Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

Thanks for the review comments. I will address it in the next patch.
Please look at my reply below against each comment.

Regards,
Raveendra

On Wed, Jun 15, 2016 at 5:12 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> Am Mittwoch, 15. Juni 2016, 15:11:58 schrieb Raveendra Padasalagi:
>
> Hi Raveendra,
>
>> From: Jeff Garzik <jeff@xxxxxxxxxx>
>>
>> This patch adds the implementation of SHA3 algorithm
>> in software and it's based on original implementation
>> pushed in patch https://lwn.net/Articles/518415/ with
>> additional changes to match the padding rules specified
>> in SHA-3 specification.
>>
>> Signed-off-by: Jeff Garzik <jgarzik@xxxxxxxxxx>
>> Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@xxxxxxxxxxxx>
>> ---
>>  crypto/Kconfig        |  10 ++
>>  crypto/Makefile       |   1 +
>>  crypto/sha3_generic.c | 296
>> ++++++++++++++++++++++++++++++++++++++++++++++++++ include/crypto/sha3.h |
>> 29 +++++
>>  4 files changed, 336 insertions(+)
>>  create mode 100644 crypto/sha3_generic.c
>>  create mode 100644 include/crypto/sha3.h
>>
>> diff --git a/crypto/Kconfig b/crypto/Kconfig
>> index 1d33beb..83ee8cb 100644
>> --- a/crypto/Kconfig
>> +++ b/crypto/Kconfig
>> @@ -750,6 +750,16 @@ config CRYPTO_SHA512_SPARC64
>>         SHA-512 secure hash standard (DFIPS 180-2) implemented
>>         using sparc64 crypto instructions, when available.
>>
>> +config CRYPTO_SHA3
>> +     tristate "SHA3 digest algorithm"
>> +     select CRYPTO_HASH
>> +     help
>> +       SHA-3 secure hash standard (DFIPS 202). It's based on
>
> Typo DFIPS?

It's not typo, DFIPS mean here Draft FIPS 202.
Do you want me to put it in another way ?

>> +       cryptographic sponge function family called Keccak.
>> +
>> +       References:
>> +       http://keccak.noekeon.org/
>> +
>>  config CRYPTO_TGR192
>>       tristate "Tiger digest algorithms"
>>       select CRYPTO_HASH
>> diff --git a/crypto/Makefile b/crypto/Makefile
>> index 4f4ef7e..0b82c47 100644
>> --- a/crypto/Makefile
>> +++ b/crypto/Makefile
>> @@ -61,6 +61,7 @@ obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
>>  obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
>>  obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
>>  obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
>> +obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
>>  obj-$(CONFIG_CRYPTO_WP512) += wp512.o
>>  obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
>>  obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
>> diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
>> new file mode 100644
>> index 0000000..162dfc3
>> --- /dev/null
>> +++ b/crypto/sha3_generic.c
>> @@ -0,0 +1,296 @@
>> +/*
>> + * Cryptographic API.
>> + *
>> + * SHA-3, as specified in
>> + * http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
>> + *
>> + * SHA-3 code by Jeff Garzik <jeff@xxxxxxxxxx>
>> + *
>> + * This program is free software; you can redistribute it and/or modify it
>> + * under the terms of the GNU General Public License as published by the
>> Free + * Software Foundation; either version 2 of the License, or (at your
>> option)• + * any later version.
>> + *
>> + */
>> +#include <crypto/internal/hash.h>
>> +#include <linux/init.h>
>> +#include <linux/module.h>
>> +#include <linux/types.h>
>> +#include <crypto/sha3.h>
>> +#include <asm/byteorder.h>
>> +
>> +#define KECCAK_ROUNDS 24
>> +
>> +#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
>> +
>> +static const u64 keccakf_rndc[24] = {
>> +     0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
>> +     0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
>> +     0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
>> +     0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
>> +     0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
>> +     0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
>> +     0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
>> +     0x8000000000008080, 0x0000000080000001, 0x8000000080008008
>> +};
>> +
>> +static const int keccakf_rotc[24] = {
>> +     1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,
>> +     27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44
>> +};
>> +
>> +static const int keccakf_piln[24] = {
>> +     10, 7,  11, 17, 18, 3, 5,  16, 8,  21, 24, 4,
>> +     15, 23, 19, 13, 12, 2, 20, 14, 22, 9,  6,  1
>> +};
>> +
>> +/* update the state with given number of rounds */
>> +
>> +static void keccakf(u64 st[25])
>> +{
>> +     int i, j, round;
>> +     u64 t, bc[5];
>> +
>> +     for (round = 0; round < KECCAK_ROUNDS; round++) {
>> +
>> +             /* Theta */
>> +             for (i = 0; i < 5; i++)
>> +                     bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
>> +                             ^ st[i + 20];
>> +
>> +             for (i = 0; i < 5; i++) {
>> +                     t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
>> +                     for (j = 0; j < 25; j += 5)
>> +                             st[j + i] ^= t;
>> +             }
>> +
>> +             /* Rho Pi */
>> +             t = st[1];
>> +             for (i = 0; i < 24; i++) {
>> +                     j = keccakf_piln[i];
>> +                     bc[0] = st[j];
>> +                     st[j] = ROTL64(t, keccakf_rotc[i]);
>> +                     t = bc[0];
>> +             }
>> +
>> +             /* Chi */
>> +             for (j = 0; j < 25; j += 5) {
>> +                     for (i = 0; i < 5; i++)
>> +                             bc[i] = st[j + i];
>> +                     for (i = 0; i < 5; i++)
>> +                             st[j + i] ^= (~bc[(i + 1) % 5]) &
>> +                                          bc[(i + 2) % 5];
>> +             }
>> +
>> +             /* Iota */
>> +             st[0] ^= keccakf_rndc[round];
>> +     }
>> +}
>> +
>> +static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)
>> +{
>> +     memset(sctx, 0, sizeof(*sctx));
>> +     sctx->md_len = digest_sz;
>> +     sctx->rsiz = 200 - 2 * digest_sz;
>> +     sctx->rsizw = sctx->rsiz / 8;
>> +}
>> +
>> +static int sha3_224_init(struct shash_desc *desc)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +
>> +     sha3_init(sctx, SHA3_224_DIGEST_SIZE);
>> +     return 0;
>> +}
>> +
>> +static int sha3_256_init(struct shash_desc *desc)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +
>> +     sha3_init(sctx, SHA3_256_DIGEST_SIZE);
>> +     return 0;
>> +}
>> +
>> +static int sha3_384_init(struct shash_desc *desc)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +
>> +     sha3_init(sctx, SHA3_384_DIGEST_SIZE);
>> +     return 0;
>> +}
>> +
>> +static int sha3_512_init(struct shash_desc *desc)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +
>> +     sha3_init(sctx, SHA3_512_DIGEST_SIZE);
>> +     return 0;
>> +}
>> +
>> +static int sha3_update(struct shash_desc *desc, const u8 *data,
>> +                    unsigned int len)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +     unsigned int done;
>> +     const u8 *src;
>> +
>> +     done = 0;
>> +     src = data;
>> +
>> +     if ((sctx->partial + len) > (sctx->rsiz - 1)) {
>> +             if (sctx->partial) {
>> +                     done = -sctx->partial;
>> +                     memcpy(sctx->buf + sctx->partial, data,
>> +                            done + sctx->rsiz);
>> +                     src = sctx->buf;
>> +             }
>> +
>> +             do {
>> +                     unsigned int i;
>> +
>> +                     for (i = 0; i < sctx->rsizw; i++)
>> +                             sctx->st[i] ^= ((u64 *) src)[i];
>> +                     keccakf(sctx->st);
>> +
>> +                     done += sctx->rsiz;
>> +                     src = data + done;
>> +             } while (done + (sctx->rsiz - 1) < len);
>> +
>> +             sctx->partial = 0;
>> +     }
>> +     memcpy(sctx->buf + sctx->partial, src, len - done);
>> +     sctx->partial += (len - done);
>> +
>> +     return 0;
>> +}
>> +
>> +static int sha3_final(struct shash_desc *desc, u8 *out)
>> +{
>> +     struct sha3_state *sctx = shash_desc_ctx(desc);
>> +     unsigned int i, inlen = sctx->partial;
>> +
>> +     sctx->buf[inlen++] = 0x06;
>> +     memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
>> +     sctx->buf[sctx->rsiz - 1] |= 0x80;
>> +
>> +     for (i = 0; i < sctx->rsizw; i++)
>> +             sctx->st[i] ^= ((u64 *) sctx->buf)[i];
>> +
>> +     keccakf(sctx->st);
>> +
>> +     for (i = 0; i < sctx->rsizw; i++)
>> +             sctx->st[i] = cpu_to_le64(sctx->st[i]);
>> +
>> +     memcpy(out, sctx->st, sctx->md_len);
>> +
>> +     memset(sctx, 0, sizeof(*sctx));
>> +     return 0;
>> +}
>> +
>> +static struct shash_alg sha3_224 = {
>> +     .digestsize     =       SHA3_224_DIGEST_SIZE,
>> +     .init           =       sha3_224_init,
>> +     .update         =       sha3_update,
>> +     .final          =       sha3_final,
>> +     .descsize       =       sizeof(struct sha3_state),
>> +     .base           =       {
>> +             .cra_name       =       "sha3-224",
>> +             .cra_driver_name =      "sha3-224-generic",
>> +             .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
>> +             .cra_blocksize  =       SHA3_224_BLOCK_SIZE,
>> +             .cra_module     =       THIS_MODULE,
>> +     }
>> +};
>> +
>> +static struct shash_alg sha3_256 = {
>> +     .digestsize     =       SHA3_256_DIGEST_SIZE,
>> +     .init           =       sha3_256_init,
>> +     .update         =       sha3_update,
>> +     .final          =       sha3_final,
>> +     .descsize       =       sizeof(struct sha3_state),
>> +     .base           =       {
>> +             .cra_name       =       "sha3-256",
>> +             .cra_driver_name =      "sha3-256-generic",
>> +             .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
>> +             .cra_blocksize  =       SHA3_256_BLOCK_SIZE,
>> +             .cra_module     =       THIS_MODULE,
>> +     }
>> +};
>> +
>> +static struct shash_alg sha3_384 = {
>> +     .digestsize     =       SHA3_384_DIGEST_SIZE,
>> +     .init           =       sha3_384_init,
>> +     .update         =       sha3_update,
>> +     .final          =       sha3_final,
>> +     .descsize       =       sizeof(struct sha3_state),
>> +     .base           =       {
>> +             .cra_name       =       "sha3-384",
>> +             .cra_driver_name =      "sha3-384-generic",
>> +             .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
>> +             .cra_blocksize  =       SHA3_384_BLOCK_SIZE,
>> +             .cra_module     =       THIS_MODULE,
>> +     }
>> +};
>> +
>> +static struct shash_alg sha3_512 = {
>> +     .digestsize     =       SHA3_512_DIGEST_SIZE,
>> +     .init           =       sha3_512_init,
>> +     .update         =       sha3_update,
>> +     .final          =       sha3_final,
>> +     .descsize       =       sizeof(struct sha3_state),
>> +     .base           =       {
>> +             .cra_name       =       "sha3-512",
>> +             .cra_driver_name =      "sha3-512-generic",
>> +             .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
>> +             .cra_blocksize  =       SHA3_512_BLOCK_SIZE,
>> +             .cra_module     =       THIS_MODULE,
>> +     }
>> +};
>
> Shouldn't there be a priority here?

Yes, I will fix it in next patch.

>> +
>> +static int __init sha3_generic_mod_init(void)
>> +{
>> +     int ret;
>> +
>> +     ret = crypto_register_shash(&sha3_224);
>> +     if (ret < 0)
>> +             goto err_out;
>> +     ret = crypto_register_shash(&sha3_256);
>> +     if (ret < 0)
>> +             goto err_out_224;
>> +     ret = crypto_register_shash(&sha3_384);
>> +     if (ret < 0)
>> +             goto err_out_256;
>> +     ret = crypto_register_shash(&sha3_512);
>> +     if (ret < 0)
>> +             goto err_out_384;
>> +
>> +     return 0;
>> +
>> +err_out_384:
>> +     crypto_unregister_shash(&sha3_384);
>> +err_out_256:
>> +     crypto_unregister_shash(&sha3_256);
>> +err_out_224:
>> +     crypto_unregister_shash(&sha3_224);
>> +err_out:
>> +     return ret;
>> +}
>> +
>> +static void __exit sha3_generic_mod_fini(void)
>> +{
>> +     crypto_unregister_shash(&sha3_224);
>> +     crypto_unregister_shash(&sha3_256);
>> +     crypto_unregister_shash(&sha3_384);
>> +     crypto_unregister_shash(&sha3_512);
>> +}
>> +
>> +module_init(sha3_generic_mod_init);
>> +module_exit(sha3_generic_mod_fini);
>> +
>> +MODULE_LICENSE("GPL");
>> +MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
>> +
>> +MODULE_ALIAS("sha3-224");
>> +MODULE_ALIAS("sha3-256");
>> +MODULE_ALIAS("sha3-384");
>> +MODULE_ALIAS("sha3-512");
>
> MODULE_ALIAS_CRYPTO?
>
> What about the aliases for cra_driver_name?

Yes, I will fix it in next patch.

>> diff --git a/include/crypto/sha3.h b/include/crypto/sha3.h
>> new file mode 100644
>> index 0000000..f4c9f68
>> --- /dev/null
>> +++ b/include/crypto/sha3.h
>> @@ -0,0 +1,29 @@
>> +/*
>> + * Common values for SHA-3 algorithms
>> + */
>> +#ifndef __CRYPTO_SHA3_H__
>> +#define __CRYPTO_SHA3_H__
>> +
>> +#define SHA3_224_DIGEST_SIZE (224 / 8)
>> +#define SHA3_224_BLOCK_SIZE  (200 - 2 * SHA3_224_DIGEST_SIZE)
>> +
>> +#define SHA3_256_DIGEST_SIZE (256 / 8)
>> +#define SHA3_256_BLOCK_SIZE  (200 - 2 * SHA3_256_DIGEST_SIZE)
>> +
>> +#define SHA3_384_DIGEST_SIZE (384 / 8)
>> +#define SHA3_384_BLOCK_SIZE  (200 - 2 * SHA3_384_DIGEST_SIZE)
>> +
>> +#define SHA3_512_DIGEST_SIZE (512 / 8)
>> +#define SHA3_512_BLOCK_SIZE  (200 - 2 * SHA3_512_DIGEST_SIZE)
>> +
>> +struct sha3_state {
>> +     u64             st[25];
>> +     unsigned int    md_len;
>> +     unsigned int    rsiz;
>> +     unsigned int    rsizw;
>> +
>> +     unsigned int    partial;
>> +     u8              buf[SHA3_224_BLOCK_SIZE];
>> +};
>> +
>> +#endif
>
>
> Ciao
> Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux