crypto: x86/sha256_ssse3 - move SHA-224/256 SSSE3 implementation to base layer

This removes all the boilerplate from the existing implementation, and replaces it with calls into the base layer. It also changes the prototypes of the core asm functions to be compatible with the base prototype void (sha256_block_fn)(struct sha256_state *sst, u8 const *src, int blocks) so that they can be passed to the base layer directly. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2015-04-09 06:55:47 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2015-04-10 09:39:47 -0400
commit: 1631030ae63aef0a54fe08813e0f4e26c8ef9c78 (patch)
tree: a9e22caf66a683421a953e8300e40af72ace424f
parent: 824b43763c562ee2feec16bb4017785528f3b54c (diff)
4 files changed, 50 insertions, 173 deletions
diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S
index 642f15687a0a..92b3b5d75ba9 100644
--- a/arch/x86/crypto/sha256-avx-asm.S
+++ b/arch/x86/crypto/sha256-avx-asm.S
@@ -96,10 +96,10 @@ SHUF_DC00 = %xmm12      # shuffle xDxC -> DC00
 BYTE_FLIP_MASK = %xmm13
 NUM_BLKS = %rdx   # 3rd arg
-CTX = %rsi        # 2nd arg
+INP = %rsi        # 2nd arg
-INP = %rdi        # 1st arg
+CTX = %rdi        # 1st arg
-SRND = %rdi       # clobbers INP
+SRND = %rsi       # clobbers INP
 c = %ecx
 d = %r8d
 e = %edx
@@ -342,8 +342,8 @@ a = TMP_
 ########################################################################
 ## void sha256_transform_avx(void *input_data, UINT32 digest[8], UINT64 num_blks)
-## arg 1 : pointer to input data
+## arg 1 : pointer to digest
-## arg 2 : pointer to digest
+## arg 2 : pointer to input data
 ## arg 3 : Num blocks
 ########################################################################
 .text
diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S
index 9e86944c539d..570ec5ec62d7 100644
--- a/arch/x86/crypto/sha256-avx2-asm.S
+++ b/arch/x86/crypto/sha256-avx2-asm.S
@@ -91,12 +91,12 @@ BYTE_FLIP_MASK = %ymm13
 X_BYTE_FLIP_MASK = %xmm13 # XMM version of BYTE_FLIP_MASK
 NUM_BLKS = %rdx # 3rd arg
-CTX     = %rsi  # 2nd arg
+INP     = %rsi  # 2nd arg
-INP     = %rdi  # 1st arg
+CTX     = %rdi  # 1st arg
 c       = %ecx
 d       = %r8d
 e       = %edx  # clobbers NUM_BLKS
-y3      = %edi  # clobbers INP
+y3      = %esi  # clobbers INP
 TBL     = %rbp
@@ -523,8 +523,8 @@ STACK_SIZE	= _RSP      + _RSP_SIZE
 ########################################################################
 ## void sha256_transform_rorx(void *input_data, UINT32 digest[8], UINT64 num_blks)
-## arg 1 : pointer to input data
+## arg 1 : pointer to digest
-## arg 2 : pointer to digest
+## arg 2 : pointer to input data
 ## arg 3 : Num blocks
 ########################################################################
 .text
diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S
index f833b74d902b..2cedc44e8121 100644
--- a/arch/x86/crypto/sha256-ssse3-asm.S
+++ b/arch/x86/crypto/sha256-ssse3-asm.S
@@ -88,10 +88,10 @@ SHUF_DC00 = %xmm11      # shuffle xDxC -> DC00
 BYTE_FLIP_MASK = %xmm12
 NUM_BLKS = %rdx   # 3rd arg
-CTX = %rsi        # 2nd arg
+INP = %rsi        # 2nd arg
-INP = %rdi        # 1st arg
+CTX = %rdi        # 1st arg
-SRND = %rdi       # clobbers INP
+SRND = %rsi       # clobbers INP
 c = %ecx
 d = %r8d
 e = %edx
@@ -348,8 +348,8 @@ a = TMP_
 ########################################################################
 ## void sha256_transform_ssse3(void *input_data, UINT32 digest[8], UINT64 num_blks)
-## arg 1 : pointer to input data
+## arg 1 : pointer to digest
-## arg 2 : pointer to digest
+## arg 2 : pointer to input data
 ## arg 3 : Num blocks
 ########################################################################
 .text
diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c
index 8fad72f4dfd2..ccc338881ee8 100644
--- a/arch/x86/crypto/sha256_ssse3_glue.c
+++ b/arch/x86/crypto/sha256_ssse3_glue.c
@@ -36,195 +36,74 @@
 #include <linux/cryptohash.h>
 #include <linux/types.h>
 #include <crypto/sha.h>
-#include <asm/byteorder.h>
+#include <crypto/sha256_base.h>
 #include <asm/i387.h>
 #include <asm/xcr.h>
 #include <asm/xsave.h>
 #include <linux/string.h>
-asmlinkage void sha256_transform_ssse3(const char *data, u32 *digest,
+asmlinkage void sha256_transform_ssse3(u32 *digest, const char *data,
-                                     u64 rounds);
+                                       u64 rounds);
 #ifdef CONFIG_AS_AVX
-asmlinkage void sha256_transform_avx(const char *data, u32 *digest,
+asmlinkage void sha256_transform_avx(u32 *digest, const char *data,
                                     u64 rounds);
 #endif
 #ifdef CONFIG_AS_AVX2
-asmlinkage void sha256_transform_rorx(const char *data, u32 *digest,
+asmlinkage void sha256_transform_rorx(u32 *digest, const char *data,
-                                     u64 rounds);
+                                      u64 rounds);
 #endif
-static asmlinkage void (*sha256_transform_asm)(const char *, u32 *, u64);
+static void (*sha256_transform_asm)(u32 *, const char *, u64);
-static int sha256_ssse3_init(struct shash_desc *desc)
-{
-        struct sha256_state *sctx = shash_desc_ctx(desc);
-        sctx->state[0] = SHA256_H0;
-        sctx->state[1] = SHA256_H1;
-        sctx->state[2] = SHA256_H2;
-        sctx->state[3] = SHA256_H3;
-        sctx->state[4] = SHA256_H4;
-        sctx->state[5] = SHA256_H5;
-        sctx->state[6] = SHA256_H6;
-        sctx->state[7] = SHA256_H7;
-        sctx->count = 0;
-        return 0;
-}
-static int __sha256_ssse3_update(struct shash_desc *desc, const u8 *data,
-                               unsigned int len, unsigned int partial)
-{
-        struct sha256_state *sctx = shash_desc_ctx(desc);
-        unsigned int done = 0;
-        sctx->count += len;
-        if (partial) {
-                done = SHA256_BLOCK_SIZE - partial;
-                memcpy(sctx->buf + partial, data, done);
-                sha256_transform_asm(sctx->buf, sctx->state, 1);
-        }
-        if (len - done >= SHA256_BLOCK_SIZE) {
-                const unsigned int rounds = (len - done) / SHA256_BLOCK_SIZE;
-                sha256_transform_asm(data + done, sctx->state, (u64) rounds);
-                done += rounds * SHA256_BLOCK_SIZE;
-        }
-        memcpy(sctx->buf, data + done, len - done);
-        return 0;
-}
 static int sha256_ssse3_update(struct shash_desc *desc, const u8 *data,
                             unsigned int len)
 {
        struct sha256_state *sctx = shash_desc_ctx(desc);
-        unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
-        int res;
-        /* Handle the fast case right here */
+        if (!irq_fpu_usable() ||
-        if (partial + len < SHA256_BLOCK_SIZE) {
+            (sctx->count % SHA256_BLOCK_SIZE) + len < SHA256_BLOCK_SIZE)
-                sctx->count += len;
+                return crypto_sha256_update(desc, data, len);
-                memcpy(sctx->buf + partial, data, len);
-                return 0;
+        /* make sure casting to sha256_block_fn() is safe */
-        }
+        BUILD_BUG_ON(offsetof(struct sha256_state, state) != 0);
-        if (!irq_fpu_usable()) {
-                res = crypto_sha256_update(desc, data, len);
-        } else {
-                kernel_fpu_begin();
-                res = __sha256_ssse3_update(desc, data, len, partial);
-                kernel_fpu_end();
-        }
-        return res;
-}
+        kernel_fpu_begin();
-/* Add padding and return the message digest. */
+        sha256_base_do_update(desc, data, len,
-static int sha256_ssse3_final(struct shash_desc *desc, u8 *out)
+                              (sha256_block_fn *)sha256_transform_asm);
-{
+        kernel_fpu_end();
-        struct sha256_state *sctx = shash_desc_ctx(desc);
-        unsigned int i, index, padlen;
-        __be32 *dst = (__be32 *)out;
-        __be64 bits;
-        static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };
-        bits = cpu_to_be64(sctx->count << 3);
-        /* Pad out to 56 mod 64 and append length */
-        index = sctx->count % SHA256_BLOCK_SIZE;
-        padlen = (index < 56) ? (56 - index) : ((SHA256_BLOCK_SIZE+56)-index);
-        if (!irq_fpu_usable()) {
-                crypto_sha256_update(desc, padding, padlen);
-                crypto_sha256_update(desc, (const u8 *)&bits, sizeof(bits));
-        } else {
-                kernel_fpu_begin();
-                /* We need to fill a whole block for __sha256_ssse3_update() */
-                if (padlen <= 56) {
-                        sctx->count += padlen;
-                        memcpy(sctx->buf + index, padding, padlen);
-                } else {
-                        __sha256_ssse3_update(desc, padding, padlen, index);
-                }
-                __sha256_ssse3_update(desc, (const u8 *)&bits,
-                                        sizeof(bits), 56);
-                kernel_fpu_end();
-        }
-        /* Store state in digest */
-        for (i = 0; i < 8; i++)
-                dst[i] = cpu_to_be32(sctx->state[i]);
-        /* Wipe context */
-        memset(sctx, 0, sizeof(*sctx));
        return 0;
 }
-static int sha256_ssse3_export(struct shash_desc *desc, void *out)
+static int sha256_ssse3_finup(struct shash_desc *desc, const u8 *data,
+                              unsigned int len, u8 *out)
 {
-        struct sha256_state *sctx = shash_desc_ctx(desc);
+        if (!irq_fpu_usable())
+                return crypto_sha256_finup(desc, data, len, out);
-        memcpy(out, sctx, sizeof(*sctx));
+        kernel_fpu_begin();
+        if (len)
+                sha256_base_do_update(desc, data, len,
+                                      (sha256_block_fn *)sha256_transform_asm);
+        sha256_base_do_finalize(desc, (sha256_block_fn *)sha256_transform_asm);
+        kernel_fpu_end();
-        return 0;
+        return sha256_base_finish(desc, out);
 }
-static int sha256_ssse3_import(struct shash_desc *desc, const void *in)
+/* Add padding and return the message digest. */
-{
+static int sha256_ssse3_final(struct shash_desc *desc, u8 *out)
-        struct sha256_state *sctx = shash_desc_ctx(desc);
-        memcpy(sctx, in, sizeof(*sctx));
-        return 0;
-}
-static int sha224_ssse3_init(struct shash_desc *desc)
-{
-        struct sha256_state *sctx = shash_desc_ctx(desc);
-        sctx->state[0] = SHA224_H0;
-        sctx->state[1] = SHA224_H1;
-        sctx->state[2] = SHA224_H2;
-        sctx->state[3] = SHA224_H3;
-        sctx->state[4] = SHA224_H4;
-        sctx->state[5] = SHA224_H5;
-        sctx->state[6] = SHA224_H6;
-        sctx->state[7] = SHA224_H7;
-        sctx->count = 0;
-        return 0;
-}
-static int sha224_ssse3_final(struct shash_desc *desc, u8 *hash)
 {
-        u8 D[SHA256_DIGEST_SIZE];
+        return sha256_ssse3_finup(desc, NULL, 0, out);
-        sha256_ssse3_final(desc, D);
-        memcpy(hash, D, SHA224_DIGEST_SIZE);
-        memzero_explicit(D, SHA256_DIGEST_SIZE);
-        return 0;
 }
 static struct shash_alg algs[] = { {
        .digestsize     =       SHA256_DIGEST_SIZE,
-        .init           =       sha256_ssse3_init,
+        .init           =       sha256_base_init,
        .update         =       sha256_ssse3_update,
        .final          =       sha256_ssse3_final,
-        .export         =       sha256_ssse3_export,
+        .finup          =       sha256_ssse3_finup,
-        .import         =       sha256_ssse3_import,
        .descsize       =       sizeof(struct sha256_state),
-        .statesize      =       sizeof(struct sha256_state),
        .base           =       {
                .cra_name       =       "sha256",
                .cra_driver_name =      "sha256-ssse3",
@@ -235,13 +114,11 @@ static struct shash_alg algs[] = { {
        }
 }, {
        .digestsize     =       SHA224_DIGEST_SIZE,
-        .init           =       sha224_ssse3_init,
+        .init           =       sha224_base_init,
        .update         =       sha256_ssse3_update,
-        .final          =       sha224_ssse3_final,
+        .final          =       sha256_ssse3_final,
-        .export         =       sha256_ssse3_export,
+        .finup          =       sha256_ssse3_finup,
-        .import         =       sha256_ssse3_import,
        .descsize       =       sizeof(struct sha256_state),
-        .statesize      =       sizeof(struct sha256_state),
        .base           =       {
                .cra_name       =       "sha224",
                .cra_driver_name =      "sha224-ssse3",
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2015-04-09 06:55:47 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2015-04-10 09:39:47 -0400
commit	1631030ae63aef0a54fe08813e0f4e26c8ef9c78 (patch)
tree	a9e22caf66a683421a953e8300e40af72ace424f
parent	824b43763c562ee2feec16bb4017785528f3b54c (diff)

diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S index 642f15687a0a..92b3b5d75ba9 100644 --- a/arch/x86/crypto/sha256-avx-asm.S +++ b/arch/x86/crypto/sha256-avx-asm.S
@@ -96,10 +96,10 @@ SHUF_DC00 = %xmm12 # shuffle xDxC -> DC00
96	BYTE_FLIP_MASK = %xmm13	96	BYTE_FLIP_MASK = %xmm13
97		97
98	NUM_BLKS = %rdx # 3rd arg	98	NUM_BLKS = %rdx # 3rd arg
99	CTX = %rsi # 2nd arg	99	INP = %rsi # 2nd arg
100	INP = %rdi # 1st arg	100	CTX = %rdi # 1st arg
101		101
102	SRND = %rdi # clobbers INP	102	SRND = %rsi # clobbers INP
103	c = %ecx	103	c = %ecx
104	d = %r8d	104	d = %r8d
105	e = %edx	105	e = %edx
@@ -342,8 +342,8 @@ a = TMP_
342		342
343	########################################################################	343	########################################################################
344	## void sha256_transform_avx(void *input_data, UINT32 digest[8], UINT64 num_blks)	344	## void sha256_transform_avx(void *input_data, UINT32 digest[8], UINT64 num_blks)
345	## arg 1 : pointer to input data	345	## arg 1 : pointer to digest
346	## arg 2 : pointer to digest	346	## arg 2 : pointer to input data
347	## arg 3 : Num blocks	347	## arg 3 : Num blocks
348	########################################################################	348	########################################################################
349	.text	349	.text


diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S index 9e86944c539d..570ec5ec62d7 100644 --- a/arch/x86/crypto/sha256-avx2-asm.S +++ b/arch/x86/crypto/sha256-avx2-asm.S
@@ -91,12 +91,12 @@ BYTE_FLIP_MASK = %ymm13
91	X_BYTE_FLIP_MASK = %xmm13 # XMM version of BYTE_FLIP_MASK	91	X_BYTE_FLIP_MASK = %xmm13 # XMM version of BYTE_FLIP_MASK
92		92
93	NUM_BLKS = %rdx # 3rd arg	93	NUM_BLKS = %rdx # 3rd arg
94	CTX = %rsi # 2nd arg	94	INP = %rsi # 2nd arg
95	INP = %rdi # 1st arg	95	CTX = %rdi # 1st arg
96	c = %ecx	96	c = %ecx
97	d = %r8d	97	d = %r8d
98	e = %edx # clobbers NUM_BLKS	98	e = %edx # clobbers NUM_BLKS
99	y3 = %edi # clobbers INP	99	y3 = %esi # clobbers INP
100		100
101		101
102	TBL = %rbp	102	TBL = %rbp
@@ -523,8 +523,8 @@ STACK_SIZE = _RSP + _RSP_SIZE
523		523
524	########################################################################	524	########################################################################
525	## void sha256_transform_rorx(void *input_data, UINT32 digest[8], UINT64 num_blks)	525	## void sha256_transform_rorx(void *input_data, UINT32 digest[8], UINT64 num_blks)
526	## arg 1 : pointer to input data	526	## arg 1 : pointer to digest
527	## arg 2 : pointer to digest	527	## arg 2 : pointer to input data
528	## arg 3 : Num blocks	528	## arg 3 : Num blocks
529	########################################################################	529	########################################################################
530	.text	530	.text


diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S index f833b74d902b..2cedc44e8121 100644 --- a/arch/x86/crypto/sha256-ssse3-asm.S +++ b/arch/x86/crypto/sha256-ssse3-asm.S
@@ -88,10 +88,10 @@ SHUF_DC00 = %xmm11 # shuffle xDxC -> DC00
88	BYTE_FLIP_MASK = %xmm12	88	BYTE_FLIP_MASK = %xmm12
89		89
90	NUM_BLKS = %rdx # 3rd arg	90	NUM_BLKS = %rdx # 3rd arg
91	CTX = %rsi # 2nd arg	91	INP = %rsi # 2nd arg
92	INP = %rdi # 1st arg	92	CTX = %rdi # 1st arg
93		93
94	SRND = %rdi # clobbers INP	94	SRND = %rsi # clobbers INP
95	c = %ecx	95	c = %ecx
96	d = %r8d	96	d = %r8d
97	e = %edx	97	e = %edx
@@ -348,8 +348,8 @@ a = TMP_
348		348
349	########################################################################	349	########################################################################
350	## void sha256_transform_ssse3(void *input_data, UINT32 digest[8], UINT64 num_blks)	350	## void sha256_transform_ssse3(void *input_data, UINT32 digest[8], UINT64 num_blks)
351	## arg 1 : pointer to input data	351	## arg 1 : pointer to digest
352	## arg 2 : pointer to digest	352	## arg 2 : pointer to input data
353	## arg 3 : Num blocks	353	## arg 3 : Num blocks
354	########################################################################	354	########################################################################
355	.text	355	.text


diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c index 8fad72f4dfd2..ccc338881ee8 100644 --- a/arch/x86/crypto/sha256_ssse3_glue.c +++ b/arch/x86/crypto/sha256_ssse3_glue.c
@@ -36,195 +36,74 @@
36	#include <linux/cryptohash.h>	36	#include <linux/cryptohash.h>
37	#include <linux/types.h>	37	#include <linux/types.h>
38	#include <crypto/sha.h>	38	#include <crypto/sha.h>
39	#include <asm/byteorder.h>	39	#include <crypto/sha256_base.h>
40	#include <asm/i387.h>	40	#include <asm/i387.h>
41	#include <asm/xcr.h>	41	#include <asm/xcr.h>
42	#include <asm/xsave.h>	42	#include <asm/xsave.h>
43	#include <linux/string.h>	43	#include <linux/string.h>
44		44
45	asmlinkage void sha256_transform_ssse3(const char data, u32 digest,	45	asmlinkage void sha256_transform_ssse3(u32 digest, const char data,
46	u64 rounds);	46	u64 rounds);
47	#ifdef CONFIG_AS_AVX	47	#ifdef CONFIG_AS_AVX
48	asmlinkage void sha256_transform_avx(const char data, u32 digest,	48	asmlinkage void sha256_transform_avx(u32 digest, const char data,
49	u64 rounds);	49	u64 rounds);
50	#endif	50	#endif
51	#ifdef CONFIG_AS_AVX2	51	#ifdef CONFIG_AS_AVX2
52	asmlinkage void sha256_transform_rorx(const char data, u32 digest,	52	asmlinkage void sha256_transform_rorx(u32 digest, const char data,
53	u64 rounds);	53	u64 rounds);
54	#endif	54	#endif
55		55
56	static asmlinkage void (sha256_transform_asm)(const char , u32 *, u64);	56	static void (sha256_transform_asm)(u32 , const char *, u64);
57
58
59	static int sha256_ssse3_init(struct shash_desc *desc)
60	{
61	struct sha256_state *sctx = shash_desc_ctx(desc);
62
63	sctx->state[0] = SHA256_H0;
64	sctx->state[1] = SHA256_H1;
65	sctx->state[2] = SHA256_H2;
66	sctx->state[3] = SHA256_H3;
67	sctx->state[4] = SHA256_H4;
68	sctx->state[5] = SHA256_H5;
69	sctx->state[6] = SHA256_H6;
70	sctx->state[7] = SHA256_H7;
71	sctx->count = 0;
72
73	return 0;
74	}
75
76	static int __sha256_ssse3_update(struct shash_desc desc, const u8 data,
77	unsigned int len, unsigned int partial)
78	{
79	struct sha256_state *sctx = shash_desc_ctx(desc);
80	unsigned int done = 0;
81
82	sctx->count += len;
83
84	if (partial) {
85	done = SHA256_BLOCK_SIZE - partial;
86	memcpy(sctx->buf + partial, data, done);
87	sha256_transform_asm(sctx->buf, sctx->state, 1);
88	}
89
90	if (len - done >= SHA256_BLOCK_SIZE) {
91	const unsigned int rounds = (len - done) / SHA256_BLOCK_SIZE;
92
93	sha256_transform_asm(data + done, sctx->state, (u64) rounds);
94
95	done += rounds * SHA256_BLOCK_SIZE;
96	}
97
98	memcpy(sctx->buf, data + done, len - done);
99
100	return 0;
101	}
102		57
103	static int sha256_ssse3_update(struct shash_desc desc, const u8 data,	58	static int sha256_ssse3_update(struct shash_desc desc, const u8 data,
104	unsigned int len)	59	unsigned int len)
105	{	60	{
106	struct sha256_state *sctx = shash_desc_ctx(desc);	61	struct sha256_state *sctx = shash_desc_ctx(desc);
107	unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
108	int res;
109		62
110	/* Handle the fast case right here */	63	if (!irq_fpu_usable() \|\|
111	if (partial + len < SHA256_BLOCK_SIZE) {	64	(sctx->count % SHA256_BLOCK_SIZE) + len < SHA256_BLOCK_SIZE)
112	sctx->count += len;	65	return crypto_sha256_update(desc, data, len);
113	memcpy(sctx->buf + partial, data, len);
114		66
115	return 0;	67	/* make sure casting to sha256_block_fn() is safe */
116	}	68	BUILD_BUG_ON(offsetof(struct sha256_state, state) != 0);
117
118	if (!irq_fpu_usable()) {
119	res = crypto_sha256_update(desc, data, len);
120	} else {
121	kernel_fpu_begin();
122	res = __sha256_ssse3_update(desc, data, len, partial);
123	kernel_fpu_end();
124	}
125
126	return res;
127	}
128		69
129		70	kernel_fpu_begin();
130	/* Add padding and return the message digest. */	71	sha256_base_do_update(desc, data, len,
131	static int sha256_ssse3_final(struct shash_desc desc, u8 out)	72	(sha256_block_fn *)sha256_transform_asm);
132	{	73	kernel_fpu_end();
133	struct sha256_state *sctx = shash_desc_ctx(desc);
134	unsigned int i, index, padlen;
135	__be32 dst = (__be32 )out;
136	__be64 bits;
137	static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };
138
139	bits = cpu_to_be64(sctx->count << 3);
140
141	/* Pad out to 56 mod 64 and append length */
142	index = sctx->count % SHA256_BLOCK_SIZE;
143	padlen = (index < 56) ? (56 - index) : ((SHA256_BLOCK_SIZE+56)-index);
144
145	if (!irq_fpu_usable()) {
146	crypto_sha256_update(desc, padding, padlen);
147	crypto_sha256_update(desc, (const u8 *)&bits, sizeof(bits));
148	} else {
149	kernel_fpu_begin();
150	/* We need to fill a whole block for __sha256_ssse3_update() */
151	if (padlen <= 56) {
152	sctx->count += padlen;
153	memcpy(sctx->buf + index, padding, padlen);
154	} else {
155	__sha256_ssse3_update(desc, padding, padlen, index);
156	}
157	__sha256_ssse3_update(desc, (const u8 *)&bits,
158	sizeof(bits), 56);
159	kernel_fpu_end();
160	}
161
162	/* Store state in digest */
163	for (i = 0; i < 8; i++)
164	dst[i] = cpu_to_be32(sctx->state[i]);
165
166	/* Wipe context */
167	memset(sctx, 0, sizeof(*sctx));
168		74
169	return 0;	75	return 0;
170	}	76	}
171		77
172	static int sha256_ssse3_export(struct shash_desc desc, void out)	78	static int sha256_ssse3_finup(struct shash_desc desc, const u8 data,
		79	unsigned int len, u8 *out)
173	{	80	{
174	struct sha256_state *sctx = shash_desc_ctx(desc);	81	if (!irq_fpu_usable())
		82	return crypto_sha256_finup(desc, data, len, out);
175		83
176	memcpy(out, sctx, sizeof(*sctx));	84	kernel_fpu_begin();
		85	if (len)
		86	sha256_base_do_update(desc, data, len,
		87	(sha256_block_fn *)sha256_transform_asm);
		88	sha256_base_do_finalize(desc, (sha256_block_fn *)sha256_transform_asm);
		89	kernel_fpu_end();
177		90
178	return 0;	91	return sha256_base_finish(desc, out);
179	}	92	}
180		93
181	static int sha256_ssse3_import(struct shash_desc desc, const void in)	94	/* Add padding and return the message digest. */
182	{	95	static int sha256_ssse3_final(struct shash_desc desc, u8 out)
183	struct sha256_state *sctx = shash_desc_ctx(desc);
184
185	memcpy(sctx, in, sizeof(*sctx));
186
187	return 0;
188	}
189
190	static int sha224_ssse3_init(struct shash_desc *desc)
191	{
192	struct sha256_state *sctx = shash_desc_ctx(desc);
193
194	sctx->state[0] = SHA224_H0;
195	sctx->state[1] = SHA224_H1;
196	sctx->state[2] = SHA224_H2;
197	sctx->state[3] = SHA224_H3;
198	sctx->state[4] = SHA224_H4;
199	sctx->state[5] = SHA224_H5;
200	sctx->state[6] = SHA224_H6;
201	sctx->state[7] = SHA224_H7;
202	sctx->count = 0;
203
204	return 0;
205	}
206
207	static int sha224_ssse3_final(struct shash_desc desc, u8 hash)
208	{	96	{
209	u8 D[SHA256_DIGEST_SIZE];	97	return sha256_ssse3_finup(desc, NULL, 0, out);
210
211	sha256_ssse3_final(desc, D);
212
213	memcpy(hash, D, SHA224_DIGEST_SIZE);
214	memzero_explicit(D, SHA256_DIGEST_SIZE);
215
216	return 0;
217	}	98	}
218		99
219	static struct shash_alg algs[] = { {	100	static struct shash_alg algs[] = { {
220	.digestsize = SHA256_DIGEST_SIZE,	101	.digestsize = SHA256_DIGEST_SIZE,
221	.init = sha256_ssse3_init,	102	.init = sha256_base_init,
222	.update = sha256_ssse3_update,	103	.update = sha256_ssse3_update,
223	.final = sha256_ssse3_final,	104	.final = sha256_ssse3_final,
224	.export = sha256_ssse3_export,	105	.finup = sha256_ssse3_finup,
225	.import = sha256_ssse3_import,
226	.descsize = sizeof(struct sha256_state),	106	.descsize = sizeof(struct sha256_state),
227	.statesize = sizeof(struct sha256_state),
228	.base = {	107	.base = {
229	.cra_name = "sha256",	108	.cra_name = "sha256",
230	.cra_driver_name = "sha256-ssse3",	109	.cra_driver_name = "sha256-ssse3",
@@ -235,13 +114,11 @@ static struct shash_alg algs[] = { {
235	}	114	}
236	}, {	115	}, {
237	.digestsize = SHA224_DIGEST_SIZE,	116	.digestsize = SHA224_DIGEST_SIZE,
238	.init = sha224_ssse3_init,	117	.init = sha224_base_init,
239	.update = sha256_ssse3_update,	118	.update = sha256_ssse3_update,
240	.final = sha224_ssse3_final,	119	.final = sha256_ssse3_final,
241	.export = sha256_ssse3_export,	120	.finup = sha256_ssse3_finup,
242	.import = sha256_ssse3_import,
243	.descsize = sizeof(struct sha256_state),	121	.descsize = sizeof(struct sha256_state),
244	.statesize = sizeof(struct sha256_state),
245	.base = {	122	.base = {
246	.cra_name = "sha224",	123	.cra_name = "sha224",
247	.cra_driver_name = "sha224-ssse3",	124	.cra_driver_name = "sha224-ssse3",