blake2b.h                      |  31 +-
 include/crypto/ghash.h                        |   4 +-
 include/crypto/hash.h                         | 104 ++--
 include/crypto/internal/blake2b.h             |  94 ++--
 include/crypto/internal/hash.h                |  15 +
 include/crypto/md5.h                          |   3 +-
 include/crypto/sha1.h                         |   9 +-
 include/crypto/sha1_base.h                    |  79 +--
 include/crypto/sha2.h                         |  20 +-
 include/crypto/sha256_base.h                  | 111 +++--
 include/crypto/sha3.h                         |  16 +-
 include/crypto/sha512_base.h                  |  88 ++--
 include/crypto/sm3.h                          |   3 +-
 include/crypto/sm3_base.h                     |  79 ++-
 include/linux/crypto.h                        |   2 +
 lib/crypto/sha256.c                           |   7 +-
 lib/crypto/sm3.c                              |  68 +--
 91 files changed, 2375 insertions(+), 4564 deletions(-)
 delete mode 100644 arch/arm/crypto/sha1.h

Comments

Eric Biggers April 17, 2025, 6:39 p.m. UTC | #1 
On Wed, Apr 16, 2025 at 02:42:42PM +0800, Herbert Xu wrote:
> This series is based on
> 
> 	https://lore.kernel.org/linux-crypto/Z_8-y1NkOSm7HY8C@gondor.apana.org.au

Which links to a random message in a thread.

Going to cover letter says:

    This series is based on

            https://lore.kernel.org/linux-crypto/cover.1744454589.git.herbert@gondor.apana.org.au

But that one lists no base-commit.

And this series does not apply to current cryptodev/master.

So there's no way to apply this series to review it.

I think the high-level idea is still suspect, as I said before.  Especially for
sha256 and sha512 which I will be fixing to have proper library APIs.  I don't
think it's particularly helpful to be futzing around with how those are
integrated into shash when I'll be fixing it properly soon.

But whatever, as usual for your submissions this will get pushed out anyway,
likely without running the tests (FYI the compression tests are already failing
on cryptodev/master due to your recent changes).

- Eric