The SHA-256 code within the Linux kernel’s cryptography subsystem is in the process of being refactoring so that it’s available via the crypto’s library API and also opening it up to support architecture-optimized implementations.
Eric Biggers of Google who has been responsible for many of the crypto performance optimizations in recent years to the kernel, especially for x86_64 processors and making use of modern ISA features, has been pursuing this SHA256 refactoring so it’s suitable for library use and opening the door to architecture-optimized versions.
Biggers explains in the new patch series posted by crypto maintainer Herbert Xu:
“Following the example of several other algorithms (e.g. CRC32, ChaCha, Poly1305, BLAKE2s), this series refactors the kernel’s existing architecture-optimized SHA-256 code to be available via the library API, instead of just via the crypto_shash API as it was before. It also reimplements the SHA-256 crypto_shash API on top of the library API.
This makes it possible to use the SHA-256 library in performance-critical cases. The new design is also much simpler, with a negative diffstat of over 1200 lines. Finally, this also fixes the longstanding issue where the arch-optimized SHA-256 was disabled by default, so people often forgot to enable it.
For now the SHA-256 library is well-covered by the crypto_shash self-tests, but I plan to add a test for the library directly later. I’ve fully tested this series on arm, arm64, riscv, and x86. On mips, powerpc, s390, and sparc I’ve only been able to partially test it, since QEMU does not support the SHA-256 instructions on those platforms. If anyone with access to a mips, powerpc, s390, or sparc system that has SHA-256 instructions can verify that the crypto self-tests still pass, that would be appreciated. But I don’t expect any issues, especially since the new code is more straightforward than the old code.”
A nice refactoring at +1165 lines of code and -2313 lines… All the while adding support for architecture-optimized implementations and adding it to the library API. The code is currently under review but will hopefully be ready for upstreaming in an upcoming kernel cycle.
