[PATCH v2 0/7] BLAKE2b cleanups

[PATCH v2 0/7] BLAKE2b cleanups

[David Sterba]

Hi,

the patchset implements cleanups suggested by Eric in
https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/

The diff is almost the same, split into pieces with some additional
comments where it would help understand the simplifications. This is
based on v7 of the BLAKE2b patchset.

The self-tests have been run for each patch on x86_64.

V2:
- rename digest_setkey to blake2b_setkey, this is in patch 7 that also
  does a rename, to avoid a too-trivial separate patch
- minor withespace fix in patch 6

David Sterba (7):
  crypto: blake2b: merge _final implementation to callback
  crypto: blake2b: merge blake2 init to api callback
  crypto: blake2b: simplify key init
  crypto: blake2b: delete unused structs or members
  crypto: blake2b: open code set last block helper
  crypto: blake2b: merge _update to api callback
  crypto: blake2b: rename tfm context and _setkey callback

 crypto/blake2b_generic.c | 279 ++++++++++++---------------------------
 1 file changed, 82 insertions(+), 197 deletions(-)

-- 
2.23.0

[PATCH v2 1/7] crypto: blake2b: merge _final implementation to callback

[David Sterba]

blake2b_final is called only once, merge it to the crypto API callback
and simplify. This avoids the temporary buffer and swaps the bytes of
internal buffer.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 42 ++++++++++++++++------------------------
 1 file changed, 17 insertions(+), 25 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 8dab65612a41..743905fabd65 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -276,25 +276,6 @@ static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inle
 	}
 }
 
-static void blake2b_final(struct blake2b_state *S, void *out, size_t outlen)
-{
-	u8 buffer[BLAKE2B_OUTBYTES] = {0};
-	size_t i;
-
-	blake2b_increment_counter(S, S->buflen);
-	blake2b_set_lastblock(S);
-	/* Padding */
-	memset(S->buf + S->buflen, 0, BLAKE2B_BLOCKBYTES - S->buflen);
-	blake2b_compress(S, S->buf);
-
-	/* Output full hash to temp buffer */
-	for (i = 0; i < 8; ++i)
-		put_unaligned_le64(S->h[i], buffer + sizeof(S->h[i]) * i);
-
-	memcpy(out, buffer, S->outlen);
-	memzero_explicit(buffer, sizeof(buffer));
-}
-
 struct digest_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
@@ -338,12 +319,23 @@ static int digest_update(struct shash_desc *desc, const u8 *data,
 	return 0;
 }
 
-static int digest_final(struct shash_desc *desc, u8 *out)
+static int blake2b_final(struct shash_desc *desc, u8 *out)
 {
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
+	size_t i;
+
+	blake2b_increment_counter(state, state->buflen);
+	blake2b_set_lastblock(state);
+	/* Padding */
+	memset(state->buf + state->buflen, 0, BLAKE2B_BLOCKBYTES - state->buflen);
+	blake2b_compress(state, state->buf);
+
+	/* Avoid temporary buffer and switch the internal output to LE order */
+	for (i = 0; i < ARRAY_SIZE(state->h); i++)
+		__cpu_to_le64s(&state->h[i]);
 
-	blake2b_final(state, out, digestsize);
+	memcpy(out, state->h, digestsize);
 	return 0;
 }
 
@@ -360,7 +352,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-256",
@@ -374,7 +366,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-384",
@@ -388,7 +380,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-512",
@@ -402,7 +394,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}
 };
-- 
2.23.0

[PATCH v2 2/7] crypto: blake2b: merge blake2 init to api callback

[David Sterba]

The call chain from blake2b_init can be simplified because the param
block is effectively zeros, besides the key.

- blake2b_init0 zeroes state and sets IV
- blake2b_init sets up param block with defaults (key and some 1s)
- init with key, write it to the input buffer and recalculate state

So the compact way is to zero out the state and initialize index 0 of
the state directly with the non-zero values and the key.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 103 ++++++++-------------------------------
 1 file changed, 19 insertions(+), 84 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 743905fabd65..d3da6113a96a 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -106,81 +106,6 @@ static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc)
 	S->t[1] += (S->t[0] < inc);
 }
 
-static void blake2b_init0(struct blake2b_state *S)
-{
-	size_t i;
-
-	memset(S, 0, sizeof(struct blake2b_state));
-
-	for (i = 0; i < 8; ++i)
-		S->h[i] = blake2b_IV[i];
-}
-
-/* init xors IV with input parameter block */
-static void blake2b_init_param(struct blake2b_state *S,
-			       const struct blake2b_param *P)
-{
-	const u8 *p = (const u8 *)(P);
-	size_t i;
-
-	blake2b_init0(S);
-
-	/* IV XOR ParamBlock */
-	for (i = 0; i < 8; ++i)
-		S->h[i] ^= get_unaligned_le64(p + sizeof(S->h[i]) * i);
-
-	S->outlen = P->digest_length;
-}
-
-static void blake2b_init(struct blake2b_state *S, size_t outlen)
-{
-	struct blake2b_param P;
-
-	P.digest_length = (u8)outlen;
-	P.key_length    = 0;
-	P.fanout        = 1;
-	P.depth         = 1;
-	P.leaf_length   = 0;
-	P.node_offset   = 0;
-	P.xof_length    = 0;
-	P.node_depth    = 0;
-	P.inner_length  = 0;
-	memset(P.reserved, 0, sizeof(P.reserved));
-	memset(P.salt,     0, sizeof(P.salt));
-	memset(P.personal, 0, sizeof(P.personal));
-	blake2b_init_param(S, &P);
-}
-
-static void blake2b_init_key(struct blake2b_state *S, size_t outlen,
-			     const void *key, size_t keylen)
-{
-	struct blake2b_param P;
-
-	P.digest_length = (u8)outlen;
-	P.key_length    = (u8)keylen;
-	P.fanout        = 1;
-	P.depth         = 1;
-	P.leaf_length   = 0;
-	P.node_offset   = 0;
-	P.xof_length    = 0;
-	P.node_depth    = 0;
-	P.inner_length  = 0;
-	memset(P.reserved, 0, sizeof(P.reserved));
-	memset(P.salt,     0, sizeof(P.salt));
-	memset(P.personal, 0, sizeof(P.personal));
-
-	blake2b_init_param(S, &P);
-
-	{
-		u8 block[BLAKE2B_BLOCKBYTES];
-
-		memset(block, 0, BLAKE2B_BLOCKBYTES);
-		memcpy(block, key, keylen);
-		blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
-		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
-	}
-}
-
 #define G(r,i,a,b,c,d)                                  \
 	do {                                            \
 		a = a + b + m[blake2b_sigma[r][2*i+0]]; \
@@ -297,16 +222,26 @@ static int digest_setkey(struct crypto_shash *tfm, const u8 *key,
 	return 0;
 }
 
-static int digest_init(struct shash_desc *desc)
+static int blake2b_init(struct shash_desc *desc)
 {
 	struct digest_tfm_ctx *mctx = crypto_shash_ctx(desc->tfm);
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
 
-	if (mctx->keylen == 0)
-		blake2b_init(state, digestsize);
-	else
-		blake2b_init_key(state, digestsize, mctx->key, mctx->keylen);
+	memset(state, 0, sizeof(*state));
+	memcpy(state->h, blake2b_IV, sizeof(state->h));
+
+	/* Parameter block is all zeros except index 0, no xor for 1..7 */
+	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
+
+	if (mctx->keylen) {
+		u8 block[BLAKE2B_BLOCKBYTES];
+
+		memset(block, 0, BLAKE2B_BLOCKBYTES);
+		memcpy(block, mctx->key, mctx->keylen);
+		blake2b_update(state, block, BLAKE2B_BLOCKBYTES);
+		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
+	}
 	return 0;
 }
 
@@ -350,7 +285,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -364,7 +299,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -378,7 +313,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -392,7 +327,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
-- 
2.23.0

[PATCH v2 3/7] crypto: blake2b: simplify key init

[David Sterba]

The keyed init writes the key bytes to the input buffer and does an
update. We can do that in two ways: fill the buffer and update
immediatelly. This is what current blake2b_init_key does. Any other
following _update or _final will continue from the updated state.

The other way is to write the key and set the number of bytes to process
at the next _update or _final, lazy evaluation. Which leads to the the
simplified code in this patch.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index d3da6113a96a..fd0fbb076058 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -85,8 +85,6 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inlen);
-
 static void blake2b_set_lastnode(struct blake2b_state *S)
 {
 	S->f[1] = (u64)-1;
@@ -235,12 +233,12 @@ static int blake2b_init(struct shash_desc *desc)
 	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
 
 	if (mctx->keylen) {
-		u8 block[BLAKE2B_BLOCKBYTES];
-
-		memset(block, 0, BLAKE2B_BLOCKBYTES);
-		memcpy(block, mctx->key, mctx->keylen);
-		blake2b_update(state, block, BLAKE2B_BLOCKBYTES);
-		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
+		/*
+		 * Prefill the buffer with the key, next call to _update or
+		 * _final will process it
+		 */
+		memcpy(state->buf, mctx->key, mctx->keylen);
+		state->buflen = BLAKE2B_BLOCKBYTES;
 	}
 	return 0;
 }
-- 
2.23.0

[PATCH v2 4/7] crypto: blake2b: delete unused structs or members

[David Sterba]

All the code for param block has been inlined, last_node and outlen from
the state are not used or have become redundant due to other code.
Remove it.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 30 ------------------------------
 1 file changed, 30 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index fd0fbb076058..442c639c9ad9 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -32,10 +32,7 @@
 
 enum blake2b_constant {
 	BLAKE2B_BLOCKBYTES    = 128,
-	BLAKE2B_OUTBYTES      = 64,
 	BLAKE2B_KEYBYTES      = 64,
-	BLAKE2B_SALTBYTES     = 16,
-	BLAKE2B_PERSONALBYTES = 16
 };
 
 struct blake2b_state {
@@ -44,25 +41,8 @@ struct blake2b_state {
 	u64      f[2];
 	u8       buf[BLAKE2B_BLOCKBYTES];
 	size_t   buflen;
-	size_t   outlen;
-	u8       last_node;
 };
 
-struct blake2b_param {
-	u8 digest_length;			/* 1 */
-	u8 key_length;				/* 2 */
-	u8 fanout;				/* 3 */
-	u8 depth;				/* 4 */
-	__le32 leaf_length;			/* 8 */
-	__le32 node_offset;			/* 12 */
-	__le32 xof_length;			/* 16 */
-	u8 node_depth;				/* 17 */
-	u8 inner_length;			/* 18 */
-	u8 reserved[14];			/* 32 */
-	u8 salt[BLAKE2B_SALTBYTES];		/* 48 */
-	u8 personal[BLAKE2B_PERSONALBYTES];	/* 64 */
-} __packed;
-
 static const u64 blake2b_IV[8] = {
 	0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
 	0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
@@ -85,16 +65,8 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_set_lastnode(struct blake2b_state *S)
-{
-	S->f[1] = (u64)-1;
-}
-
 static void blake2b_set_lastblock(struct blake2b_state *S)
 {
-	if (S->last_node)
-		blake2b_set_lastnode(S);
-
 	S->f[0] = (u64)-1;
 }
 
@@ -334,8 +306,6 @@ static struct shash_alg blake2b_algs[] = {
 
 static int __init blake2b_mod_init(void)
 {
-	BUILD_BUG_ON(sizeof(struct blake2b_param) != BLAKE2B_OUTBYTES);
-
 	return crypto_register_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs));
 }
 
-- 
2.23.0

[PATCH v2 5/7] crypto: blake2b: open code set last block helper

[David Sterba]

The helper is trival and called once, inlining makes things simpler.
There's a comment to tie it back to the idea behind the code.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 442c639c9ad9..463ac597ef04 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -65,11 +65,6 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_set_lastblock(struct blake2b_state *S)
-{
-	S->f[0] = (u64)-1;
-}
-
 static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc)
 {
 	S->t[0] += inc;
@@ -231,7 +226,8 @@ static int blake2b_final(struct shash_desc *desc, u8 *out)
 	size_t i;
 
 	blake2b_increment_counter(state, state->buflen);
-	blake2b_set_lastblock(state);
+	/* Set last block */
+	state->f[0] = (u64)-1;
 	/* Padding */
 	memset(state->buf + state->buflen, 0, BLAKE2B_BLOCKBYTES - state->buflen);
 	blake2b_compress(state, state->buf);
-- 
2.23.0

[PATCH v2 6/7] crypto: blake2b: merge _update to api callback

[David Sterba]

Now that there's only one call to blake2b_update, we can merge it to the
callback and simplify. The empty input check is split and the rest of
code un-indented.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 66 ++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 36 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 463ac597ef04..2c756a7dcc21 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -137,35 +137,6 @@ static void blake2b_compress(struct blake2b_state *S,
 #undef G
 #undef ROUND
 
-static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inlen)
-{
-	const u8 *in = (const u8 *)pin;
-
-	if (inlen > 0) {
-		size_t left = S->buflen;
-		size_t fill = BLAKE2B_BLOCKBYTES - left;
-
-		if (inlen > fill) {
-			S->buflen = 0;
-			/* Fill buffer */
-			memcpy(S->buf + left, in, fill);
-			blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
-			/* Compress */
-			blake2b_compress(S, S->buf);
-			in += fill;
-			inlen -= fill;
-			while (inlen > BLAKE2B_BLOCKBYTES) {
-				blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
-				blake2b_compress(S, in);
-				in += BLAKE2B_BLOCKBYTES;
-				inlen -= BLAKE2B_BLOCKBYTES;
-			}
-		}
-		memcpy(S->buf + S->buflen, in, inlen);
-		S->buflen += inlen;
-	}
-}
-
 struct digest_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
@@ -210,12 +181,35 @@ static int blake2b_init(struct shash_desc *desc)
 	return 0;
 }
 
-static int digest_update(struct shash_desc *desc, const u8 *data,
-			 unsigned int length)
+static int blake2b_update(struct shash_desc *desc, const u8 *in,
+			  unsigned int inlen)
 {
 	struct blake2b_state *state = shash_desc_ctx(desc);
+	const size_t left = state->buflen;
+	const size_t fill = BLAKE2B_BLOCKBYTES - left;
+
+	if (!inlen)
+		return 0;
+
+	if (inlen > fill) {
+		state->buflen = 0;
+		/* Fill buffer */
+		memcpy(state->buf + left, in, fill);
+		blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES);
+		/* Compress */
+		blake2b_compress(state, state->buf);
+		in += fill;
+		inlen -= fill;
+		while (inlen > BLAKE2B_BLOCKBYTES) {
+			blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES);
+			blake2b_compress(state, in);
+			in += BLAKE2B_BLOCKBYTES;
+			inlen -= BLAKE2B_BLOCKBYTES;
+		}
+	}
+	memcpy(state->buf + state->buflen, in, inlen);
+	state->buflen += inlen;
 
-	blake2b_update(state, data, length);
 	return 0;
 }
 
@@ -252,7 +246,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -266,7 +260,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -280,7 +274,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -294,7 +288,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}
-- 
2.23.0

[PATCH v2 7/7] crypto: blake2b: rename tfm context and _setkey callback

[David Sterba]

The TFM context can be renamed to a more appropriate name and the local
varaibles as well, using 'tctx' which seems to be more common than
'mctx'.

The _setkey callback was the last one without the blake2b_ prefix,
rename that too.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 2c756a7dcc21..d04b1788dc42 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -137,30 +137,30 @@ static void blake2b_compress(struct blake2b_state *S,
 #undef G
 #undef ROUND
 
-struct digest_tfm_ctx {
+struct blake2b_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
 };
 
-static int digest_setkey(struct crypto_shash *tfm, const u8 *key,
-			 unsigned int keylen)
+static int blake2b_setkey(struct crypto_shash *tfm, const u8 *key,
+			  unsigned int keylen)
 {
-	struct digest_tfm_ctx *mctx = crypto_shash_ctx(tfm);
+	struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm);
 
 	if (keylen == 0 || keylen > BLAKE2B_KEYBYTES) {
 		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
 		return -EINVAL;
 	}
 
-	memcpy(mctx->key, key, keylen);
-	mctx->keylen = keylen;
+	memcpy(tctx->key, key, keylen);
+	tctx->keylen = keylen;
 
 	return 0;
 }
 
 static int blake2b_init(struct shash_desc *desc)
 {
-	struct digest_tfm_ctx *mctx = crypto_shash_ctx(desc->tfm);
+	struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
 
@@ -168,14 +168,14 @@ static int blake2b_init(struct shash_desc *desc)
 	memcpy(state->h, blake2b_IV, sizeof(state->h));
 
 	/* Parameter block is all zeros except index 0, no xor for 1..7 */
-	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
+	state->h[0] ^= 0x01010000 | tctx->keylen << 8 | digestsize;
 
-	if (mctx->keylen) {
+	if (tctx->keylen) {
 		/*
 		 * Prefill the buffer with the key, next call to _update or
 		 * _final will process it
 		 */
-		memcpy(state->buf, mctx->key, mctx->keylen);
+		memcpy(state->buf, tctx->key, tctx->keylen);
 		state->buflen = BLAKE2B_BLOCKBYTES;
 	}
 	return 0;
@@ -241,10 +241,10 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
-		.setkey			= digest_setkey,
+		.setkey			= blake2b_setkey,
 		.init			= blake2b_init,
 		.update			= blake2b_update,
 		.final			= blake2b_final,
@@ -255,10 +255,10 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
-		.setkey			= digest_setkey,
+		.setkey			= blake2b_setkey,
 		.init			= blake2b_init,
 		.update			= blake2b_update,
 		.final			= blake2b_final,
@@ -269,10 +269,10 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
-		.setkey			= digest_setkey,
+		.setkey			= blake2b_setkey,
 		.init			= blake2b_init,
 		.update			= blake2b_update,
 		.final			= blake2b_final,
@@ -283,10 +283,10 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
-		.setkey			= digest_setkey,
+		.setkey			= blake2b_setkey,
 		.init			= blake2b_init,
 		.update			= blake2b_update,
 		.final			= blake2b_final,
-- 
2.23.0

Re: [PATCH v2 0/7] BLAKE2b cleanups

[Eric Biggers]

On Tue, Nov 12, 2019 at 11:20:23AM +0100, David Sterba wrote:
> Hi,
> 
> the patchset implements cleanups suggested by Eric in
> https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/
> 
> The diff is almost the same, split into pieces with some additional
> comments where it would help understand the simplifications. This is
> based on v7 of the BLAKE2b patchset.
> 
> The self-tests have been run for each patch on x86_64.
> 
> V2:
> - rename digest_setkey to blake2b_setkey, this is in patch 7 that also
>   does a rename, to avoid a too-trivial separate patch
> - minor withespace fix in patch 6
> 
> David Sterba (7):
>   crypto: blake2b: merge _final implementation to callback
>   crypto: blake2b: merge blake2 init to api callback
>   crypto: blake2b: simplify key init
>   crypto: blake2b: delete unused structs or members
>   crypto: blake2b: open code set last block helper
>   crypto: blake2b: merge _update to api callback
>   crypto: blake2b: rename tfm context and _setkey callback
> 
>  crypto/blake2b_generic.c | 279 ++++++++++++---------------------------
>  1 file changed, 82 insertions(+), 197 deletions(-)

For the series:

Reviewed-by: Eric Biggers <ebiggers@kernel.org>

Re: [PATCH v2 0/7] BLAKE2b cleanups

[Herbert Xu]

David Sterba <dsterba@suse.com> wrote:
> Hi,
> 
> the patchset implements cleanups suggested by Eric in
> https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/
> 
> The diff is almost the same, split into pieces with some additional
> comments where it would help understand the simplifications. This is
> based on v7 of the BLAKE2b patchset.
> 
> The self-tests have been run for each patch on x86_64.
> 
> V2:
> - rename digest_setkey to blake2b_setkey, this is in patch 7 that also
>  does a rename, to avoid a too-trivial separate patch
> - minor withespace fix in patch 6
> 
> David Sterba (7):
>  crypto: blake2b: merge _final implementation to callback
>  crypto: blake2b: merge blake2 init to api callback
>  crypto: blake2b: simplify key init
>  crypto: blake2b: delete unused structs or members
>  crypto: blake2b: open code set last block helper
>  crypto: blake2b: merge _update to api callback
>  crypto: blake2b: rename tfm context and _setkey callback
> 
> crypto/blake2b_generic.c | 279 ++++++++++++---------------------------
> 1 file changed, 82 insertions(+), 197 deletions(-)

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt