From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6A399C369CB for ; Sat, 26 Apr 2025 06:52:11 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [127.0.0.1]) by lists.ozlabs.org (Postfix) with ESMTP id 4Zl0kD149sz2xlP; Sat, 26 Apr 2025 16:51:48 +1000 (AEST) Authentication-Results: lists.ozlabs.org; arc=none smtp.remote-ip="2604:1380:4641:c500::1" ARC-Seal: i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1745650308; cv=none; b=PJvDmCFJrwr/tpvAL4Qnaa1S84R9CEo3WOknRsClb0pTWQ5U66txUgQ100MtYbyXUjn3zcEXRQHYLpoKDkBAcmfRxlGWnXCcygOjkovU22eevmUbqis4RfD7qysVISDYCVYyaScqDWZpT+L9+0nhszaOQSNTML1qGbPyWFHC602k8Otxv3l5weUYXTkPDMRbYv83hv8vaD+/Str0TfFYqzrxKTB50t1o0lQMPuiEf+F/ayhLGrwWyuJk7iRZQSpLk1/4Kg75tVhsdA4mkB4THXgF/DBIytkgb84chj4ObJlHUf1tnKY4ROwCGI/3mQCA9/Pcso56VQOmkz1homhxBQ== ARC-Message-Signature: i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1745650308; c=relaxed/relaxed; bh=N0gg0R/N9JVaC1ts1zJUioS0z66KxBy8aKrxPv8yhT8=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=FA/CoeZxnOkWluMiemPsLT1b97+P+30WjReAR+jQXW8BXVBcHdCygpE8nORRGU7p1Xi86VKr1CZwjlYdJvK2AdHe6CX9srcOy5AnNLZpC931TbuJCf3cGdWGw7DobTCRlZJWJYMptBm/2MKdfiBJ0H8z8VoBP5IZpeHy7NU+S84yYAYVAX9ab7kHs3EYeo8PcwtU8d+C1LMWBrjpyD6Xl5IpNP683w1uH7kXVCuX7elz9TGD4Ps4vv3yvMuc5lUTRTpTTbPLn0+jMdBtZyeG7wTEzPntmaMoy9H+ysjhcX0NDU2xUpcXnptNds6lIPTjA5V3zmO3ACI/cyIT81v/Tw== ARC-Authentication-Results: i=1; lists.ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=kernel.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=Q5CKi8Fj; dkim-atps=neutral; spf=pass (client-ip=2604:1380:4641:c500::1; helo=dfw.source.kernel.org; envelope-from=ebiggers@kernel.org; receiver=lists.ozlabs.org) smtp.mailfrom=kernel.org Authentication-Results: lists.ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=kernel.org Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=Q5CKi8Fj; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=kernel.org (client-ip=2604:1380:4641:c500::1; helo=dfw.source.kernel.org; envelope-from=ebiggers@kernel.org; receiver=lists.ozlabs.org) Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Zl0k713Ktz2xlQ for ; Sat, 26 Apr 2025 16:51:42 +1000 (AEST) Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1A63A5C059A; Sat, 26 Apr 2025 06:49:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D8A8C4CEE2; Sat, 26 Apr 2025 06:51:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1745650299; bh=Wt4NiLwr3M+nnRmOESBPWOhsCFaewP404R89YU0Ma5M=; h=From:To:Cc:Subject:Date:From; b=Q5CKi8Fj8xTGPwU5Drh/PIkGhwVgbuW9HluQx63MK9bQszLhD1B+qOn0taEs2bOYT xBLhxHiJ14hN8wZd5OxE4WguGmBhxzXaFqJL+htoOFdKU3BzoM7lR/QIeSUuRtp/5R gig6dijFkQjn6WC6FuWjCbGcPvoQXYpyadAK/qbp921I+Fz1WufozNZ0O7WVjBivlP hD9T2mbnScBpB1uA34w+nY5WNn6DaqxIZnEognT6gjIUeJu/GMOiHHum2pD1dS7SFk vI6VS1pf337qJxrzm8RfuoAuUx7oT9vTJZmvfL9I9A7sqtxZoeM8H6MVnLOxkCewCS jDKNVfj94qJ7A== From: Eric Biggers To: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, sparclinux@vger.kernel.org, linux-s390@vger.kernel.org, x86@kernel.org, Ard Biesheuvel , "Jason A . Donenfeld " , Linus Torvalds Subject: [PATCH 00/13] Architecture-optimized SHA-256 library API Date: Fri, 25 Apr 2025 23:50:26 -0700 Message-ID: <20250426065041.1551914-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.49.0 X-Mailing-List: linuxppc-dev@lists.ozlabs.org List-Id: List-Help: List-Owner: List-Post: List-Archive: , List-Subscribe: , , List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This is based on cryptodev commit bf0b4f15267ca404 plus the series https://lore.kernel.org/linux-crypto/20250422152716.5923-1-ebiggers@kernel.org/. It can also be retrieved from: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git sha256-lib-v1 Following the example of several other algorithms (e.g. CRC32, ChaCha, Poly1305, BLAKE2s), this series refactors the kernel's existing architecture-optimized SHA-256 code to be available via the library API, instead of just via the crypto_shash API as it was before. It also reimplements the SHA-256 crypto_shash API on top of the library API. This makes it possible to use the SHA-256 library in performance-critical cases. The new design is also much simpler, with a negative diffstat of over 1200 lines. Finally, this also fixes the longstanding issue where the arch-optimized SHA-256 was disabled by default, so people often forgot to enable it. For now the SHA-256 library is well-covered by the crypto_shash self-tests, but I plan to add a test for the library directly later. I've fully tested this series on arm, arm64, riscv, and x86. On mips, powerpc, s390, and sparc I've only been able to partially test it, since QEMU does not support the SHA-256 instructions on those platforms. If anyone with access to a mips, powerpc, s390, or sparc system that has SHA-256 instructions can verify that the crypto self-tests still pass, that would be appreciated. But I don't expect any issues, especially since the new code is more straightforward than the old code. Eric Biggers (13): crypto: sha256 - support arch-optimized lib and expose through shash crypto: arm/sha256 - implement library instead of shash crypto: arm64/sha256 - remove obsolete chunking logic crypto: arm64/sha256 - implement library instead of shash crypto: mips/sha256 - implement library instead of shash crypto: powerpc/sha256 - implement library instead of shash crypto: riscv/sha256 - implement library instead of shash crypto: s390/sha256 - implement library instead of shash crypto: sparc - move opcodes.h into asm directory crypto: sparc/sha256 - implement library instead of shash crypto: x86/sha256 - implement library instead of shash crypto: sha256 - remove sha256_base.h crypto: lib/sha256 - improve function prototypes arch/arm/configs/exynos_defconfig | 1 - arch/arm/configs/milbeaut_m10v_defconfig | 1 - arch/arm/configs/multi_v7_defconfig | 1 - arch/arm/configs/omap2plus_defconfig | 1 - arch/arm/configs/pxa_defconfig | 1 - arch/arm/crypto/Kconfig | 21 - arch/arm/crypto/Makefile | 8 +- arch/arm/crypto/sha2-ce-glue.c | 87 ---- arch/arm/crypto/sha256_glue.c | 107 ----- arch/arm/crypto/sha256_glue.h | 9 - arch/arm/crypto/sha256_neon_glue.c | 75 --- arch/arm/lib/crypto/.gitignore | 1 + arch/arm/lib/crypto/Kconfig | 6 + arch/arm/lib/crypto/Makefile | 8 +- arch/arm/{ => lib}/crypto/sha256-armv4.pl | 0 .../sha2-ce-core.S => lib/crypto/sha256-ce.S} | 10 +- arch/arm/lib/crypto/sha256.c | 64 +++ arch/arm64/configs/defconfig | 1 - arch/arm64/crypto/Kconfig | 19 - arch/arm64/crypto/Makefile | 13 +- arch/arm64/crypto/sha2-ce-glue.c | 138 ------ arch/arm64/crypto/sha256-glue.c | 171 ------- arch/arm64/lib/crypto/.gitignore | 1 + arch/arm64/lib/crypto/Kconfig | 5 + arch/arm64/lib/crypto/Makefile | 9 +- .../crypto/sha2-armv8.pl} | 0 .../sha2-ce-core.S => lib/crypto/sha256-ce.S} | 36 +- arch/arm64/lib/crypto/sha256.c | 75 +++ arch/mips/cavium-octeon/Kconfig | 6 + .../mips/cavium-octeon/crypto/octeon-sha256.c | 135 ++---- arch/mips/configs/cavium_octeon_defconfig | 1 - arch/mips/crypto/Kconfig | 10 - arch/powerpc/crypto/Kconfig | 11 - arch/powerpc/crypto/Makefile | 2 - arch/powerpc/crypto/sha256-spe-glue.c | 128 ------ arch/powerpc/lib/crypto/Kconfig | 6 + arch/powerpc/lib/crypto/Makefile | 3 + .../powerpc/{ => lib}/crypto/sha256-spe-asm.S | 0 arch/powerpc/lib/crypto/sha256.c | 70 +++ arch/riscv/crypto/Kconfig | 11 - arch/riscv/crypto/Makefile | 3 - arch/riscv/crypto/sha256-riscv64-glue.c | 125 ----- arch/riscv/lib/crypto/Kconfig | 7 + arch/riscv/lib/crypto/Makefile | 3 + .../sha256-riscv64-zvknha_or_zvknhb-zvkb.S | 4 +- arch/riscv/lib/crypto/sha256.c | 62 +++ arch/s390/configs/debug_defconfig | 1 - arch/s390/configs/defconfig | 1 - arch/s390/crypto/Kconfig | 10 - arch/s390/crypto/Makefile | 1 - arch/s390/crypto/sha256_s390.c | 144 ------ arch/s390/lib/crypto/Kconfig | 6 + arch/s390/lib/crypto/Makefile | 2 + arch/s390/lib/crypto/sha256.c | 47 ++ arch/sparc/crypto/Kconfig | 10 - arch/sparc/crypto/Makefile | 2 - arch/sparc/crypto/aes_asm.S | 3 +- arch/sparc/crypto/aes_glue.c | 3 +- arch/sparc/crypto/camellia_asm.S | 3 +- arch/sparc/crypto/camellia_glue.c | 3 +- arch/sparc/crypto/des_asm.S | 3 +- arch/sparc/crypto/des_glue.c | 3 +- arch/sparc/crypto/md5_asm.S | 3 +- arch/sparc/crypto/md5_glue.c | 3 +- arch/sparc/crypto/sha1_asm.S | 3 +- arch/sparc/crypto/sha1_glue.c | 3 +- arch/sparc/crypto/sha256_glue.c | 129 ------ arch/sparc/crypto/sha512_asm.S | 3 +- arch/sparc/crypto/sha512_glue.c | 3 +- arch/sparc/{crypto => include/asm}/opcodes.h | 6 +- arch/sparc/lib/Makefile | 1 + arch/sparc/lib/crc32c_asm.S | 3 +- arch/sparc/lib/crypto/Kconfig | 8 + arch/sparc/lib/crypto/Makefile | 4 + arch/sparc/lib/crypto/sha256.c | 64 +++ arch/sparc/{ => lib}/crypto/sha256_asm.S | 5 +- arch/x86/crypto/Kconfig | 14 - arch/x86/crypto/Makefile | 3 - arch/x86/crypto/sha256_ssse3_glue.c | 432 ------------------ arch/x86/lib/crypto/Kconfig | 7 + arch/x86/lib/crypto/Makefile | 3 + arch/x86/{ => lib}/crypto/sha256-avx-asm.S | 12 +- arch/x86/{ => lib}/crypto/sha256-avx2-asm.S | 12 +- .../crypto/sha256-ni-asm.S} | 36 +- arch/x86/{ => lib}/crypto/sha256-ssse3-asm.S | 14 +- arch/x86/lib/crypto/sha256.c | 74 +++ crypto/Kconfig | 1 + crypto/Makefile | 3 +- crypto/sha256.c | 201 ++++++++ crypto/sha256_generic.c | 102 ----- include/crypto/internal/sha2.h | 28 ++ include/crypto/sha2.h | 23 +- include/crypto/sha256_base.h | 180 -------- lib/crypto/Kconfig | 22 + lib/crypto/sha256.c | 130 +++++- 95 files changed, 1008 insertions(+), 2225 deletions(-) delete mode 100644 arch/arm/crypto/sha2-ce-glue.c delete mode 100644 arch/arm/crypto/sha256_glue.c delete mode 100644 arch/arm/crypto/sha256_glue.h delete mode 100644 arch/arm/crypto/sha256_neon_glue.c rename arch/arm/{ => lib}/crypto/sha256-armv4.pl (100%) rename arch/arm/{crypto/sha2-ce-core.S => lib/crypto/sha256-ce.S} (91%) create mode 100644 arch/arm/lib/crypto/sha256.c delete mode 100644 arch/arm64/crypto/sha2-ce-glue.c delete mode 100644 arch/arm64/crypto/sha256-glue.c rename arch/arm64/{crypto/sha512-armv8.pl => lib/crypto/sha2-armv8.pl} (100%) rename arch/arm64/{crypto/sha2-ce-core.S => lib/crypto/sha256-ce.S} (80%) create mode 100644 arch/arm64/lib/crypto/sha256.c delete mode 100644 arch/powerpc/crypto/sha256-spe-glue.c rename arch/powerpc/{ => lib}/crypto/sha256-spe-asm.S (100%) create mode 100644 arch/powerpc/lib/crypto/sha256.c delete mode 100644 arch/riscv/crypto/sha256-riscv64-glue.c rename arch/riscv/{ => lib}/crypto/sha256-riscv64-zvknha_or_zvknhb-zvkb.S (98%) create mode 100644 arch/riscv/lib/crypto/sha256.c delete mode 100644 arch/s390/crypto/sha256_s390.c create mode 100644 arch/s390/lib/crypto/sha256.c delete mode 100644 arch/sparc/crypto/sha256_glue.c rename arch/sparc/{crypto => include/asm}/opcodes.h (96%) create mode 100644 arch/sparc/lib/crypto/Kconfig create mode 100644 arch/sparc/lib/crypto/Makefile create mode 100644 arch/sparc/lib/crypto/sha256.c rename arch/sparc/{ => lib}/crypto/sha256_asm.S (95%) delete mode 100644 arch/x86/crypto/sha256_ssse3_glue.c rename arch/x86/{ => lib}/crypto/sha256-avx-asm.S (98%) rename arch/x86/{ => lib}/crypto/sha256-avx2-asm.S (98%) rename arch/x86/{crypto/sha256_ni_asm.S => lib/crypto/sha256-ni-asm.S} (85%) rename arch/x86/{ => lib}/crypto/sha256-ssse3-asm.S (98%) create mode 100644 arch/x86/lib/crypto/sha256.c create mode 100644 crypto/sha256.c delete mode 100644 crypto/sha256_generic.c create mode 100644 include/crypto/internal/sha2.h delete mode 100644 include/crypto/sha256_base.h -- 2.49.0