From patchwork Fri Jan 12 13:15:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124342 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2049101qgn; Fri, 12 Jan 2018 05:15:45 -0800 (PST) X-Google-Smtp-Source: ACJfBovtw/NmId0tqVFKjuwabxK4/RdAPw4iuxQcBVd4JwCVpS92SyHIrg6Zr6C03ftAIvwV+ojP X-Received: by 10.98.196.205 with SMTP id h74mr8112623pfk.129.1515762945574; Fri, 12 Jan 2018 05:15:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515762945; cv=none; d=google.com; s=arc-20160816; b=rKclDJpgC2I8T0t4pHlLwCDLsmxBH45qMBLhPgNkbIHhX+4zEAWLaqfa2l/+w9xAFb g6n7Mim7Y9/0xvC79xvnYfcYgUKSOslsR6X2wcEI+L8afp4T0qF0QZfT4OiNgx7hk0uF g7LJ1eMlKwgQvOeJq9DjZCfRL9FN6wyakTcormxoTa7lfxlOC4tv9diS/JgLJ4Gyg+74 uNAj6CYcBcz91Eg63XE6w7EgZVDQuXmpAplsg0A8sETh74yUhFkwyW7Spr0jljrgINUM pv9Tvtdb1lkvdaeIvOUgrI1kLz5JbMUEkcTA3fjXJyMhKIHd25DJi/jj4gaEbpWKPTlJ knZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=a6tIgO8BYsdPpUASXVSmwwzBeDxpn5RVgUXCAwVcn4c=; b=bhgBMh0+qT57I35oymulNrHhRmampVHqaHVykyo8AvvHInCfcWmI+fDCnkYcudhmVI lUafF93igDMDm44Z0/jKFKWLF02mcmjNaIJLMxqfxA/OkVjVp80Elu/L8pdBmQfFkbWc AOAqGF6v2D9JYiBHYkzUU9uDLv20wLRFtSfo6O+mFy4lJVC7rlgCmILXOh7apmKcNkJD tY1y8GBcKbbxd390kIZ7o2wX9nJckdEdoqCTfOQJnEt++n3gA8DvqQOgH1mvcwVzFQts tvUovrfYuQEYQbGXEXqSeUpc/HtnCUWamz0XzUqgnUwY2Xv0yGMTwQZteWGVfX9UU4TR P5xA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MeTA1z8s; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c29si3834030pgn.727.2018.01.12.05.15.45; Fri, 12 Jan 2018 05:15:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MeTA1z8s; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933357AbeALNPn (ORCPT + 1 other); Fri, 12 Jan 2018 08:15:43 -0500 Received: from mail-wr0-f196.google.com ([209.85.128.196]:46706 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933581AbeALNPl (ORCPT ); Fri, 12 Jan 2018 08:15:41 -0500 Received: by mail-wr0-f196.google.com with SMTP id g21so5245515wrb.13 for ; Fri, 12 Jan 2018 05:15:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=a6tIgO8BYsdPpUASXVSmwwzBeDxpn5RVgUXCAwVcn4c=; b=MeTA1z8sXpKLKCgpVjRkEoae+ieT/8R54djnWebfdbMCuiccJ+FJuG34eIuJOQfe/L wJ7mFObvq3K1j97Zv/2Z+qVDQeEzl1iVvBy106QL61hyRglN5ZPaVhmYBnVhGjuF70ud MM0o4UBjIq9Cz1EpoEhNUt6UkSc71RuudybQE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=a6tIgO8BYsdPpUASXVSmwwzBeDxpn5RVgUXCAwVcn4c=; b=ZgpbsNWVe1Pzl4hhFPU/leXz1qRwKulV4MUqq32DtOlNYplosIuYJ/jg4jII34fwfV rL9Sl+UDbkjJ4NXcJ3aUaHmp0ms9TFA/wGBIY41xuT517JQPSzv1kx8rhMl4bi7Ltu8h PkOJ6Lr1Du6+APrhtN+gZ9lbXur84zitiGpm4nwFD9ZbR8CYNpDDNhNXwxqhqwiyJUny MlR6o3nMeVzFl8irUhwbrNlVc+NHEbzAc4YkpJ0J4U6kKMa4ko4B9jwQDlqres01u0VR vlIxdikeerSiN5ZB9DOIokJVwZ8t+YlnUsz5PrKq/57KZ4EENTE3Y9jNOz/pl0UWRhMJ +fzA== X-Gm-Message-State: AKwxytfgx9aPalx5AZ5ohWWtEmemxgeTye29EJnPdnKZC6WvV4/kLUJ4 0MR49StsrfIiTsr1V0LXX/5Rwg== X-Received: by 10.223.176.233 with SMTP id j38mr10806243wra.252.1515762940491; Fri, 12 Jan 2018 05:15:40 -0800 (PST) Received: from localhost.localdomain ([105.141.218.128]) by smtp.gmail.com with ESMTPSA id o98sm16081395wrb.19.2018.01.12.05.15.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jan 2018 05:15:39 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, steve.capper@linaro.org, jgarzik@redhat.com, Ard Biesheuvel Subject: [PATCH 2/5] crypto/generic: sha3 - simplify code Date: Fri, 12 Jan 2018 13:15:19 +0000 Message-Id: <20180112131522.25663-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180112131522.25663-1-ard.biesheuvel@linaro.org> References: <20180112131522.25663-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In preparation of exposing the generic SHA3 implementation to other versions as a fallback, simplify the code, and remove an inconsistency in the output handling (endian swabbing rsizw words of state before writing the output does not make sense) Signed-off-by: Ard Biesheuvel --- crypto/sha3_generic.c | 184 +++++++------------- include/crypto/sha3.h | 1 - 2 files changed, 59 insertions(+), 126 deletions(-) -- 2.11.0 diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index a68be626017c..677247d429a1 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -17,7 +17,6 @@ #include #include #include -#include #include #define KECCAK_ROUNDS 24 @@ -88,43 +87,16 @@ static void keccakf(u64 st[25]) } } -static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz) -{ - memset(sctx, 0, sizeof(*sctx)); - sctx->md_len = digest_sz; - sctx->rsiz = 200 - 2 * digest_sz; - sctx->rsizw = sctx->rsiz / 8; -} - -static int sha3_224_init(struct shash_desc *desc) +static int sha3_init(struct shash_desc *desc) { struct sha3_state *sctx = shash_desc_ctx(desc); + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); - sha3_init(sctx, SHA3_224_DIGEST_SIZE); - return 0; -} - -static int sha3_256_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); - - sha3_init(sctx, SHA3_256_DIGEST_SIZE); - return 0; -} - -static int sha3_384_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); - - sha3_init(sctx, SHA3_384_DIGEST_SIZE); - return 0; -} - -static int sha3_512_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); + sctx->rsiz = 200 - 2 * digest_size; + sctx->rsizw = sctx->rsiz / 8; + sctx->partial = 0; - sha3_init(sctx, SHA3_512_DIGEST_SIZE); + memset(sctx->st, 0, sizeof(sctx->st)); return 0; } @@ -169,6 +141,8 @@ static int sha3_final(struct shash_desc *desc, u8 *out) { struct sha3_state *sctx = shash_desc_ctx(desc); unsigned int i, inlen = sctx->partial; + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); + __le64 *digest = (__le64 *)out; sctx->buf[inlen++] = 0x06; memset(sctx->buf + inlen, 0, sctx->rsiz - inlen); @@ -179,110 +153,70 @@ static int sha3_final(struct shash_desc *desc, u8 *out) keccakf(sctx->st); - for (i = 0; i < sctx->rsizw; i++) - sctx->st[i] = cpu_to_le64(sctx->st[i]); + for (i = 0; i < digest_size / 8; i++) + put_unaligned_le64(sctx->st[i], digest++); - memcpy(out, sctx->st, sctx->md_len); + if (digest_size & 4) + put_unaligned_le32(sctx->st[i], (__le32 *)digest); memset(sctx, 0, sizeof(*sctx)); return 0; } -static struct shash_alg sha3_224 = { - .digestsize = SHA3_224_DIGEST_SIZE, - .init = sha3_224_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-224", - .cra_driver_name = "sha3-224-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_224_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_256 = { - .digestsize = SHA3_256_DIGEST_SIZE, - .init = sha3_256_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-256", - .cra_driver_name = "sha3-256-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_256_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_384 = { - .digestsize = SHA3_384_DIGEST_SIZE, - .init = sha3_384_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-384", - .cra_driver_name = "sha3-384-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_384_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_512 = { - .digestsize = SHA3_512_DIGEST_SIZE, - .init = sha3_512_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-512", - .cra_driver_name = "sha3-512-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_512_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; +static struct shash_alg algs[] = { { + .digestsize = SHA3_224_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-224", + .base.cra_driver_name = "sha3-224-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_224_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_256_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-256", + .base.cra_driver_name = "sha3-256-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_256_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_384_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-384", + .base.cra_driver_name = "sha3-384-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_384_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_512_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-512", + .base.cra_driver_name = "sha3-512-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_512_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +} }; static int __init sha3_generic_mod_init(void) { - int ret; - - ret = crypto_register_shash(&sha3_224); - if (ret < 0) - goto err_out; - ret = crypto_register_shash(&sha3_256); - if (ret < 0) - goto err_out_224; - ret = crypto_register_shash(&sha3_384); - if (ret < 0) - goto err_out_256; - ret = crypto_register_shash(&sha3_512); - if (ret < 0) - goto err_out_384; - - return 0; - -err_out_384: - crypto_unregister_shash(&sha3_384); -err_out_256: - crypto_unregister_shash(&sha3_256); -err_out_224: - crypto_unregister_shash(&sha3_224); -err_out: - return ret; + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); } static void __exit sha3_generic_mod_fini(void) { - crypto_unregister_shash(&sha3_224); - crypto_unregister_shash(&sha3_256); - crypto_unregister_shash(&sha3_384); - crypto_unregister_shash(&sha3_512); + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); } module_init(sha3_generic_mod_init); diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h index b9d9bd553b48..1339dcdbc9b2 100644 --- a/include/crypto/sha3.h +++ b/include/crypto/sha3.h @@ -19,7 +19,6 @@ struct sha3_state { u64 st[25]; - unsigned int md_len; unsigned int rsiz; unsigned int rsizw;