[PATCH v2 0/3] crypto: arm and cryptd fixes

[PATCH v2 0/3] crypto: arm and cryptd fixes

[Ard Biesheuvel]

Patch #1 fixes a trivial code generation issue on ARM.

Patch #2 and #3 fix the broken GHASH on ARM using the v8 Crypto Extensions
pmull.64 instructions. The problem seems to be that it is allowed to call
.import() without .init() (at least, that is what the test cases do), but
this means that the initialization to tie the shash_desc's to their child
transforms needs to execute in the .import() context as well.

Perhaps Herbert could shed some light on this? Thanks.

In any case, these patches are both necessary (and sufficient) to get GHASH
on ARM working again, including the boot time selftests


Ard Biesheuvel (3):
  crypto: arm/sha1-neon - add support for building in Thumb2 mode
  crypto: arm/ghash-ce - add missing async import/export
  crypto: cryptd - initialize child shash_desc on import

 arch/arm/crypto/ghash-ce-glue.c   | 24 ++++++++++++++++++++
 arch/arm/crypto/sha1-armv7-neon.S |  1 -
 crypto/cryptd.c                   |  9 ++++++--
 3 files changed, 31 insertions(+), 3 deletions(-)

-- 
2.7.4

[PATCH v2 1/3] crypto: arm/sha1-neon - add support for building in Thumb2 mode

[Ard Biesheuvel]

The ARMv7 NEON module is explicitly built in ARM mode, which is not
supported by the Thumb2 kernel. So remove the explicit override, and
leave it up to the build environment to decide whether the core SHA1
routines are assembled as ARM or as Thumb2 code.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/crypto/sha1-armv7-neon.S | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/arm/crypto/sha1-armv7-neon.S b/arch/arm/crypto/sha1-armv7-neon.S
index dcd01f3f0bb0..2468fade49cf 100644
--- a/arch/arm/crypto/sha1-armv7-neon.S
+++ b/arch/arm/crypto/sha1-armv7-neon.S
@@ -12,7 +12,6 @@
 #include <asm/assembler.h>
 
 .syntax unified
-.code   32
 .fpu neon
 
 .text
-- 
2.7.4

[PATCH v2 2/3] crypto: arm/ghash-ce - add missing async import/export

[Ard Biesheuvel]

Since commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero"),
all ahash drivers are required to implement import()/export(), and must have
a non-zero statesize. Fix this for the ARM Crypto Extensions GHASH
implementation.

Fixes: 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/crypto/ghash-ce-glue.c | 24 ++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/arch/arm/crypto/ghash-ce-glue.c b/arch/arm/crypto/ghash-ce-glue.c
index 1568cb5cd870..b88364aa149a 100644
--- a/arch/arm/crypto/ghash-ce-glue.c
+++ b/arch/arm/crypto/ghash-ce-glue.c
@@ -220,6 +220,27 @@ static int ghash_async_digest(struct ahash_request *req)
 	}
 }
 
+static int ghash_async_import(struct ahash_request *req, const void *in)
+{
+	struct ahash_request *cryptd_req = ahash_request_ctx(req);
+	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+	struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+	struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+
+	desc->tfm = cryptd_ahash_child(ctx->cryptd_tfm);
+	desc->flags = req->base.flags;
+
+	return crypto_shash_import(desc, in);
+}
+
+static int ghash_async_export(struct ahash_request *req, void *out)
+{
+	struct ahash_request *cryptd_req = ahash_request_ctx(req);
+	struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+
+	return crypto_shash_export(desc, out);
+}
+
 static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
 			      unsigned int keylen)
 {
@@ -268,7 +289,10 @@ static struct ahash_alg ghash_async_alg = {
 	.final			= ghash_async_final,
 	.setkey			= ghash_async_setkey,
 	.digest			= ghash_async_digest,
+	.import			= ghash_async_import,
+	.export			= ghash_async_export,
 	.halg.digestsize	= GHASH_DIGEST_SIZE,
+	.halg.statesize		= sizeof(struct ghash_desc_ctx),
 	.halg.base		= {
 		.cra_name	= "ghash",
 		.cra_driver_name = "ghash-ce",
-- 
2.7.4

[PATCH v2 3/3] crypto: cryptd - initialize child shash_desc on import

[Ard Biesheuvel]

When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 crypto/cryptd.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index cf8037a87b2d..510a25f6ee37 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -631,9 +631,14 @@ static int cryptd_hash_export(struct ahash_request *req, void *out)
 
 static int cryptd_hash_import(struct ahash_request *req, const void *in)
 {
-	struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+	struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+	struct shash_desc *desc = cryptd_shash_desc(req);
+
+	desc->tfm = ctx->child;
+	desc->flags = req->base.flags;
 
-	return crypto_shash_import(&rctx->desc, in);
+	return crypto_shash_import(desc, in);
 }
 
 static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
-- 
2.7.4

Re: [PATCH v2 0/3] crypto: arm and cryptd fixes

[Herbert Xu]

On Thu, Sep 01, 2016 at 02:25:40PM +0100, Ard Biesheuvel wrote:
> Patch #1 fixes a trivial code generation issue on ARM.
> 
> Patch #2 and #3 fix the broken GHASH on ARM using the v8 Crypto Extensions
> pmull.64 instructions. The problem seems to be that it is allowed to call
> .import() without .init() (at least, that is what the test cases do), but
> this means that the initialization to tie the shash_desc's to their child
> transforms needs to execute in the .import() context as well.

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt