2019-11-08 12:22:30 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
|
|
|
|
/*
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
* shash interface to the generic implementation of BLAKE2s
|
|
|
|
|
*
|
2019-11-08 12:22:30 +00:00
|
|
|
* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <crypto/internal/blake2s.h>
|
|
|
|
|
#include <crypto/internal/hash.h>
|
|
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
static int crypto_blake2s_update_generic(struct shash_desc *desc,
|
|
|
|
|
const u8 *in, unsigned int inlen)
|
2019-11-08 12:22:30 +00:00
|
|
|
{
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
return crypto_blake2s_update(desc, in, inlen, blake2s_compress_generic);
|
2019-11-08 12:22:30 +00:00
|
|
|
}
|
|
|
|
|
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
static int crypto_blake2s_final_generic(struct shash_desc *desc, u8 *out)
|
2019-11-08 12:22:30 +00:00
|
|
|
{
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
return crypto_blake2s_final(desc, out, blake2s_compress_generic);
|
2019-11-08 12:22:30 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-23 08:09:50 +00:00
|
|
|
#define BLAKE2S_ALG(name, driver_name, digest_size) \
|
|
|
|
|
{ \
|
|
|
|
|
.base.cra_name = name, \
|
|
|
|
|
.base.cra_driver_name = driver_name, \
|
|
|
|
|
.base.cra_priority = 100, \
|
|
|
|
|
.base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, \
|
|
|
|
|
.base.cra_blocksize = BLAKE2S_BLOCK_SIZE, \
|
|
|
|
|
.base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx), \
|
|
|
|
|
.base.cra_module = THIS_MODULE, \
|
|
|
|
|
.digestsize = digest_size, \
|
|
|
|
|
.setkey = crypto_blake2s_setkey, \
|
|
|
|
|
.init = crypto_blake2s_init, \
|
crypto: blake2s - share the "shash" API boilerplate code
Add helper functions for shash implementations of BLAKE2s to
include/crypto/internal/blake2s.h, taking advantage of
__blake2s_update() and __blake2s_final() that were added by the previous
patch to share more code between the library and shash implementations.
crypto_blake2s_setkey() and crypto_blake2s_init() are usable as
shash_alg::setkey and shash_alg::init directly, while
crypto_blake2s_update() and crypto_blake2s_final() take an extra
'blake2s_compress_t' function pointer parameter. This allows the
implementation of the compression function to be overridden, which is
the only part that optimized implementations really care about.
The new functions are inline functions (similar to those in sha1_base.h,
sha256_base.h, and sm3_base.h) because this avoids needing to add a new
module blake2s_helpers.ko, they aren't *too* long, and this avoids
indirect calls which are expensive these days. Note that they can't go
in blake2s_generic.ko, as that would require selecting CRYPTO_BLAKE2S
from CRYPTO_BLAKE2S_X86, which would cause a recursive dependency.
Finally, use these new helper functions in the x86 implementation of
BLAKE2s. (This part should be a separate patch, but unfortunately the
x86 implementation used the exact same function names like
"crypto_blake2s_update()", so it had to be updated at the same time.)
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-12-23 08:09:54 +00:00
|
|
|
.update = crypto_blake2s_update_generic, \
|
|
|
|
|
.final = crypto_blake2s_final_generic, \
|
2020-12-23 08:09:50 +00:00
|
|
|
.descsize = sizeof(struct blake2s_state), \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct shash_alg blake2s_algs[] = {
|
|
|
|
|
BLAKE2S_ALG("blake2s-128", "blake2s-128-generic",
|
|
|
|
|
BLAKE2S_128_HASH_SIZE),
|
|
|
|
|
BLAKE2S_ALG("blake2s-160", "blake2s-160-generic",
|
|
|
|
|
BLAKE2S_160_HASH_SIZE),
|
|
|
|
|
BLAKE2S_ALG("blake2s-224", "blake2s-224-generic",
|
|
|
|
|
BLAKE2S_224_HASH_SIZE),
|
|
|
|
|
BLAKE2S_ALG("blake2s-256", "blake2s-256-generic",
|
|
|
|
|
BLAKE2S_256_HASH_SIZE),
|
|
|
|
|
};
|
2019-11-08 12:22:30 +00:00
|
|
|
|
|
|
|
|
static int __init blake2s_mod_init(void)
|
|
|
|
|
{
|
|
|
|
|
return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void __exit blake2s_mod_exit(void)
|
|
|
|
|
{
|
|
|
|
|
crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
subsys_initcall(blake2s_mod_init);
|
|
|
|
|
module_exit(blake2s_mod_exit);
|
|
|
|
|
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-128");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-128-generic");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-160");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-160-generic");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-224");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-224-generic");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-256");
|
|
|
|
|
MODULE_ALIAS_CRYPTO("blake2s-256-generic");
|
|
|
|
|
MODULE_LICENSE("GPL v2");
|