[PATCH v2] crypto: add precalculated hash for zero message length

[PATCH v2] crypto: add precalculated hash for zero message length

[LABBE Corentin]

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Changes since v1:
- Added missing sha/md5 header in testmgr.h
- indented a block comment in CCP
- moved precalculated hash from header to .c files

Regards

[PATCH 1/8] crypto: hash: add zero length message hash for shax and md5

[LABBE Corentin]

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/md5.c            |  6 ++++++
 crypto/sha1_generic.c   |  7 +++++++
 crypto/sha256_generic.c | 16 ++++++++++++++++
 include/crypto/md5.h    |  2 ++
 include/crypto/sha.h    |  6 ++++++
 5 files changed, 37 insertions(+)

diff --git a/crypto/md5.c b/crypto/md5.c
index 33d17e9..2355a7c 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -24,6 +24,12 @@
 #include <linux/cryptohash.h>
 #include <asm/byteorder.h>
 
+const u8 md5_zero_message_hash[MD5_DIGEST_SIZE] = {
+	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
+};
+EXPORT_SYMBOL_GPL(md5_zero_message_hash);
+
 /* XXX: this stuff can be optimized */
 static inline void le32_to_cpu_array(u32 *buf, unsigned int words)
 {
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 39e3acc..6877cbb 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -26,6 +26,13 @@
 #include <crypto/sha1_base.h>
 #include <asm/byteorder.h>
 
+const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {
+	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+	0xaf, 0xd8, 0x07, 0x09
+};
+EXPORT_SYMBOL_GPL(sha1_zero_message_hash);
+
 static void sha1_generic_block_fn(struct sha1_state *sst, u8 const *src,
 				  int blocks)
 {
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 7843116..8f9c47e 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -27,6 +27,22 @@
 #include <asm/byteorder.h>
 #include <asm/unaligned.h>
 
+const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
+	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
+	0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
+	0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
+	0x2f
+};
+EXPORT_SYMBOL_GPL(sha224_zero_message_hash);
+
+const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
+	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
+	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
+	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
+	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
+};
+EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
+
 static inline u32 Ch(u32 x, u32 y, u32 z)
 {
 	return z ^ (x & (y ^ z));
diff --git a/include/crypto/md5.h b/include/crypto/md5.h
index 146af82..327deac 100644
--- a/include/crypto/md5.h
+++ b/include/crypto/md5.h
@@ -13,6 +13,8 @@
 #define MD5_H2	0x98badcfeUL
 #define MD5_H3	0x10325476UL
 
+extern const u8 md5_zero_message_hash[MD5_DIGEST_SIZE];
+
 struct md5_state {
 	u32 hash[MD5_HASH_WORDS];
 	u32 block[MD5_BLOCK_WORDS];
diff --git a/include/crypto/sha.h b/include/crypto/sha.h
index dd7905a..c94d3eb 100644
--- a/include/crypto/sha.h
+++ b/include/crypto/sha.h
@@ -64,6 +64,12 @@
 #define SHA512_H6	0x1f83d9abfb41bd6bULL
 #define SHA512_H7	0x5be0cd19137e2179ULL
 
+extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
+
+extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
+
+extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
+
 struct sha1_state {
 	u32 state[SHA1_DIGEST_SIZE / 4];
 	u64 count;
-- 
2.4.10

[PATCH 2/8] crypto: niagara: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/n2_core.c | 33 ++++++---------------------------
 1 file changed, 6 insertions(+), 27 deletions(-)

diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c
index 2e8dab9..8ea6c32 100644
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -241,7 +241,7 @@ static inline bool n2_should_run_async(struct spu_queue *qp, int this_len)
 
 struct n2_ahash_alg {
 	struct list_head	entry;
-	const char		*hash_zero;
+	const u8		*hash_zero;
 	const u32		*hash_init;
 	u8			hw_op_hashsz;
 	u8			digest_size;
@@ -1267,7 +1267,7 @@ static LIST_HEAD(cipher_algs);
 
 struct n2_hash_tmpl {
 	const char	*name;
-	const char	*hash_zero;
+	const u8	*hash_zero;
 	const u32	*hash_init;
 	u8		hw_op_hashsz;
 	u8		digest_size;
@@ -1276,40 +1276,19 @@ struct n2_hash_tmpl {
 	u8		hmac_type;
 };
 
-static const char md5_zero[MD5_DIGEST_SIZE] = {
-	0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-	0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e,
-};
 static const u32 md5_init[MD5_HASH_WORDS] = {
 	cpu_to_le32(MD5_H0),
 	cpu_to_le32(MD5_H1),
 	cpu_to_le32(MD5_H2),
 	cpu_to_le32(MD5_H3),
 };
-static const char sha1_zero[SHA1_DIGEST_SIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32,
-	0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8,
-	0x07, 0x09
-};
 static const u32 sha1_init[SHA1_DIGEST_SIZE / 4] = {
 	SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4,
 };
-static const char sha256_zero[SHA256_DIGEST_SIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a,
-	0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae,
-	0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99,
-	0x1b, 0x78, 0x52, 0xb8, 0x55
-};
 static const u32 sha256_init[SHA256_DIGEST_SIZE / 4] = {
 	SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
 	SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
 };
-static const char sha224_zero[SHA224_DIGEST_SIZE] = {
-	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
-	0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
-	0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
-	0x2f
-};
 static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 	SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
 	SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
@@ -1317,7 +1296,7 @@ static const u32 sha224_init[SHA256_DIGEST_SIZE / 4] = {
 
 static const struct n2_hash_tmpl hash_tmpls[] = {
 	{ .name		= "md5",
-	  .hash_zero	= md5_zero,
+	  .hash_zero	= md5_zero_message_hash,
 	  .hash_init	= md5_init,
 	  .auth_type	= AUTH_TYPE_MD5,
 	  .hmac_type	= AUTH_TYPE_HMAC_MD5,
@@ -1325,7 +1304,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= MD5_DIGEST_SIZE,
 	  .block_size	= MD5_HMAC_BLOCK_SIZE },
 	{ .name		= "sha1",
-	  .hash_zero	= sha1_zero,
+	  .hash_zero	= sha1_zero_message_hash,
 	  .hash_init	= sha1_init,
 	  .auth_type	= AUTH_TYPE_SHA1,
 	  .hmac_type	= AUTH_TYPE_HMAC_SHA1,
@@ -1333,7 +1312,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= SHA1_DIGEST_SIZE,
 	  .block_size	= SHA1_BLOCK_SIZE },
 	{ .name		= "sha256",
-	  .hash_zero	= sha256_zero,
+	  .hash_zero	= sha256_zero_message_hash,
 	  .hash_init	= sha256_init,
 	  .auth_type	= AUTH_TYPE_SHA256,
 	  .hmac_type	= AUTH_TYPE_HMAC_SHA256,
@@ -1341,7 +1320,7 @@ static const struct n2_hash_tmpl hash_tmpls[] = {
 	  .digest_size	= SHA256_DIGEST_SIZE,
 	  .block_size	= SHA256_BLOCK_SIZE },
 	{ .name		= "sha224",
-	  .hash_zero	= sha224_zero,
+	  .hash_zero	= sha224_zero_message_hash,
 	  .hash_init	= sha224_init,
 	  .auth_type	= AUTH_TYPE_SHA256,
 	  .hmac_type	= AUTH_TYPE_RESERVED,
-- 
2.4.10

Re: [PATCH 2/8] crypto: niagara: Use precalculated hash from headers

[Herbert Xu]

On Tue, Oct 20, 2015 at 09:33:58AM +0200, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

You need to select CRYPTO_MD5 and CRYPTO_SHA*.  Please add the
corresponding Kconfig changes and resubmit.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/ccp/ccp-ops.c | 39 ++++++++-------------------------------
 1 file changed, 8 insertions(+), 31 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..64fac2b 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
 	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
 };
 
-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation.  However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
-	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
-	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
-	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
-	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
 static u32 ccp_addr_lo(struct ccp_dma_info *info)
 {
 	return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 		if (sha->msg_bits)
 			return -EINVAL;
 
-		/* A sha operation for a message with a total length of zero,
-		 * return known result.
+		/* The CCP cannot perform zero-length sha operations so the
+		 * caller is required to buffer data for the final operation.
+		 * However, a sha operation for a message with a total length
+		 * of zero is valid so known values are required to supply
+		 * the result.
 		 */
 		switch (sha->type) {
 		case CCP_SHA_TYPE_1:
-			sha_zero = ccp_sha1_zero;
+			sha_zero = sha1_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_224:
-			sha_zero = ccp_sha224_zero;
+			sha_zero = sha224_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_256:
-			sha_zero = ccp_sha256_zero;
+			sha_zero = sha256_zero_message_hash;
 			break;
 		default:
 			return -EINVAL;
-- 
2.4.10

Re: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[Tom Lendacky]

On 10/20/2015 02:33 AM, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>   drivers/crypto/ccp/ccp-ops.c | 39 ++++++++-------------------------------
>   1 file changed, 8 insertions(+), 31 deletions(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index d09c6c4..64fac2b 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
>   	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
>   };
>
> -/* The CCP cannot perform zero-length sha operations so the caller
> - * is required to buffer data for the final operation.  However, a
> - * sha operation for a message with a total length of zero is valid
> - * so known values are required to supply the result.
> - */
> -static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
> -	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> -	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> -	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
> -	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
> -	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
> -	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
> -	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
> -	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
> -	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
> -	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
> -	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
> -	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
> -};
> -
>   static u32 ccp_addr_lo(struct ccp_dma_info *info)
>   {
>   	return lower_32_bits(info->address + info->offset);
> @@ -1388,18 +1362,21 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
>   		if (sha->msg_bits)
>   			return -EINVAL;
>
> -		/* A sha operation for a message with a total length of zero,
> -		 * return known result.
> +		/* The CCP cannot perform zero-length sha operations so the
> +		 * caller is required to buffer data for the final operation.
> +		 * However, a sha operation for a message with a total length
> +		 * of zero is valid so known values are required to supply
> +		 * the result.
>   		 */
>   		switch (sha->type) {
>   		case CCP_SHA_TYPE_1:
> -			sha_zero = ccp_sha1_zero;
> +			sha_zero = sha1_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_224:
> -			sha_zero = ccp_sha224_zero;
> +			sha_zero = sha224_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_256:
> -			sha_zero = ccp_sha256_zero;
> +			sha_zero = sha256_zero_message_hash;
>   			break;
>   		default:
>   			return -EINVAL;
>

[PATCH 4/8] crypto: ux500: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/ux500/hash/hash_core.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c b/drivers/crypto/ux500/hash/hash_core.c
index 8b9391f..0de5f59 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -41,22 +41,6 @@ static int hash_mode;
 module_param(hash_mode, int, 0);
 MODULE_PARM_DESC(hash_mode, "CPU or DMA mode. CPU = 0 (default), DMA = 1");
 
-/**
- * Pre-calculated empty message digests.
- */
-static const u8 zero_message_hash_sha1[SHA1_DIGEST_SIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09
-};
-
-static const u8 zero_message_hash_sha256[SHA256_DIGEST_SIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-};
-
 /* HMAC-SHA1, no key */
 static const u8 zero_message_hmac_sha1[SHA1_DIGEST_SIZE] = {
 	0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08,
@@ -242,13 +226,13 @@ static int get_empty_message_digest(
 
 	if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
 		if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
-			memcpy(zero_hash, &zero_message_hash_sha1[0],
+			memcpy(zero_hash, &sha1_zero_message_hash[0],
 			       SHA1_DIGEST_SIZE);
 			*zero_hash_size = SHA1_DIGEST_SIZE;
 			*zero_digest = true;
 		} else if (HASH_ALGO_SHA256 ==
 				ctx->config.algorithm) {
-			memcpy(zero_hash, &zero_message_hash_sha256[0],
+			memcpy(zero_hash, &sha256_zero_message_hash[0],
 			       SHA256_DIGEST_SIZE);
 			*zero_hash_size = SHA256_DIGEST_SIZE;
 			*zero_digest = true;
-- 
2.4.10

Re: [PATCH 4/8] crypto: ux500: Use precalculated hash from headers

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 1443 bytes --]

Hi LABBE,

[auto build test ERROR on crypto/master -- if it's inappropriate base, please suggest rules for selecting the more suitable base]

url:    https://github.com/0day-ci/linux/commits/LABBE-Corentin/crypto-hash-add-zero-length-message-hash-for-shax-and-md5/20151020-154222
config: arm-u8500_defconfig (attached as .config)
reproduce:
        wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   drivers/built-in.o: In function `get_empty_message_digest':
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to `sha1_zero_message_hash'
>> drivers/crypto/ux500/hash/hash_core.c:229: undefined reference to `sha1_zero_message_hash'

vim +229 drivers/crypto/ux500/hash/hash_core.c

   223		/**
   224		 * Caller responsible for ctx != NULL.
   225		 */
   226	
   227		if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
   228			if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
 > 229				memcpy(zero_hash, &sha1_zero_message_hash[0],
   230				       SHA1_DIGEST_SIZE);
   231				*zero_hash_size = SHA1_DIGEST_SIZE;
   232				*zero_digest = true;

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 19945 bytes --]

[PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

[LABBE Corentin]

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 include/crypto/akcipher.h | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 69d163e..0c9fa68 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -19,12 +19,12 @@
  *
  * @base:	Common attributes for async crypto requests
  * @src:	Pointer to memory containing the input parameters
- *		The format of the parameter(s) is expeted to be Octet String
- * @dst:	Pointer to memory whare the result will be stored
+ *		The format of the parameter(s) is expected to be Octet String
+ * @dst:	Pointer to memory where the result will be stored
  * @src_len:	Size of the input parameter
- * @dst_len:	Size of the output buffer. It needs to be at leaset
+ * @dst_len:	Size of the output buffer. It needs to be at least
  *		as big as the expected result depending	on the operation
- *		After operation it will be updated with the acctual size of the
+ *		After operation it will be updated with the actual size of the
  *		result. In case of error, where the dst_len was insufficient,
  *		it will be updated to the size required for the operation.
  * @__ctx:	Start of private context data
@@ -59,7 +59,7 @@ struct crypto_akcipher {
  *		algorithm. In case of error, where the dst_len was insufficient,
  *		the req->dst_len will be updated to the size required for the
  *		operation
- * @encrypt:	Function performs an encrytp operation as defined by public key
+ * @encrypt:	Function performs an encrypt operation as defined by public key
  *		algorithm. In case of error, where the dst_len was insufficient,
  *		the req->dst_len will be updated to the size required for the
  *		operation
@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
 }
 
 /**
- * akcipher_request_set_crypt() -- Sets reqest parameters
+ * akcipher_request_set_crypt() -- Sets request parameters
  *
  * Sets parameters required by crypto operation
  *
@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct akcipher_request *req,
  * @dst:	ptr of output parameter
  * @src_len:	size of the input buffer
  * @dst_len:	size of the output buffer. It will be updated by the
- *		implementation to reflect the acctual size of the result
+ *		implementation to reflect the actual size of the result
  */
 static inline void akcipher_request_set_crypt(struct akcipher_request *req,
 					      void *src, void *dst,
-- 
2.4.10

Re: [PATCH 5/8] crypto: akcipher: fix typos in include/crypto/akcipher.h

[Stephan Mueller]

Am Dienstag, 20. Oktober 2015, 09:34:01 schrieb LABBE Corentin:

Hi LABBE,

>Fix numerous spelling error in include/crypto/akcipher.h
>
>Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
>---
> include/crypto/akcipher.h | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
>diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
>index 69d163e..0c9fa68 100644
>--- a/include/crypto/akcipher.h
>+++ b/include/crypto/akcipher.h
>@@ -19,12 +19,12 @@
>  *
>  * @base:	Common attributes for async crypto requests
>  * @src:	Pointer to memory containing the input parameters
>- *		The format of the parameter(s) is expeted to be Octet String
>- * @dst:	Pointer to memory whare the result will be stored
>+ *		The format of the parameter(s) is expected to be Octet String
>+ * @dst:	Pointer to memory where the result will be stored
>  * @src_len:	Size of the input parameter
>- * @dst_len:	Size of the output buffer. It needs to be at leaset
>+ * @dst_len:	Size of the output buffer. It needs to be at least
>  *		as big as the expected result depending	on the operation
>- *		After operation it will be updated with the acctual size of 
the
>+ *		After operation it will be updated with the actual size of the
>  *		result. In case of error, where the dst_len was insufficient,
>  *		it will be updated to the size required for the operation.
>  * @__ctx:	Start of private context data
>@@ -59,7 +59,7 @@ struct crypto_akcipher {
>  *		algorithm. In case of error, where the dst_len was 
insufficient,
>  *		the req->dst_len will be updated to the size required for the
>  *		operation
>- * @encrypt:	Function performs an encrytp operation as defined by public 
key
>+ * @encrypt:	Function performs an encrypt operation as defined by public
>key *		algorithm. In case of error, where the dst_len was 
insufficient,
>*		the req->dst_len will be updated to the size required for the
>  *		operation
>@@ -224,7 +224,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, }
>
> /**
>- * akcipher_request_set_crypt() -- Sets reqest parameters
>+ * akcipher_request_set_crypt() -- Sets request parameters

Note, this patch will clash with my patch that I sent 2 days ago: I removed 
the double slashes from these lines here as they do not look good in a 
DocBook.
>  *
>  * Sets parameters required by crypto operation
>  *
>@@ -233,7 +233,7 @@ static inline void akcipher_request_set_callback(struct
>akcipher_request *req, * @dst:	ptr of output parameter
>  * @src_len:	size of the input buffer
>  * @dst_len:	size of the output buffer. It will be updated by the
>- *		implementation to reflect the acctual size of the result
>+ *		implementation to reflect the actual size of the result
>  */
> static inline void akcipher_request_set_crypt(struct akcipher_request *req,
> 					      void *src, void *dst,


Ciao
Stephan

[PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

[LABBE Corentin]

All cryptoAPI setkey function set the key parameter as const u8 *.
This patch make the crypto_akcipher_setkey parameters like others.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 include/crypto/akcipher.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h
index 0c9fa68..ade053b 100644
--- a/include/crypto/akcipher.h
+++ b/include/crypto/akcipher.h
@@ -330,7 +330,8 @@ static inline int crypto_akcipher_verify(struct akcipher_request *req)
  *
  * Return: zero on success; error code in case of error
  */
-static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm, void *key,
+static inline int crypto_akcipher_setkey(struct crypto_akcipher *tfm,
+					 const u8 *key,
 					 unsigned int keylen)
 {
 	struct akcipher_alg *alg = crypto_akcipher_alg(tfm);
-- 
2.4.10

Re: [PATCH 6/8] crypto: akcipher: the key parameter must be const u8 *

[Herbert Xu]

On Tue, Oct 20, 2015 at 09:34:02AM +0200, LABBE Corentin wrote:
> All cryptoAPI setkey function set the key parameter as const u8 *.
> This patch make the crypto_akcipher_setkey parameters like others.
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

This patch no longer applies.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 7/8] crypto: testmgr: Constify tested key/iv/plaintext/digest

[LABBE Corentin]

All key/iv/plaintext/digest in testmgr are constant data.
Furthermore the testmgr will never modify thoses data.
This patch set all members of xxx_testvec as pointer to const.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/testmgr.h | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 64b8a80..03b2f19 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -37,9 +37,9 @@
 
 struct hash_testvec {
 	/* only used with keyed hash algorithms */
-	char *key;
-	char *plaintext;
-	char *digest;
+	const char *key;
+	const char *plaintext;
+	const char *digest;
 	unsigned char tap[MAX_TAP];
 	unsigned short psize;
 	unsigned char np;
@@ -65,10 +65,10 @@ struct hash_testvec {
  */
 
 struct cipher_testvec {
-	char *key;
-	char *iv;
-	char *input;
-	char *result;
+	const char *key;
+	const char *iv;
+	const char *input;
+	const char *result;
 	unsigned short tap[MAX_TAP];
 	int np;
 	unsigned char also_non_np;
@@ -80,11 +80,11 @@ struct cipher_testvec {
 };
 
 struct aead_testvec {
-	char *key;
-	char *iv;
-	char *input;
-	char *assoc;
-	char *result;
+	const char *key;
+	const char *iv;
+	const char *input;
+	const char *assoc;
+	const char *result;
 	unsigned char tap[MAX_TAP];
 	unsigned char atap[MAX_TAP];
 	int np;
@@ -99,10 +99,10 @@ struct aead_testvec {
 };
 
 struct cprng_testvec {
-	char *key;
-	char *dt;
-	char *v;
-	char *result;
+	const char *key;
+	const char *dt;
+	const char *v;
+	const char *result;
 	unsigned char klen;
 	unsigned short dtlen;
 	unsigned short vlen;
@@ -126,7 +126,7 @@ struct drbg_testvec {
 };
 
 struct akcipher_testvec {
-	unsigned char *key;
+	const unsigned char *key;
 	unsigned char *m;
 	unsigned char *c;
 	unsigned int key_len;
-- 
2.4.10

[PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[LABBE Corentin]

Since md5/shaxxx headers have hash for zero message length, just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 crypto/testmgr.h | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 03b2f19..7a8f51e 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -28,6 +28,8 @@
 #include <linux/zlib.h>
 
 #include <crypto/compress.h>
+#include <crypto/md5.h>
+#include <crypto/sha.h>
 
 #define MAX_DIGEST_SIZE		64
 #define MAX_TAP			8
@@ -367,8 +369,7 @@ static struct hash_testvec md4_tv_template [] = {
 
 static struct hash_testvec md5_tv_template[] = {
 	{
-		.digest	= "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
-			  "\xe9\x80\x09\x98\xec\xf8\x42\x7e",
+		.digest	= md5_zero_message_hash,
 	}, {
 		.plaintext = "a",
 		.psize	= 1,
@@ -713,8 +714,7 @@ static struct hash_testvec sha1_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
-			  "\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
+		.digest	= sha1_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
@@ -905,10 +905,7 @@ static struct hash_testvec sha224_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
-			  "\x47\x61\x02\xbb\x28\x82\x34\xc4"
-			  "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
-			  "\xc5\xb3\xe4\x2f",
+		.digest	= sha224_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize  = 3,
@@ -1079,10 +1076,7 @@ static struct hash_testvec sha256_tv_template[] = {
 	{
 		.plaintext = "",
 		.psize	= 0,
-		.digest	= "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
-			  "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
-			  "\x27\xae\x41\xe4\x64\x9b\x93\x4c"
-			  "\xa4\x95\x99\x1b\x78\x52\xb8\x55",
+		.digest	= sha256_zero_message_hash,
 	}, {
 		.plaintext = "abc",
 		.psize	= 3,
-- 
2.4.10

Re: [PATCH 8/8] crypto: testmgr: Use the xxx_zero_message_hash from headers

[Herbert Xu]

On Tue, Oct 20, 2015 at 09:34:04AM +0200, LABBE Corentin wrote:
> Since md5/shaxxx headers have hash for zero message length, just use them.
> 
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

This too would need a dependency on the MD5/SHA Kconfig options.

However, for now this is just too hard as it would result in a
circular dependency.  Let's revisit this after we move the test
vectors into the generic implementations.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH] crypto: add precalculated hash for zero message length

[LABBE Corentin]

Hello

Some crypto drivers cannot process empty data message and so rely on
precalculated hash.
This patch series add precalculated hash in headers and
make the drivers use them.

Using those precalculated hash make some additionnal constify patch necessary.

Regards

[PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[LABBE Corentin]

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
---
 drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
 1 file changed, 8 insertions(+), 32 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index d09c6c4..3002b418 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
 	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
 };
 
-/* The CCP cannot perform zero-length sha operations so the caller
- * is required to buffer data for the final operation.  However, a
- * sha operation for a message with a total length of zero is valid
- * so known values are required to supply the result.
- */
-static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
-	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
-	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
-	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
-	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
-	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
-	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
-	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
-};
-
-static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
-	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
-	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
-	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
-	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
-};
-
 static u32 ccp_addr_lo(struct ccp_dma_info *info)
 {
 	return lower_32_bits(info->address + info->offset);
@@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 		if (sha->msg_bits)
 			return -EINVAL;
 
-		/* A sha operation for a message with a total length of zero,
-		 * return known result.
-		 */
+/* The CCP cannot perform zero-length sha operations so the caller
+ * is required to buffer data for the final operation.  However, a
+ * sha operation for a message with a total length of zero is valid
+ * so known values are required to supply the result.
+ */
 		switch (sha->type) {
 		case CCP_SHA_TYPE_1:
-			sha_zero = ccp_sha1_zero;
+			sha_zero = sha1_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_224:
-			sha_zero = ccp_sha224_zero;
+			sha_zero = sha224_zero_message_hash;
 			break;
 		case CCP_SHA_TYPE_256:
-			sha_zero = ccp_sha256_zero;
+			sha_zero = sha256_zero_message_hash;
 			break;
 		default:
 			return -EINVAL;
-- 
2.4.9

Re: [PATCH 3/8] crypto: ccp: Use precalculated hash from headers

[Tom Lendacky]

On 10/12/2015 11:53 AM, LABBE Corentin wrote:
> Precalculated hash for empty message are now present in hash headers.
> This patch just use them.
>
> Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>

Just a minor comment below.

Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>   drivers/crypto/ccp/ccp-ops.c | 40 ++++++++--------------------------------
>   1 file changed, 8 insertions(+), 32 deletions(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index d09c6c4..3002b418 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -152,32 +152,6 @@ static const __be32 ccp_sha256_init[CCP_SHA_CTXSIZE / sizeof(__be32)] = {
>   	cpu_to_be32(SHA256_H6), cpu_to_be32(SHA256_H7),
>   };
>
> -/* The CCP cannot perform zero-length sha operations so the caller
> - * is required to buffer data for the final operation.  However, a
> - * sha operation for a message with a total length of zero is valid
> - * so known values are required to supply the result.
> - */
> -static const u8 ccp_sha1_zero[CCP_SHA_CTXSIZE] = {
> -	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
> -	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
> -	0xaf, 0xd8, 0x07, 0x09, 0x00, 0x00, 0x00, 0x00,
> -	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha224_zero[CCP_SHA_CTXSIZE] = {
> -	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9,
> -	0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4,
> -	0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a,
> -	0xc5, 0xb3, 0xe4, 0x2f, 0x00, 0x00, 0x00, 0x00,
> -};
> -
> -static const u8 ccp_sha256_zero[CCP_SHA_CTXSIZE] = {
> -	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
> -	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
> -	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
> -	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55,
> -};
> -
>   static u32 ccp_addr_lo(struct ccp_dma_info *info)
>   {
>   	return lower_32_bits(info->address + info->offset);
> @@ -1388,18 +1362,20 @@ static int ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
>   		if (sha->msg_bits)
>   			return -EINVAL;
>
> -		/* A sha operation for a message with a total length of zero,
> -		 * return known result.
> -		 */
> +/* The CCP cannot perform zero-length sha operations so the caller
> + * is required to buffer data for the final operation.  However, a
> + * sha operation for a message with a total length of zero is valid
> + * so known values are required to supply the result.
> + */

This comment should be indented and re-flowed to be consistent with
previous comments in this same section.

Thanks,
Tom

>   		switch (sha->type) {
>   		case CCP_SHA_TYPE_1:
> -			sha_zero = ccp_sha1_zero;
> +			sha_zero = sha1_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_224:
> -			sha_zero = ccp_sha224_zero;
> +			sha_zero = sha224_zero_message_hash;
>   			break;
>   		case CCP_SHA_TYPE_256:
> -			sha_zero = ccp_sha256_zero;
> +			sha_zero = sha256_zero_message_hash;
>   			break;
>   		default:
>   			return -EINVAL;
>