From patchwork Fri Jan 19 12:04:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 125155 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp259613ljf; Fri, 19 Jan 2018 04:05:21 -0800 (PST) X-Google-Smtp-Source: ACJfBouw6rZZKjZsFmks9tVtK0/gZWPJBgzkfXyZDnm1tgJbxH3cvvqDh5iZTR7brFdJi7kHODIb X-Received: by 10.101.102.73 with SMTP id z9mr17885204pgv.448.1516363521533; Fri, 19 Jan 2018 04:05:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516363521; cv=none; d=google.com; s=arc-20160816; b=M7jj8C3xAzpJ6IU0fNdvSvMTrxJ3Woy5/h6SyfVz55XBUoCsFTj5k9TUq6fv1FKCVP XEreNQiRVs38Zp2MWGJ6SuTGyCzN/ZmsNC3phGi8GjmImzZkH3H8f9DGXsa0frnnvgnt 6KY3odE0sKCb+JXmiQtttLzjihBWrxw42yrrrEFJaebx6g2TzaL+McWnzI7QexrsBewW iAuuxtMnsbmNaZqYKZaKwXCSbB3SVVI4A46pleDzTiw0+5prXez83i/ZJ2tJMg5n8lbA Krvz6fY9/VtQUY77euQIiJLk8mt5jhC29PQtVROrqs8NJTv/dvgoQwCzgiC9hy98aSCN bgUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=S59umTzqZXKyUtxehCfjVNfPfyCT6mtzMHdb1F+scRg=; b=eTo9cXDMwzPMzttBF/C0S1zP7JZNEP8ufT7zgE+zWxYhiKaC1W4tqXaIz5pBFM9Lz/ cLUjt9VC8LfJpfq2PCbAM23ypXhCQQ+1hlqRDtYmIRcXyd2NrWsHb+ANhKJVQHkSaymM fgVBPR2Mhs4FAKrIZxhdP8Yt/Mc8Xi8k0Odfa8VaIXWHH+47jijJBu+0mZLdoJqMJZgn SPAMAjgIpgHGapLwRBhfTVWghx4RjJGFdFJZjZvKjv72usS0ctt6aGr/cZHa0Fr8+8Z+ VK84R2A/RMK23Fq+1yEPzTudRVvDbK0DKGN+ScyH9J5culVKpxyQsDF0ZvmOmt24OxJ5 s0Kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fHpkgEZk; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2si5314051pgq.384.2018.01.19.04.05.21; Fri, 19 Jan 2018 04:05:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fHpkgEZk; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754727AbeASMFU (ORCPT + 1 other); Fri, 19 Jan 2018 07:05:20 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:35917 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754232AbeASMFT (ORCPT ); Fri, 19 Jan 2018 07:05:19 -0500 Received: by mail-wm0-f66.google.com with SMTP id f3so3088780wmc.1 for ; Fri, 19 Jan 2018 04:05:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=S59umTzqZXKyUtxehCfjVNfPfyCT6mtzMHdb1F+scRg=; b=fHpkgEZkOardV3/1IDdisOuiAAnYsRGxILVHF7JzVMR+mHXD0eNXguBF+ckr/sqo/d cZ/71NC7iUt9zBvYy5ms1gqhSEUWTLoxSwHva1+DupWI0LE4H8vpKkRzu2YtpD/FdvU4 GfK6JvKIYhk1jgAW0+UMvhlG0qdhJoTxvRAs0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=S59umTzqZXKyUtxehCfjVNfPfyCT6mtzMHdb1F+scRg=; b=HucG2EpWRIyXqTTdvom4getAke/LxnnZyE5BqEGlwBmCvevg7GWa9KfVEM1g5wRbcI 5FMhTyHKFf6JpgCMb4ZDT8sZnt9cUAs+YWTBat3ScHFPM1qGY3fIP45tFcniyp5S0RI6 41dEBwJoEJy17ZB58VOo9DMWF3ulGjHJ2igBE+YTvOkVtjupRRmSWWPCXjZYnSkYxQRy p6w0/IeTMKj9Sa9zKYyTGtqRucgcP7W5P7FL3mWUTRh3e4kKK77E/uDQ01cIYBiKBiWI OPQ3eJDQ5C4KKEbRNHHxHwLa9nzXj2uyCGaVRS2kNn/FN/UHYNss5ZipPEnD3LKRF1w3 XI3g== X-Gm-Message-State: AKwxytczSi9Fl3fzGtglmnYEU2fqk2LvQBdpNQGuegwaD72Yy2/IYaAb QIauQVWawTHACMf3MQpEYRibnbGzkVI= X-Received: by 10.28.143.204 with SMTP id r195mr7044917wmd.22.1516363518317; Fri, 19 Jan 2018 04:05:18 -0800 (PST) Received: from localhost.localdomain ([160.170.62.40]) by smtp.gmail.com with ESMTPSA id 127sm1039149wmk.14.2018.01.19.04.05.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jan 2018 04:05:17 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, herbert@gondor.apana.org.au, Ard Biesheuvel Subject: [PATCH 3/8] crypto/generic: sha3 - simplify code Date: Fri, 19 Jan 2018 12:04:35 +0000 Message-Id: <20180119120440.31556-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180119120440.31556-1-ard.biesheuvel@linaro.org> References: <20180119120440.31556-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In preparation of exposing the generic SHA3 implementation to other versions as a fallback, simplify the code, and remove an inconsistency in the output handling (endian swabbing rsizw words of state before writing the output does not make sense) Signed-off-by: Ard Biesheuvel --- crypto/sha3_generic.c | 184 +++++++------------- include/crypto/sha3.h | 1 - 2 files changed, 59 insertions(+), 126 deletions(-) -- 2.11.0 diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index 5fecb609e3be..c7084a24eaf9 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #define KECCAK_ROUNDS 24 @@ -146,43 +145,16 @@ static void __attribute__((__optimize__("O3"))) keccakf(u64 st[25]) } } -static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz) -{ - memset(sctx, 0, sizeof(*sctx)); - sctx->md_len = digest_sz; - sctx->rsiz = 200 - 2 * digest_sz; - sctx->rsizw = sctx->rsiz / 8; -} - -static int sha3_224_init(struct shash_desc *desc) +static int sha3_init(struct shash_desc *desc) { struct sha3_state *sctx = shash_desc_ctx(desc); + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); - sha3_init(sctx, SHA3_224_DIGEST_SIZE); - return 0; -} - -static int sha3_256_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); - - sha3_init(sctx, SHA3_256_DIGEST_SIZE); - return 0; -} - -static int sha3_384_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); - - sha3_init(sctx, SHA3_384_DIGEST_SIZE); - return 0; -} - -static int sha3_512_init(struct shash_desc *desc) -{ - struct sha3_state *sctx = shash_desc_ctx(desc); + sctx->rsiz = 200 - 2 * digest_size; + sctx->rsizw = sctx->rsiz / 8; + sctx->partial = 0; - sha3_init(sctx, SHA3_512_DIGEST_SIZE); + memset(sctx->st, 0, sizeof(sctx->st)); return 0; } @@ -227,6 +199,8 @@ static int sha3_final(struct shash_desc *desc, u8 *out) { struct sha3_state *sctx = shash_desc_ctx(desc); unsigned int i, inlen = sctx->partial; + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); + __le64 *digest = (__le64 *)out; sctx->buf[inlen++] = 0x06; memset(sctx->buf + inlen, 0, sctx->rsiz - inlen); @@ -237,110 +211,70 @@ static int sha3_final(struct shash_desc *desc, u8 *out) keccakf(sctx->st); - for (i = 0; i < sctx->rsizw; i++) - sctx->st[i] = cpu_to_le64(sctx->st[i]); + for (i = 0; i < digest_size / 8; i++) + put_unaligned_le64(sctx->st[i], digest++); - memcpy(out, sctx->st, sctx->md_len); + if (digest_size & 4) + put_unaligned_le32(sctx->st[i], (__le32 *)digest); memset(sctx, 0, sizeof(*sctx)); return 0; } -static struct shash_alg sha3_224 = { - .digestsize = SHA3_224_DIGEST_SIZE, - .init = sha3_224_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-224", - .cra_driver_name = "sha3-224-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_224_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_256 = { - .digestsize = SHA3_256_DIGEST_SIZE, - .init = sha3_256_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-256", - .cra_driver_name = "sha3-256-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_256_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_384 = { - .digestsize = SHA3_384_DIGEST_SIZE, - .init = sha3_384_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-384", - .cra_driver_name = "sha3-384-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_384_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; - -static struct shash_alg sha3_512 = { - .digestsize = SHA3_512_DIGEST_SIZE, - .init = sha3_512_init, - .update = sha3_update, - .final = sha3_final, - .descsize = sizeof(struct sha3_state), - .base = { - .cra_name = "sha3-512", - .cra_driver_name = "sha3-512-generic", - .cra_flags = CRYPTO_ALG_TYPE_SHASH, - .cra_blocksize = SHA3_512_BLOCK_SIZE, - .cra_module = THIS_MODULE, - } -}; +static struct shash_alg algs[] = { { + .digestsize = SHA3_224_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-224", + .base.cra_driver_name = "sha3-224-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_224_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_256_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-256", + .base.cra_driver_name = "sha3-256-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_256_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_384_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-384", + .base.cra_driver_name = "sha3-384-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_384_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHA3_512_DIGEST_SIZE, + .init = sha3_init, + .update = sha3_update, + .final = sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-512", + .base.cra_driver_name = "sha3-512-generic", + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, + .base.cra_blocksize = SHA3_512_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +} }; static int __init sha3_generic_mod_init(void) { - int ret; - - ret = crypto_register_shash(&sha3_224); - if (ret < 0) - goto err_out; - ret = crypto_register_shash(&sha3_256); - if (ret < 0) - goto err_out_224; - ret = crypto_register_shash(&sha3_384); - if (ret < 0) - goto err_out_256; - ret = crypto_register_shash(&sha3_512); - if (ret < 0) - goto err_out_384; - - return 0; - -err_out_384: - crypto_unregister_shash(&sha3_384); -err_out_256: - crypto_unregister_shash(&sha3_256); -err_out_224: - crypto_unregister_shash(&sha3_224); -err_out: - return ret; + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); } static void __exit sha3_generic_mod_fini(void) { - crypto_unregister_shash(&sha3_224); - crypto_unregister_shash(&sha3_256); - crypto_unregister_shash(&sha3_384); - crypto_unregister_shash(&sha3_512); + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); } module_init(sha3_generic_mod_init); diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h index b9d9bd553b48..1339dcdbc9b2 100644 --- a/include/crypto/sha3.h +++ b/include/crypto/sha3.h @@ -19,7 +19,6 @@ struct sha3_state { u64 st[25]; - unsigned int md_len; unsigned int rsiz; unsigned int rsizw;