tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

lib/crypto: powerpc/sha1: Migrate optimized code into library

Instead of exposing the powerpc-optimized SHA-1 code via
powerpc-specific crypto_shash algorithms, instead just implement the
sha1_blocks() library function. This is much simpler, it makes the
SHA-1 library functions be powerpc-optimized, and it fixes the
longstanding issue where the powerpc-optimized SHA-1 code was disabled
by default. SHA-1 still remains available through crypto_shash, but
individual architectures no longer need to handle it.

Note: to see the diff from arch/powerpc/crypto/sha1-spe-glue.c to
lib/crypto/powerpc/sha1.h, view this commit with 'git show -M10'.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250712232329.818226-11-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 6b9ae8cf b6ac1dac

+72 -208
-1
arch/powerpc/configs/44x/akebono_defconfig
··· 128 128 CONFIG_PPC_EARLY_DEBUG_44x_PHYSHIGH=0x33f 129 129 CONFIG_CRYPTO_PCBC=y 130 130 CONFIG_CRYPTO_MD5=y 131 - CONFIG_CRYPTO_SHA1_PPC=y 132 131 CONFIG_CRYPTO_DES=y 133 132 # CONFIG_CRYPTO_HW is not set
-1
arch/powerpc/configs/powernv_defconfig
··· 322 322 CONFIG_CRYPTO_HMAC=y 323 323 CONFIG_CRYPTO_MD5_PPC=m 324 324 CONFIG_CRYPTO_MICHAEL_MIC=m 325 - CONFIG_CRYPTO_SHA1_PPC=m 326 325 CONFIG_CRYPTO_SHA256=y 327 326 CONFIG_CRYPTO_WP512=m 328 327 CONFIG_CRYPTO_ANUBIS=m
-1
arch/powerpc/configs/ppc64_defconfig
··· 388 388 CONFIG_CRYPTO_WP512=m 389 389 CONFIG_CRYPTO_LZO=m 390 390 CONFIG_CRYPTO_MD5_PPC=m 391 - CONFIG_CRYPTO_SHA1_PPC=m 392 391 CONFIG_CRYPTO_AES_GCM_P10=m 393 392 CONFIG_CRYPTO_DEV_NX=y 394 393 CONFIG_CRYPTO_DEV_NX_ENCRYPT=m
-16
arch/powerpc/crypto/Kconfig
··· 23 23 24 24 Architecture: powerpc 25 25 26 - config CRYPTO_SHA1_PPC 27 - tristate "Hash functions: SHA-1" 28 - help 29 - SHA-1 secure hash algorithm (FIPS 180) 30 - 31 - Architecture: powerpc 32 - 33 - config CRYPTO_SHA1_PPC_SPE 34 - tristate "Hash functions: SHA-1 (SPE)" 35 - depends on SPE 36 - help 37 - SHA-1 secure hash algorithm (FIPS 180) 38 - 39 - Architecture: powerpc using 40 - - SPE (Signal Processing Engine) extensions 41 - 42 26 config CRYPTO_AES_PPC_SPE 43 27 tristate "Ciphers: AES, modes: ECB/CBC/CTR/XTS (SPE)" 44 28 depends on SPE
-4
arch/powerpc/crypto/Makefile
··· 7 7 8 8 obj-$(CONFIG_CRYPTO_AES_PPC_SPE) += aes-ppc-spe.o 9 9 obj-$(CONFIG_CRYPTO_MD5_PPC) += md5-ppc.o 10 - obj-$(CONFIG_CRYPTO_SHA1_PPC) += sha1-powerpc.o 11 - obj-$(CONFIG_CRYPTO_SHA1_PPC_SPE) += sha1-ppc-spe.o 12 10 obj-$(CONFIG_CRYPTO_AES_GCM_P10) += aes-gcm-p10-crypto.o 13 11 obj-$(CONFIG_CRYPTO_DEV_VMX_ENCRYPT) += vmx-crypto.o 14 12 obj-$(CONFIG_CRYPTO_CURVE25519_PPC64) += curve25519-ppc64le.o 15 13 16 14 aes-ppc-spe-y := aes-spe-core.o aes-spe-keys.o aes-tab-4k.o aes-spe-modes.o aes-spe-glue.o 17 15 md5-ppc-y := md5-asm.o md5-glue.o 18 - sha1-powerpc-y := sha1-powerpc-asm.o sha1.o 19 - sha1-ppc-spe-y := sha1-spe-asm.o sha1-spe-glue.o 20 16 aes-gcm-p10-crypto-y := aes-gcm-p10-glue.o aes-gcm-p10.o ghashp10-ppc.o aesp10-ppc.o 21 17 vmx-crypto-objs := vmx.o aesp8-ppc.o ghashp8-ppc.o aes.o aes_cbc.o aes_ctr.o aes_xts.o ghash.o 22 18 curve25519-ppc64le-y := curve25519-ppc64le-core.o curve25519-ppc64le_asm.o
arch/powerpc/crypto/sha1-powerpc-asm.S lib/crypto/powerpc/sha1-powerpc-asm.S
arch/powerpc/crypto/sha1-spe-asm.S lib/crypto/powerpc/sha1-spe-asm.S
-107
arch/powerpc/crypto/sha1-spe-glue.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-or-later 2 - /* 3 - * Glue code for SHA-1 implementation for SPE instructions (PPC) 4 - * 5 - * Based on generic implementation. 6 - * 7 - * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de> 8 - */ 9 - 10 - #include <asm/switch_to.h> 11 - #include <crypto/internal/hash.h> 12 - #include <crypto/sha1.h> 13 - #include <crypto/sha1_base.h> 14 - #include <linux/kernel.h> 15 - #include <linux/preempt.h> 16 - #include <linux/module.h> 17 - 18 - /* 19 - * MAX_BYTES defines the number of bytes that are allowed to be processed 20 - * between preempt_disable() and preempt_enable(). SHA1 takes ~1000 21 - * operations per 64 bytes. e500 cores can issue two arithmetic instructions 22 - * per clock cycle using one 32/64 bit unit (SU1) and one 32 bit unit (SU2). 23 - * Thus 2KB of input data will need an estimated maximum of 18,000 cycles. 24 - * Headroom for cache misses included. Even with the low end model clocked 25 - * at 667 MHz this equals to a critical time window of less than 27us. 26 - * 27 - */ 28 - #define MAX_BYTES 2048 29 - 30 - asmlinkage void ppc_spe_sha1_transform(u32 *state, const u8 *src, u32 blocks); 31 - 32 - static void spe_begin(void) 33 - { 34 - /* We just start SPE operations and will save SPE registers later. */ 35 - preempt_disable(); 36 - enable_kernel_spe(); 37 - } 38 - 39 - static void spe_end(void) 40 - { 41 - disable_kernel_spe(); 42 - /* reenable preemption */ 43 - preempt_enable(); 44 - } 45 - 46 - static void ppc_spe_sha1_block(struct sha1_state *sctx, const u8 *src, 47 - int blocks) 48 - { 49 - do { 50 - int unit = min(blocks, MAX_BYTES / SHA1_BLOCK_SIZE); 51 - 52 - spe_begin(); 53 - ppc_spe_sha1_transform(sctx->state, src, unit); 54 - spe_end(); 55 - 56 - src += unit * SHA1_BLOCK_SIZE; 57 - blocks -= unit; 58 - } while (blocks); 59 - } 60 - 61 - static int ppc_spe_sha1_update(struct shash_desc *desc, const u8 *data, 62 - unsigned int len) 63 - { 64 - return sha1_base_do_update_blocks(desc, data, len, ppc_spe_sha1_block); 65 - } 66 - 67 - static int ppc_spe_sha1_finup(struct shash_desc *desc, const u8 *src, 68 - unsigned int len, u8 *out) 69 - { 70 - sha1_base_do_finup(desc, src, len, ppc_spe_sha1_block); 71 - return sha1_base_finish(desc, out); 72 - } 73 - 74 - static struct shash_alg alg = { 75 - .digestsize = SHA1_DIGEST_SIZE, 76 - .init = sha1_base_init, 77 - .update = ppc_spe_sha1_update, 78 - .finup = ppc_spe_sha1_finup, 79 - .descsize = SHA1_STATE_SIZE, 80 - .base = { 81 - .cra_name = "sha1", 82 - .cra_driver_name= "sha1-ppc-spe", 83 - .cra_priority = 300, 84 - .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 85 - .cra_blocksize = SHA1_BLOCK_SIZE, 86 - .cra_module = THIS_MODULE, 87 - } 88 - }; 89 - 90 - static int __init ppc_spe_sha1_mod_init(void) 91 - { 92 - return crypto_register_shash(&alg); 93 - } 94 - 95 - static void __exit ppc_spe_sha1_mod_fini(void) 96 - { 97 - crypto_unregister_shash(&alg); 98 - } 99 - 100 - module_init(ppc_spe_sha1_mod_init); 101 - module_exit(ppc_spe_sha1_mod_fini); 102 - 103 - MODULE_LICENSE("GPL"); 104 - MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, SPE optimized"); 105 - 106 - MODULE_ALIAS_CRYPTO("sha1"); 107 - MODULE_ALIAS_CRYPTO("sha1-ppc-spe");
-78
arch/powerpc/crypto/sha1.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-or-later 2 - /* 3 - * Cryptographic API. 4 - * 5 - * powerpc implementation of the SHA1 Secure Hash Algorithm. 6 - * 7 - * Derived from cryptoapi implementation, adapted for in-place 8 - * scatterlist interface. 9 - * 10 - * Derived from "crypto/sha1.c" 11 - * Copyright (c) Alan Smithee. 12 - * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 13 - * Copyright (c) Jean-Francois Dive <jef@linuxbe.org> 14 - */ 15 - #include <crypto/internal/hash.h> 16 - #include <crypto/sha1.h> 17 - #include <crypto/sha1_base.h> 18 - #include <linux/kernel.h> 19 - #include <linux/module.h> 20 - 21 - asmlinkage void powerpc_sha_transform(u32 *state, const u8 *src); 22 - 23 - static void powerpc_sha_block(struct sha1_state *sctx, const u8 *data, 24 - int blocks) 25 - { 26 - do { 27 - powerpc_sha_transform(sctx->state, data); 28 - data += 64; 29 - } while (--blocks); 30 - } 31 - 32 - static int powerpc_sha1_update(struct shash_desc *desc, const u8 *data, 33 - unsigned int len) 34 - { 35 - return sha1_base_do_update_blocks(desc, data, len, powerpc_sha_block); 36 - } 37 - 38 - /* Add padding and return the message digest. */ 39 - static int powerpc_sha1_finup(struct shash_desc *desc, const u8 *src, 40 - unsigned int len, u8 *out) 41 - { 42 - sha1_base_do_finup(desc, src, len, powerpc_sha_block); 43 - return sha1_base_finish(desc, out); 44 - } 45 - 46 - static struct shash_alg alg = { 47 - .digestsize = SHA1_DIGEST_SIZE, 48 - .init = sha1_base_init, 49 - .update = powerpc_sha1_update, 50 - .finup = powerpc_sha1_finup, 51 - .descsize = SHA1_STATE_SIZE, 52 - .base = { 53 - .cra_name = "sha1", 54 - .cra_driver_name= "sha1-powerpc", 55 - .cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 56 - .cra_blocksize = SHA1_BLOCK_SIZE, 57 - .cra_module = THIS_MODULE, 58 - } 59 - }; 60 - 61 - static int __init sha1_powerpc_mod_init(void) 62 - { 63 - return crypto_register_shash(&alg); 64 - } 65 - 66 - static void __exit sha1_powerpc_mod_fini(void) 67 - { 68 - crypto_unregister_shash(&alg); 69 - } 70 - 71 - module_init(sha1_powerpc_mod_init); 72 - module_exit(sha1_powerpc_mod_fini); 73 - 74 - MODULE_LICENSE("GPL"); 75 - MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); 76 - 77 - MODULE_ALIAS_CRYPTO("sha1"); 78 - MODULE_ALIAS_CRYPTO("sha1-powerpc");
+1
lib/crypto/Kconfig
··· 149 149 default y if ARM 150 150 default y if ARM64 && KERNEL_MODE_NEON 151 151 default y if MIPS && CPU_CAVIUM_OCTEON 152 + default y if PPC 152 153 153 154 config CRYPTO_LIB_SHA256 154 155 tristate
+4
lib/crypto/Makefile
··· 77 77 arm/sha1-ce-core.o 78 78 endif 79 79 libsha1-$(CONFIG_ARM64) += arm64/sha1-ce-core.o 80 + ifeq ($(CONFIG_PPC),y) 81 + libsha1-y += powerpc/sha1-powerpc-asm.o 82 + libsha1-$(CONFIG_SPE) += powerpc/sha1-spe-asm.o 83 + endif 80 84 endif # CONFIG_CRYPTO_LIB_SHA1_ARCH 81 85 82 86 ################################################################################
+67
lib/crypto/powerpc/sha1.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 + /* 3 + * SHA-1 optimized for PowerPC 4 + * 5 + * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de> 6 + */ 7 + 8 + #include <asm/switch_to.h> 9 + #include <linux/preempt.h> 10 + 11 + #ifdef CONFIG_SPE 12 + /* 13 + * MAX_BYTES defines the number of bytes that are allowed to be processed 14 + * between preempt_disable() and preempt_enable(). SHA1 takes ~1000 15 + * operations per 64 bytes. e500 cores can issue two arithmetic instructions 16 + * per clock cycle using one 32/64 bit unit (SU1) and one 32 bit unit (SU2). 17 + * Thus 2KB of input data will need an estimated maximum of 18,000 cycles. 18 + * Headroom for cache misses included. Even with the low end model clocked 19 + * at 667 MHz this equals to a critical time window of less than 27us. 20 + * 21 + */ 22 + #define MAX_BYTES 2048 23 + 24 + asmlinkage void ppc_spe_sha1_transform(struct sha1_block_state *state, 25 + const u8 *data, u32 nblocks); 26 + 27 + static void spe_begin(void) 28 + { 29 + /* We just start SPE operations and will save SPE registers later. */ 30 + preempt_disable(); 31 + enable_kernel_spe(); 32 + } 33 + 34 + static void spe_end(void) 35 + { 36 + disable_kernel_spe(); 37 + /* reenable preemption */ 38 + preempt_enable(); 39 + } 40 + 41 + static void sha1_blocks(struct sha1_block_state *state, 42 + const u8 *data, size_t nblocks) 43 + { 44 + do { 45 + u32 unit = min_t(size_t, nblocks, MAX_BYTES / SHA1_BLOCK_SIZE); 46 + 47 + spe_begin(); 48 + ppc_spe_sha1_transform(state, data, unit); 49 + spe_end(); 50 + 51 + data += unit * SHA1_BLOCK_SIZE; 52 + nblocks -= unit; 53 + } while (nblocks); 54 + } 55 + #else /* CONFIG_SPE */ 56 + asmlinkage void powerpc_sha_transform(struct sha1_block_state *state, 57 + const u8 data[SHA1_BLOCK_SIZE]); 58 + 59 + static void sha1_blocks(struct sha1_block_state *state, 60 + const u8 *data, size_t nblocks) 61 + { 62 + do { 63 + powerpc_sha_transform(state, data); 64 + data += SHA1_BLOCK_SIZE; 65 + } while (--nblocks); 66 + } 67 + #endif /* !CONFIG_SPE */