mirror of https://gitee.com/openkylin/linux.git
crypto: sha3 - Add SHA-3 hash algorithm
This patch adds the implementation of SHA3 algorithm in software and it's based on original implementation pushed in patch https://lwn.net/Articles/518415/ with additional changes to match the padding rules specified in SHA-3 specification. Signed-off-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
6999d504d4
commit
53964b9ee6
|
@ -750,6 +750,16 @@ config CRYPTO_SHA512_SPARC64
|
|||
SHA-512 secure hash standard (DFIPS 180-2) implemented
|
||||
using sparc64 crypto instructions, when available.
|
||||
|
||||
config CRYPTO_SHA3
|
||||
tristate "SHA3 digest algorithm"
|
||||
select CRYPTO_HASH
|
||||
help
|
||||
SHA-3 secure hash standard (DFIPS 202). It's based on
|
||||
cryptographic sponge function family called Keccak.
|
||||
|
||||
References:
|
||||
http://keccak.noekeon.org/
|
||||
|
||||
config CRYPTO_TGR192
|
||||
tristate "Tiger digest algorithms"
|
||||
select CRYPTO_HASH
|
||||
|
|
|
@ -61,6 +61,7 @@ obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
|
|||
obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
|
||||
obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
|
||||
obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
|
||||
obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
|
||||
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
|
||||
obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
|
||||
obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
|
||||
|
|
|
@ -0,0 +1,300 @@
|
|||
/*
|
||||
* Cryptographic API.
|
||||
*
|
||||
* SHA-3, as specified in
|
||||
* http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
|
||||
*
|
||||
* SHA-3 code by Jeff Garzik <jeff@garzik.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the Free
|
||||
* Software Foundation; either version 2 of the License, or (at your option)•
|
||||
* any later version.
|
||||
*
|
||||
*/
|
||||
#include <crypto/internal/hash.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/types.h>
|
||||
#include <crypto/sha3.h>
|
||||
#include <asm/byteorder.h>
|
||||
|
||||
#define KECCAK_ROUNDS 24
|
||||
|
||||
#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
|
||||
|
||||
static const u64 keccakf_rndc[24] = {
|
||||
0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
|
||||
0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
|
||||
0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
|
||||
0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
|
||||
0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
|
||||
0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
|
||||
0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
|
||||
0x8000000000008080, 0x0000000080000001, 0x8000000080008008
|
||||
};
|
||||
|
||||
static const int keccakf_rotc[24] = {
|
||||
1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
|
||||
27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
|
||||
};
|
||||
|
||||
static const int keccakf_piln[24] = {
|
||||
10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
|
||||
15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
|
||||
};
|
||||
|
||||
/* update the state with given number of rounds */
|
||||
|
||||
static void keccakf(u64 st[25])
|
||||
{
|
||||
int i, j, round;
|
||||
u64 t, bc[5];
|
||||
|
||||
for (round = 0; round < KECCAK_ROUNDS; round++) {
|
||||
|
||||
/* Theta */
|
||||
for (i = 0; i < 5; i++)
|
||||
bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
|
||||
^ st[i + 20];
|
||||
|
||||
for (i = 0; i < 5; i++) {
|
||||
t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
|
||||
for (j = 0; j < 25; j += 5)
|
||||
st[j + i] ^= t;
|
||||
}
|
||||
|
||||
/* Rho Pi */
|
||||
t = st[1];
|
||||
for (i = 0; i < 24; i++) {
|
||||
j = keccakf_piln[i];
|
||||
bc[0] = st[j];
|
||||
st[j] = ROTL64(t, keccakf_rotc[i]);
|
||||
t = bc[0];
|
||||
}
|
||||
|
||||
/* Chi */
|
||||
for (j = 0; j < 25; j += 5) {
|
||||
for (i = 0; i < 5; i++)
|
||||
bc[i] = st[j + i];
|
||||
for (i = 0; i < 5; i++)
|
||||
st[j + i] ^= (~bc[(i + 1) % 5]) &
|
||||
bc[(i + 2) % 5];
|
||||
}
|
||||
|
||||
/* Iota */
|
||||
st[0] ^= keccakf_rndc[round];
|
||||
}
|
||||
}
|
||||
|
||||
static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)
|
||||
{
|
||||
memset(sctx, 0, sizeof(*sctx));
|
||||
sctx->md_len = digest_sz;
|
||||
sctx->rsiz = 200 - 2 * digest_sz;
|
||||
sctx->rsizw = sctx->rsiz / 8;
|
||||
}
|
||||
|
||||
static int sha3_224_init(struct shash_desc *desc)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
|
||||
sha3_init(sctx, SHA3_224_DIGEST_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sha3_256_init(struct shash_desc *desc)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
|
||||
sha3_init(sctx, SHA3_256_DIGEST_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sha3_384_init(struct shash_desc *desc)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
|
||||
sha3_init(sctx, SHA3_384_DIGEST_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sha3_512_init(struct shash_desc *desc)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
|
||||
sha3_init(sctx, SHA3_512_DIGEST_SIZE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sha3_update(struct shash_desc *desc, const u8 *data,
|
||||
unsigned int len)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
unsigned int done;
|
||||
const u8 *src;
|
||||
|
||||
done = 0;
|
||||
src = data;
|
||||
|
||||
if ((sctx->partial + len) > (sctx->rsiz - 1)) {
|
||||
if (sctx->partial) {
|
||||
done = -sctx->partial;
|
||||
memcpy(sctx->buf + sctx->partial, data,
|
||||
done + sctx->rsiz);
|
||||
src = sctx->buf;
|
||||
}
|
||||
|
||||
do {
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < sctx->rsizw; i++)
|
||||
sctx->st[i] ^= ((u64 *) src)[i];
|
||||
keccakf(sctx->st);
|
||||
|
||||
done += sctx->rsiz;
|
||||
src = data + done;
|
||||
} while (done + (sctx->rsiz - 1) < len);
|
||||
|
||||
sctx->partial = 0;
|
||||
}
|
||||
memcpy(sctx->buf + sctx->partial, src, len - done);
|
||||
sctx->partial += (len - done);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sha3_final(struct shash_desc *desc, u8 *out)
|
||||
{
|
||||
struct sha3_state *sctx = shash_desc_ctx(desc);
|
||||
unsigned int i, inlen = sctx->partial;
|
||||
|
||||
sctx->buf[inlen++] = 0x06;
|
||||
memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
|
||||
sctx->buf[sctx->rsiz - 1] |= 0x80;
|
||||
|
||||
for (i = 0; i < sctx->rsizw; i++)
|
||||
sctx->st[i] ^= ((u64 *) sctx->buf)[i];
|
||||
|
||||
keccakf(sctx->st);
|
||||
|
||||
for (i = 0; i < sctx->rsizw; i++)
|
||||
sctx->st[i] = cpu_to_le64(sctx->st[i]);
|
||||
|
||||
memcpy(out, sctx->st, sctx->md_len);
|
||||
|
||||
memset(sctx, 0, sizeof(*sctx));
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct shash_alg sha3_224 = {
|
||||
.digestsize = SHA3_224_DIGEST_SIZE,
|
||||
.init = sha3_224_init,
|
||||
.update = sha3_update,
|
||||
.final = sha3_final,
|
||||
.descsize = sizeof(struct sha3_state),
|
||||
.base = {
|
||||
.cra_name = "sha3-224",
|
||||
.cra_driver_name = "sha3-224-generic",
|
||||
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
|
||||
.cra_blocksize = SHA3_224_BLOCK_SIZE,
|
||||
.cra_module = THIS_MODULE,
|
||||
}
|
||||
};
|
||||
|
||||
static struct shash_alg sha3_256 = {
|
||||
.digestsize = SHA3_256_DIGEST_SIZE,
|
||||
.init = sha3_256_init,
|
||||
.update = sha3_update,
|
||||
.final = sha3_final,
|
||||
.descsize = sizeof(struct sha3_state),
|
||||
.base = {
|
||||
.cra_name = "sha3-256",
|
||||
.cra_driver_name = "sha3-256-generic",
|
||||
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
|
||||
.cra_blocksize = SHA3_256_BLOCK_SIZE,
|
||||
.cra_module = THIS_MODULE,
|
||||
}
|
||||
};
|
||||
|
||||
static struct shash_alg sha3_384 = {
|
||||
.digestsize = SHA3_384_DIGEST_SIZE,
|
||||
.init = sha3_384_init,
|
||||
.update = sha3_update,
|
||||
.final = sha3_final,
|
||||
.descsize = sizeof(struct sha3_state),
|
||||
.base = {
|
||||
.cra_name = "sha3-384",
|
||||
.cra_driver_name = "sha3-384-generic",
|
||||
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
|
||||
.cra_blocksize = SHA3_384_BLOCK_SIZE,
|
||||
.cra_module = THIS_MODULE,
|
||||
}
|
||||
};
|
||||
|
||||
static struct shash_alg sha3_512 = {
|
||||
.digestsize = SHA3_512_DIGEST_SIZE,
|
||||
.init = sha3_512_init,
|
||||
.update = sha3_update,
|
||||
.final = sha3_final,
|
||||
.descsize = sizeof(struct sha3_state),
|
||||
.base = {
|
||||
.cra_name = "sha3-512",
|
||||
.cra_driver_name = "sha3-512-generic",
|
||||
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
|
||||
.cra_blocksize = SHA3_512_BLOCK_SIZE,
|
||||
.cra_module = THIS_MODULE,
|
||||
}
|
||||
};
|
||||
|
||||
static int __init sha3_generic_mod_init(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = crypto_register_shash(&sha3_224);
|
||||
if (ret < 0)
|
||||
goto err_out;
|
||||
ret = crypto_register_shash(&sha3_256);
|
||||
if (ret < 0)
|
||||
goto err_out_224;
|
||||
ret = crypto_register_shash(&sha3_384);
|
||||
if (ret < 0)
|
||||
goto err_out_256;
|
||||
ret = crypto_register_shash(&sha3_512);
|
||||
if (ret < 0)
|
||||
goto err_out_384;
|
||||
|
||||
return 0;
|
||||
|
||||
err_out_384:
|
||||
crypto_unregister_shash(&sha3_384);
|
||||
err_out_256:
|
||||
crypto_unregister_shash(&sha3_256);
|
||||
err_out_224:
|
||||
crypto_unregister_shash(&sha3_224);
|
||||
err_out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __exit sha3_generic_mod_fini(void)
|
||||
{
|
||||
crypto_unregister_shash(&sha3_224);
|
||||
crypto_unregister_shash(&sha3_256);
|
||||
crypto_unregister_shash(&sha3_384);
|
||||
crypto_unregister_shash(&sha3_512);
|
||||
}
|
||||
|
||||
module_init(sha3_generic_mod_init);
|
||||
module_exit(sha3_generic_mod_fini);
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
|
||||
|
||||
MODULE_ALIAS_CRYPTO("sha3-224");
|
||||
MODULE_ALIAS_CRYPTO("sha3-224-generic");
|
||||
MODULE_ALIAS_CRYPTO("sha3-256");
|
||||
MODULE_ALIAS_CRYPTO("sha3-256-generic");
|
||||
MODULE_ALIAS_CRYPTO("sha3-384");
|
||||
MODULE_ALIAS_CRYPTO("sha3-384-generic");
|
||||
MODULE_ALIAS_CRYPTO("sha3-512");
|
||||
MODULE_ALIAS_CRYPTO("sha3-512-generic");
|
|
@ -0,0 +1,29 @@
|
|||
/*
|
||||
* Common values for SHA-3 algorithms
|
||||
*/
|
||||
#ifndef __CRYPTO_SHA3_H__
|
||||
#define __CRYPTO_SHA3_H__
|
||||
|
||||
#define SHA3_224_DIGEST_SIZE (224 / 8)
|
||||
#define SHA3_224_BLOCK_SIZE (200 - 2 * SHA3_224_DIGEST_SIZE)
|
||||
|
||||
#define SHA3_256_DIGEST_SIZE (256 / 8)
|
||||
#define SHA3_256_BLOCK_SIZE (200 - 2 * SHA3_256_DIGEST_SIZE)
|
||||
|
||||
#define SHA3_384_DIGEST_SIZE (384 / 8)
|
||||
#define SHA3_384_BLOCK_SIZE (200 - 2 * SHA3_384_DIGEST_SIZE)
|
||||
|
||||
#define SHA3_512_DIGEST_SIZE (512 / 8)
|
||||
#define SHA3_512_BLOCK_SIZE (200 - 2 * SHA3_512_DIGEST_SIZE)
|
||||
|
||||
struct sha3_state {
|
||||
u64 st[25];
|
||||
unsigned int md_len;
|
||||
unsigned int rsiz;
|
||||
unsigned int rsizw;
|
||||
|
||||
unsigned int partial;
|
||||
u8 buf[SHA3_224_BLOCK_SIZE];
|
||||
};
|
||||
|
||||
#endif
|
Loading…
Reference in New Issue