Gitiles
Code Review Sign In
192.168.1.100 / T108 / c2023d5d03be91dbb983606f0ec5e9e4ea36c8c2 / . / target / linux / generic / backport-5.4 / 080-wireguard-0015-crypto-poly1305-expose-init-update-final-library-int.patch
blob: bf8e90bf02d0e487c3cdfe6d0d5354440b18050b [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2From: Ard Biesheuvel <ardb@kernel.org>
3Date: Fri, 8 Nov 2019 13:22:21 +0100
4Subject: [PATCH] crypto: poly1305 - expose init/update/final library interface
5
6commit a1d93064094cc5e24d64e35cf093e7191d0c9344 upstream.
7
8Expose the existing generic Poly1305 code via a init/update/final
9library interface so that callers are not required to go through
10the crypto API's shash abstraction to access it. At the same time,
11make some preparations so that the library implementation can be
12superseded by an accelerated arch-specific version in the future.
13
14Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
15Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
16Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
17---
18 crypto/poly1305_generic.c | 22 +-----------
19 include/crypto/poly1305.h | 38 +++++++++++++++++++-
20 lib/crypto/Kconfig | 26 ++++++++++++++
21 lib/crypto/poly1305.c | 74 +++++++++++++++++++++++++++++++++++++++
22 4 files changed, 138 insertions(+), 22 deletions(-)
23
24--- a/crypto/poly1305_generic.c
25+++ b/crypto/poly1305_generic.c
26@@ -85,31 +85,11 @@ EXPORT_SYMBOL_GPL(crypto_poly1305_update
27 int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
28 {
29 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
30- __le32 digest[4];
31- u64 f = 0;
32
33 if (unlikely(!dctx->sset))
34 return -ENOKEY;
35
36- if (unlikely(dctx->buflen)) {
37- dctx->buf[dctx->buflen++] = 1;
38- memset(dctx->buf + dctx->buflen, 0,
39- POLY1305_BLOCK_SIZE - dctx->buflen);
40- poly1305_core_blocks(&dctx->h, dctx->r, dctx->buf, 1, 0);
41- }
42-
43- poly1305_core_emit(&dctx->h, digest);
44-
45- /* mac = (h + s) % (2^128) */
46- f = (f >> 32) + le32_to_cpu(digest[0]) + dctx->s[0];
47- put_unaligned_le32(f, dst + 0);
48- f = (f >> 32) + le32_to_cpu(digest[1]) + dctx->s[1];
49- put_unaligned_le32(f, dst + 4);
50- f = (f >> 32) + le32_to_cpu(digest[2]) + dctx->s[2];
51- put_unaligned_le32(f, dst + 8);
52- f = (f >> 32) + le32_to_cpu(digest[3]) + dctx->s[3];
53- put_unaligned_le32(f, dst + 12);
54-
55+ poly1305_final_generic(dctx, dst);
56 return 0;
57 }
58 EXPORT_SYMBOL_GPL(crypto_poly1305_final);
59--- a/include/crypto/poly1305.h
60+++ b/include/crypto/poly1305.h
61@@ -35,7 +35,43 @@ struct poly1305_desc_ctx {
62 /* accumulator */
63 struct poly1305_state h;
64 /* key */
65- struct poly1305_key r[1];
66+ struct poly1305_key r[CONFIG_CRYPTO_LIB_POLY1305_RSIZE];
67 };
68
69+void poly1305_init_arch(struct poly1305_desc_ctx *desc, const u8 *key);
70+void poly1305_init_generic(struct poly1305_desc_ctx *desc, const u8 *key);
71+
72+static inline void poly1305_init(struct poly1305_desc_ctx *desc, const u8 *key)
73+{
74+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
75+ poly1305_init_arch(desc, key);
76+ else
77+ poly1305_init_generic(desc, key);
78+}
79+
80+void poly1305_update_arch(struct poly1305_desc_ctx *desc, const u8 *src,
81+ unsigned int nbytes);
82+void poly1305_update_generic(struct poly1305_desc_ctx *desc, const u8 *src,
83+ unsigned int nbytes);
84+
85+static inline void poly1305_update(struct poly1305_desc_ctx *desc,
86+ const u8 *src, unsigned int nbytes)
87+{
88+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
89+ poly1305_update_arch(desc, src, nbytes);
90+ else
91+ poly1305_update_generic(desc, src, nbytes);
92+}
93+
94+void poly1305_final_arch(struct poly1305_desc_ctx *desc, u8 *digest);
95+void poly1305_final_generic(struct poly1305_desc_ctx *desc, u8 *digest);
96+
97+static inline void poly1305_final(struct poly1305_desc_ctx *desc, u8 *digest)
98+{
99+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
100+ poly1305_final_arch(desc, digest);
101+ else
102+ poly1305_final_generic(desc, digest);
103+}
104+
105 #endif
106--- a/lib/crypto/Kconfig
107+++ b/lib/crypto/Kconfig
108@@ -37,8 +37,34 @@ config CRYPTO_LIB_CHACHA
109 config CRYPTO_LIB_DES
110 tristate
111
112+config CRYPTO_LIB_POLY1305_RSIZE
113+ int
114+ default 1
115+
116+config CRYPTO_ARCH_HAVE_LIB_POLY1305
117+ tristate
118+ help
119+ Declares whether the architecture provides an arch-specific
120+ accelerated implementation of the Poly1305 library interface,
121+ either builtin or as a module.
122+
123 config CRYPTO_LIB_POLY1305_GENERIC
124 tristate
125+ help
126+ This symbol can be depended upon by arch implementations of the
127+ Poly1305 library interface that require the generic code as a
128+ fallback, e.g., for SIMD implementations. If no arch specific
129+ implementation is enabled, this implementation serves the users
130+ of CRYPTO_LIB_POLY1305.
131+
132+config CRYPTO_LIB_POLY1305
133+ tristate "Poly1305 library interface"
134+ depends on CRYPTO_ARCH_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_HAVE_LIB_POLY1305
135+ select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
136+ help
137+ Enable the Poly1305 library interface. This interface may be fulfilled
138+ by either the generic implementation or an arch-specific one, if one
139+ is available and enabled.
140
141 config CRYPTO_LIB_SHA256
142 tristate
143--- a/lib/crypto/poly1305.c
144+++ b/lib/crypto/poly1305.c
145@@ -154,5 +154,79 @@ void poly1305_core_emit(const struct pol
146 }
147 EXPORT_SYMBOL_GPL(poly1305_core_emit);
148
149+void poly1305_init_generic(struct poly1305_desc_ctx *desc, const u8 *key)
150+{
151+ poly1305_core_setkey(desc->r, key);
152+ desc->s[0] = get_unaligned_le32(key + 16);
153+ desc->s[1] = get_unaligned_le32(key + 20);
154+ desc->s[2] = get_unaligned_le32(key + 24);
155+ desc->s[3] = get_unaligned_le32(key + 28);
156+ poly1305_core_init(&desc->h);
157+ desc->buflen = 0;
158+ desc->sset = true;
159+ desc->rset = 1;
160+}
161+EXPORT_SYMBOL_GPL(poly1305_init_generic);
162+
163+void poly1305_update_generic(struct poly1305_desc_ctx *desc, const u8 *src,
164+ unsigned int nbytes)
165+{
166+ unsigned int bytes;
167+
168+ if (unlikely(desc->buflen)) {
169+ bytes = min(nbytes, POLY1305_BLOCK_SIZE - desc->buflen);
170+ memcpy(desc->buf + desc->buflen, src, bytes);
171+ src += bytes;
172+ nbytes -= bytes;
173+ desc->buflen += bytes;
174+
175+ if (desc->buflen == POLY1305_BLOCK_SIZE) {
176+ poly1305_core_blocks(&desc->h, desc->r, desc->buf, 1, 1);
177+ desc->buflen = 0;
178+ }
179+ }
180+
181+ if (likely(nbytes >= POLY1305_BLOCK_SIZE)) {
182+ poly1305_core_blocks(&desc->h, desc->r, src,
183+ nbytes / POLY1305_BLOCK_SIZE, 1);
184+ src += nbytes - (nbytes % POLY1305_BLOCK_SIZE);
185+ nbytes %= POLY1305_BLOCK_SIZE;
186+ }
187+
188+ if (unlikely(nbytes)) {
189+ desc->buflen = nbytes;
190+ memcpy(desc->buf, src, nbytes);
191+ }
192+}
193+EXPORT_SYMBOL_GPL(poly1305_update_generic);
194+
195+void poly1305_final_generic(struct poly1305_desc_ctx *desc, u8 *dst)
196+{
197+ __le32 digest[4];
198+ u64 f = 0;
199+
200+ if (unlikely(desc->buflen)) {
201+ desc->buf[desc->buflen++] = 1;
202+ memset(desc->buf + desc->buflen, 0,
203+ POLY1305_BLOCK_SIZE - desc->buflen);
204+ poly1305_core_blocks(&desc->h, desc->r, desc->buf, 1, 0);
205+ }
206+
207+ poly1305_core_emit(&desc->h, digest);
208+
209+ /* mac = (h + s) % (2^128) */
210+ f = (f >> 32) + le32_to_cpu(digest[0]) + desc->s[0];
211+ put_unaligned_le32(f, dst + 0);
212+ f = (f >> 32) + le32_to_cpu(digest[1]) + desc->s[1];
213+ put_unaligned_le32(f, dst + 4);
214+ f = (f >> 32) + le32_to_cpu(digest[2]) + desc->s[2];
215+ put_unaligned_le32(f, dst + 8);
216+ f = (f >> 32) + le32_to_cpu(digest[3]) + desc->s[3];
217+ put_unaligned_le32(f, dst + 12);
218+
219+ *desc = (struct poly1305_desc_ctx){};
220+}
221+EXPORT_SYMBOL_GPL(poly1305_final_generic);
222+
223 MODULE_LICENSE("GPL");
224 MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");