Back to home page

LXR

 
 

    


0001 /*
0002  * Cryptographic API.
0003  *
0004  * SHA-3, as specified in
0005  * http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
0006  *
0007  * SHA-3 code by Jeff Garzik <jeff@garzik.org>
0008  *
0009  * This program is free software; you can redistribute it and/or modify it
0010  * under the terms of the GNU General Public License as published by the Free
0011  * Software Foundation; either version 2 of the License, or (at your option)•
0012  * any later version.
0013  *
0014  */
0015 #include <crypto/internal/hash.h>
0016 #include <linux/init.h>
0017 #include <linux/module.h>
0018 #include <linux/types.h>
0019 #include <crypto/sha3.h>
0020 #include <asm/byteorder.h>
0021 
0022 #define KECCAK_ROUNDS 24
0023 
0024 #define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
0025 
0026 static const u64 keccakf_rndc[24] = {
0027     0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL,
0028     0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL,
0029     0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL,
0030     0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
0031     0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL,
0032     0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL,
0033     0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL,
0034     0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
0035 };
0036 
0037 static const int keccakf_rotc[24] = {
0038     1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,
0039     27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44
0040 };
0041 
0042 static const int keccakf_piln[24] = {
0043     10, 7,  11, 17, 18, 3, 5,  16, 8,  21, 24, 4,
0044     15, 23, 19, 13, 12, 2, 20, 14, 22, 9,  6,  1
0045 };
0046 
0047 /* update the state with given number of rounds */
0048 
0049 static void keccakf(u64 st[25])
0050 {
0051     int i, j, round;
0052     u64 t, bc[5];
0053 
0054     for (round = 0; round < KECCAK_ROUNDS; round++) {
0055 
0056         /* Theta */
0057         for (i = 0; i < 5; i++)
0058             bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
0059                 ^ st[i + 20];
0060 
0061         for (i = 0; i < 5; i++) {
0062             t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
0063             for (j = 0; j < 25; j += 5)
0064                 st[j + i] ^= t;
0065         }
0066 
0067         /* Rho Pi */
0068         t = st[1];
0069         for (i = 0; i < 24; i++) {
0070             j = keccakf_piln[i];
0071             bc[0] = st[j];
0072             st[j] = ROTL64(t, keccakf_rotc[i]);
0073             t = bc[0];
0074         }
0075 
0076         /* Chi */
0077         for (j = 0; j < 25; j += 5) {
0078             for (i = 0; i < 5; i++)
0079                 bc[i] = st[j + i];
0080             for (i = 0; i < 5; i++)
0081                 st[j + i] ^= (~bc[(i + 1) % 5]) &
0082                          bc[(i + 2) % 5];
0083         }
0084 
0085         /* Iota */
0086         st[0] ^= keccakf_rndc[round];
0087     }
0088 }
0089 
0090 static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)
0091 {
0092     memset(sctx, 0, sizeof(*sctx));
0093     sctx->md_len = digest_sz;
0094     sctx->rsiz = 200 - 2 * digest_sz;
0095     sctx->rsizw = sctx->rsiz / 8;
0096 }
0097 
0098 static int sha3_224_init(struct shash_desc *desc)
0099 {
0100     struct sha3_state *sctx = shash_desc_ctx(desc);
0101 
0102     sha3_init(sctx, SHA3_224_DIGEST_SIZE);
0103     return 0;
0104 }
0105 
0106 static int sha3_256_init(struct shash_desc *desc)
0107 {
0108     struct sha3_state *sctx = shash_desc_ctx(desc);
0109 
0110     sha3_init(sctx, SHA3_256_DIGEST_SIZE);
0111     return 0;
0112 }
0113 
0114 static int sha3_384_init(struct shash_desc *desc)
0115 {
0116     struct sha3_state *sctx = shash_desc_ctx(desc);
0117 
0118     sha3_init(sctx, SHA3_384_DIGEST_SIZE);
0119     return 0;
0120 }
0121 
0122 static int sha3_512_init(struct shash_desc *desc)
0123 {
0124     struct sha3_state *sctx = shash_desc_ctx(desc);
0125 
0126     sha3_init(sctx, SHA3_512_DIGEST_SIZE);
0127     return 0;
0128 }
0129 
0130 static int sha3_update(struct shash_desc *desc, const u8 *data,
0131                unsigned int len)
0132 {
0133     struct sha3_state *sctx = shash_desc_ctx(desc);
0134     unsigned int done;
0135     const u8 *src;
0136 
0137     done = 0;
0138     src = data;
0139 
0140     if ((sctx->partial + len) > (sctx->rsiz - 1)) {
0141         if (sctx->partial) {
0142             done = -sctx->partial;
0143             memcpy(sctx->buf + sctx->partial, data,
0144                    done + sctx->rsiz);
0145             src = sctx->buf;
0146         }
0147 
0148         do {
0149             unsigned int i;
0150 
0151             for (i = 0; i < sctx->rsizw; i++)
0152                 sctx->st[i] ^= ((u64 *) src)[i];
0153             keccakf(sctx->st);
0154 
0155             done += sctx->rsiz;
0156             src = data + done;
0157         } while (done + (sctx->rsiz - 1) < len);
0158 
0159         sctx->partial = 0;
0160     }
0161     memcpy(sctx->buf + sctx->partial, src, len - done);
0162     sctx->partial += (len - done);
0163 
0164     return 0;
0165 }
0166 
0167 static int sha3_final(struct shash_desc *desc, u8 *out)
0168 {
0169     struct sha3_state *sctx = shash_desc_ctx(desc);
0170     unsigned int i, inlen = sctx->partial;
0171 
0172     sctx->buf[inlen++] = 0x06;
0173     memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
0174     sctx->buf[sctx->rsiz - 1] |= 0x80;
0175 
0176     for (i = 0; i < sctx->rsizw; i++)
0177         sctx->st[i] ^= ((u64 *) sctx->buf)[i];
0178 
0179     keccakf(sctx->st);
0180 
0181     for (i = 0; i < sctx->rsizw; i++)
0182         sctx->st[i] = cpu_to_le64(sctx->st[i]);
0183 
0184     memcpy(out, sctx->st, sctx->md_len);
0185 
0186     memset(sctx, 0, sizeof(*sctx));
0187     return 0;
0188 }
0189 
0190 static struct shash_alg sha3_224 = {
0191     .digestsize =   SHA3_224_DIGEST_SIZE,
0192     .init       =   sha3_224_init,
0193     .update     =   sha3_update,
0194     .final      =   sha3_final,
0195     .descsize   =   sizeof(struct sha3_state),
0196     .base       =   {
0197         .cra_name   =   "sha3-224",
0198         .cra_driver_name =  "sha3-224-generic",
0199         .cra_flags  =   CRYPTO_ALG_TYPE_SHASH,
0200         .cra_blocksize  =   SHA3_224_BLOCK_SIZE,
0201         .cra_module =   THIS_MODULE,
0202     }
0203 };
0204 
0205 static struct shash_alg sha3_256 = {
0206     .digestsize =   SHA3_256_DIGEST_SIZE,
0207     .init       =   sha3_256_init,
0208     .update     =   sha3_update,
0209     .final      =   sha3_final,
0210     .descsize   =   sizeof(struct sha3_state),
0211     .base       =   {
0212         .cra_name   =   "sha3-256",
0213         .cra_driver_name =  "sha3-256-generic",
0214         .cra_flags  =   CRYPTO_ALG_TYPE_SHASH,
0215         .cra_blocksize  =   SHA3_256_BLOCK_SIZE,
0216         .cra_module =   THIS_MODULE,
0217     }
0218 };
0219 
0220 static struct shash_alg sha3_384 = {
0221     .digestsize =   SHA3_384_DIGEST_SIZE,
0222     .init       =   sha3_384_init,
0223     .update     =   sha3_update,
0224     .final      =   sha3_final,
0225     .descsize   =   sizeof(struct sha3_state),
0226     .base       =   {
0227         .cra_name   =   "sha3-384",
0228         .cra_driver_name =  "sha3-384-generic",
0229         .cra_flags  =   CRYPTO_ALG_TYPE_SHASH,
0230         .cra_blocksize  =   SHA3_384_BLOCK_SIZE,
0231         .cra_module =   THIS_MODULE,
0232     }
0233 };
0234 
0235 static struct shash_alg sha3_512 = {
0236     .digestsize =   SHA3_512_DIGEST_SIZE,
0237     .init       =   sha3_512_init,
0238     .update     =   sha3_update,
0239     .final      =   sha3_final,
0240     .descsize   =   sizeof(struct sha3_state),
0241     .base       =   {
0242         .cra_name   =   "sha3-512",
0243         .cra_driver_name =  "sha3-512-generic",
0244         .cra_flags  =   CRYPTO_ALG_TYPE_SHASH,
0245         .cra_blocksize  =   SHA3_512_BLOCK_SIZE,
0246         .cra_module =   THIS_MODULE,
0247     }
0248 };
0249 
0250 static int __init sha3_generic_mod_init(void)
0251 {
0252     int ret;
0253 
0254     ret = crypto_register_shash(&sha3_224);
0255     if (ret < 0)
0256         goto err_out;
0257     ret = crypto_register_shash(&sha3_256);
0258     if (ret < 0)
0259         goto err_out_224;
0260     ret = crypto_register_shash(&sha3_384);
0261     if (ret < 0)
0262         goto err_out_256;
0263     ret = crypto_register_shash(&sha3_512);
0264     if (ret < 0)
0265         goto err_out_384;
0266 
0267     return 0;
0268 
0269 err_out_384:
0270     crypto_unregister_shash(&sha3_384);
0271 err_out_256:
0272     crypto_unregister_shash(&sha3_256);
0273 err_out_224:
0274     crypto_unregister_shash(&sha3_224);
0275 err_out:
0276     return ret;
0277 }
0278 
0279 static void __exit sha3_generic_mod_fini(void)
0280 {
0281     crypto_unregister_shash(&sha3_224);
0282     crypto_unregister_shash(&sha3_256);
0283     crypto_unregister_shash(&sha3_384);
0284     crypto_unregister_shash(&sha3_512);
0285 }
0286 
0287 module_init(sha3_generic_mod_init);
0288 module_exit(sha3_generic_mod_fini);
0289 
0290 MODULE_LICENSE("GPL");
0291 MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
0292 
0293 MODULE_ALIAS_CRYPTO("sha3-224");
0294 MODULE_ALIAS_CRYPTO("sha3-224-generic");
0295 MODULE_ALIAS_CRYPTO("sha3-256");
0296 MODULE_ALIAS_CRYPTO("sha3-256-generic");
0297 MODULE_ALIAS_CRYPTO("sha3-384");
0298 MODULE_ALIAS_CRYPTO("sha3-384-generic");
0299 MODULE_ALIAS_CRYPTO("sha3-512");
0300 MODULE_ALIAS_CRYPTO("sha3-512-generic");