Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/7] BLAKE2b cleanups
@ 2019-11-06 13:48 David Sterba
  2019-11-06 13:48 ` [PATCH 1/7] crypto: blake2b: merge _final implementation to callback David Sterba
                   ` (7 more replies)
  0 siblings, 8 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

Hi,

the patchset implements cleanups suggested by Eric in
https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/

The diff is the same, split into pieces with some additional comments
where it would help understand the simplifications. This is based on v7
of the BLAKE2b patchset.

The self-tests have been run for each patch on x86_64.

David Sterba (7):
  crypto: blake2b: merge _final implementation to callback
  crypto: blake2b: merge blake2 init to api callback
  crypto: blake2b: simplify key init
  crypto: blake2b: delete unused structs or members
  crypto: blake2b: open code set last block helper
  crypto: blake2b: merge _update to api callback
  crypto: blake2b: rename tfm context

 crypto/blake2b_generic.c | 267 +++++++++++----------------------------
 1 file changed, 76 insertions(+), 191 deletions(-)

-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 1/7] crypto: blake2b: merge _final implementation to callback
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 2/7] crypto: blake2b: merge blake2 init to api callback David Sterba
                   ` (6 subsequent siblings)
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

blake2b_final is called only once, merge it to the crypto API callback
and simplify. This avoids the temporary buffer and swaps the bytes of
internal buffer.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 42 ++++++++++++++++------------------------
 1 file changed, 17 insertions(+), 25 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 8dab65612a41..743905fabd65 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -276,25 +276,6 @@ static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inle
 	}
 }
 
-static void blake2b_final(struct blake2b_state *S, void *out, size_t outlen)
-{
-	u8 buffer[BLAKE2B_OUTBYTES] = {0};
-	size_t i;
-
-	blake2b_increment_counter(S, S->buflen);
-	blake2b_set_lastblock(S);
-	/* Padding */
-	memset(S->buf + S->buflen, 0, BLAKE2B_BLOCKBYTES - S->buflen);
-	blake2b_compress(S, S->buf);
-
-	/* Output full hash to temp buffer */
-	for (i = 0; i < 8; ++i)
-		put_unaligned_le64(S->h[i], buffer + sizeof(S->h[i]) * i);
-
-	memcpy(out, buffer, S->outlen);
-	memzero_explicit(buffer, sizeof(buffer));
-}
-
 struct digest_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
@@ -338,12 +319,23 @@ static int digest_update(struct shash_desc *desc, const u8 *data,
 	return 0;
 }
 
-static int digest_final(struct shash_desc *desc, u8 *out)
+static int blake2b_final(struct shash_desc *desc, u8 *out)
 {
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
+	size_t i;
+
+	blake2b_increment_counter(state, state->buflen);
+	blake2b_set_lastblock(state);
+	/* Padding */
+	memset(state->buf + state->buflen, 0, BLAKE2B_BLOCKBYTES - state->buflen);
+	blake2b_compress(state, state->buf);
+
+	/* Avoid temporary buffer and switch the internal output to LE order */
+	for (i = 0; i < ARRAY_SIZE(state->h); i++)
+		__cpu_to_le64s(&state->h[i]);
 
-	blake2b_final(state, out, digestsize);
+	memcpy(out, state->h, digestsize);
 	return 0;
 }
 
@@ -360,7 +352,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-256",
@@ -374,7 +366,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-384",
@@ -388,7 +380,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
 		.base.cra_name		= "blake2b-512",
@@ -402,7 +394,7 @@ static struct shash_alg blake2b_algs[] = {
 		.setkey			= digest_setkey,
 		.init			= digest_init,
 		.update			= digest_update,
-		.final			= digest_final,
+		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}
 };
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 2/7] crypto: blake2b: merge blake2 init to api callback
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
  2019-11-06 13:48 ` [PATCH 1/7] crypto: blake2b: merge _final implementation to callback David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 3/7] crypto: blake2b: simplify key init David Sterba
                   ` (5 subsequent siblings)
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

The call chain from blake2b_init can be simplified because the param
block is effectively zeros, besides the key.

- blake2b_init0 zeroes state and sets IV
- blake2b_init sets up param block with defaults (key and some 1s)
- init with key, write it to the input buffer and recalculate state

So the compact way is to zero out the state and initialize index 0 of
the state directly with the non-zero values and the key.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 103 ++++++++-------------------------------
 1 file changed, 19 insertions(+), 84 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 743905fabd65..d3da6113a96a 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -106,81 +106,6 @@ static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc)
 	S->t[1] += (S->t[0] < inc);
 }
 
-static void blake2b_init0(struct blake2b_state *S)
-{
-	size_t i;
-
-	memset(S, 0, sizeof(struct blake2b_state));
-
-	for (i = 0; i < 8; ++i)
-		S->h[i] = blake2b_IV[i];
-}
-
-/* init xors IV with input parameter block */
-static void blake2b_init_param(struct blake2b_state *S,
-			       const struct blake2b_param *P)
-{
-	const u8 *p = (const u8 *)(P);
-	size_t i;
-
-	blake2b_init0(S);
-
-	/* IV XOR ParamBlock */
-	for (i = 0; i < 8; ++i)
-		S->h[i] ^= get_unaligned_le64(p + sizeof(S->h[i]) * i);
-
-	S->outlen = P->digest_length;
-}
-
-static void blake2b_init(struct blake2b_state *S, size_t outlen)
-{
-	struct blake2b_param P;
-
-	P.digest_length = (u8)outlen;
-	P.key_length    = 0;
-	P.fanout        = 1;
-	P.depth         = 1;
-	P.leaf_length   = 0;
-	P.node_offset   = 0;
-	P.xof_length    = 0;
-	P.node_depth    = 0;
-	P.inner_length  = 0;
-	memset(P.reserved, 0, sizeof(P.reserved));
-	memset(P.salt,     0, sizeof(P.salt));
-	memset(P.personal, 0, sizeof(P.personal));
-	blake2b_init_param(S, &P);
-}
-
-static void blake2b_init_key(struct blake2b_state *S, size_t outlen,
-			     const void *key, size_t keylen)
-{
-	struct blake2b_param P;
-
-	P.digest_length = (u8)outlen;
-	P.key_length    = (u8)keylen;
-	P.fanout        = 1;
-	P.depth         = 1;
-	P.leaf_length   = 0;
-	P.node_offset   = 0;
-	P.xof_length    = 0;
-	P.node_depth    = 0;
-	P.inner_length  = 0;
-	memset(P.reserved, 0, sizeof(P.reserved));
-	memset(P.salt,     0, sizeof(P.salt));
-	memset(P.personal, 0, sizeof(P.personal));
-
-	blake2b_init_param(S, &P);
-
-	{
-		u8 block[BLAKE2B_BLOCKBYTES];
-
-		memset(block, 0, BLAKE2B_BLOCKBYTES);
-		memcpy(block, key, keylen);
-		blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
-		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
-	}
-}
-
 #define G(r,i,a,b,c,d)                                  \
 	do {                                            \
 		a = a + b + m[blake2b_sigma[r][2*i+0]]; \
@@ -297,16 +222,26 @@ static int digest_setkey(struct crypto_shash *tfm, const u8 *key,
 	return 0;
 }
 
-static int digest_init(struct shash_desc *desc)
+static int blake2b_init(struct shash_desc *desc)
 {
 	struct digest_tfm_ctx *mctx = crypto_shash_ctx(desc->tfm);
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
 
-	if (mctx->keylen == 0)
-		blake2b_init(state, digestsize);
-	else
-		blake2b_init_key(state, digestsize, mctx->key, mctx->keylen);
+	memset(state, 0, sizeof(*state));
+	memcpy(state->h, blake2b_IV, sizeof(state->h));
+
+	/* Parameter block is all zeros except index 0, no xor for 1..7 */
+	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
+
+	if (mctx->keylen) {
+		u8 block[BLAKE2B_BLOCKBYTES];
+
+		memset(block, 0, BLAKE2B_BLOCKBYTES);
+		memcpy(block, mctx->key, mctx->keylen);
+		blake2b_update(state, block, BLAKE2B_BLOCKBYTES);
+		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
+	}
 	return 0;
 }
 
@@ -350,7 +285,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -364,7 +299,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -378,7 +313,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
@@ -392,7 +327,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-		.init			= digest_init,
+		.init			= blake2b_init,
 		.update			= digest_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 3/7] crypto: blake2b: simplify key init
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
  2019-11-06 13:48 ` [PATCH 1/7] crypto: blake2b: merge _final implementation to callback David Sterba
  2019-11-06 13:48 ` [PATCH 2/7] crypto: blake2b: merge blake2 init to api callback David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 4/7] crypto: blake2b: delete unused structs or members David Sterba
                   ` (4 subsequent siblings)
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

The keyed init writes the key bytes to the input buffer and does an
update. We can do that in two ways: fill the buffer and update
immediatelly. This is what current blake2b_init_key does. Any other
following _update or _final will continue from the updated state.

The other way is to write the key and set the number of bytes to process
at the next _update or _final, lazy evaluation. Which leads to the the
simplified code in this patch.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index d3da6113a96a..fd0fbb076058 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -85,8 +85,6 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inlen);
-
 static void blake2b_set_lastnode(struct blake2b_state *S)
 {
 	S->f[1] = (u64)-1;
@@ -235,12 +233,12 @@ static int blake2b_init(struct shash_desc *desc)
 	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
 
 	if (mctx->keylen) {
-		u8 block[BLAKE2B_BLOCKBYTES];
-
-		memset(block, 0, BLAKE2B_BLOCKBYTES);
-		memcpy(block, mctx->key, mctx->keylen);
-		blake2b_update(state, block, BLAKE2B_BLOCKBYTES);
-		memzero_explicit(block, BLAKE2B_BLOCKBYTES);
+		/*
+		 * Prefill the buffer with the key, next call to _update or
+		 * _final will process it
+		 */
+		memcpy(state->buf, mctx->key, mctx->keylen);
+		state->buflen = BLAKE2B_BLOCKBYTES;
 	}
 	return 0;
 }
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 4/7] crypto: blake2b: delete unused structs or members
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
                   ` (2 preceding siblings ...)
  2019-11-06 13:48 ` [PATCH 3/7] crypto: blake2b: simplify key init David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 5/7] crypto: blake2b: open code set last block helper David Sterba
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

All the code for param block has been inlined, last_node and outlen from
the state are not used or have become redundant due to other code.
Remove it.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 30 ------------------------------
 1 file changed, 30 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index fd0fbb076058..442c639c9ad9 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -32,10 +32,7 @@
 
 enum blake2b_constant {
 	BLAKE2B_BLOCKBYTES    = 128,
-	BLAKE2B_OUTBYTES      = 64,
 	BLAKE2B_KEYBYTES      = 64,
-	BLAKE2B_SALTBYTES     = 16,
-	BLAKE2B_PERSONALBYTES = 16
 };
 
 struct blake2b_state {
@@ -44,25 +41,8 @@ struct blake2b_state {
 	u64      f[2];
 	u8       buf[BLAKE2B_BLOCKBYTES];
 	size_t   buflen;
-	size_t   outlen;
-	u8       last_node;
 };
 
-struct blake2b_param {
-	u8 digest_length;			/* 1 */
-	u8 key_length;				/* 2 */
-	u8 fanout;				/* 3 */
-	u8 depth;				/* 4 */
-	__le32 leaf_length;			/* 8 */
-	__le32 node_offset;			/* 12 */
-	__le32 xof_length;			/* 16 */
-	u8 node_depth;				/* 17 */
-	u8 inner_length;			/* 18 */
-	u8 reserved[14];			/* 32 */
-	u8 salt[BLAKE2B_SALTBYTES];		/* 48 */
-	u8 personal[BLAKE2B_PERSONALBYTES];	/* 64 */
-} __packed;
-
 static const u64 blake2b_IV[8] = {
 	0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
 	0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
@@ -85,16 +65,8 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_set_lastnode(struct blake2b_state *S)
-{
-	S->f[1] = (u64)-1;
-}
-
 static void blake2b_set_lastblock(struct blake2b_state *S)
 {
-	if (S->last_node)
-		blake2b_set_lastnode(S);
-
 	S->f[0] = (u64)-1;
 }
 
@@ -334,8 +306,6 @@ static struct shash_alg blake2b_algs[] = {
 
 static int __init blake2b_mod_init(void)
 {
-	BUILD_BUG_ON(sizeof(struct blake2b_param) != BLAKE2B_OUTBYTES);
-
 	return crypto_register_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs));
 }
 
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 5/7] crypto: blake2b: open code set last block helper
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
                   ` (3 preceding siblings ...)
  2019-11-06 13:48 ` [PATCH 4/7] crypto: blake2b: delete unused structs or members David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 6/7] crypto: blake2b: merge _update to api callback David Sterba
                   ` (2 subsequent siblings)
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

The helper is trival and called once, inlining makes things simpler.
There's a comment to tie it back to the idea behind the code.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 442c639c9ad9..463ac597ef04 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -65,11 +65,6 @@ static const u8 blake2b_sigma[12][16] = {
 	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
 };
 
-static void blake2b_set_lastblock(struct blake2b_state *S)
-{
-	S->f[0] = (u64)-1;
-}
-
 static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc)
 {
 	S->t[0] += inc;
@@ -231,7 +226,8 @@ static int blake2b_final(struct shash_desc *desc, u8 *out)
 	size_t i;
 
 	blake2b_increment_counter(state, state->buflen);
-	blake2b_set_lastblock(state);
+	/* Set last block */
+	state->f[0] = (u64)-1;
 	/* Padding */
 	memset(state->buf + state->buflen, 0, BLAKE2B_BLOCKBYTES - state->buflen);
 	blake2b_compress(state, state->buf);
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 6/7] crypto: blake2b: merge _update to api callback
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
                   ` (4 preceding siblings ...)
  2019-11-06 13:48 ` [PATCH 5/7] crypto: blake2b: open code set last block helper David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-06 13:48 ` [PATCH 7/7] crypto: blake2b: rename tfm context David Sterba
  2019-11-08  2:13 ` [PATCH 0/7] BLAKE2b cleanups Eric Biggers
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

Now that there's only one call to blake2b_update, we can merge it to the
callback and simplify. The empty input check is split and the rest of
code un-indented.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 66 ++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 36 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index 463ac597ef04..b05dfc2724e8 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -137,35 +137,6 @@ static void blake2b_compress(struct blake2b_state *S,
 #undef G
 #undef ROUND
 
-static void blake2b_update(struct blake2b_state *S, const void *pin, size_t inlen)
-{
-	const u8 *in = (const u8 *)pin;
-
-	if (inlen > 0) {
-		size_t left = S->buflen;
-		size_t fill = BLAKE2B_BLOCKBYTES - left;
-
-		if (inlen > fill) {
-			S->buflen = 0;
-			/* Fill buffer */
-			memcpy(S->buf + left, in, fill);
-			blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
-			/* Compress */
-			blake2b_compress(S, S->buf);
-			in += fill;
-			inlen -= fill;
-			while (inlen > BLAKE2B_BLOCKBYTES) {
-				blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
-				blake2b_compress(S, in);
-				in += BLAKE2B_BLOCKBYTES;
-				inlen -= BLAKE2B_BLOCKBYTES;
-			}
-		}
-		memcpy(S->buf + S->buflen, in, inlen);
-		S->buflen += inlen;
-	}
-}
-
 struct digest_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
@@ -210,12 +181,35 @@ static int blake2b_init(struct shash_desc *desc)
 	return 0;
 }
 
-static int digest_update(struct shash_desc *desc, const u8 *data,
-			 unsigned int length)
+static int blake2b_update(struct shash_desc *desc, const u8 *in,
+			 unsigned int inlen)
 {
 	struct blake2b_state *state = shash_desc_ctx(desc);
+	const size_t left = state->buflen;
+	const size_t fill = BLAKE2B_BLOCKBYTES - left;
+
+	if (!inlen)
+		return 0;
+
+	if (inlen > fill) {
+		state->buflen = 0;
+		/* Fill buffer */
+		memcpy(state->buf + left, in, fill);
+		blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES);
+		/* Compress */
+		blake2b_compress(state, state->buf);
+		in += fill;
+		inlen -= fill;
+		while (inlen > BLAKE2B_BLOCKBYTES) {
+			blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES);
+			blake2b_compress(state, in);
+			in += BLAKE2B_BLOCKBYTES;
+			inlen -= BLAKE2B_BLOCKBYTES;
+		}
+	}
+	memcpy(state->buf + state->buflen, in, inlen);
+	state->buflen += inlen;
 
-	blake2b_update(state, data, length);
 	return 0;
 }
 
@@ -252,7 +246,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -266,7 +260,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -280,7 +274,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}, {
@@ -294,7 +288,7 @@ static struct shash_alg blake2b_algs[] = {
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
 		.setkey			= digest_setkey,
 		.init			= blake2b_init,
-		.update			= digest_update,
+		.update			= blake2b_update,
 		.final			= blake2b_final,
 		.descsize		= sizeof(struct blake2b_state),
 	}
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 7/7] crypto: blake2b: rename tfm context
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
                   ` (5 preceding siblings ...)
  2019-11-06 13:48 ` [PATCH 6/7] crypto: blake2b: merge _update to api callback David Sterba
@ 2019-11-06 13:48 ` David Sterba
  2019-11-08  2:13 ` [PATCH 0/7] BLAKE2b cleanups Eric Biggers
  7 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-06 13:48 UTC (permalink / raw)
  To: linux-crypto; +Cc: ebiggers, David Sterba

The TFM context can be renamed to a more appropriate name and the local
varaibles as well, using 'tctx' which seems to be more common than
'mctx'.

Signed-off-by: David Sterba <dsterba@suse.com>
---
 crypto/blake2b_generic.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/crypto/blake2b_generic.c b/crypto/blake2b_generic.c
index b05dfc2724e8..38d49deceae6 100644
--- a/crypto/blake2b_generic.c
+++ b/crypto/blake2b_generic.c
@@ -137,7 +137,7 @@ static void blake2b_compress(struct blake2b_state *S,
 #undef G
 #undef ROUND
 
-struct digest_tfm_ctx {
+struct blake2b_tfm_ctx {
 	u8 key[BLAKE2B_KEYBYTES];
 	unsigned int keylen;
 };
@@ -145,22 +145,22 @@ struct digest_tfm_ctx {
 static int digest_setkey(struct crypto_shash *tfm, const u8 *key,
 			 unsigned int keylen)
 {
-	struct digest_tfm_ctx *mctx = crypto_shash_ctx(tfm);
+	struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm);
 
 	if (keylen == 0 || keylen > BLAKE2B_KEYBYTES) {
 		crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
 		return -EINVAL;
 	}
 
-	memcpy(mctx->key, key, keylen);
-	mctx->keylen = keylen;
+	memcpy(tctx->key, key, keylen);
+	tctx->keylen = keylen;
 
 	return 0;
 }
 
 static int blake2b_init(struct shash_desc *desc)
 {
-	struct digest_tfm_ctx *mctx = crypto_shash_ctx(desc->tfm);
+	struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
 	struct blake2b_state *state = shash_desc_ctx(desc);
 	const int digestsize = crypto_shash_digestsize(desc->tfm);
 
@@ -168,14 +168,14 @@ static int blake2b_init(struct shash_desc *desc)
 	memcpy(state->h, blake2b_IV, sizeof(state->h));
 
 	/* Parameter block is all zeros except index 0, no xor for 1..7 */
-	state->h[0] ^= 0x01010000 | mctx->keylen << 8 | digestsize;
+	state->h[0] ^= 0x01010000 | tctx->keylen << 8 | digestsize;
 
-	if (mctx->keylen) {
+	if (tctx->keylen) {
 		/*
 		 * Prefill the buffer with the key, next call to _update or
 		 * _final will process it
 		 */
-		memcpy(state->buf, mctx->key, mctx->keylen);
+		memcpy(state->buf, tctx->key, tctx->keylen);
 		state->buflen = BLAKE2B_BLOCKBYTES;
 	}
 	return 0;
@@ -241,7 +241,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_160_DIGEST_SIZE,
 		.setkey			= digest_setkey,
@@ -255,7 +255,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_256_DIGEST_SIZE,
 		.setkey			= digest_setkey,
@@ -269,7 +269,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_384_DIGEST_SIZE,
 		.setkey			= digest_setkey,
@@ -283,7 +283,7 @@ static struct shash_alg blake2b_algs[] = {
 		.base.cra_priority	= 100,
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,
 		.base.cra_blocksize	= BLAKE2B_BLOCKBYTES,
-		.base.cra_ctxsize	= sizeof(struct digest_tfm_ctx),
+		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx),
 		.base.cra_module	= THIS_MODULE,
 		.digestsize		= BLAKE2B_512_DIGEST_SIZE,
 		.setkey			= digest_setkey,
-- 
2.23.0


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH 0/7] BLAKE2b cleanups
  2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
                   ` (6 preceding siblings ...)
  2019-11-06 13:48 ` [PATCH 7/7] crypto: blake2b: rename tfm context David Sterba
@ 2019-11-08  2:13 ` Eric Biggers
  2019-11-09 23:05   ` David Sterba
  7 siblings, 1 reply; 10+ messages in thread
From: Eric Biggers @ 2019-11-08  2:13 UTC (permalink / raw)
  To: David Sterba; +Cc: linux-crypto

On Wed, Nov 06, 2019 at 02:48:24PM +0100, David Sterba wrote:
> Hi,
> 
> the patchset implements cleanups suggested by Eric in
> https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/
> 
> The diff is the same, split into pieces with some additional comments
> where it would help understand the simplifications. This is based on v7
> of the BLAKE2b patchset.
> 

Actually the diff isn't quite the same.  Your version looks fine though, except
that I think digest_setkey() should be renamed to blake2b_setkey().  Otherwise
it's inconsistent, since all the other digest_*() functions were renamed.

Thanks!

- Eric

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH 0/7] BLAKE2b cleanups
  2019-11-08  2:13 ` [PATCH 0/7] BLAKE2b cleanups Eric Biggers
@ 2019-11-09 23:05   ` David Sterba
  0 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2019-11-09 23:05 UTC (permalink / raw)
  To: David Sterba, linux-crypto

On Thu, Nov 07, 2019 at 06:13:29PM -0800, Eric Biggers wrote:
> On Wed, Nov 06, 2019 at 02:48:24PM +0100, David Sterba wrote:
> > the patchset implements cleanups suggested by Eric in
> > https://lore.kernel.org/linux-crypto/20191025051550.GA103313@sol.localdomain/
> > 
> > The diff is the same, split into pieces with some additional comments
> > where it would help understand the simplifications. This is based on v7
> > of the BLAKE2b patchset.
> 
> Actually the diff isn't quite the same.  Your version looks fine though, except
> that I think digest_setkey() should be renamed to blake2b_setkey().  Otherwise
> it's inconsistent, since all the other digest_*() functions were renamed.

Right, digest_* was a leftover from a working version. I'll send V2.
Thanks for the review.

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, back to index

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-06 13:48 [PATCH 0/7] BLAKE2b cleanups David Sterba
2019-11-06 13:48 ` [PATCH 1/7] crypto: blake2b: merge _final implementation to callback David Sterba
2019-11-06 13:48 ` [PATCH 2/7] crypto: blake2b: merge blake2 init to api callback David Sterba
2019-11-06 13:48 ` [PATCH 3/7] crypto: blake2b: simplify key init David Sterba
2019-11-06 13:48 ` [PATCH 4/7] crypto: blake2b: delete unused structs or members David Sterba
2019-11-06 13:48 ` [PATCH 5/7] crypto: blake2b: open code set last block helper David Sterba
2019-11-06 13:48 ` [PATCH 6/7] crypto: blake2b: merge _update to api callback David Sterba
2019-11-06 13:48 ` [PATCH 7/7] crypto: blake2b: rename tfm context David Sterba
2019-11-08  2:13 ` [PATCH 0/7] BLAKE2b cleanups Eric Biggers
2019-11-09 23:05   ` David Sterba

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git