crypto: sha3 - Reimplement using library API

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Replace sha3_generic.c with a new file sha3.c which implements the SHA-3
crypto_shash algorithms on top of the SHA-3 library API.

Change the driver name suffix from "-generic" to "-lib" to reflect that
these algorithms now just use the (possibly arch-optimized) library.

This closely mirrors crypto/{md5,sha1,sha256,sha512,blake2b}.c.

Implement export_core and import_core, since crypto/hmac.c expects these
to be present. (Note that there is no security purpose in wrapping
SHA-3 with HMAC. HMAC was designed for older algorithms that don't
resist length extension attacks. But since someone could be using
"hmac(sha3-*)" via crypto_shash anyway, keep supporting it for now.)

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Harald Freudenberger <freude@linux.ibm.com>
Link: https://lore.kernel.org/r/20251026055032.1413733-15-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 5 months ago f1799d17 d280d4d5

+176 -297

6 changed files

expand all

crypto

Kconfig

Makefile

sha3.c

sha3_generic.c

testmgr.c

include

crypto

sha3.h

crypto/Kconfig

··· 1006 1006 config CRYPTO_SHA3 1007 1007 tristate "SHA-3" 1008 1008 select CRYPTO_HASH 1009 + select CRYPTO_LIB_SHA3 1009 1010 help 1010 1011 SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) 1011 1012

+1 -1

crypto/Makefile

··· 78 78 obj-$(CONFIG_CRYPTO_SHA1) += sha1.o 79 79 obj-$(CONFIG_CRYPTO_SHA256) += sha256.o 80 80 obj-$(CONFIG_CRYPTO_SHA512) += sha512.o 81 - obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o 81 + obj-$(CONFIG_CRYPTO_SHA3) += sha3.o 82 82 obj-$(CONFIG_CRYPTO_SM3_GENERIC) += sm3_generic.o 83 83 obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o 84 84 obj-$(CONFIG_CRYPTO_WP512) += wp512.o

+166

crypto/sha3.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-or-later 2 + /* 3 + * Crypto API support for SHA-3 4 + * (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf) 5 + */ 6 + #include <crypto/internal/hash.h> 7 + #include <crypto/sha3.h> 8 + #include <linux/kernel.h> 9 + #include <linux/module.h> 10 + 11 + #define SHA3_CTX(desc) ((struct sha3_ctx *)shash_desc_ctx(desc)) 12 + 13 + static int crypto_sha3_224_init(struct shash_desc *desc) 14 + { 15 + sha3_224_init(SHA3_CTX(desc)); 16 + return 0; 17 + } 18 + 19 + static int crypto_sha3_256_init(struct shash_desc *desc) 20 + { 21 + sha3_256_init(SHA3_CTX(desc)); 22 + return 0; 23 + } 24 + 25 + static int crypto_sha3_384_init(struct shash_desc *desc) 26 + { 27 + sha3_384_init(SHA3_CTX(desc)); 28 + return 0; 29 + } 30 + 31 + static int crypto_sha3_512_init(struct shash_desc *desc) 32 + { 33 + sha3_512_init(SHA3_CTX(desc)); 34 + return 0; 35 + } 36 + 37 + static int crypto_sha3_update(struct shash_desc *desc, const u8 *data, 38 + unsigned int len) 39 + { 40 + sha3_update(SHA3_CTX(desc), data, len); 41 + return 0; 42 + } 43 + 44 + static int crypto_sha3_final(struct shash_desc *desc, u8 *out) 45 + { 46 + sha3_final(SHA3_CTX(desc), out); 47 + return 0; 48 + } 49 + 50 + static int crypto_sha3_224_digest(struct shash_desc *desc, 51 + const u8 *data, unsigned int len, u8 *out) 52 + { 53 + sha3_224(data, len, out); 54 + return 0; 55 + } 56 + 57 + static int crypto_sha3_256_digest(struct shash_desc *desc, 58 + const u8 *data, unsigned int len, u8 *out) 59 + { 60 + sha3_256(data, len, out); 61 + return 0; 62 + } 63 + 64 + static int crypto_sha3_384_digest(struct shash_desc *desc, 65 + const u8 *data, unsigned int len, u8 *out) 66 + { 67 + sha3_384(data, len, out); 68 + return 0; 69 + } 70 + 71 + static int crypto_sha3_512_digest(struct shash_desc *desc, 72 + const u8 *data, unsigned int len, u8 *out) 73 + { 74 + sha3_512(data, len, out); 75 + return 0; 76 + } 77 + 78 + static int crypto_sha3_export_core(struct shash_desc *desc, void *out) 79 + { 80 + memcpy(out, SHA3_CTX(desc), sizeof(struct sha3_ctx)); 81 + return 0; 82 + } 83 + 84 + static int crypto_sha3_import_core(struct shash_desc *desc, const void *in) 85 + { 86 + memcpy(SHA3_CTX(desc), in, sizeof(struct sha3_ctx)); 87 + return 0; 88 + } 89 + 90 + static struct shash_alg algs[] = { { 91 + .digestsize = SHA3_224_DIGEST_SIZE, 92 + .init = crypto_sha3_224_init, 93 + .update = crypto_sha3_update, 94 + .final = crypto_sha3_final, 95 + .digest = crypto_sha3_224_digest, 96 + .export_core = crypto_sha3_export_core, 97 + .import_core = crypto_sha3_import_core, 98 + .descsize = sizeof(struct sha3_ctx), 99 + .base.cra_name = "sha3-224", 100 + .base.cra_driver_name = "sha3-224-lib", 101 + .base.cra_blocksize = SHA3_224_BLOCK_SIZE, 102 + .base.cra_module = THIS_MODULE, 103 + }, { 104 + .digestsize = SHA3_256_DIGEST_SIZE, 105 + .init = crypto_sha3_256_init, 106 + .update = crypto_sha3_update, 107 + .final = crypto_sha3_final, 108 + .digest = crypto_sha3_256_digest, 109 + .export_core = crypto_sha3_export_core, 110 + .import_core = crypto_sha3_import_core, 111 + .descsize = sizeof(struct sha3_ctx), 112 + .base.cra_name = "sha3-256", 113 + .base.cra_driver_name = "sha3-256-lib", 114 + .base.cra_blocksize = SHA3_256_BLOCK_SIZE, 115 + .base.cra_module = THIS_MODULE, 116 + }, { 117 + .digestsize = SHA3_384_DIGEST_SIZE, 118 + .init = crypto_sha3_384_init, 119 + .update = crypto_sha3_update, 120 + .final = crypto_sha3_final, 121 + .digest = crypto_sha3_384_digest, 122 + .export_core = crypto_sha3_export_core, 123 + .import_core = crypto_sha3_import_core, 124 + .descsize = sizeof(struct sha3_ctx), 125 + .base.cra_name = "sha3-384", 126 + .base.cra_driver_name = "sha3-384-lib", 127 + .base.cra_blocksize = SHA3_384_BLOCK_SIZE, 128 + .base.cra_module = THIS_MODULE, 129 + }, { 130 + .digestsize = SHA3_512_DIGEST_SIZE, 131 + .init = crypto_sha3_512_init, 132 + .update = crypto_sha3_update, 133 + .final = crypto_sha3_final, 134 + .digest = crypto_sha3_512_digest, 135 + .export_core = crypto_sha3_export_core, 136 + .import_core = crypto_sha3_import_core, 137 + .descsize = sizeof(struct sha3_ctx), 138 + .base.cra_name = "sha3-512", 139 + .base.cra_driver_name = "sha3-512-lib", 140 + .base.cra_blocksize = SHA3_512_BLOCK_SIZE, 141 + .base.cra_module = THIS_MODULE, 142 + } }; 143 + 144 + static int __init crypto_sha3_mod_init(void) 145 + { 146 + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 147 + } 148 + module_init(crypto_sha3_mod_init); 149 + 150 + static void __exit crypto_sha3_mod_exit(void) 151 + { 152 + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 153 + } 154 + module_exit(crypto_sha3_mod_exit); 155 + 156 + MODULE_LICENSE("GPL"); 157 + MODULE_DESCRIPTION("Crypto API support for SHA-3"); 158 + 159 + MODULE_ALIAS_CRYPTO("sha3-224"); 160 + MODULE_ALIAS_CRYPTO("sha3-224-lib"); 161 + MODULE_ALIAS_CRYPTO("sha3-256"); 162 + MODULE_ALIAS_CRYPTO("sha3-256-lib"); 163 + MODULE_ALIAS_CRYPTO("sha3-384"); 164 + MODULE_ALIAS_CRYPTO("sha3-384-lib"); 165 + MODULE_ALIAS_CRYPTO("sha3-512"); 166 + MODULE_ALIAS_CRYPTO("sha3-512-lib");

-290

crypto/sha3_generic.c

··· 1 - // SPDX-License-Identifier: GPL-2.0-or-later 2 - /* 3 - * Cryptographic API. 4 - * 5 - * SHA-3, as specified in 6 - * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf 7 - * 8 - * SHA-3 code by Jeff Garzik <jeff@garzik.org> 9 - * Ard Biesheuvel <ard.biesheuvel@linaro.org> 10 - */ 11 - #include <crypto/internal/hash.h> 12 - #include <crypto/sha3.h> 13 - #include <linux/kernel.h> 14 - #include <linux/module.h> 15 - #include <linux/string.h> 16 - #include <linux/unaligned.h> 17 - 18 - /* 19 - * On some 32-bit architectures (h8300), GCC ends up using 20 - * over 1 KB of stack if we inline the round calculation into the loop 21 - * in keccakf(). On the other hand, on 64-bit architectures with plenty 22 - * of [64-bit wide] general purpose registers, not inlining it severely 23 - * hurts performance. So let's use 64-bitness as a heuristic to decide 24 - * whether to inline or not. 25 - */ 26 - #ifdef CONFIG_64BIT 27 - #define SHA3_INLINE inline 28 - #else 29 - #define SHA3_INLINE noinline 30 - #endif 31 - 32 - #define KECCAK_ROUNDS 24 33 - 34 - static const u64 keccakf_rndc[24] = { 35 - 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 36 - 0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL, 37 - 0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL, 38 - 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL, 39 - 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 40 - 0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL, 41 - 0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL, 42 - 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL 43 - }; 44 - 45 - /* update the state with given number of rounds */ 46 - 47 - static SHA3_INLINE void keccakf_round(u64 st[25]) 48 - { 49 - u64 t[5], tt, bc[5]; 50 - 51 - /* Theta */ 52 - bc[0] = st[0] ^ st[5] ^ st[10] ^ st[15] ^ st[20]; 53 - bc[1] = st[1] ^ st[6] ^ st[11] ^ st[16] ^ st[21]; 54 - bc[2] = st[2] ^ st[7] ^ st[12] ^ st[17] ^ st[22]; 55 - bc[3] = st[3] ^ st[8] ^ st[13] ^ st[18] ^ st[23]; 56 - bc[4] = st[4] ^ st[9] ^ st[14] ^ st[19] ^ st[24]; 57 - 58 - t[0] = bc[4] ^ rol64(bc[1], 1); 59 - t[1] = bc[0] ^ rol64(bc[2], 1); 60 - t[2] = bc[1] ^ rol64(bc[3], 1); 61 - t[3] = bc[2] ^ rol64(bc[4], 1); 62 - t[4] = bc[3] ^ rol64(bc[0], 1); 63 - 64 - st[0] ^= t[0]; 65 - 66 - /* Rho Pi */ 67 - tt = st[1]; 68 - st[ 1] = rol64(st[ 6] ^ t[1], 44); 69 - st[ 6] = rol64(st[ 9] ^ t[4], 20); 70 - st[ 9] = rol64(st[22] ^ t[2], 61); 71 - st[22] = rol64(st[14] ^ t[4], 39); 72 - st[14] = rol64(st[20] ^ t[0], 18); 73 - st[20] = rol64(st[ 2] ^ t[2], 62); 74 - st[ 2] = rol64(st[12] ^ t[2], 43); 75 - st[12] = rol64(st[13] ^ t[3], 25); 76 - st[13] = rol64(st[19] ^ t[4], 8); 77 - st[19] = rol64(st[23] ^ t[3], 56); 78 - st[23] = rol64(st[15] ^ t[0], 41); 79 - st[15] = rol64(st[ 4] ^ t[4], 27); 80 - st[ 4] = rol64(st[24] ^ t[4], 14); 81 - st[24] = rol64(st[21] ^ t[1], 2); 82 - st[21] = rol64(st[ 8] ^ t[3], 55); 83 - st[ 8] = rol64(st[16] ^ t[1], 45); 84 - st[16] = rol64(st[ 5] ^ t[0], 36); 85 - st[ 5] = rol64(st[ 3] ^ t[3], 28); 86 - st[ 3] = rol64(st[18] ^ t[3], 21); 87 - st[18] = rol64(st[17] ^ t[2], 15); 88 - st[17] = rol64(st[11] ^ t[1], 10); 89 - st[11] = rol64(st[ 7] ^ t[2], 6); 90 - st[ 7] = rol64(st[10] ^ t[0], 3); 91 - st[10] = rol64( tt ^ t[1], 1); 92 - 93 - /* Chi */ 94 - bc[ 0] = ~st[ 1] & st[ 2]; 95 - bc[ 1] = ~st[ 2] & st[ 3]; 96 - bc[ 2] = ~st[ 3] & st[ 4]; 97 - bc[ 3] = ~st[ 4] & st[ 0]; 98 - bc[ 4] = ~st[ 0] & st[ 1]; 99 - st[ 0] ^= bc[ 0]; 100 - st[ 1] ^= bc[ 1]; 101 - st[ 2] ^= bc[ 2]; 102 - st[ 3] ^= bc[ 3]; 103 - st[ 4] ^= bc[ 4]; 104 - 105 - bc[ 0] = ~st[ 6] & st[ 7]; 106 - bc[ 1] = ~st[ 7] & st[ 8]; 107 - bc[ 2] = ~st[ 8] & st[ 9]; 108 - bc[ 3] = ~st[ 9] & st[ 5]; 109 - bc[ 4] = ~st[ 5] & st[ 6]; 110 - st[ 5] ^= bc[ 0]; 111 - st[ 6] ^= bc[ 1]; 112 - st[ 7] ^= bc[ 2]; 113 - st[ 8] ^= bc[ 3]; 114 - st[ 9] ^= bc[ 4]; 115 - 116 - bc[ 0] = ~st[11] & st[12]; 117 - bc[ 1] = ~st[12] & st[13]; 118 - bc[ 2] = ~st[13] & st[14]; 119 - bc[ 3] = ~st[14] & st[10]; 120 - bc[ 4] = ~st[10] & st[11]; 121 - st[10] ^= bc[ 0]; 122 - st[11] ^= bc[ 1]; 123 - st[12] ^= bc[ 2]; 124 - st[13] ^= bc[ 3]; 125 - st[14] ^= bc[ 4]; 126 - 127 - bc[ 0] = ~st[16] & st[17]; 128 - bc[ 1] = ~st[17] & st[18]; 129 - bc[ 2] = ~st[18] & st[19]; 130 - bc[ 3] = ~st[19] & st[15]; 131 - bc[ 4] = ~st[15] & st[16]; 132 - st[15] ^= bc[ 0]; 133 - st[16] ^= bc[ 1]; 134 - st[17] ^= bc[ 2]; 135 - st[18] ^= bc[ 3]; 136 - st[19] ^= bc[ 4]; 137 - 138 - bc[ 0] = ~st[21] & st[22]; 139 - bc[ 1] = ~st[22] & st[23]; 140 - bc[ 2] = ~st[23] & st[24]; 141 - bc[ 3] = ~st[24] & st[20]; 142 - bc[ 4] = ~st[20] & st[21]; 143 - st[20] ^= bc[ 0]; 144 - st[21] ^= bc[ 1]; 145 - st[22] ^= bc[ 2]; 146 - st[23] ^= bc[ 3]; 147 - st[24] ^= bc[ 4]; 148 - } 149 - 150 - static void keccakf(u64 st[25]) 151 - { 152 - int round; 153 - 154 - for (round = 0; round < KECCAK_ROUNDS; round++) { 155 - keccakf_round(st); 156 - /* Iota */ 157 - st[0] ^= keccakf_rndc[round]; 158 - } 159 - } 160 - 161 - int crypto_sha3_init(struct shash_desc *desc) 162 - { 163 - struct sha3_state *sctx = shash_desc_ctx(desc); 164 - 165 - memset(sctx->st, 0, sizeof(sctx->st)); 166 - return 0; 167 - } 168 - EXPORT_SYMBOL(crypto_sha3_init); 169 - 170 - static int crypto_sha3_update(struct shash_desc *desc, const u8 *data, 171 - unsigned int len) 172 - { 173 - unsigned int rsiz = crypto_shash_blocksize(desc->tfm); 174 - struct sha3_state *sctx = shash_desc_ctx(desc); 175 - unsigned int rsizw = rsiz / 8; 176 - 177 - do { 178 - int i; 179 - 180 - for (i = 0; i < rsizw; i++) 181 - sctx->st[i] ^= get_unaligned_le64(data + 8 * i); 182 - keccakf(sctx->st); 183 - 184 - data += rsiz; 185 - len -= rsiz; 186 - } while (len >= rsiz); 187 - return len; 188 - } 189 - 190 - static int crypto_sha3_finup(struct shash_desc *desc, const u8 *src, 191 - unsigned int len, u8 *out) 192 - { 193 - unsigned int digest_size = crypto_shash_digestsize(desc->tfm); 194 - unsigned int rsiz = crypto_shash_blocksize(desc->tfm); 195 - struct sha3_state *sctx = shash_desc_ctx(desc); 196 - __le64 block[SHA3_224_BLOCK_SIZE / 8] = {}; 197 - __le64 *digest = (__le64 *)out; 198 - unsigned int rsizw = rsiz / 8; 199 - u8 *p; 200 - int i; 201 - 202 - p = memcpy(block, src, len); 203 - p[len++] = 0x06; 204 - p[rsiz - 1] |= 0x80; 205 - 206 - for (i = 0; i < rsizw; i++) 207 - sctx->st[i] ^= le64_to_cpu(block[i]); 208 - memzero_explicit(block, sizeof(block)); 209 - 210 - keccakf(sctx->st); 211 - 212 - for (i = 0; i < digest_size / 8; i++) 213 - put_unaligned_le64(sctx->st[i], digest++); 214 - 215 - if (digest_size & 4) 216 - put_unaligned_le32(sctx->st[i], (__le32 *)digest); 217 - 218 - return 0; 219 - } 220 - 221 - static struct shash_alg algs[] = { { 222 - .digestsize = SHA3_224_DIGEST_SIZE, 223 - .init = crypto_sha3_init, 224 - .update = crypto_sha3_update, 225 - .finup = crypto_sha3_finup, 226 - .descsize = SHA3_STATE_SIZE, 227 - .base.cra_name = "sha3-224", 228 - .base.cra_driver_name = "sha3-224-generic", 229 - .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 230 - .base.cra_blocksize = SHA3_224_BLOCK_SIZE, 231 - .base.cra_module = THIS_MODULE, 232 - }, { 233 - .digestsize = SHA3_256_DIGEST_SIZE, 234 - .init = crypto_sha3_init, 235 - .update = crypto_sha3_update, 236 - .finup = crypto_sha3_finup, 237 - .descsize = SHA3_STATE_SIZE, 238 - .base.cra_name = "sha3-256", 239 - .base.cra_driver_name = "sha3-256-generic", 240 - .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 241 - .base.cra_blocksize = SHA3_256_BLOCK_SIZE, 242 - .base.cra_module = THIS_MODULE, 243 - }, { 244 - .digestsize = SHA3_384_DIGEST_SIZE, 245 - .init = crypto_sha3_init, 246 - .update = crypto_sha3_update, 247 - .finup = crypto_sha3_finup, 248 - .descsize = SHA3_STATE_SIZE, 249 - .base.cra_name = "sha3-384", 250 - .base.cra_driver_name = "sha3-384-generic", 251 - .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 252 - .base.cra_blocksize = SHA3_384_BLOCK_SIZE, 253 - .base.cra_module = THIS_MODULE, 254 - }, { 255 - .digestsize = SHA3_512_DIGEST_SIZE, 256 - .init = crypto_sha3_init, 257 - .update = crypto_sha3_update, 258 - .finup = crypto_sha3_finup, 259 - .descsize = SHA3_STATE_SIZE, 260 - .base.cra_name = "sha3-512", 261 - .base.cra_driver_name = "sha3-512-generic", 262 - .base.cra_flags = CRYPTO_AHASH_ALG_BLOCK_ONLY, 263 - .base.cra_blocksize = SHA3_512_BLOCK_SIZE, 264 - .base.cra_module = THIS_MODULE, 265 - } }; 266 - 267 - static int __init sha3_generic_mod_init(void) 268 - { 269 - return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 270 - } 271 - 272 - static void __exit sha3_generic_mod_fini(void) 273 - { 274 - crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 275 - } 276 - 277 - module_init(sha3_generic_mod_init); 278 - module_exit(sha3_generic_mod_fini); 279 - 280 - MODULE_LICENSE("GPL"); 281 - MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm"); 282 - 283 - MODULE_ALIAS_CRYPTO("sha3-224"); 284 - MODULE_ALIAS_CRYPTO("sha3-224-generic"); 285 - MODULE_ALIAS_CRYPTO("sha3-256"); 286 - MODULE_ALIAS_CRYPTO("sha3-256-generic"); 287 - MODULE_ALIAS_CRYPTO("sha3-384"); 288 - MODULE_ALIAS_CRYPTO("sha3-384-generic"); 289 - MODULE_ALIAS_CRYPTO("sha3-512"); 290 - MODULE_ALIAS_CRYPTO("sha3-512-generic");

crypto/testmgr.c

··· 5104 5104 } 5105 5105 }, { 5106 5106 .alg = "hmac(sha3-224)", 5107 + .generic_driver = "hmac(sha3-224-lib)", 5107 5108 .test = alg_test_hash, 5108 5109 .fips_allowed = 1, 5109 5110 .suite = { ··· 5112 5111 } 5113 5112 }, { 5114 5113 .alg = "hmac(sha3-256)", 5114 + .generic_driver = "hmac(sha3-256-lib)", 5115 5115 .test = alg_test_hash, 5116 5116 .fips_allowed = 1, 5117 5117 .suite = { ··· 5120 5118 } 5121 5119 }, { 5122 5120 .alg = "hmac(sha3-384)", 5121 + .generic_driver = "hmac(sha3-384-lib)", 5123 5122 .test = alg_test_hash, 5124 5123 .fips_allowed = 1, 5125 5124 .suite = { ··· 5128 5125 } 5129 5126 }, { 5130 5127 .alg = "hmac(sha3-512)", 5128 + .generic_driver = "hmac(sha3-512-lib)", 5131 5129 .test = alg_test_hash, 5132 5130 .fips_allowed = 1, 5133 5131 .suite = { ··· 5482 5478 } 5483 5479 }, { 5484 5480 .alg = "sha3-224", 5481 + .generic_driver = "sha3-224-lib", 5485 5482 .test = alg_test_hash, 5486 5483 .fips_allowed = 1, 5487 5484 .suite = { ··· 5490 5485 } 5491 5486 }, { 5492 5487 .alg = "sha3-256", 5488 + .generic_driver = "sha3-256-lib", 5493 5489 .test = alg_test_hash, 5494 5490 .fips_allowed = 1, 5495 5491 .suite = { ··· 5498 5492 } 5499 5493 }, { 5500 5494 .alg = "sha3-384", 5495 + .generic_driver = "sha3-384-lib", 5501 5496 .test = alg_test_hash, 5502 5497 .fips_allowed = 1, 5503 5498 .suite = { ··· 5506 5499 } 5507 5500 }, { 5508 5501 .alg = "sha3-512", 5502 + .generic_driver = "sha3-512-lib", 5509 5503 .test = alg_test_hash, 5510 5504 .fips_allowed = 1, 5511 5505 .suite = {

-6

include/crypto/sha3.h

··· 37 37 38 38 #define SHA3_STATE_SIZE 200 39 39 40 - struct shash_desc; 41 - 42 - int crypto_sha3_init(struct shash_desc *desc); 43 - 44 40 /* 45 41 * State for the Keccak-f[1600] permutation: 25 64-bit words. 46 42 * ··· 48 52 */ 49 53 struct sha3_state { 50 54 union { 51 - u64 st[SHA3_STATE_SIZE / 8]; /* temporarily retained for compatibility purposes */ 52 - 53 55 __le64 words[SHA3_STATE_SIZE / 8]; 54 56 u8 bytes[SHA3_STATE_SIZE]; 55 57