[PATCH 1/2] crypto: sha1/ARM: make use of common SHA-1 structures
Common SHA-1 structures are defined in crypto/sha.h for code sharing.
This patch changes SHA-1/ARM glue code to use these structures.
Signed-off-by: Jussi Kivilinna jussi.kivili...@iki.fi
---
arch/arm/crypto/sha1_glue.c | 50 +++
1 file changed, 22 insertions(+), 28 deletions(-)
diff --git a/arch/arm/crypto/sha1_glue.c b/arch/arm/crypto/sha1_glue.c
index 76cd976..c494e57 100644
--- a/arch/arm/crypto/sha1_glue.c
+++ b/arch/arm/crypto/sha1_glue.c
@@ -24,31 +24,25 @@
#include crypto/sha.h
#include asm/byteorder.h
-struct SHA1_CTX {
- uint32_t h0,h1,h2,h3,h4;
- u64 count;
- u8 data[SHA1_BLOCK_SIZE];
-};
-asmlinkage void sha1_block_data_order(struct SHA1_CTX *digest,
+asmlinkage void sha1_block_data_order(u32 *digest,
const unsigned char *data, unsigned int rounds);
static int sha1_init(struct shash_desc *desc)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
- memset(sctx, 0, sizeof(*sctx));
- sctx-h0 = SHA1_H0;
- sctx-h1 = SHA1_H1;
- sctx-h2 = SHA1_H2;
- sctx-h3 = SHA1_H3;
- sctx-h4 = SHA1_H4;
+ struct sha1_state *sctx = shash_desc_ctx(desc);
+
+ *sctx = (struct sha1_state){
+ .state = { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 },
+ };
+
return 0;
}
-static int __sha1_update(struct SHA1_CTX *sctx, const u8 *data,
- unsigned int len, unsigned int partial)
+static int __sha1_update(struct sha1_state *sctx, const u8 *data,
+unsigned int len, unsigned int partial)
{
unsigned int done = 0;
@@ -56,17 +50,17 @@ static int __sha1_update(struct SHA1_CTX *sctx, const u8
*data,
if (partial) {
done = SHA1_BLOCK_SIZE - partial;
- memcpy(sctx-data + partial, data, done);
- sha1_block_data_order(sctx, sctx-data, 1);
+ memcpy(sctx-buffer + partial, data, done);
+ sha1_block_data_order(sctx-state, sctx-buffer, 1);
}
if (len - done = SHA1_BLOCK_SIZE) {
const unsigned int rounds = (len - done) / SHA1_BLOCK_SIZE;
- sha1_block_data_order(sctx, data + done, rounds);
+ sha1_block_data_order(sctx-state, data + done, rounds);
done += rounds * SHA1_BLOCK_SIZE;
}
- memcpy(sctx-data, data + done, len - done);
+ memcpy(sctx-buffer, data + done, len - done);
return 0;
}
@@ -74,14 +68,14 @@ static int __sha1_update(struct SHA1_CTX *sctx, const u8
*data,
static int sha1_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
unsigned int partial = sctx-count % SHA1_BLOCK_SIZE;
int res;
/* Handle the fast case right here */
if (partial + len SHA1_BLOCK_SIZE) {
sctx-count += len;
- memcpy(sctx-data + partial, data, len);
+ memcpy(sctx-buffer + partial, data, len);
return 0;
}
res = __sha1_update(sctx, data, len, partial);
@@ -92,7 +86,7 @@ static int sha1_update(struct shash_desc *desc, const u8
*data,
/* Add padding and return the message digest. */
static int sha1_final(struct shash_desc *desc, u8 *out)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
unsigned int i, index, padlen;
__be32 *dst = (__be32 *)out;
__be64 bits;
@@ -106,7 +100,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
/* We need to fill a whole block for __sha1_update() */
if (padlen = 56) {
sctx-count += padlen;
- memcpy(sctx-data + index, padding, padlen);
+ memcpy(sctx-buffer + index, padding, padlen);
} else {
__sha1_update(sctx, padding, padlen, index);
}
@@ -114,7 +108,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
/* Store state in digest */
for (i = 0; i 5; i++)
- dst[i] = cpu_to_be32(((u32 *)sctx)[i]);
+ dst[i] = cpu_to_be32(sctx-state[i]);
/* Wipe context */
memset(sctx, 0, sizeof(*sctx));
@@ -124,7 +118,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
static int sha1_export(struct shash_desc *desc, void *out)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
@@ -132,7 +126,7 @@ static int sha1_export(struct shash_desc *desc, void *out)
static int sha1_import(struct shash_desc *desc, const void *in)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
[PATCH 2/2] crypto: sha1: add ARM NEON implementation
This patch adds ARM NEON assembly implementation of SHA-1 algorithm. tcrypt benchmark results on Cortex-A8, sha1-arm-asm vs sha1-neon-asm: block-size bytes/updateold-vs-new 16 16 1.06x 64 16 1.05x 64 64 1.09x 256 16 1.04x 256 64 1.11x 256 256 1.28x 102416 1.04x 1024256 1.34x 102410241.42x 204816 1.04x 2048256 1.35x 204810241.44x 204820481.46x 409616 1.04x 4096256 1.36x 409610241.45x 409640961.48x 819216 1.04x 8192256 1.36x 819210241.46x 819240961.49x 819281921.49x Signed-off-by: Jussi Kivilinna jussi.kivili...@iki.fi --- arch/arm/crypto/Makefile |2 arch/arm/crypto/sha1-armv7-neon.S | 635 arch/arm/crypto/sha1_glue.c|8 arch/arm/crypto/sha1_neon_glue.c | 197 +++ arch/arm/include/asm/crypto/sha1.h | 10 + crypto/Kconfig | 11 + 6 files changed, 860 insertions(+), 3 deletions(-) create mode 100644 arch/arm/crypto/sha1-armv7-neon.S create mode 100644 arch/arm/crypto/sha1_neon_glue.c create mode 100644 arch/arm/include/asm/crypto/sha1.h diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile index 81cda39..374956d 100644 --- a/arch/arm/crypto/Makefile +++ b/arch/arm/crypto/Makefile @@ -5,10 +5,12 @@ obj-$(CONFIG_CRYPTO_AES_ARM) += aes-arm.o obj-$(CONFIG_CRYPTO_AES_ARM_BS) += aes-arm-bs.o obj-$(CONFIG_CRYPTO_SHA1_ARM) += sha1-arm.o +obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o aes-arm-y := aes-armv4.o aes_glue.o aes-arm-bs-y := aesbs-core.o aesbs-glue.o sha1-arm-y := sha1-armv4-large.o sha1_glue.o +sha1-arm-neon-y:= sha1-armv7-neon.o sha1_neon_glue.o quiet_cmd_perl = PERL$@ cmd_perl = $(PERL) $() $(@) diff --git a/arch/arm/crypto/sha1-armv7-neon.S b/arch/arm/crypto/sha1-armv7-neon.S new file mode 100644 index 000..beb1ed1 --- /dev/null +++ b/arch/arm/crypto/sha1-armv7-neon.S @@ -0,0 +1,635 @@ +/* sha1-armv7-neon.S - ARM/NEON accelerated SHA-1 transform function + * + * Copyright © 2013-2014 Jussi Kivilinna jussi.kivili...@iki.fi + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + */ + +.syntax unified +#ifdef __thumb2__ +.thumb +#else +.code 32 +#endif +.fpu neon + +.data + +#define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name + +/* Context structure */ + +#define state_h0 0 +#define state_h1 4 +#define state_h2 8 +#define state_h3 12 +#define state_h4 16 + + +/* Constants */ + +#define K1 0x5A827999 +#define K2 0x6ED9EBA1 +#define K3 0x8F1BBCDC +#define K4 0xCA62C1D6 +.align 4 +.LK_VEC: +.LK1: .long K1, K1, K1, K1 +.LK2: .long K2, K2, K2, K2 +.LK3: .long K3, K3, K3, K3 +.LK4: .long K4, K4, K4, K4 + + +.text + +/* Register macros */ + +#define RSTATE r0 +#define RDATA r1 +#define RNBLKS r2 +#define ROLDSTACK r3 +#define RK lr +#define RWK r12 + +#define _a r4 +#define _b r5 +#define _c r6 +#define _d r7 +#define _e r8 + +#define RT0 r9 +#define RT1 r10 +#define RT2 r11 + +#define W0 q0 +#define W1 q1 +#define W2 q2 +#define W3 q3 +#define W4 q4 +#define W5 q5 +#define W6 q6 +#define W7 q7 + +#define tmp0 q8 +#define tmp1 q9 +#define tmp2 q10 +#define tmp3 q11 + +#define curK q12 + + +/* Round function macros. */ + +#define WK_offs(i) (((i) 15) * 4) + +#define _R_F1(a,b,c,d,e,i,pre1,pre2,pre3,i16,\ + W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ + and RT0, c, b; \ + pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + add e, e, a, ror #(32 - 5); \ + ldr RT2, [sp, WK_offs(i)]; \ + bic RT1, d, b; \ + add e, RT2; \ + pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + ror b, #(32 - 30); \ + eor RT0, RT1; \ + pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + add e, RT0; + +#define _R_F2(a,b,c,d,e,i,pre1,pre2,pre3,i16,\ + W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ + eor RT0, c, b; \ + pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + add e, e, a, ror #(32 - 5); \ + ldr RT2, [sp, WK_offs(i)]; \ + eor RT0, d; \ + pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + add e, RT2; \ + ror b, #(32 - 30); \ + pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28);
[PATCH] crypto: sha512: add ARM NEON implementation
This patch adds ARM NEON assembly implementation of SHA-512 and SHA-384
algorithms.
tcrypt benchmark results on Cortex-A8, sha512-generic vs sha512-neon-asm:
block-size bytes/updateold-vs-new
16 16 2.99x
64 16 2.67x
64 64 3.00x
256 16 2.64x
256 64 3.06x
256 256 3.33x
102416 2.53x
1024256 3.39x
102410243.52x
204816 2.50x
2048256 3.41x
204810243.54x
204820483.57x
409616 2.49x
4096256 3.42x
409610243.56x
409640963.59x
819216 2.48x
8192256 3.42x
819210243.56x
819240963.60x
819281923.60x
Signed-off-by: Jussi Kivilinna jussi.kivili...@iki.fi
---
arch/arm/crypto/Makefile|2
arch/arm/crypto/sha512-armv7-neon.S | 461 +++
arch/arm/crypto/sha512_neon_glue.c | 305 +++
crypto/Kconfig | 15 +
4 files changed, 783 insertions(+)
create mode 100644 arch/arm/crypto/sha512-armv7-neon.S
create mode 100644 arch/arm/crypto/sha512_neon_glue.c
diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile
index 374956d..b48fa34 100644
--- a/arch/arm/crypto/Makefile
+++ b/arch/arm/crypto/Makefile
@@ -6,11 +6,13 @@ obj-$(CONFIG_CRYPTO_AES_ARM) += aes-arm.o
obj-$(CONFIG_CRYPTO_AES_ARM_BS) += aes-arm-bs.o
obj-$(CONFIG_CRYPTO_SHA1_ARM) += sha1-arm.o
obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o
+obj-$(CONFIG_CRYPTO_SHA512_ARM_NEON) += sha512-arm-neon.o
aes-arm-y := aes-armv4.o aes_glue.o
aes-arm-bs-y := aesbs-core.o aesbs-glue.o
sha1-arm-y := sha1-armv4-large.o sha1_glue.o
sha1-arm-neon-y:= sha1-armv7-neon.o sha1_neon_glue.o
+sha512-arm-neon-y := sha512-armv7-neon.o sha512_neon_glue.o
quiet_cmd_perl = PERL$@
cmd_perl = $(PERL) $() $(@)
diff --git a/arch/arm/crypto/sha512-armv7-neon.S
b/arch/arm/crypto/sha512-armv7-neon.S
new file mode 100644
index 000..cdc6385
--- /dev/null
+++ b/arch/arm/crypto/sha512-armv7-neon.S
@@ -0,0 +1,461 @@
+/* sha512-armv7-neon.S - ARM/NEON assembly implementation of SHA-512
transform
+ *
+ * Copyright © 2013-2014 Jussi Kivilinna jussi.kivili...@iki.fi
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+.syntax unified
+#ifdef __thumb2__
+.thumb
+#else
+.code 32
+#endif
+.fpu neon
+
+.text
+
+/* structure of SHA512_CONTEXT */
+#define hd_a 0
+#define hd_b ((hd_a) + 8)
+#define hd_c ((hd_b) + 8)
+#define hd_d ((hd_c) + 8)
+#define hd_e ((hd_d) + 8)
+#define hd_f ((hd_e) + 8)
+#define hd_g ((hd_f) + 8)
+
+/* register macros */
+#define RK %r2
+
+#define RA d0
+#define RB d1
+#define RC d2
+#define RD d3
+#define RE d4
+#define RF d5
+#define RG d6
+#define RH d7
+
+#define RT0 d8
+#define RT1 d9
+#define RT2 d10
+#define RT3 d11
+#define RT4 d12
+#define RT5 d13
+#define RT6 d14
+#define RT7 d15
+
+#define RT01q q4
+#define RT23q q5
+#define RT45q q6
+#define RT67q q7
+
+#define RW0 d16
+#define RW1 d17
+#define RW2 d18
+#define RW3 d19
+#define RW4 d20
+#define RW5 d21
+#define RW6 d22
+#define RW7 d23
+#define RW8 d24
+#define RW9 d25
+#define RW10 d26
+#define RW11 d27
+#define RW12 d28
+#define RW13 d29
+#define RW14 d30
+#define RW15 d31
+
+#define RW01q q8
+#define RW23q q9
+#define RW45q q10
+#define RW67q q11
+#define RW89q q12
+#define RW1011q q13
+#define RW1213q q14
+#define RW1415q q15
+
+/***
+ * ARM assembly implementation of sha512 transform
+ ***/
+#define rounds2_0_63(ra, rb, rc, rd, re, rf, rg, rh, rw0, rw1, rw01q, rw2, \
+ rw23q, rw1415q, rw9, rw10, interleave_op, arg1) \
+ /* t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t]; */ \
+ vshr.u64 RT2, re, #14; \
+ vshl.u64 RT3, re, #64 - 14; \
+ interleave_op(arg1); \
+ vshr.u64 RT4, re, #18; \
+ vshl.u64 RT5, re, #64 - 18; \
+ vld1.64 {RT0}, [RK]!; \
+ veor.64 RT23q, RT23q, RT45q; \
+ vshr.u64 RT4, re, #41; \
+ vshl.u64 RT5, re, #64 - 41; \
+ vadd.u64 RT0, RT0, rw0; \
+ veor.64 RT23q, RT23q, RT45q; \
+ vmov.64 RT7, re; \
+ veor.64 RT1, RT2, RT3; \
+ vbsl.64 RT7, rf, rg; \
+ \
+ vadd.u64 RT1, RT1, rh; \
+ vshr.u64 RT2, ra, #28; \
+ vshl.u64 RT3, ra, #64 - 28; \
+
Re: [PATCH 1/2] crypto: sha1/ARM: make use of common SHA-1 structures
On 28 June 2014 12:39, Jussi Kivilinna jussi.kivili...@iki.fi wrote:
Common SHA-1 structures are defined in crypto/sha.h for code sharing.
This patch changes SHA-1/ARM glue code to use these structures.
Signed-off-by: Jussi Kivilinna jussi.kivili...@iki.fi
Acked-by: Ard Biesheuvel ard.biesheu...@linaro.org
---
arch/arm/crypto/sha1_glue.c | 50
+++
1 file changed, 22 insertions(+), 28 deletions(-)
diff --git a/arch/arm/crypto/sha1_glue.c b/arch/arm/crypto/sha1_glue.c
index 76cd976..c494e57 100644
--- a/arch/arm/crypto/sha1_glue.c
+++ b/arch/arm/crypto/sha1_glue.c
@@ -24,31 +24,25 @@
#include crypto/sha.h
#include asm/byteorder.h
-struct SHA1_CTX {
- uint32_t h0,h1,h2,h3,h4;
- u64 count;
- u8 data[SHA1_BLOCK_SIZE];
-};
-asmlinkage void sha1_block_data_order(struct SHA1_CTX *digest,
+asmlinkage void sha1_block_data_order(u32 *digest,
const unsigned char *data, unsigned int rounds);
static int sha1_init(struct shash_desc *desc)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
- memset(sctx, 0, sizeof(*sctx));
- sctx-h0 = SHA1_H0;
- sctx-h1 = SHA1_H1;
- sctx-h2 = SHA1_H2;
- sctx-h3 = SHA1_H3;
- sctx-h4 = SHA1_H4;
+ struct sha1_state *sctx = shash_desc_ctx(desc);
+
+ *sctx = (struct sha1_state){
+ .state = { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 },
+ };
+
return 0;
}
-static int __sha1_update(struct SHA1_CTX *sctx, const u8 *data,
- unsigned int len, unsigned int partial)
+static int __sha1_update(struct sha1_state *sctx, const u8 *data,
+unsigned int len, unsigned int partial)
{
unsigned int done = 0;
@@ -56,17 +50,17 @@ static int __sha1_update(struct SHA1_CTX *sctx, const u8
*data,
if (partial) {
done = SHA1_BLOCK_SIZE - partial;
- memcpy(sctx-data + partial, data, done);
- sha1_block_data_order(sctx, sctx-data, 1);
+ memcpy(sctx-buffer + partial, data, done);
+ sha1_block_data_order(sctx-state, sctx-buffer, 1);
}
if (len - done = SHA1_BLOCK_SIZE) {
const unsigned int rounds = (len - done) / SHA1_BLOCK_SIZE;
- sha1_block_data_order(sctx, data + done, rounds);
+ sha1_block_data_order(sctx-state, data + done, rounds);
done += rounds * SHA1_BLOCK_SIZE;
}
- memcpy(sctx-data, data + done, len - done);
+ memcpy(sctx-buffer, data + done, len - done);
return 0;
}
@@ -74,14 +68,14 @@ static int __sha1_update(struct SHA1_CTX *sctx, const u8
*data,
static int sha1_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
unsigned int partial = sctx-count % SHA1_BLOCK_SIZE;
int res;
/* Handle the fast case right here */
if (partial + len SHA1_BLOCK_SIZE) {
sctx-count += len;
- memcpy(sctx-data + partial, data, len);
+ memcpy(sctx-buffer + partial, data, len);
return 0;
}
res = __sha1_update(sctx, data, len, partial);
@@ -92,7 +86,7 @@ static int sha1_update(struct shash_desc *desc, const u8
*data,
/* Add padding and return the message digest. */
static int sha1_final(struct shash_desc *desc, u8 *out)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
unsigned int i, index, padlen;
__be32 *dst = (__be32 *)out;
__be64 bits;
@@ -106,7 +100,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
/* We need to fill a whole block for __sha1_update() */
if (padlen = 56) {
sctx-count += padlen;
- memcpy(sctx-data + index, padding, padlen);
+ memcpy(sctx-buffer + index, padding, padlen);
} else {
__sha1_update(sctx, padding, padlen, index);
}
@@ -114,7 +108,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
/* Store state in digest */
for (i = 0; i 5; i++)
- dst[i] = cpu_to_be32(((u32 *)sctx)[i]);
+ dst[i] = cpu_to_be32(sctx-state[i]);
/* Wipe context */
memset(sctx, 0, sizeof(*sctx));
@@ -124,7 +118,7 @@ static int sha1_final(struct shash_desc *desc, u8 *out)
static int sha1_export(struct shash_desc *desc, void *out)
{
- struct SHA1_CTX *sctx = shash_desc_ctx(desc);
+ struct sha1_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
@@ -132,7 +126,7 @@ static int sha1_export(struct shash_desc *desc, void *out)
[PATCH 4/4] DRBG: Call CTR DRBG DF function only once
The CTR DRBG requires the update function to be called twice when
generating a random number. In both cases, update function must process
the additional information string by using the DF function. As the DF
produces the same result in both cases, we can save one invocation of
the DF function when the first DF function result is reused.
The result of the DF function is stored in the scratchpad storage. The
patch ensures that the scratchpad is not cleared when we want to reuse
the DF result. For achieving this, the CTR DRBG update function must
know by whom and in which scenario it is called. This information is
provided with the reseed parameter to the update function.
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 41 ++---
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 4593b3c..53ff20d 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -565,7 +565,21 @@ out:
return ret;
}
-/* update function of CTR DRBG as defined in 10.2.1.2 */
+/*
+ * update function of CTR DRBG as defined in 10.2.1.2
+ *
+ * The reseed variable has an enhanced meaning compared to the update
+ * functions of the other DRBGs as follows:
+ * 0 = initial seed from initialization
+ * 1 = reseed via drbg_seed
+ * 2 = first invocation from drbg_ctr_update when addtl is present. In
+ * this case, the df_data scratchpad is not deleted so that it is
+ * available for another calls to prevent calling the DF function
+ * again.
+ * 3 = second invocation from drbg_ctr_update. When the update function
+ * was called with addtl, the df_data memory already contains the
+ * DFed addtl information and we do not need to call DF again.
+ */
static int drbg_ctr_update(struct drbg_state *drbg, struct list_head *seed,
int reseed)
{
@@ -580,7 +594,8 @@ static int drbg_ctr_update(struct drbg_state *drbg, struct
list_head *seed,
unsigned char prefix = DRBG_PREFIX1;
memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg));
- memset(df_data, 0, drbg_statelen(drbg));
+ if (3 reseed)
+ memset(df_data, 0, drbg_statelen(drbg));
/* 10.2.1.3.2 step 2 and 10.2.1.4.2 step 2 */
if (seed) {
@@ -622,7 +637,8 @@ static int drbg_ctr_update(struct drbg_state *drbg, struct
list_head *seed,
out:
memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg));
- memset(df_data, 0, drbg_statelen(drbg));
+ if (2 != reseed)
+ memset(df_data, 0, drbg_statelen(drbg));
return ret;
}
@@ -647,7 +663,7 @@ static int drbg_ctr_generate(struct drbg_state *drbg,
LIST_HEAD(addtllist);
list_add_tail(addtl-list, addtllist);
- ret = drbg_ctr_update(drbg, addtllist, 1);
+ ret = drbg_ctr_update(drbg, addtllist, 2);
if (ret)
return 0;
}
@@ -678,21 +694,8 @@ static int drbg_ctr_generate(struct drbg_state *drbg,
drbg_add_buf(drbg-V, drbg_blocklen(drbg), prefix, 1);
}
- /*
-* 10.2.1.5.2 step 6
-* The following call invokes the DF function again which could be
-* optimized. In step 2, the additional_input after step 2 is the
-* output of the DF function. If this result would be saved, the DF
-* function would not need to be invoked again at this point.
-*/
- if (addtl 0 addtl-len) {
- LIST_HEAD(addtllist);
-
- list_add_tail(addtl-list, addtllist);
- ret = drbg_ctr_update(drbg, addtllist, 1);
- } else {
- ret = drbg_ctr_update(drbg, NULL, 1);
- }
+ /* 10.2.1.5.2 step 6 */
+ ret = drbg_ctr_update(drbg, NULL, 3);
if (ret)
len = ret;
--
1.9.3
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/2] crypto: sha1: add ARM NEON implementation
Hi Jussi,
On 28 June 2014 12:40, Jussi Kivilinna jussi.kivili...@iki.fi wrote:
This patch adds ARM NEON assembly implementation of SHA-1 algorithm.
tcrypt benchmark results on Cortex-A8, sha1-arm-asm vs sha1-neon-asm:
block-size bytes/updateold-vs-new
16 16 1.06x
64 16 1.05x
64 64 1.09x
256 16 1.04x
256 64 1.11x
256 256 1.28x
102416 1.04x
1024256 1.34x
102410241.42x
204816 1.04x
2048256 1.35x
204810241.44x
204820481.46x
409616 1.04x
4096256 1.36x
409610241.45x
409640961.48x
819216 1.04x
8192256 1.36x
819210241.46x
819240961.49x
819281921.49x
This is a nice result: about the same speedup as OpenSSL when
comparing the ALU asm implementation with the NEON.
Signed-off-by: Jussi Kivilinna jussi.kivili...@iki.fi
---
arch/arm/crypto/Makefile |2
arch/arm/crypto/sha1-armv7-neon.S | 635
arch/arm/crypto/sha1_glue.c|8
arch/arm/crypto/sha1_neon_glue.c | 197 +++
arch/arm/include/asm/crypto/sha1.h | 10 +
crypto/Kconfig | 11 +
6 files changed, 860 insertions(+), 3 deletions(-)
create mode 100644 arch/arm/crypto/sha1-armv7-neon.S
create mode 100644 arch/arm/crypto/sha1_neon_glue.c
create mode 100644 arch/arm/include/asm/crypto/sha1.h
diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile
index 81cda39..374956d 100644
--- a/arch/arm/crypto/Makefile
+++ b/arch/arm/crypto/Makefile
@@ -5,10 +5,12 @@
obj-$(CONFIG_CRYPTO_AES_ARM) += aes-arm.o
obj-$(CONFIG_CRYPTO_AES_ARM_BS) += aes-arm-bs.o
obj-$(CONFIG_CRYPTO_SHA1_ARM) += sha1-arm.o
+obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o
aes-arm-y := aes-armv4.o aes_glue.o
aes-arm-bs-y := aesbs-core.o aesbs-glue.o
sha1-arm-y := sha1-armv4-large.o sha1_glue.o
+sha1-arm-neon-y:= sha1-armv7-neon.o sha1_neon_glue.o
quiet_cmd_perl = PERL$@
cmd_perl = $(PERL) $() $(@)
diff --git a/arch/arm/crypto/sha1-armv7-neon.S
b/arch/arm/crypto/sha1-armv7-neon.S
new file mode 100644
index 000..beb1ed1
--- /dev/null
+++ b/arch/arm/crypto/sha1-armv7-neon.S
@@ -0,0 +1,635 @@
+/* sha1-armv7-neon.S - ARM/NEON accelerated SHA-1 transform function
+ *
+ * Copyright © 2013-2014 Jussi Kivilinna jussi.kivili...@iki.fi
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+.syntax unified
+#ifdef __thumb2__
+.thumb
+#else
+.code 32
+#endif
This is all NEON code, which has no size benefit from being assembled
as Thumb-2. (NEON instructions are 4 bytes in either case)
If we drop the Thumb-2 versions, there's one less version to test.
+.fpu neon
+
+.data
+
+#define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name
+
[...]
+.align 4
+.LK_VEC:
+.LK1: .long K1, K1, K1, K1
+.LK2: .long K2, K2, K2, K2
+.LK3: .long K3, K3, K3, K3
+.LK4: .long K4, K4, K4, K4
If you are going to put these constants in a different section, they
belong in .rodata not .data.
But why not just keep them in .text? In that case, you can replace the
above 'ldr reg, =name' with 'adr reg ,name' (or adrl if required) and
get rid of the .ltorg and the literal pool.
[...]
+/*
+ * Transform nblks*64 bytes (nblks*16 32-bit words) at DATA.
+ *
+ * unsigned int
+ * sha1_transform_neon (void *ctx, const unsigned char *data,
+ * unsigned int nblks)
+ */
+.align 3
+.globl sha1_transform_neon
+.type sha1_transform_neon,%function;
+
+sha1_transform_neon:
ENTRY(sha1_transform_neon) [and matching ENDPROC() below]
+ /* input:
+ * r0: ctx, CTX
+ * r1: data (64*nblks bytes)
+ * r2: nblks
+ */
+
+ cmp RNBLKS, #0;
+ beq .Ldo_nothing;
+
+ push {r4-r12, lr};
+ /*vpush {q4-q7};*/
+
+ mov ROLDSTACK, sp;
+ GET_DATA_POINTER(RK, .LK_VEC, _a);
+
+ /* Align stack. */
+ sub RT0, sp, #(16*4);
+ and RT0, #(~(16-1));
+ mov sp, RT0;
+
+ /* Get the values of the chaining variables. */
+ ldm RSTATE, {_a-_e};
+
+ /* Precalc 0-15. */
+ vld1.32 {curK}, [RK]!; /* Load K1. */
+ W_PRECALC_00_15();
+
+ b .Loop;
+
+.ltorg
+.Loop:
+ /* Transform 0-15 + Precalc 16-31. */
+ _R( _a, _b, _c, _d, _e, F1, 0,
+ WPRECALC_16_31_0, WPRECALC_16_31_1, WPRECALC_16_31_2, 16,
+
[PATCH 3/4] DRBG: Fix format string for debugging statements
The initial format strings caused warnings on several architectures. The
updated format strings now match the variable types.
Reported-by: kbuild test robot fengguang...@intel.com
Reported-by: Randy Dunlap rdun...@infradead.org
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 03a230e..4593b3c 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1109,7 +1109,7 @@ static int drbg_seed(struct drbg_state *drbg, struct
drbg_string *pers,
/* 9.1 / 9.2 / 9.3.1 step 3 */
if (pers pers-len (drbg_max_addtl(drbg))) {
- pr_devel(DRBG: personalization string too long %lu\n,
+ pr_devel(DRBG: personalization string too long %zu\n,
pers-len);
return -EINVAL;
}
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs)) {
pr_info(DRBG: Cannot register all DRBG types
- (slots needed: %lu, slots available: %lu)\n,
- ARRAY_SIZE(drbg_cores) * 2, ARRAY_SIZE(drbg_algs));
+ (slots needed: %u, slots available: %u)\n,
+ (unsigned int)ARRAY_SIZE(drbg_cores) * 2,
+ (unsigned int)ARRAY_SIZE(drbg_algs));
return ret;
}
--
1.9.3
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 2/4] DRBG: cleanup of preprocessor macros
The structure used to construct the module description line was marked
problematic by the sparse code analysis tool. The module line
description now does not contain any ifdefs to prevent error reports
from sparse.
The preprocessor warning declaration was reported by sparse. It is
replaced in favor of an init function reporting the erroneous built of
the DRBG.
Lastly, a fix of the use use of CONFIG_CRYPTO_DRBG_HASH has been
applied.
Reported-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 43 +++
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG type
-#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
/***
* Backend cipher definitions available to DRBG
@@ -362,6 +367,7 @@ static inline void drbg_add_buf(unsigned char *dst, size_t
dstlen,
**/
#ifdef CONFIG_CRYPTO_DRBG_CTR
+#define CRYPTO_DRBG_CTR_STRING CTR
static int drbg_kcapi_sym(struct drbg_state *drbg, const unsigned char *key,
unsigned char *outval, const struct drbg_string *in);
static int drbg_init_sym_kernel(struct drbg_state *drbg);
@@ -715,6 +721,7 @@ static int drbg_fini_hash_kernel(struct drbg_state *drbg);
#endif /* (CONFIG_CRYPTO_DRBG_HASH || CONFIG_CRYPTO_DRBG_HMAC) */
#ifdef CONFIG_CRYPTO_DRBG_HMAC
+#define CRYPTO_DRBG_HMAC_STRING HMAC
/* update function of HMAC DRBG as defined in 10.1.2.2 */
static int drbg_hmac_update(struct drbg_state *drbg, struct list_head *seed,
int reseed)
@@ -834,6 +841,7 @@ static struct drbg_state_ops drbg_hmac_ops = {
**/
#ifdef CONFIG_CRYPTO_DRBG_HASH
+#define CRYPTO_DRBG_HASH_STRING HASH
/*
* scratchpad usage: as drbg_hash_update and drbg_hash_df are used
* interlinked, the scratchpad is used as follows:
@@ -1865,7 +1873,7 @@ static inline int __init drbg_healthcheck_sanity(void)
#ifdef CONFIG_CRYPTO_DRBG_CTR
drbg_convert_tfm_core(drbg_nopr_ctr_aes128, coreref, pr);
-#elif CONFIG_CRYPTO_DRBG_HASH
+#elif defined CONFIG_CRYPTO_DRBG_HASH
drbg_convert_tfm_core(drbg_nopr_sha256, coreref, pr);
#else
drbg_convert_tfm_core(drbg_nopr_hmac_sha256, coreref, pr);
@@ -2005,18 +2013,29 @@ void __exit drbg_exit(void)
crypto_unregister_algs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
}
-module_init(drbg_init);
module_exit(drbg_exit);
+#endif /* !defined(CONFIG_CRYPTO_DRBG_HASH) \
+ !defined(CONFIG_CRYPTO_DRBG_HMAC) \
+ !defined(CONFIG_CRYPTO_DRBG_CTR) */
+
+module_init(drbg_init);
MODULE_LICENSE(GPL);
MODULE_AUTHOR(Stephan Mueller smuel...@chronox.de);
-MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random Bit Generator (DRBG)
using following cores:
-#ifdef CONFIG_CRYPTO_DRBG_HMAC
-HMAC
+#ifndef CRYPTO_DRBG_NONE_STRING
+#define CRYPTO_DRBG_NONE_STRING
#endif
-#ifdef CONFIG_CRYPTO_DRBG_HASH
-Hash
+#ifndef CRYPTO_DRBG_HASH_STRING
+#define CRYPTO_DRBG_HASH_STRING
#endif
-#ifdef CONFIG_CRYPTO_DRBG_CTR
-CTR
+#ifndef CRYPTO_DRBG_HMAC_STRING
+#define CRYPTO_DRBG_HMAC_STRING
+#endif
+#ifndef CRYPTO_DRBG_CTR_STRING
+#define CRYPTO_DRBG_CTR_STRING
#endif
-);
+MODULE_DESCRIPTION(NIST SP800-90A Deterministic Random Bit Generator (DRBG)
+ using following cores:
+ CRYPTO_DRBG_NONE_STRING
+ CRYPTO_DRBG_HMAC_STRING
+ CRYPTO_DRBG_HASH_STRING
+ CRYPTO_DRBG_CTR_STRING);
--
1.9.3
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/4] DRBG: use of kernel linked list
The DRBG-style linked list to manage input data that is fed into the
cipher invocations is replaced with the kernel linked list
implementation.
The change is transparent to users of the interfaces offered by the
DRBG. Therefore, no changes to the testmgr code is needed.
Reported-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Stephan Mueller smuel...@chronox.de
---
crypto/drbg.c | 233 +++---
include/crypto/drbg.h | 7 +-
2 files changed, 128 insertions(+), 112 deletions(-)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 99fa8f8..6679a26 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -370,13 +370,12 @@ static int drbg_fini_sym_kernel(struct drbg_state *drbg);
/* BCC function for CTR DRBG as defined in 10.4.3 */
static int drbg_ctr_bcc(struct drbg_state *drbg,
unsigned char *out, const unsigned char *key,
- struct drbg_string *in)
+ struct list_head *in)
{
- int ret = -EFAULT;
- struct drbg_string *curr = in;
- size_t inpos = curr-len;
- const unsigned char *pos = curr-buf;
+ int ret = 0;
+ struct drbg_string *curr = NULL;
struct drbg_string data;
+ short cnt = 0;
drbg_string_fill(data, out, drbg_blocklen(drbg));
@@ -384,39 +383,29 @@ static int drbg_ctr_bcc(struct drbg_state *drbg,
memset(out, 0, drbg_blocklen(drbg));
/* 10.4.3 step 2 / 4 */
- while (inpos) {
- short cnt = 0;
+ list_for_each_entry(curr, in, list) {
+ const unsigned char *pos = curr-buf;
+ size_t len = curr-len;
/* 10.4.3 step 4.1 */
- for (cnt = 0; cnt drbg_blocklen(drbg); cnt++) {
- out[cnt] ^= *pos;
- pos++; inpos--;
- /*
-* The following branch implements the linked list
-* iteration of drbg_string *in. If we are at the
-* end of the current list member, we have to start
-* using the next member if available. The inpos
-* value always points to the current byte and will
-* be zero if we have processed the last byte of
-* the last linked list member.
-*/
- if (0 == inpos) {
- curr = curr-next;
- if (NULL != curr) {
- pos = curr-buf;
- inpos = curr-len;
- } else {
- inpos = 0;
- break;
- }
+ while (len) {
+ /* 10.4.3 step 4.2 */
+ if (drbg_blocklen(drbg) == cnt) {
+ cnt = 0;
+ ret = drbg_kcapi_sym(drbg, key, out, data);
+ if (ret)
+ return ret;
}
+ out[cnt] ^= *pos;
+ pos++;
+ cnt++;
+ len--;
}
- /* 10.4.3 step 4.2 */
- ret = drbg_kcapi_sym(drbg, key, out, data);
- if (ret)
- return ret;
- /* 10.4.3 step 2 */
}
- return 0;
+ /* 10.4.3 step 4.2 for last block */
+ if (cnt)
+ ret = drbg_kcapi_sym(drbg, key, out, data);
+
+ return ret;
}
/*
@@ -453,13 +442,13 @@ static int drbg_ctr_bcc(struct drbg_state *drbg,
/* Derivation Function for CTR DRBG as defined in 10.4.2 */
static int drbg_ctr_df(struct drbg_state *drbg,
unsigned char *df_data, size_t bytes_to_return,
- struct drbg_string *addtl)
+ struct list_head *seedlist)
{
int ret = -EFAULT;
unsigned char L_N[8];
/* S3 is input */
struct drbg_string S1, S2, S4, cipherin;
- struct drbg_string *tempstr = addtl;
+ LIST_HEAD(bcc_list);
unsigned char *pad = df_data + drbg_statelen(drbg);
unsigned char *iv = pad + drbg_blocklen(drbg);
unsigned char *temp = iv + drbg_blocklen(drbg);
@@ -476,6 +465,7 @@ static int drbg_ctr_df(struct drbg_state *drbg,
unsigned char *X;
size_t generated_len = 0;
size_t inputlen = 0;
+ struct drbg_string *seed = NULL;
memset(pad, 0, drbg_blocklen(drbg));
memset(iv, 0, drbg_blocklen(drbg));
@@ -488,8 +478,8 @@ static int drbg_ctr_df(struct drbg_state *drbg,
return -EINVAL;
/* 10.4.2 step 2 -- calculate the entire length of all input data */
- for (; NULL != tempstr; tempstr =
[PATCH 0/4] DRBG: Fixes for sparse tool reports
Hi, The following patches cover requested changes based on the sparse tool test run and suggestions by peer reviewers. In addition, a patch to make the CTR DRBG more efficient is added. Stephan Mueller (4): DRBG: use of kernel linked list DRBG: cleanup of preprocessor macros DRBG: Fix format string for debugging statements DRBG: Call CTR DRBG DF function only once crypto/drbg.c | 302 -- include/crypto/drbg.h | 7 +- 2 files changed, 174 insertions(+), 135 deletions(-) -- 1.9.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG type
-#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
--
Cheers,
Stephen Rothwells...@canb.auug.org.au
signature.asc
Description: PGP signature
Re: [PATCH 3/4] DRBG: Fix format string for debugging statements
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel...@chronox.de wrote:
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs)) {
pr_info(DRBG: Cannot register all DRBG types
- (slots needed: %lu, slots available: %lu)\n,
- ARRAY_SIZE(drbg_cores) * 2, ARRAY_SIZE(drbg_algs));
+ (slots needed: %u, slots available: %u)\n,
+ (unsigned int)ARRAY_SIZE(drbg_cores) * 2,
+ (unsigned int)ARRAY_SIZE(drbg_algs));
Doesn't ARRAY_SIZE() always return a size_t? In which case surely we
need no casts, but need to us %zu in the format string.
--
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/4] DRBG: Fix format string for debugging statements
Am Sonntag, 29. Juni 2014, 12:24:02 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel...@chronox.de
wrote:
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs)) {
pr_info(DRBG: Cannot register all DRBG types
- (slots needed: %lu, slots available: %lu)\n,
- ARRAY_SIZE(drbg_cores) * 2, ARRAY_SIZE(drbg_algs));
+ (slots needed: %u, slots available: %u)\n,
+ (unsigned int)ARRAY_SIZE(drbg_cores) * 2,
+ (unsigned int)ARRAY_SIZE(drbg_algs));
Doesn't ARRAY_SIZE() always return a size_t? In which case surely we
need no casts, but need to us %zu in the format string.
Unfortunately not at all. On my x86_64, I get the compiler warning that
ARRAY_SIZE is a long unsigned int without the cast.
Ciao
Stephan
--
| Cui bono? |
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/4] DRBG: Fix format string for debugging statements
On Sun, 2014-06-29 at 05:46 +0200, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:24:02 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel...@chronox.de
wrote:
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs)) {
pr_info(DRBG: Cannot register all DRBG types
- (slots needed: %lu, slots available: %lu)\n,
- ARRAY_SIZE(drbg_cores) * 2, ARRAY_SIZE(drbg_algs));
+ (slots needed: %u, slots available: %u)\n,
+ (unsigned int)ARRAY_SIZE(drbg_cores) * 2,
+ (unsigned int)ARRAY_SIZE(drbg_algs));
Doesn't ARRAY_SIZE() always return a size_t? In which case surely we
need no casts, but need to us %zu in the format string.
Unfortunately not at all. On my x86_64, I get the compiler warning that
ARRAY_SIZE is a long unsigned int without the cast.
This should fix that.
---
include/linux/kernel.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 6e3d497..58bc57d 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -51,7 +51,8 @@
#define PTR_ALIGN(p, a)((typeof(p))ALIGN((unsigned long)(p),
(a)))
#define IS_ALIGNED(x, a) (((x) ((typeof(x))(a) - 1)) == 0)
-#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
+#define ARRAY_SIZE(arr)\
+ (sizeof(arr) / sizeof((arr)[0]) + (size_t)__must_be_array(arr))
/*
* This looks more complex than it should be. But we need to
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/4] DRBG: Fix format string for debugging statements
Am Samstag, 28. Juni 2014, 20:53:19 schrieb Joe Perches:
Hi Joe,
On Sun, 2014-06-29 at 05:46 +0200, Stephan Mueller wrote:
Am Sonntag, 29. Juni 2014, 12:24:02 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:01:46 +0200 Stephan Mueller smuel...@chronox.de
wrote:
@@ -1987,8 +1987,9 @@ static int __init drbg_init(void)
if (ARRAY_SIZE(drbg_cores) * 2 ARRAY_SIZE(drbg_algs)) {
pr_info(DRBG: Cannot register all DRBG types
- (slots needed: %lu, slots available: %lu)\n,
- ARRAY_SIZE(drbg_cores) * 2,
ARRAY_SIZE(drbg_algs));
+ (slots needed: %u, slots available: %u)\n,
+ (unsigned int)ARRAY_SIZE(drbg_cores) * 2,
+ (unsigned int)ARRAY_SIZE(drbg_algs));
Doesn't ARRAY_SIZE() always return a size_t? In which case surely we
need no casts, but need to us %zu in the format string.
Unfortunately not at all. On my x86_64, I get the compiler warning that
ARRAY_SIZE is a long unsigned int without the cast.
This should fix that.
---
include/linux/kernel.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 6e3d497..58bc57d 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -51,7 +51,8 @@
#define PTR_ALIGN(p, a) ((typeof(p))ALIGN((unsigned long)(p),
(a)))
#define IS_ALIGNED(x, a) (((x) ((typeof(x))(a) - 1)) == 0)
-#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) +
__must_be_array(arr)) +#define ARRAY_SIZE(arr)
\
+ (sizeof(arr) / sizeof((arr)[0]) + (size_t)__must_be_array(arr))
/*
* This looks more complex than it should be. But we need to
Sure, that fixes it such that I need to use %zu in the format string.
But wouldn't that change have riple effects to all use cases of ARRAY_SIZE at
least on 32 bit systems (i.e. current implementation returns a 32 bit integer,
but the new version returns a 64 bit integer)? If so, I am wondering whether
this change can be made with this oneliner.
Ciao
Stephan
--
| Cui bono? |
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 2/4] DRBG: cleanup of preprocessor macros
Am Sonntag, 29. Juni 2014, 12:20:15 schrieb Stephen Rothwell:
Hi Stephen,
Hi Stephan,
On Sat, 28 Jun 2014 22:00:07 +0200 Stephan Mueller smuel...@chronox.de
wrote:
diff --git a/crypto/drbg.c b/crypto/drbg.c
index 6679a26..03a230e 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -102,8 +102,13 @@
#if !defined(CONFIG_CRYPTO_DRBG_HASH) \
!defined(CONFIG_CRYPTO_DRBG_HMAC) \
!defined(CONFIG_CRYPTO_DRBG_CTR)
-#warning The DRBG code is useless without compiling at least one DRBG
type -#endif
+#define CRYPTO_DRBG_NONE_STRING none
+static int __init drbg_init(void)
+{
+ pr_warn(DRBG: no DRBG core was compiled!\n);
+ return -EFAULT;
+}
+#else
Wouldn't this be better handled by Kconfig so that we don't even try to
build this unless one of the required core modules is chosen?
I tried that, but it seems that my Kconfig Foo is not too well: adding the
DRBG cores to the depends line of CRYPTO_DRBG as indicated in the following, I
have a circular dependency. With that circular dependency, the DRBG entries do
not show up in make menuconfig.
menuconfig CRYTPO_DRBG
tristate NIST SP800-90A DRBG
depends on CRYPTO (CRYPTO_DRBG_HMAC || CRYPTO_DRBG_CTR ||
CRYPTO_DRBG_HASH)
...
if CRYTPO_DRBG
config CRYPTO_DRBG_HMAC
bool Enable HMAC DRBG
default y
depends on CRYTPO_DRBG
Do you have a working solution in mind? The goal is that once CRYPTO_DRBG is
selected, at least one of the DRBG cores must be selected.
Thanks
Stephan
--
| Cui bono? |
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
