[PATCH] crypto: add precalculated hash for zero message length

[PATCH] crypto: add precalculated hash for zero message length

[LABBE Corentin]

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Regards

[PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

[LABBE Corentin]

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 include/crypto/md5.h |  5 +++++
 include/crypto/sha.h | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..6496ee0 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,11 @@
 #define MD5_H2	0x98badcfeUL
 #define MD5_H3	0x10325476UL
 
+static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+
 struct md5_state {
 	u32 hash[MD5_HASH_WORDS];
 	u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..02d7ffb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,26 @@
 #define SHA512_H6	0x1f83d9abfb41bd6bULL
 #define SHA512_H7	0x5be0cd19137e2179ULL
 
+static const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+	0xaf, 0xd8, 0x07, 0x09
+};
+
+static const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+	0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+	0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+	0x2f
+};
+
+static const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+
 struct sha1_state {
 	u32 state[SHA1_DIGEST_SIZE / 4];
 	u64 count;
-- 
2.4.9

Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

[Herbert Xu]

On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
> Some crypto drivers cannot process empty data message and return a
> precalculated hash for md5/sha1/sha224/sha256.
> 
> This patch add thoses precalculated hash in include/crypto.
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> ---
>  include/crypto/md5.h |  5 +++++
>  include/crypto/sha.h | 20 ++++++++++++++++++++
>  2 files changed, 25 insertions(+)
> 
> diff --git a/include/crypto/md5.h b/include/crypto/md5.h
> index 146af82..6496ee0 100644
> --- a/include/crypto/md5.h
> +++ b/include/crypto/md5.h
> @@ -13,6 +13,11 @@
>  #define MD5_H2	0x98badcfeUL
>  #define MD5_H3	0x10325476UL
>  
> +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
> +	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
> +	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
> +};
> +

This potentially creates this structure in every file that includes
md5.h.  How about putting it into md5_generic and exporting it?

> diff --git a/include/crypto/sha.h b/include/crypto/sha.h
> index dd7905a..02d7ffb 100644
> --- a/include/crypto/sha.h
> +++ b/include/crypto/sha.h
> @@ -64,6 +64,26 @@
>  #define SHA512_H6	0x1f83d9abfb41bd6bULL
>  #define SHA512_H7	0x5be0cd19137e2179ULL
>  
> +static const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
> +	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> +	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> +	0xaf, 0xd8, 0x07, 0x09
> +};

Ditto.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

[LABBE Corentin]

On Wed, Oct 14, 2015 at 06:08:02PM +0800, Herbert Xu wrote:
> On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
> > Some crypto drivers cannot process empty data message and return a
> > precalculated hash for md5/sha1/sha224/sha256.
> > 
> > This patch add thoses precalculated hash in include/crypto.
> > 
> > Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
> > ---
> >  include/crypto/md5.h |  5 +++++
> >  include/crypto/sha.h | 20 ++++++++++++++++++++
> >  2 files changed, 25 insertions(+)
> > 
> > diff --git a/include/crypto/md5.h b/include/crypto/md5.h
> > index 146af82..6496ee0 100644
> > --- a/include/crypto/md5.h
> > +++ b/include/crypto/md5.h
> > @@ -13,6 +13,11 @@
> >  #define MD5_H2	0x98badcfeUL
> >  #define MD5_H3	0x10325476UL
> >  
> > +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
> > +	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
> > +	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
> > +};
> > +
> 
> This potentially creates this structure in every file that includes
> md5.h.  How about putting it into md5_generic and exporting it?
> 

md5_generic does not exists, do you mean md5.c ?
I have made some try with EXPORT_SYMBOL() but without success.
Do you have any example of how to do that ?

Regards

Re: [PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

[Ulf Hansson]

On 15 October 2015 at 11:42, LABBE Corentin <montjoie.mailing@gmail.com> wrote:
> On Wed, Oct 14, 2015 at 06:08:02PM +0800, Herbert Xu wrote:
>> On Mon, Oct 12, 2015 at 06:53:39PM +0200, LABBE Corentin wrote:
>> > Some crypto drivers cannot process empty data message and return a
>> > precalculated hash for md5/sha1/sha224/sha256.
>> >
>> > This patch add thoses precalculated hash in include/crypto.
>> >
>> > Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
>> > ---
>> >  include/crypto/md5.h |  5 +++++
>> >  include/crypto/sha.h | 20 ++++++++++++++++++++
>> >  2 files changed, 25 insertions(+)
>> >
>> > diff --git a/include/crypto/md5.h b/include/crypto/md5.h
>> > index 146af82..6496ee0 100644
>> > --- a/include/crypto/md5.h
>> > +++ b/include/crypto/md5.h
>> > @@ -13,6 +13,11 @@
>> >  #define MD5_H2     0x98badcfeUL
>> >  #define MD5_H3     0x10325476UL
>> >
>> > +static const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
>> > +   0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
>> > +   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
>> > +};
>> > +
>>
>> This potentially creates this structure in every file that includes
>> md5.h.  How about putting it into md5_generic and exporting it?
>>
>
> md5_generic does not exists, do you mean md5.c ?
> I have made some try with EXPORT_SYMBOL() but without success.
> Do you have any example of how to do that ?
>

In the header file:
extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];

In the c-file:
const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
  0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
  0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
};
EXPORT_SYMBOL(md5_zero_message_hash);

Kind regards
Uffe

[PATCH 2/8] crypto: niagara: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/n2_core.c | 33 ++++++---------------------------
 1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 2e8dab9..8ea6c32 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue *qp, int this_len)
 
 struct n2_ahash_alg {
 	struct list_head	entry;
-	const char		*hash_zero;
+	const u8		*hash_zero;
 	const u32		*hash_init;
 	u8			hw_op_hashsz;
 	u8			digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);
 
 struct n2_hash_tmpl {
 	const char	*name;
-	const char	*hash_zero;
+	const u8	*hash_zero;
 	const u32	*hash_init;
 	u8		hw_op_hashsz;
 	u8		digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
 	u8		hmac_type;
 };
 
-static const char md5_zero[MD5_DIGEST_SIZE] = {
-	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
 static const u32 md5_init[MD5_HASH_WORDS] = {
 	cpu_to_le32(MD5_H0),
 	cpu_to_le32(MD5_H1),
 	cpu_to_le32(MD5_H2),
 	cpu_to_le32(MD5_H3),
 };
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
-	0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
-	0x07, 0x09
-};
 static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
 	SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
 };
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
-	0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
-	0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
-	0x1b, 0x78, 0x52, 0xb8, 0x55
-};
 static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
 	SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
 	SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
 };
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
-	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
-	0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
-	0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
-	0x2f
-};
 static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 	SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
 	SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 
 static const struct n2_hash_tmpl hash_tmpls[] = {
 	{ .name		= "md5",
-	  .hash_zero	= md5_zero,
+	  .hash_zero	= md5_zero_message_hash,
 	  .hash_init	= md5_init,
 	  .auth_type	= AUTH_TYPE_MD5,
 	  .hmac_type	= AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= MD5_DIGEST_SIZE,
 	  .block_size	= MD5_HMAC_BLOCK_SIZE },
 	{ .name		= "sha1",
-	  .hash_zero	= sha1_zero,
+	  .hash_zero	= sha1_zero_message_hash,
 	  .hash_init	= sha1_init,
 	  .auth_type	= AUTH_TYPE_SHA1,
 	  .hmac_type	= AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= SHA1_DIGEST_SIZE,
 	  .block_size	= SHA1_BLOCK_SIZE },
 	{ .name		= "sha256",
-	  .hash_zero	= sha256_zero,
+	  .hash_zero	= sha256_zero_message_hash,
 	  .hash_init	= sha256_init,
 	  .auth_type	= AUTH_TYPE_SHA256,
 	  .hmac_type	= AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= SHA256_DIGEST_SIZE,
 	  .block_size	= SHA256_BLOCK_SIZE },
 	{ .name		= "sha224",
-	  .hash_zero	= sha224_zero,
+	  .hash_zero	= sha224_zero_message_hash,
 	  .hash_init	= sha224_init,
 	  .auth_type	= AUTH_TYPE_SHA256,
 	  .hmac_type	= AUTH_TYPE_RESERVED,
-- 
2.4.9

[PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
 1 file changed, 8 insertions(+), 32 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..3002b418 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
 	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
 };
 
-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation.  However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
-	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
-	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
-	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
-	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
 static u32 ccp_addr_lo(struct ccp_dma_info *info)
 {
 	return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 		if (sha->msg_bits)
 			return -EINVAL;
 
-		/* A sha operation for a message with a total length of zero,
-		 * return known result.
-		 */
+/* The CCP cannot perform zero-length sha operations so the caller
+ * is required to buffer data for the final operation.  However, a
+ * sha operation for a message with a total length of zero is valid
+ * so known values are required to supply the result.
+ */
 		switch (sha->type) {
 		case CCP_SHA_TYPE_1:
-			sha_zero = ccp_sha1_zero;
+			sha_zero = sha1_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_224:
-			sha_zero = ccp_sha224_zero;
+			sha_zero = sha224_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_256:
-			sha_zero = ccp_sha256_zero;
+			sha_zero = sha256_zero_message_hash;
 			break;
 		default:
 			return -EINVAL;
-- 
2.4.9

Re: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[Tom Lendacky]

On 10/12/2015 11:53 AM, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Just a minor comment below.

Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>   drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
>   1 file changed, 8 insertions(+), 32 deletions(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index d09c6c4..3002b418 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
>   	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
>   };
>
> -/* The CCP cannot perform zero-length sha operations so the caller
> - * is required to buffer data for the final operation.  However, a
> - * sha operation for a message with a total length of zero is valid
> - * so known values are required to supply the result.
> - */
> -static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
> -	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> -	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> -	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
> -	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
> -	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
> -	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
> -	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
> -	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
> -	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
> -	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
> -	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
> -	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
> -};
> -
>   static u32 ccp_addr_lo(struct ccp_dma_info *info)
>   {
>   	return lower_32_bits(info->address + info->offset);
> @@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
>   		if (sha->msg_bits)
>   			return -EINVAL;
>
> -		/* A sha operation for a message with a total length of zero,
> -		 * return known result.
> -		 */
> +/* The CCP cannot perform zero-length sha operations so the caller
> + * is required to buffer data for the final operation.  However, a
> + * sha operation for a message with a total length of zero is valid
> + * so known values are required to supply the result.
> + */

This comment should be indented and re-flowed to be consistent with
previous comments in this same section.

Thanks,
Tom

>   		switch (sha->type) {
>   		case CCP_SHA_TYPE_1:
> -			sha_zero = ccp_sha1_zero;
> +			sha_zero = sha1_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_224:
> -			sha_zero = ccp_sha224_zero;
> +			sha_zero = sha224_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_256:
> -			sha_zero = ccp_sha256_zero;
> +			sha_zero = sha256_zero_message_hash;
>   			break;
>   		default:
>   			return -EINVAL;
>

[PATCH 4/8] crypto: ux500: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/ux500/hash/hash_core.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c b/drivers/crypto/ux500/hash/hash_core.c
index 8b9391f..0de5f59 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
 module_param(hash_mode, int, 0);
 MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");
 
-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
 /* HMAC-SHA1, no key */
 static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
 	0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(
 
 	if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
 		if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
-			memcpy(zero_hash, &zero_message_hash_sha1[0],
+			memcpy(zero_hash, &sha1_zero_message_hash[0],
 			       SHA1_DIGEST_SIZE);
 			*zero_hash_size = SHA1_DIGEST_SIZE;
 			*zero_digest = true;
 		} else if (HASH_ALGO_SHA256 ==
 				ctx->config.algorithm) {
-			memcpy(zero_hash, &zero_message_hash_sha256[0],
+			memcpy(zero_hash, &sha256_zero_message_hash[0],
 			       SHA256_DIGEST_SIZE);
 			*zero_hash_size = SHA256_DIGEST_SIZE;
 			*zero_digest = true;
-- 
2.4.9

[PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

[LABBE Corentin]

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 include/crypto/akcipher.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e..0c9fa68 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -19,12 +19,12 @@
  *
  * @base:	Common attributes for async crypto requests
  * @src:	Pointer to memory containing the input parameters
- *		The format of the parameter(s) is expeted to be Octet String
- * @dst:	Pointer to memory whare the result will be stored
+ *		The format of the parameter(s) is expected to be Octet String
+ * @dst:	Pointer to memory where the result will be stored
  * @src_len:	Size of the input parameter
- * @dst_len:	Size of the output buffer. It needs to be at leaset
+ * @dst_len:	Size of the output buffer. It needs to be at least
  *		as big as the expected result depending	on the operation
- *		After operation it will be updated with the acctual size of the
+ *		After operation it will be updated with the actual size of the
  *		result. In case of error, where the dst_len was insufficient,
  *		it will be updated to the size required for the operation.
  * @__ctx:	Start of private context data
@@ -59,7 +59,7 @@ struct crypto_akcipher {
  *		algorithm. In case of error, where the dst_len was insufficient,
  *		the req->dst_len will be updated to the size required for the
  *		operation
- * @encrypt:	Function performs an encrytp operation as defined by public key
+ * @encrypt:	Function performs an encrypt operation as defined by public key
  *		algorithm. In case of error, where the dst_len was insufficient,
  *		the req->dst_len will be updated to the size required for the
  *		operation
@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
 }
 
 /**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
  *
  * Sets parameters required by crypto operation
  *
@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
  * @dst:	ptr of output parameter
  * @src_len:	size of the input buffer
  * @dst_len:	size of the output buffer. It will be updated by the
- *		implementation to reflect the acctual size of the result
+ *		implementation to reflect the actual size of the result
  */
 static inline void akcipher_request_set_crypt(struct akcipher_request *req,
 					      void *src, void *dst,
-- 
2.4.9

[PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

[LABBE Corentin]

All cryptoAPI setkey function set the key parameter as const u8 *.
This patch make the crypto_akcipher_setkey parameters like others.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 include/crypto/akcipher.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 0c9fa68..ade053b 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -330,7 +330,8 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
  *
  * Return: zero on success; error code in case of error
  */
-static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm, void *key,
+static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
+					 const u8 *key,
 					 unsigned int keylen)
 {
 	struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
-- 
2.4.9

[PATCH 7/8] crypto: testmgr: Constify tested key/iv/plaintext/digest

[LABBE Corentin]

All key/iv/plaintext/digest in testmgr are constant data.
Furthermore the testmgr will never modify thoses data.
This patch set all members of xxx_testvec as pointer to const.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/testmgr.h | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a80..03b2f19 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -37,9 +37,9 @@
 
 struct hash_testvec {
 	/* only used with keyed hash algorithms */
-	char *key;
-	char *plaintext;
-	char *digest;
+	const char *key;
+	const char *plaintext;
+	const char *digest;
 	unsigned char tap[MAX_TAP];
 	unsigned short psize;
 	unsigned char np;
@@ -65,10 +65,10 @@ struct hash_testvec {
  */
 
 struct cipher_testvec {
-	char *key;
-	char *iv;
-	char *input;
-	char *result;
+	const char *key;
+	const char *iv;
+	const char *input;
+	const char *result;
 	unsigned short tap[MAX_TAP];
 	int np;
 	unsigned char also_non_np;
@@ -80,11 +80,11 @@ struct cipher_testvec {
 };
 
 struct aead_testvec {
-	char *key;
-	char *iv;
-	char *input;
-	char *assoc;
-	char *result;
+	const char *key;
+	const char *iv;
+	const char *input;
+	const char *assoc;
+	const char *result;
 	unsigned char tap[MAX_TAP];
 	unsigned char atap[MAX_TAP];
 	int np;
@@ -99,10 +99,10 @@ struct aead_testvec {
 };
 
 struct cprng_testvec {
-	char *key;
-	char *dt;
-	char *v;
-	char *result;
+	const char *key;
+	const char *dt;
+	const char *v;
+	const char *result;
 	unsigned char klen;
 	unsigned short dtlen;
 	unsigned short vlen;
@@ -126,7 +126,7 @@ struct drbg_testvec {
 };
 
 struct akcipher_testvec {
-	unsigned char *key;
+	const unsigned char *key;
 	unsigned char *m;
 	unsigned char *c;
 	unsigned int key_len;
-- 
2.4.9

[PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[LABBE Corentin]

Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/testmgr.h | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..9585854 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -367,8 +367,7 @@ static struct hash_testvec md4_tv_template [] = {
 
 static struct hash_testvec md5_tv_template[] = {
 	{
-		.digest	= "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
-			  "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+		.digest	= md5_zero_message_hash,
 	}, {
 		.plaintext = "a",
 		.psize	= 1,
@@ -713,8 +712,7 @@ static struct hash_testvec sha1_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
-			  "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+		.digest	= sha1_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
@@ -905,10 +903,7 @@ static struct hash_testvec sha224_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
-			  "\x47\x61\x02\xbb\x28\x82\x34\xc4"
-			  "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
-			  "\xc5\xb3\xe4\x2f",
+		.digest	= sha224_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize  = 3,
@@ -1079,10 +1074,7 @@ static struct hash_testvec sha256_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
-			  "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
-			  "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
-			  "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+		.digest	= sha256_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
-- 
2.4.9

Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 2383 bytes --]

Hi LABBE,

[auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]

url:    https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151013-005943
config: arm-mmp (attached as .config)
reproduce:
        wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   In file included from crypto/testmgr.c:48:0:
>> crypto/testmgr.h:370:13: error: 'md5_zero_message_hash' undeclared here (not in a function)
      .digest = md5_zero_message_hash,
                ^
>> crypto/testmgr.h:715:13: error: 'sha1_zero_message_hash' undeclared here (not in a function)
      .digest = sha1_zero_message_hash,
                ^
>> crypto/testmgr.h:715:3: error: initializer element is not constant
      .digest = sha1_zero_message_hash,
      ^
   crypto/testmgr.h:715:3: error: (near initialization for 'sha1_tv_template[0].digest')
>> crypto/testmgr.h:906:13: error: 'sha224_zero_message_hash' undeclared here (not in a function)
      .digest = sha224_zero_message_hash,
                ^
   crypto/testmgr.h:906:3: error: initializer element is not constant
      .digest = sha224_zero_message_hash,
      ^
   crypto/testmgr.h:906:3: error: (near initialization for 'sha224_tv_template[0].digest')
>> crypto/testmgr.h:1077:13: error: 'sha256_zero_message_hash' undeclared here (not in a function)
      .digest = sha256_zero_message_hash,
                ^
   crypto/testmgr.h:1077:3: error: initializer element is not constant
      .digest = sha256_zero_message_hash,
      ^
   crypto/testmgr.h:1077:3: error: (near initialization for 'sha256_tv_template[0].digest')

vim +/md5_zero_message_hash +370 crypto/testmgr.h

   364	 * MD5 test vectors from RFC1321
   365	 */
   366	#define MD5_TEST_VECTORS	7
   367	
   368	static struct hash_testvec md5_tv_template[] = {
   369		{
 > 370			.digest	= md5_zero_message_hash,
   371		}, {
   372			.plaintext = "a",
   373			.psize	= 1,

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 24197 bytes --]

Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[Corentin LABBE]

Le 12/10/2015 21:24, kbuild test robot a écrit :
> Hi LABBE,
> 
> [auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]
> 
> url:    https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151013-005943
> config: arm-mmp (attached as .config)
> reproduce:
>         wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # save the attached .config to linux build tree
>         make.cross ARCH=arm 
> 
> All errors (new ones prefixed by >>):
> 
>    In file included from crypto/testmgr.c:48:0:
>>> crypto/testmgr.h:370:13: error: 'md5_zero_message_hash' undeclared here (not in a function)
>       .digest = md5_zero_message_hash,
>                 ^
>>> crypto/testmgr.h:715:13: error: 'sha1_zero_message_hash' undeclared here (not in a function)
>       .digest = sha1_zero_message_hash,
>                 ^
>>> crypto/testmgr.h:715:3: error: initializer element is not constant
>       .digest = sha1_zero_message_hash,
>       ^
>    crypto/testmgr.h:715:3: error: (near initialization for 'sha1_tv_template[0].digest')
>>> crypto/testmgr.h:906:13: error: 'sha224_zero_message_hash' undeclared here (not in a function)
>       .digest = sha224_zero_message_hash,
>                 ^
>    crypto/testmgr.h:906:3: error: initializer element is not constant
>       .digest = sha224_zero_message_hash,
>       ^
>    crypto/testmgr.h:906:3: error: (near initialization for 'sha224_tv_template[0].digest')
>>> crypto/testmgr.h:1077:13: error: 'sha256_zero_message_hash' undeclared here (not in a function)
>       .digest = sha256_zero_message_hash,
>                 ^
>    crypto/testmgr.h:1077:3: error: initializer element is not constant
>       .digest = sha256_zero_message_hash,
>       ^
>    crypto/testmgr.h:1077:3: error: (near initialization for 'sha256_tv_template[0].digest')
> 
> vim +/md5_zero_message_hash +370 crypto/testmgr.h
> 
>    364	 * MD5 test vectors from RFC1321
>    365	 */
>    366	#define MD5_TEST_VECTORS	7
>    367	
>    368	static struct hash_testvec md5_tv_template[] = {
>    369		{
>  > 370			.digest	= md5_zero_message_hash,
>    371		}, {
>    372			.plaintext = "a",
>    373			.psize	= 1,
> 
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
> 

Oups I forgot to add sha and md5 header, I will resend tomorow.

Regards

[PATCH v2] crypto: add precalculated hash for zero message length

[LABBE Corentin]

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Changes since v1:
- Added missing sha/md5 header in testmgr.h
- indented a block comment in CCP
- moved precalculated hash from header to .c files

Regards

[PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[LABBE Corentin]

Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/testmgr.h | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..7a8f51e 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -28,6 +28,8 @@
 #include <linux/zlib.h>
 
 #include <crypto/compress.h>
+#include <crypto/md5.h>
+#include <crypto/sha.h>
 
 #define MAX_DIGEST_SIZE		64
 #define MAX_TAP			8
@@ -367,8 +369,7 @@ static struct hash_testvec md4_tv_template [] = {
 
 static struct hash_testvec md5_tv_template[] = {
 	{
-		.digest	= "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
-			  "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+		.digest	= md5_zero_message_hash,
 	}, {
 		.plaintext = "a",
 		.psize	= 1,
@@ -713,8 +714,7 @@ static struct hash_testvec sha1_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
-			  "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+		.digest	= sha1_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
@@ -905,10 +905,7 @@ static struct hash_testvec sha224_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
-			  "\x47\x61\x02\xbb\x28\x82\x34\xc4"
-			  "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
-			  "\xc5\xb3\xe4\x2f",
+		.digest	= sha224_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize  = 3,
@@ -1079,10 +1076,7 @@ static struct hash_testvec sha256_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
-			  "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
-			  "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
-			  "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+		.digest	= sha256_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
-- 
2.4.10

Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[Herbert Xu]

On Tue, Oct 20, 2015 at 09:34:04AM +0200, LABBE Corentin wrote:
> Since md5/shaxxx headers have hash for zero message length, just use them.
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

This too would need a dependency on the MD5/SHA Kconfig options.

However, for now this is just too hard as it would result in a
circular dependency.  Let's revisit this after we move the test
vectors into the generic implementations.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt