crypto: sha3-generic - simplify code

In preparation of exposing the generic SHA3 implementation to other versions as a fallback, simplify the code, and remove an inconsistency in the output handling (endian swabbing rsizw words of state before writing the output does not make sense) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2018-01-19 07:04:35 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-01-25 09:10:33 -0500
commit: beeb504adf3d08c0e916f43259e8e2ad6bdd30ee (patch)
tree: 6cefe5f2de0b0095ad066782be3937d859134a12 /crypto
parent: 83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6 (diff)
1 files changed, 59 insertions, 125 deletions
diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
index 5fecb609e3be..c7084a24eaf9 100644
--- a/crypto/sha3_generic.c
+++ b/crypto/sha3_generic.c
@@ -18,7 +18,6 @@
 #include <linux/module.h>
 #include <linux/types.h>
 #include <crypto/sha3.h>
-#include <asm/byteorder.h>
 #include <asm/unaligned.h>
 #define KECCAK_ROUNDS 24
@@ -146,43 +145,16 @@ static void __attribute__((__optimize__("O3"))) keccakf(u64 st[25])
        }
 }
-static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)
+static int sha3_init(struct shash_desc *desc)
-{
-        memset(sctx, 0, sizeof(*sctx));
-        sctx->md_len = digest_sz;
-        sctx->rsiz = 200 - 2 * digest_sz;
-        sctx->rsizw = sctx->rsiz / 8;
-}
-static int sha3_224_init(struct shash_desc *desc)
 {
        struct sha3_state *sctx = shash_desc_ctx(desc);
+        unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
-        sha3_init(sctx, SHA3_224_DIGEST_SIZE);
+        sctx->rsiz = 200 - 2 * digest_size;
-        return 0;
+        sctx->rsizw = sctx->rsiz / 8;
-}
+        sctx->partial = 0;
-static int sha3_256_init(struct shash_desc *desc)
-{
-        struct sha3_state *sctx = shash_desc_ctx(desc);
-        sha3_init(sctx, SHA3_256_DIGEST_SIZE);
-        return 0;
-}
-static int sha3_384_init(struct shash_desc *desc)
-{
-        struct sha3_state *sctx = shash_desc_ctx(desc);
-        sha3_init(sctx, SHA3_384_DIGEST_SIZE);
-        return 0;
-}
-static int sha3_512_init(struct shash_desc *desc)
-{
-        struct sha3_state *sctx = shash_desc_ctx(desc);
-        sha3_init(sctx, SHA3_512_DIGEST_SIZE);
+        memset(sctx->st, 0, sizeof(sctx->st));
        return 0;
 }
@@ -227,6 +199,8 @@ static int sha3_final(struct shash_desc *desc, u8 *out)
 {
        struct sha3_state *sctx = shash_desc_ctx(desc);
        unsigned int i, inlen = sctx->partial;
+        unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
+        __le64 *digest = (__le64 *)out;
        sctx->buf[inlen++] = 0x06;
        memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
@@ -237,110 +211,70 @@ static int sha3_final(struct shash_desc *desc, u8 *out)
        keccakf(sctx->st);
-        for (i = 0; i < sctx->rsizw; i++)
+        for (i = 0; i < digest_size / 8; i++)
-                sctx->st[i] = cpu_to_le64(sctx->st[i]);
+                put_unaligned_le64(sctx->st[i], digest++);
-        memcpy(out, sctx->st, sctx->md_len);
+        if (digest_size & 4)
+                put_unaligned_le32(sctx->st[i], (__le32 *)digest);
        memset(sctx, 0, sizeof(*sctx));
        return 0;
 }
-static struct shash_alg sha3_224 = {
+static struct shash_alg algs[] = { {
-        .digestsize     =       SHA3_224_DIGEST_SIZE,
+        .digestsize             = SHA3_224_DIGEST_SIZE,
-        .init           =       sha3_224_init,
+        .init                   = sha3_init,
-        .update         =       sha3_update,
+        .update                 = sha3_update,
-        .final          =       sha3_final,
+        .final                  = sha3_final,
-        .descsize       =       sizeof(struct sha3_state),
+        .descsize               = sizeof(struct sha3_state),
-        .base           =       {
+        .base.cra_name          = "sha3-224",
-                .cra_name       =       "sha3-224",
+        .base.cra_driver_name   = "sha3-224-generic",
-                .cra_driver_name =      "sha3-224-generic",
+        .base.cra_flags         = CRYPTO_ALG_TYPE_SHASH,
-                .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
+        .base.cra_blocksize     = SHA3_224_BLOCK_SIZE,
-                .cra_blocksize  =       SHA3_224_BLOCK_SIZE,
+        .base.cra_module        = THIS_MODULE,
-                .cra_module     =       THIS_MODULE,
+}, {
-        }
+        .digestsize             = SHA3_256_DIGEST_SIZE,
-};
+        .init                   = sha3_init,
+        .update                 = sha3_update,
-static struct shash_alg sha3_256 = {
+        .final                  = sha3_final,
-        .digestsize     =       SHA3_256_DIGEST_SIZE,
+        .descsize               = sizeof(struct sha3_state),
-        .init           =       sha3_256_init,
+        .base.cra_name          = "sha3-256",
-        .update         =       sha3_update,
+        .base.cra_driver_name   = "sha3-256-generic",
-        .final          =       sha3_final,
+        .base.cra_flags         = CRYPTO_ALG_TYPE_SHASH,
-        .descsize       =       sizeof(struct sha3_state),
+        .base.cra_blocksize     = SHA3_256_BLOCK_SIZE,
-        .base           =       {
+        .base.cra_module        = THIS_MODULE,
-                .cra_name       =       "sha3-256",
+}, {
-                .cra_driver_name =      "sha3-256-generic",
+        .digestsize             = SHA3_384_DIGEST_SIZE,
-                .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
+        .init                   = sha3_init,
-                .cra_blocksize  =       SHA3_256_BLOCK_SIZE,
+        .update                 = sha3_update,
-                .cra_module     =       THIS_MODULE,
+        .final                  = sha3_final,
-        }
+        .descsize               = sizeof(struct sha3_state),
-};
+        .base.cra_name          = "sha3-384",
+        .base.cra_driver_name   = "sha3-384-generic",
-static struct shash_alg sha3_384 = {
+        .base.cra_flags         = CRYPTO_ALG_TYPE_SHASH,
-        .digestsize     =       SHA3_384_DIGEST_SIZE,
+        .base.cra_blocksize     = SHA3_384_BLOCK_SIZE,
-        .init           =       sha3_384_init,
+        .base.cra_module        = THIS_MODULE,
-        .update         =       sha3_update,
+}, {
-        .final          =       sha3_final,
+        .digestsize             = SHA3_512_DIGEST_SIZE,
-        .descsize       =       sizeof(struct sha3_state),
+        .init                   = sha3_init,
-        .base           =       {
+        .update                 = sha3_update,
-                .cra_name       =       "sha3-384",
+        .final                  = sha3_final,
-                .cra_driver_name =      "sha3-384-generic",
+        .descsize               = sizeof(struct sha3_state),
-                .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
+        .base.cra_name          = "sha3-512",
-                .cra_blocksize  =       SHA3_384_BLOCK_SIZE,
+        .base.cra_driver_name   = "sha3-512-generic",
-                .cra_module     =       THIS_MODULE,
+        .base.cra_flags         = CRYPTO_ALG_TYPE_SHASH,
-        }
+        .base.cra_blocksize     = SHA3_512_BLOCK_SIZE,
-};
+        .base.cra_module        = THIS_MODULE,
+} };
-static struct shash_alg sha3_512 = {
-        .digestsize     =       SHA3_512_DIGEST_SIZE,
-        .init           =       sha3_512_init,
-        .update         =       sha3_update,
-        .final          =       sha3_final,
-        .descsize       =       sizeof(struct sha3_state),
-        .base           =       {
-                .cra_name       =       "sha3-512",
-                .cra_driver_name =      "sha3-512-generic",
-                .cra_flags      =       CRYPTO_ALG_TYPE_SHASH,
-                .cra_blocksize  =       SHA3_512_BLOCK_SIZE,
-                .cra_module     =       THIS_MODULE,
-        }
-};
 static int __init sha3_generic_mod_init(void)
 {
-        int ret;
+        return crypto_register_shashes(algs, ARRAY_SIZE(algs));
-        ret = crypto_register_shash(&sha3_224);
-        if (ret < 0)
-                goto err_out;
-        ret = crypto_register_shash(&sha3_256);
-        if (ret < 0)
-                goto err_out_224;
-        ret = crypto_register_shash(&sha3_384);
-        if (ret < 0)
-                goto err_out_256;
-        ret = crypto_register_shash(&sha3_512);
-        if (ret < 0)
-                goto err_out_384;
-        return 0;
-err_out_384:
-        crypto_unregister_shash(&sha3_384);
-err_out_256:
-        crypto_unregister_shash(&sha3_256);
-err_out_224:
-        crypto_unregister_shash(&sha3_224);
-err_out:
-        return ret;
 }
 static void __exit sha3_generic_mod_fini(void)
 {
-        crypto_unregister_shash(&sha3_224);
+        crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
-        crypto_unregister_shash(&sha3_256);
-        crypto_unregister_shash(&sha3_384);
-        crypto_unregister_shash(&sha3_512);
 }
 module_init(sha3_generic_mod_init);
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2018-01-19 07:04:35 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-01-25 09:10:33 -0500
commit	beeb504adf3d08c0e916f43259e8e2ad6bdd30ee (patch)
tree	6cefe5f2de0b0095ad066782be3937d859134a12 /crypto
parent	83dee2ce1ae791c3dc0c9d4d3a8d42cb109613f6 (diff)

diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index 5fecb609e3be..c7084a24eaf9 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c
@@ -18,7 +18,6 @@
18	#include <linux/module.h>	18	#include <linux/module.h>
19	#include <linux/types.h>	19	#include <linux/types.h>
20	#include <crypto/sha3.h>	20	#include <crypto/sha3.h>
21	#include <asm/byteorder.h>
22	#include <asm/unaligned.h>	21	#include <asm/unaligned.h>
23		22
24	#define KECCAK_ROUNDS 24	23	#define KECCAK_ROUNDS 24
@@ -146,43 +145,16 @@ static void __attribute__((__optimize__("O3"))) keccakf(u64 st[25])
146	}	145	}
147	}	146	}
148		147
149	static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)	148	static int sha3_init(struct shash_desc *desc)
150	{
151	memset(sctx, 0, sizeof(*sctx));
152	sctx->md_len = digest_sz;
153	sctx->rsiz = 200 - 2 * digest_sz;
154	sctx->rsizw = sctx->rsiz / 8;
155	}
156
157	static int sha3_224_init(struct shash_desc *desc)
158	{	149	{
159	struct sha3_state *sctx = shash_desc_ctx(desc);	150	struct sha3_state *sctx = shash_desc_ctx(desc);
		151	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
160		152
161	sha3_init(sctx, SHA3_224_DIGEST_SIZE);	153	sctx->rsiz = 200 - 2 * digest_size;
162	return 0;	154	sctx->rsizw = sctx->rsiz / 8;
163	}	155	sctx->partial = 0;
164
165	static int sha3_256_init(struct shash_desc *desc)
166	{
167	struct sha3_state *sctx = shash_desc_ctx(desc);
168
169	sha3_init(sctx, SHA3_256_DIGEST_SIZE);
170	return 0;
171	}
172
173	static int sha3_384_init(struct shash_desc *desc)
174	{
175	struct sha3_state *sctx = shash_desc_ctx(desc);
176
177	sha3_init(sctx, SHA3_384_DIGEST_SIZE);
178	return 0;
179	}
180
181	static int sha3_512_init(struct shash_desc *desc)
182	{
183	struct sha3_state *sctx = shash_desc_ctx(desc);
184		156
185	sha3_init(sctx, SHA3_512_DIGEST_SIZE);	157	memset(sctx->st, 0, sizeof(sctx->st));
186	return 0;	158	return 0;
187	}	159	}
188		160
@@ -227,6 +199,8 @@ static int sha3_final(struct shash_desc desc, u8 out)
227	{	199	{
228	struct sha3_state *sctx = shash_desc_ctx(desc);	200	struct sha3_state *sctx = shash_desc_ctx(desc);
229	unsigned int i, inlen = sctx->partial;	201	unsigned int i, inlen = sctx->partial;
		202	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
		203	__le64 digest = (__le64 )out;
230		204
231	sctx->buf[inlen++] = 0x06;	205	sctx->buf[inlen++] = 0x06;
232	memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);	206	memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
@@ -237,110 +211,70 @@ static int sha3_final(struct shash_desc desc, u8 out)
237		211
238	keccakf(sctx->st);	212	keccakf(sctx->st);
239		213
240	for (i = 0; i < sctx->rsizw; i++)	214	for (i = 0; i < digest_size / 8; i++)
241	sctx->st[i] = cpu_to_le64(sctx->st[i]);	215	put_unaligned_le64(sctx->st[i], digest++);
242		216
243	memcpy(out, sctx->st, sctx->md_len);	217	if (digest_size & 4)
		218	put_unaligned_le32(sctx->st[i], (__le32 *)digest);
244		219
245	memset(sctx, 0, sizeof(*sctx));	220	memset(sctx, 0, sizeof(*sctx));
246	return 0;	221	return 0;
247	}	222	}
248		223
249	static struct shash_alg sha3_224 = {	224	static struct shash_alg algs[] = { {
250	.digestsize = SHA3_224_DIGEST_SIZE,	225	.digestsize = SHA3_224_DIGEST_SIZE,
251	.init = sha3_224_init,	226	.init = sha3_init,
252	.update = sha3_update,	227	.update = sha3_update,
253	.final = sha3_final,	228	.final = sha3_final,
254	.descsize = sizeof(struct sha3_state),	229	.descsize = sizeof(struct sha3_state),
255	.base = {	230	.base.cra_name = "sha3-224",
256	.cra_name = "sha3-224",	231	.base.cra_driver_name = "sha3-224-generic",
257	.cra_driver_name = "sha3-224-generic",	232	.base.cra_flags = CRYPTO_ALG_TYPE_SHASH,
258	.cra_flags = CRYPTO_ALG_TYPE_SHASH,	233	.base.cra_blocksize = SHA3_224_BLOCK_SIZE,
259	.cra_blocksize = SHA3_224_BLOCK_SIZE,	234	.base.cra_module = THIS_MODULE,
260	.cra_module = THIS_MODULE,	235	}, {
261	}	236	.digestsize = SHA3_256_DIGEST_SIZE,
262	};	237	.init = sha3_init,
263		238	.update = sha3_update,
264	static struct shash_alg sha3_256 = {	239	.final = sha3_final,
265	.digestsize = SHA3_256_DIGEST_SIZE,	240	.descsize = sizeof(struct sha3_state),
266	.init = sha3_256_init,	241	.base.cra_name = "sha3-256",
267	.update = sha3_update,	242	.base.cra_driver_name = "sha3-256-generic",
268	.final = sha3_final,	243	.base.cra_flags = CRYPTO_ALG_TYPE_SHASH,
269	.descsize = sizeof(struct sha3_state),	244	.base.cra_blocksize = SHA3_256_BLOCK_SIZE,
270	.base = {	245	.base.cra_module = THIS_MODULE,
271	.cra_name = "sha3-256",	246	}, {
272	.cra_driver_name = "sha3-256-generic",	247	.digestsize = SHA3_384_DIGEST_SIZE,
273	.cra_flags = CRYPTO_ALG_TYPE_SHASH,	248	.init = sha3_init,
274	.cra_blocksize = SHA3_256_BLOCK_SIZE,	249	.update = sha3_update,
275	.cra_module = THIS_MODULE,	250	.final = sha3_final,
276	}	251	.descsize = sizeof(struct sha3_state),
277	};	252	.base.cra_name = "sha3-384",
278		253	.base.cra_driver_name = "sha3-384-generic",
279	static struct shash_alg sha3_384 = {	254	.base.cra_flags = CRYPTO_ALG_TYPE_SHASH,
280	.digestsize = SHA3_384_DIGEST_SIZE,	255	.base.cra_blocksize = SHA3_384_BLOCK_SIZE,
281	.init = sha3_384_init,	256	.base.cra_module = THIS_MODULE,
282	.update = sha3_update,	257	}, {
283	.final = sha3_final,	258	.digestsize = SHA3_512_DIGEST_SIZE,
284	.descsize = sizeof(struct sha3_state),	259	.init = sha3_init,
285	.base = {	260	.update = sha3_update,
286	.cra_name = "sha3-384",	261	.final = sha3_final,
287	.cra_driver_name = "sha3-384-generic",	262	.descsize = sizeof(struct sha3_state),
288	.cra_flags = CRYPTO_ALG_TYPE_SHASH,	263	.base.cra_name = "sha3-512",
289	.cra_blocksize = SHA3_384_BLOCK_SIZE,	264	.base.cra_driver_name = "sha3-512-generic",
290	.cra_module = THIS_MODULE,	265	.base.cra_flags = CRYPTO_ALG_TYPE_SHASH,
291	}	266	.base.cra_blocksize = SHA3_512_BLOCK_SIZE,
292	};	267	.base.cra_module = THIS_MODULE,
293		268	} };
294	static struct shash_alg sha3_512 = {
295	.digestsize = SHA3_512_DIGEST_SIZE,
296	.init = sha3_512_init,
297	.update = sha3_update,
298	.final = sha3_final,
299	.descsize = sizeof(struct sha3_state),
300	.base = {
301	.cra_name = "sha3-512",
302	.cra_driver_name = "sha3-512-generic",
303	.cra_flags = CRYPTO_ALG_TYPE_SHASH,
304	.cra_blocksize = SHA3_512_BLOCK_SIZE,
305	.cra_module = THIS_MODULE,
306	}
307	};
308		269
309	static int __init sha3_generic_mod_init(void)	270	static int __init sha3_generic_mod_init(void)
310	{	271	{
311	int ret;	272	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
312
313	ret = crypto_register_shash(&sha3_224);
314	if (ret < 0)
315	goto err_out;
316	ret = crypto_register_shash(&sha3_256);
317	if (ret < 0)
318	goto err_out_224;
319	ret = crypto_register_shash(&sha3_384);
320	if (ret < 0)
321	goto err_out_256;
322	ret = crypto_register_shash(&sha3_512);
323	if (ret < 0)
324	goto err_out_384;
325
326	return 0;
327
328	err_out_384:
329	crypto_unregister_shash(&sha3_384);
330	err_out_256:
331	crypto_unregister_shash(&sha3_256);
332	err_out_224:
333	crypto_unregister_shash(&sha3_224);
334	err_out:
335	return ret;
336	}	273	}
337		274
338	static void __exit sha3_generic_mod_fini(void)	275	static void __exit sha3_generic_mod_fini(void)
339	{	276	{
340	crypto_unregister_shash(&sha3_224);	277	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
341	crypto_unregister_shash(&sha3_256);
342	crypto_unregister_shash(&sha3_384);
343	crypto_unregister_shash(&sha3_512);
344	}	278	}
345		279
346	module_init(sha3_generic_mod_init);	280	module_init(sha3_generic_mod_init);