From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org,
sparclinux@vger.kernel.org, linux-s390@vger.kernel.org,
x86@kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld " <Jason@zx2c4.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [v2 PATCH 00/13] Architecture-optimized SHA-256 library API
Date: Sun, 27 Apr 2025 14:30:41 +0800 [thread overview]
Message-ID: <cover.1745734678.git.herbert@gondor.apana.org.au> (raw)
Changes in v2:
- Rebase on top of lib partial block helper series.
- Restore the block-only shash implementation of sha256.
- Move the SIMD hardirq test out of the block functions so that
it is only done for the lib/crypto interface.
- Split the lib/crypto sha256 module to break cycle in allmod build.
This is based on
https://patchwork.kernel.org/project/linux-crypto/list/?series=957415
Original description:
Following the example of several other algorithms (e.g. CRC32, ChaCha,
Poly1305, BLAKE2s), this series refactors the kernel's existing
architecture-optimized SHA-256 code to be available via the library API,
instead of just via the crypto_shash API as it was before. It also
reimplements the SHA-256 crypto_shash API on top of the library API.
This makes it possible to use the SHA-256 library in
performance-critical cases. The new design is also much simpler, with a
negative diffstat of over 1200 lines. Finally, this also fixes the
longstanding issue where the arch-optimized SHA-256 was disabled by
default, so people often forgot to enable it.
For now the SHA-256 library is well-covered by the crypto_shash
self-tests, but I plan to add a test for the library directly later.
I've fully tested this series on arm, arm64, riscv, and x86. On mips,
powerpc, s390, and sparc I've only been able to partially test it, since
QEMU does not support the SHA-256 instructions on those platforms. If
anyone with access to a mips, powerpc, s390, or sparc system that has
SHA-256 instructions can verify that the crypto self-tests still pass,
that would be appreciated. But I don't expect any issues, especially
since the new code is more straightforward than the old code.
Eric Biggers (13):
crypto: sha256 - support arch-optimized lib and expose through shash
crypto: arm/sha256 - implement library instead of shash
crypto: arm64/sha256 - remove obsolete chunking logic
crypto: arm64/sha256 - implement library instead of shash
crypto: mips/sha256 - implement library instead of shash
crypto: powerpc/sha256 - implement library instead of shash
crypto: riscv/sha256 - implement library instead of shash
crypto: s390/sha256 - implement library instead of shash
crypto: sparc - move opcodes.h into asm directory
crypto: sparc/sha256 - implement library instead of shash
crypto: x86/sha256 - implement library instead of shash
crypto: sha256 - remove sha256_base.h
crypto: lib/sha256 - improve function prototypes
arch/arm/configs/exynos_defconfig | 1 -
arch/arm/configs/milbeaut_m10v_defconfig | 1 -
arch/arm/configs/multi_v7_defconfig | 1 -
arch/arm/configs/omap2plus_defconfig | 1 -
arch/arm/configs/pxa_defconfig | 1 -
arch/arm/crypto/Kconfig | 21 -
arch/arm/crypto/Makefile | 8 +-
arch/arm/crypto/sha2-ce-glue.c | 87 ----
arch/arm/crypto/sha256_glue.c | 107 -----
arch/arm/crypto/sha256_glue.h | 9 -
arch/arm/crypto/sha256_neon_glue.c | 75 ---
arch/arm/lib/crypto/.gitignore | 1 +
arch/arm/lib/crypto/Kconfig | 7 +
arch/arm/lib/crypto/Makefile | 8 +-
arch/arm/{ => lib}/crypto/sha256-armv4.pl | 20 +-
.../sha2-ce-core.S => lib/crypto/sha256-ce.S} | 10 +-
arch/arm/lib/crypto/sha256.c | 64 +++
arch/arm64/configs/defconfig | 1 -
arch/arm64/crypto/Kconfig | 19 -
arch/arm64/crypto/Makefile | 13 +-
arch/arm64/crypto/sha2-ce-glue.c | 138 ------
arch/arm64/crypto/sha256-glue.c | 171 -------
arch/arm64/crypto/sha512-glue.c | 6 +-
arch/arm64/lib/crypto/.gitignore | 1 +
arch/arm64/lib/crypto/Kconfig | 6 +
arch/arm64/lib/crypto/Makefile | 9 +-
.../crypto/sha2-armv8.pl} | 2 +-
.../sha2-ce-core.S => lib/crypto/sha256-ce.S} | 36 +-
arch/arm64/lib/crypto/sha256.c | 75 +++
arch/mips/cavium-octeon/Kconfig | 6 +
.../mips/cavium-octeon/crypto/octeon-sha256.c | 139 ++----
arch/mips/configs/cavium_octeon_defconfig | 1 -
arch/mips/crypto/Kconfig | 10 -
arch/powerpc/crypto/Kconfig | 11 -
arch/powerpc/crypto/Makefile | 2 -
arch/powerpc/crypto/sha256-spe-glue.c | 128 ------
arch/powerpc/lib/crypto/Kconfig | 6 +
arch/powerpc/lib/crypto/Makefile | 3 +
.../powerpc/{ => lib}/crypto/sha256-spe-asm.S | 0
arch/powerpc/lib/crypto/sha256.c | 70 +++
arch/riscv/crypto/Kconfig | 11 -
arch/riscv/crypto/Makefile | 3 -
arch/riscv/crypto/sha256-riscv64-glue.c | 125 -----
arch/riscv/lib/crypto/Kconfig | 8 +
arch/riscv/lib/crypto/Makefile | 3 +
.../sha256-riscv64-zvknha_or_zvknhb-zvkb.S | 4 +-
arch/riscv/lib/crypto/sha256.c | 67 +++
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
arch/s390/crypto/Kconfig | 10 -
arch/s390/crypto/Makefile | 1 -
arch/s390/crypto/sha256_s390.c | 144 ------
arch/s390/lib/crypto/Kconfig | 6 +
arch/s390/lib/crypto/Makefile | 2 +
arch/s390/lib/crypto/sha256.c | 47 ++
arch/sparc/crypto/Kconfig | 10 -
arch/sparc/crypto/Makefile | 2 -
arch/sparc/crypto/aes_asm.S | 3 +-
arch/sparc/crypto/aes_glue.c | 3 +-
arch/sparc/crypto/camellia_asm.S | 3 +-
arch/sparc/crypto/camellia_glue.c | 3 +-
arch/sparc/crypto/des_asm.S | 3 +-
arch/sparc/crypto/des_glue.c | 3 +-
arch/sparc/crypto/md5_asm.S | 3 +-
arch/sparc/crypto/md5_glue.c | 3 +-
arch/sparc/crypto/sha1_asm.S | 3 +-
arch/sparc/crypto/sha1_glue.c | 3 +-
arch/sparc/crypto/sha256_glue.c | 129 ------
arch/sparc/crypto/sha512_asm.S | 3 +-
arch/sparc/crypto/sha512_glue.c | 3 +-
arch/sparc/{crypto => include/asm}/opcodes.h | 6 +-
arch/sparc/lib/Makefile | 1 +
arch/sparc/lib/crc32c_asm.S | 3 +-
arch/sparc/lib/crypto/Kconfig | 8 +
arch/sparc/lib/crypto/Makefile | 4 +
arch/sparc/lib/crypto/sha256.c | 64 +++
arch/sparc/{ => lib}/crypto/sha256_asm.S | 5 +-
arch/x86/crypto/Kconfig | 14 -
arch/x86/crypto/Makefile | 3 -
arch/x86/crypto/sha256_ssse3_glue.c | 432 ------------------
arch/x86/lib/crypto/Kconfig | 8 +
arch/x86/lib/crypto/Makefile | 3 +
arch/x86/{ => lib}/crypto/sha256-avx-asm.S | 12 +-
arch/x86/{ => lib}/crypto/sha256-avx2-asm.S | 12 +-
.../crypto/sha256-ni-asm.S} | 36 +-
arch/x86/{ => lib}/crypto/sha256-ssse3-asm.S | 14 +-
arch/x86/lib/crypto/sha256.c | 80 ++++
arch/x86/purgatory/Makefile | 3 -
arch/x86/purgatory/sha256.c | 15 +
crypto/Kconfig | 1 +
crypto/Makefile | 3 +-
crypto/sha256.c | 198 ++++++++
crypto/sha256_generic.c | 102 -----
include/crypto/internal/sha2.h | 75 +++
include/crypto/sha2.h | 23 +-
include/crypto/sha256_base.h | 148 ------
lib/crypto/Kconfig | 30 ++
lib/crypto/Makefile | 1 +
lib/crypto/sha256-generic.c | 139 ++++++
lib/crypto/sha256.c | 150 ++----
100 files changed, 1165 insertions(+), 2313 deletions(-)
delete mode 100644 arch/arm/crypto/sha2-ce-glue.c
delete mode 100644 arch/arm/crypto/sha256_glue.c
delete mode 100644 arch/arm/crypto/sha256_glue.h
delete mode 100644 arch/arm/crypto/sha256_neon_glue.c
rename arch/arm/{ => lib}/crypto/sha256-armv4.pl (97%)
rename arch/arm/{crypto/sha2-ce-core.S => lib/crypto/sha256-ce.S} (91%)
create mode 100644 arch/arm/lib/crypto/sha256.c
delete mode 100644 arch/arm64/crypto/sha2-ce-glue.c
delete mode 100644 arch/arm64/crypto/sha256-glue.c
rename arch/arm64/{crypto/sha512-armv8.pl => lib/crypto/sha2-armv8.pl} (99%)
rename arch/arm64/{crypto/sha2-ce-core.S => lib/crypto/sha256-ce.S} (80%)
create mode 100644 arch/arm64/lib/crypto/sha256.c
delete mode 100644 arch/powerpc/crypto/sha256-spe-glue.c
rename arch/powerpc/{ => lib}/crypto/sha256-spe-asm.S (100%)
create mode 100644 arch/powerpc/lib/crypto/sha256.c
delete mode 100644 arch/riscv/crypto/sha256-riscv64-glue.c
rename arch/riscv/{ => lib}/crypto/sha256-riscv64-zvknha_or_zvknhb-zvkb.S (98%)
create mode 100644 arch/riscv/lib/crypto/sha256.c
delete mode 100644 arch/s390/crypto/sha256_s390.c
create mode 100644 arch/s390/lib/crypto/sha256.c
delete mode 100644 arch/sparc/crypto/sha256_glue.c
rename arch/sparc/{crypto => include/asm}/opcodes.h (96%)
create mode 100644 arch/sparc/lib/crypto/Kconfig
create mode 100644 arch/sparc/lib/crypto/Makefile
create mode 100644 arch/sparc/lib/crypto/sha256.c
rename arch/sparc/{ => lib}/crypto/sha256_asm.S (95%)
delete mode 100644 arch/x86/crypto/sha256_ssse3_glue.c
rename arch/x86/{ => lib}/crypto/sha256-avx-asm.S (98%)
rename arch/x86/{ => lib}/crypto/sha256-avx2-asm.S (98%)
rename arch/x86/{crypto/sha256_ni_asm.S => lib/crypto/sha256-ni-asm.S} (85%)
rename arch/x86/{ => lib}/crypto/sha256-ssse3-asm.S (98%)
create mode 100644 arch/x86/lib/crypto/sha256.c
create mode 100644 arch/x86/purgatory/sha256.c
create mode 100644 crypto/sha256.c
delete mode 100644 crypto/sha256_generic.c
create mode 100644 include/crypto/internal/sha2.h
delete mode 100644 include/crypto/sha256_base.h
create mode 100644 lib/crypto/sha256-generic.c
--
2.39.5
next reply other threads:[~2025-04-27 6:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-27 6:30 Herbert Xu [this message]
2025-04-27 6:30 ` [v2 PATCH 01/13] crypto: sha256 - support arch-optimized lib and expose through shash Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 02/13] crypto: arm/sha256 - implement library instead of shash Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 03/13] crypto: arm64/sha256 - remove obsolete chunking logic Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 04/13] crypto: arm64/sha256 - implement library instead of shash Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 05/13] crypto: mips/sha256 " Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 06/13] crypto: powerpc/sha256 " Herbert Xu
2025-04-27 6:30 ` [v2 PATCH 07/13] crypto: riscv/sha256 " Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 08/13] crypto: s390/sha256 " Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 09/13] crypto: sparc - move opcodes.h into asm directory Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 10/13] crypto: sparc/sha256 - implement library instead of shash Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 11/13] crypto: x86/sha256 " Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 12/13] crypto: sha256 - remove sha256_base.h Herbert Xu
2025-04-27 6:31 ` [v2 PATCH 13/13] crypto: lib/sha256 - improve function prototypes Herbert Xu
2025-04-27 12:35 ` [v2 PATCH 00/13] Architecture-optimized SHA-256 library API Eric Biggers
2025-04-27 12:41 ` Herbert Xu
2025-04-27 12:56 ` Eric Biggers
2025-04-27 13:11 ` Eric Biggers
2025-04-27 14:07 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1745734678.git.herbert@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sparclinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).