All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
	<linux-crypto@vger.kernel.org>,
	Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH crypto-next v2 3/3] crypto: arm/arm64/mips/poly1305 - remove redundant non-reduction from emit
Date: Thu, 12 Dec 2019 15:59:34 +0100	[thread overview]
Message-ID: <CAKv+Gu-JdxYpQDjiw5-mNo7QnDak5D--8HAtp-pyuPnRe18bjw@mail.gmail.com> (raw)
In-Reply-To: <20191212093008.217086-3-Jason@zx2c4.com>

On Thu, 12 Dec 2019 at 10:30, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> This appears to be some kind of copy and paste error, and is actually
> dead code.
>
> Pre: f = 0 ⇒ (f >> 32) = 0
>     f = (f >> 32) + le32_to_cpu(digest[0]);
> Post: 0 ≤ f < 2³²
>     put_unaligned_le32(f, dst);
>
> Pre: 0 ≤ f < 2³² ⇒ (f >> 32) = 0
>     f = (f >> 32) + le32_to_cpu(digest[1]);
> Post: 0 ≤ f < 2³²
>     put_unaligned_le32(f, dst + 4);
>
> Pre: 0 ≤ f < 2³² ⇒ (f >> 32) = 0
>     f = (f >> 32) + le32_to_cpu(digest[2]);
> Post: 0 ≤ f < 2³²
>     put_unaligned_le32(f, dst + 8);
>
> Pre: 0 ≤ f < 2³² ⇒ (f >> 32) = 0
>     f = (f >> 32) + le32_to_cpu(digest[3]);
> Post: 0 ≤ f < 2³²
>     put_unaligned_le32(f, dst + 12);
>
> Therefore this sequence is redundant. And Andy's code appears to handle
> misalignment acceptably.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---

The change is obviously correct, but I ran it on a big-endian system
just to be sure.

Tested-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>

>  arch/arm/crypto/poly1305-glue.c   | 18 ++----------------
>  arch/arm64/crypto/poly1305-glue.c | 18 ++----------------
>  arch/mips/crypto/poly1305-glue.c  | 18 ++----------------
>  3 files changed, 6 insertions(+), 48 deletions(-)
>
> diff --git a/arch/arm/crypto/poly1305-glue.c b/arch/arm/crypto/poly1305-glue.c
> index abe3f2d587dc..ceec04ec2f40 100644
> --- a/arch/arm/crypto/poly1305-glue.c
> +++ b/arch/arm/crypto/poly1305-glue.c
> @@ -20,7 +20,7 @@
>
>  void poly1305_init_arm(void *state, const u8 *key);
>  void poly1305_blocks_arm(void *state, const u8 *src, u32 len, u32 hibit);
> -void poly1305_emit_arm(void *state, __le32 *digest, const u32 *nonce);
> +void poly1305_emit_arm(void *state, u8 *digest, const u32 *nonce);
>
>  void __weak poly1305_blocks_neon(void *state, const u8 *src, u32 len, u32 hibit)
>  {
> @@ -179,9 +179,6 @@ EXPORT_SYMBOL(poly1305_update_arch);
>
>  void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>  {
> -       __le32 digest[4];
> -       u64 f = 0;
> -
>         if (unlikely(dctx->buflen)) {
>                 dctx->buf[dctx->buflen++] = 1;
>                 memset(dctx->buf + dctx->buflen, 0,
> @@ -189,18 +186,7 @@ void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>                 poly1305_blocks_arm(&dctx->h, dctx->buf, POLY1305_BLOCK_SIZE, 0);
>         }
>
> -       poly1305_emit_arm(&dctx->h, digest, dctx->s);
> -
> -       /* mac = (h + s) % (2^128) */
> -       f = (f >> 32) + le32_to_cpu(digest[0]);
> -       put_unaligned_le32(f, dst);
> -       f = (f >> 32) + le32_to_cpu(digest[1]);
> -       put_unaligned_le32(f, dst + 4);
> -       f = (f >> 32) + le32_to_cpu(digest[2]);
> -       put_unaligned_le32(f, dst + 8);
> -       f = (f >> 32) + le32_to_cpu(digest[3]);
> -       put_unaligned_le32(f, dst + 12);
> -
> +       poly1305_emit_arm(&dctx->h, dst, dctx->s);
>         *dctx = (struct poly1305_desc_ctx){};
>  }
>  EXPORT_SYMBOL(poly1305_final_arch);
> diff --git a/arch/arm64/crypto/poly1305-glue.c b/arch/arm64/crypto/poly1305-glue.c
> index 83a2338a8826..e97b092f56b8 100644
> --- a/arch/arm64/crypto/poly1305-glue.c
> +++ b/arch/arm64/crypto/poly1305-glue.c
> @@ -21,7 +21,7 @@
>  asmlinkage void poly1305_init_arm64(void *state, const u8 *key);
>  asmlinkage void poly1305_blocks(void *state, const u8 *src, u32 len, u32 hibit);
>  asmlinkage void poly1305_blocks_neon(void *state, const u8 *src, u32 len, u32 hibit);
> -asmlinkage void poly1305_emit(void *state, __le32 *digest, const u32 *nonce);
> +asmlinkage void poly1305_emit(void *state, u8 *digest, const u32 *nonce);
>
>  static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_neon);
>
> @@ -162,9 +162,6 @@ EXPORT_SYMBOL(poly1305_update_arch);
>
>  void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>  {
> -       __le32 digest[4];
> -       u64 f = 0;
> -
>         if (unlikely(dctx->buflen)) {
>                 dctx->buf[dctx->buflen++] = 1;
>                 memset(dctx->buf + dctx->buflen, 0,
> @@ -172,18 +169,7 @@ void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>                 poly1305_blocks(&dctx->h, dctx->buf, POLY1305_BLOCK_SIZE, 0);
>         }
>
> -       poly1305_emit(&dctx->h, digest, dctx->s);
> -
> -       /* mac = (h + s) % (2^128) */
> -       f = (f >> 32) + le32_to_cpu(digest[0]);
> -       put_unaligned_le32(f, dst);
> -       f = (f >> 32) + le32_to_cpu(digest[1]);
> -       put_unaligned_le32(f, dst + 4);
> -       f = (f >> 32) + le32_to_cpu(digest[2]);
> -       put_unaligned_le32(f, dst + 8);
> -       f = (f >> 32) + le32_to_cpu(digest[3]);
> -       put_unaligned_le32(f, dst + 12);
> -
> +       poly1305_emit(&dctx->h, dst, dctx->s);
>         *dctx = (struct poly1305_desc_ctx){};
>  }
>  EXPORT_SYMBOL(poly1305_final_arch);
> diff --git a/arch/mips/crypto/poly1305-glue.c b/arch/mips/crypto/poly1305-glue.c
> index b37d29cf5d0a..fc881b46d911 100644
> --- a/arch/mips/crypto/poly1305-glue.c
> +++ b/arch/mips/crypto/poly1305-glue.c
> @@ -15,7 +15,7 @@
>
>  asmlinkage void poly1305_init_mips(void *state, const u8 *key);
>  asmlinkage void poly1305_blocks_mips(void *state, const u8 *src, u32 len, u32 hibit);
> -asmlinkage void poly1305_emit_mips(void *state, __le32 *digest, const u32 *nonce);
> +asmlinkage void poly1305_emit_mips(void *state, u8 *digest, const u32 *nonce);
>
>  void poly1305_init_arch(struct poly1305_desc_ctx *dctx, const u8 *key)
>  {
> @@ -134,9 +134,6 @@ EXPORT_SYMBOL(poly1305_update_arch);
>
>  void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>  {
> -       __le32 digest[4];
> -       u64 f = 0;
> -
>         if (unlikely(dctx->buflen)) {
>                 dctx->buf[dctx->buflen++] = 1;
>                 memset(dctx->buf + dctx->buflen, 0,
> @@ -144,18 +141,7 @@ void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
>                 poly1305_blocks_mips(&dctx->h, dctx->buf, POLY1305_BLOCK_SIZE, 0);
>         }
>
> -       poly1305_emit_mips(&dctx->h, digest, dctx->s);
> -
> -       /* mac = (h + s) % (2^128) */
> -       f = (f >> 32) + le32_to_cpu(digest[0]);
> -       put_unaligned_le32(f, dst);
> -       f = (f >> 32) + le32_to_cpu(digest[1]);
> -       put_unaligned_le32(f, dst + 4);
> -       f = (f >> 32) + le32_to_cpu(digest[2]);
> -       put_unaligned_le32(f, dst + 8);
> -       f = (f >> 32) + le32_to_cpu(digest[3]);
> -       put_unaligned_le32(f, dst + 12);
> -
> +       poly1305_emit_mips(&dctx->h, dst, dctx->s);
>         *dctx = (struct poly1305_desc_ctx){};
>  }
>  EXPORT_SYMBOL(poly1305_final_arch);
> --
> 2.24.0
>

  reply	other threads:[~2019-12-12 14:59 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-11 17:09 [PATCH crypto-next v1] crypto: poly1305 - add new 32 and 64-bit generic versions Jason A. Donenfeld
2019-12-11 19:06 ` Eric Biggers
2019-12-11 22:04   ` Jason A. Donenfeld
2019-12-12  9:30 ` [PATCH crypto-next v2 1/3] " Jason A. Donenfeld
2019-12-12  9:30   ` [PATCH crypto-next v2 2/3] crypto: x86_64/poly1305 - add faster implementations Jason A. Donenfeld
2019-12-12 10:26     ` Jason A. Donenfeld
2019-12-12 15:34     ` Martin Willi
2019-12-12 15:39       ` Jason A. Donenfeld
2019-12-15 17:04         ` Andy Polyakov
2019-12-12  9:30   ` [PATCH crypto-next v2 3/3] crypto: arm/arm64/mips/poly1305 - remove redundant non-reduction from emit Jason A. Donenfeld
2019-12-12 14:59     ` Ard Biesheuvel [this message]
2019-12-12 12:03   ` [PATCH crypto-next v2 1/3] crypto: poly1305 - add new 32 and 64-bit generic versions Martin Willi
2019-12-12 13:08     ` Jason A. Donenfeld
2019-12-12 13:46       ` Jason A. Donenfeld
2019-12-12 14:26         ` Ard Biesheuvel
2019-12-12 14:30           ` Jason A. Donenfeld
2019-12-12 15:30             ` Martin Willi
2019-12-12 15:35               ` Jason A. Donenfeld
2019-12-13  3:28                 ` Eric Biggers
2019-12-14  8:56                   ` Herbert Xu
2019-12-14 12:21                     ` Jason A. Donenfeld
2019-12-14 13:05                   ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKv+Gu-JdxYpQDjiw5-mNo7QnDak5D--8HAtp-pyuPnRe18bjw@mail.gmail.com \
    --to=ard.biesheuvel@linaro.org \
    --cc=Jason@zx2c4.com \
    --cc=ebiggers@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.