On Sat, Dec 19, 2020 at 01:01:53AM +0100, Jason A. Donenfeld wrote:
> Hey Eric,
>
> The solution you've proposed at the end of your email is actually kind
> of similar to what we do with curve25519. Check out
> include/crypto/curve25519.h. The critical difference between that and
> the blake proposal is that it's in the header for curve25519, so the
> indirection disappears.
>
> Could we do that with headers for blake?
>
That doesn't look too similar, since most of include/crypto/curve25519.h is just
for the library API. curve25519_generate_secret() is shared, but it's only a
few lines of code and there's no function pointer argument.
Either way, it would be possible to add __blake2s_update() and __blake2s_final()
(taking a blake2s_compress_t argument) to include/crypto/internal/blake2s.h, and
make these used by (and inlined into) both the library and shash functions.
Note, that's mostly separate from the question of whether blake2s_helpers.ko
should exist, since that depends on whether we want the functions in it to get
inlined into every shash implementation or not. I don't really have a strong
preference. They did seem long enough to make them out-of-line; however,
indirect calls are bad too. If we go with inlining, then the shash helper
functions (crypto_blake2s_{setkey,init,update,final}()) would just be inline
functions in include/crypto/internal/blake2s.h too, similar to sha256_base.h,
and they would get compiled into both blake2s_generic.ko and blake2s-${arch}.ko.
- Eric
