[PATCH 0/3] crypto: poly1305 - get rid of cra_alignmask

[PATCH 0/3] crypto: poly1305 - get rid of cra_alignmask

[Eric Biggers]

This series gets rid of the cra_alignmask set on poly1305-generic and
poly1305-simd, since it was only actually used when outputting the final
digest.  By removing the alignmask, the crypto API will no longer need
to waste time aligning the buffers.

Eric Biggers (3):
  crypto: poly1305 - use unaligned access macros to output digest
  crypto: poly1305 - remove cra_alignmask
  crypto: x86/poly1305 - remove cra_alignmask

 arch/x86/crypto/poly1305_glue.c |  1 -
 crypto/poly1305_generic.c       | 10 ++++------
 2 files changed, 4 insertions(+), 7 deletions(-)

-- 
2.15.1

[PATCH 1/3] crypto: poly1305 - use unaligned access macros to output digest

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Currently the only part of poly1305-generic which is assuming special
alignment is the part where the final digest is written.  Switch this
over to the unaligned access macros so that we'll be able to remove the
cra_alignmask.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/poly1305_generic.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index b1c2d57dc734..d752901ba0bc 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -210,7 +210,6 @@ EXPORT_SYMBOL_GPL(crypto_poly1305_update);
 int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
 {
 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
-	__le32 *mac = (__le32 *)dst;
 	u32 h0, h1, h2, h3, h4;
 	u32 g0, g1, g2, g3, g4;
 	u32 mask;
@@ -267,10 +266,10 @@ int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
 	h3 = (h3 >> 18) | (h4 <<  8);
 
 	/* mac = (h + s) % (2^128) */
-	f = (f >> 32) + h0 + dctx->s[0]; mac[0] = cpu_to_le32(f);
-	f = (f >> 32) + h1 + dctx->s[1]; mac[1] = cpu_to_le32(f);
-	f = (f >> 32) + h2 + dctx->s[2]; mac[2] = cpu_to_le32(f);
-	f = (f >> 32) + h3 + dctx->s[3]; mac[3] = cpu_to_le32(f);
+	f = (f >> 32) + h0 + dctx->s[0]; put_unaligned_le32(f, dst +  0);
+	f = (f >> 32) + h1 + dctx->s[1]; put_unaligned_le32(f, dst +  4);
+	f = (f >> 32) + h2 + dctx->s[2]; put_unaligned_le32(f, dst +  8);
+	f = (f >> 32) + h3 + dctx->s[3]; put_unaligned_le32(f, dst + 12);
 
 	return 0;
 }
-- 
2.15.1

[PATCH 2/3] crypto: poly1305 - remove cra_alignmask

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Now that nothing in poly1305-generic assumes any special alignment,
remove the cra_alignmask so that the crypto API does not have to
unnecessarily align the buffers.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/poly1305_generic.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index d752901ba0bc..d92617aeb783 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -287,7 +287,6 @@ static struct shash_alg poly1305_alg = {
 		.cra_driver_name	= "poly1305-generic",
 		.cra_priority		= 100,
 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
-		.cra_alignmask		= sizeof(u32) - 1,
 		.cra_blocksize		= POLY1305_BLOCK_SIZE,
 		.cra_module		= THIS_MODULE,
 	},
-- 
2.15.1

[PATCH 3/3] crypto: x86/poly1305 - remove cra_alignmask

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

crypto_poly1305_final() no longer requires a cra_alignmask, and nothing
else in the x86 poly1305-simd implementation does either.  So remove the
cra_alignmask so that the crypto API does not have to unnecessarily
align the buffers.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 arch/x86/crypto/poly1305_glue.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/x86/crypto/poly1305_glue.c b/arch/x86/crypto/poly1305_glue.c
index e32142bc071d..f58f89b05a7f 100644
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -171,7 +171,6 @@ static struct shash_alg alg = {
 		.cra_driver_name	= "poly1305-simd",
 		.cra_priority		= 300,
 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
-		.cra_alignmask		= sizeof(u32) - 1,
 		.cra_blocksize		= POLY1305_BLOCK_SIZE,
 		.cra_module		= THIS_MODULE,
 	},
-- 
2.15.1

Re: [PATCH 0/3] crypto: poly1305 - get rid of cra_alignmask

[Herbert Xu]

On Fri, Dec 29, 2017 at 10:10:23AM -0600, Eric Biggers wrote:
> This series gets rid of the cra_alignmask set on poly1305-generic and
> poly1305-simd, since it was only actually used when outputting the final
> digest.  By removing the alignmask, the crypto API will no longer need
> to waste time aligning the buffers.
> 
> Eric Biggers (3):
>   crypto: poly1305 - use unaligned access macros to output digest
>   crypto: poly1305 - remove cra_alignmask
>   crypto: x86/poly1305 - remove cra_alignmask
> 
>  arch/x86/crypto/poly1305_glue.c |  1 -
>  crypto/poly1305_generic.c       | 10 ++++------
>  2 files changed, 4 insertions(+), 7 deletions(-)

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt