1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#include <crypto/internal/hash.h>
16#include <linux/init.h>
17#include <linux/module.h>
18#include <linux/types.h>
19#include <crypto/sha3.h>
20#include <asm/byteorder.h>
21
22#define KECCAK_ROUNDS 24
23
24#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
25
26static const u64 keccakf_rndc[24] = {
27 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL,
28 0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL,
29 0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL,
30 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
31 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL,
32 0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL,
33 0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL,
34 0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
35};
36
37static const int keccakf_rotc[24] = {
38 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
39 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
40};
41
42static const int keccakf_piln[24] = {
43 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
44 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
45};
46
47
48
49static void keccakf(u64 st[25])
50{
51 int i, j, round;
52 u64 t, bc[5];
53
54 for (round = 0; round < KECCAK_ROUNDS; round++) {
55
56
57 for (i = 0; i < 5; i++)
58 bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
59 ^ st[i + 20];
60
61 for (i = 0; i < 5; i++) {
62 t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
63 for (j = 0; j < 25; j += 5)
64 st[j + i] ^= t;
65 }
66
67
68 t = st[1];
69 for (i = 0; i < 24; i++) {
70 j = keccakf_piln[i];
71 bc[0] = st[j];
72 st[j] = ROTL64(t, keccakf_rotc[i]);
73 t = bc[0];
74 }
75
76
77 for (j = 0; j < 25; j += 5) {
78 for (i = 0; i < 5; i++)
79 bc[i] = st[j + i];
80 for (i = 0; i < 5; i++)
81 st[j + i] ^= (~bc[(i + 1) % 5]) &
82 bc[(i + 2) % 5];
83 }
84
85
86 st[0] ^= keccakf_rndc[round];
87 }
88}
89
90static void sha3_init(struct sha3_state *sctx, unsigned int digest_sz)
91{
92 memset(sctx, 0, sizeof(*sctx));
93 sctx->md_len = digest_sz;
94 sctx->rsiz = 200 - 2 * digest_sz;
95 sctx->rsizw = sctx->rsiz / 8;
96}
97
98static int sha3_224_init(struct shash_desc *desc)
99{
100 struct sha3_state *sctx = shash_desc_ctx(desc);
101
102 sha3_init(sctx, SHA3_224_DIGEST_SIZE);
103 return 0;
104}
105
106static int sha3_256_init(struct shash_desc *desc)
107{
108 struct sha3_state *sctx = shash_desc_ctx(desc);
109
110 sha3_init(sctx, SHA3_256_DIGEST_SIZE);
111 return 0;
112}
113
114static int sha3_384_init(struct shash_desc *desc)
115{
116 struct sha3_state *sctx = shash_desc_ctx(desc);
117
118 sha3_init(sctx, SHA3_384_DIGEST_SIZE);
119 return 0;
120}
121
122static int sha3_512_init(struct shash_desc *desc)
123{
124 struct sha3_state *sctx = shash_desc_ctx(desc);
125
126 sha3_init(sctx, SHA3_512_DIGEST_SIZE);
127 return 0;
128}
129
130static int sha3_update(struct shash_desc *desc, const u8 *data,
131 unsigned int len)
132{
133 struct sha3_state *sctx = shash_desc_ctx(desc);
134 unsigned int done;
135 const u8 *src;
136
137 done = 0;
138 src = data;
139
140 if ((sctx->partial + len) > (sctx->rsiz - 1)) {
141 if (sctx->partial) {
142 done = -sctx->partial;
143 memcpy(sctx->buf + sctx->partial, data,
144 done + sctx->rsiz);
145 src = sctx->buf;
146 }
147
148 do {
149 unsigned int i;
150
151 for (i = 0; i < sctx->rsizw; i++)
152 sctx->st[i] ^= ((u64 *) src)[i];
153 keccakf(sctx->st);
154
155 done += sctx->rsiz;
156 src = data + done;
157 } while (done + (sctx->rsiz - 1) < len);
158
159 sctx->partial = 0;
160 }
161 memcpy(sctx->buf + sctx->partial, src, len - done);
162 sctx->partial += (len - done);
163
164 return 0;
165}
166
167static int sha3_final(struct shash_desc *desc, u8 *out)
168{
169 struct sha3_state *sctx = shash_desc_ctx(desc);
170 unsigned int i, inlen = sctx->partial;
171
172 sctx->buf[inlen++] = 0x06;
173 memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
174 sctx->buf[sctx->rsiz - 1] |= 0x80;
175
176 for (i = 0; i < sctx->rsizw; i++)
177 sctx->st[i] ^= ((u64 *) sctx->buf)[i];
178
179 keccakf(sctx->st);
180
181 for (i = 0; i < sctx->rsizw; i++)
182 sctx->st[i] = cpu_to_le64(sctx->st[i]);
183
184 memcpy(out, sctx->st, sctx->md_len);
185
186 memset(sctx, 0, sizeof(*sctx));
187 return 0;
188}
189
190static struct shash_alg sha3_224 = {
191 .digestsize = SHA3_224_DIGEST_SIZE,
192 .init = sha3_224_init,
193 .update = sha3_update,
194 .final = sha3_final,
195 .descsize = sizeof(struct sha3_state),
196 .base = {
197 .cra_name = "sha3-224",
198 .cra_driver_name = "sha3-224-generic",
199 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
200 .cra_blocksize = SHA3_224_BLOCK_SIZE,
201 .cra_module = THIS_MODULE,
202 }
203};
204
205static struct shash_alg sha3_256 = {
206 .digestsize = SHA3_256_DIGEST_SIZE,
207 .init = sha3_256_init,
208 .update = sha3_update,
209 .final = sha3_final,
210 .descsize = sizeof(struct sha3_state),
211 .base = {
212 .cra_name = "sha3-256",
213 .cra_driver_name = "sha3-256-generic",
214 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
215 .cra_blocksize = SHA3_256_BLOCK_SIZE,
216 .cra_module = THIS_MODULE,
217 }
218};
219
220static struct shash_alg sha3_384 = {
221 .digestsize = SHA3_384_DIGEST_SIZE,
222 .init = sha3_384_init,
223 .update = sha3_update,
224 .final = sha3_final,
225 .descsize = sizeof(struct sha3_state),
226 .base = {
227 .cra_name = "sha3-384",
228 .cra_driver_name = "sha3-384-generic",
229 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
230 .cra_blocksize = SHA3_384_BLOCK_SIZE,
231 .cra_module = THIS_MODULE,
232 }
233};
234
235static struct shash_alg sha3_512 = {
236 .digestsize = SHA3_512_DIGEST_SIZE,
237 .init = sha3_512_init,
238 .update = sha3_update,
239 .final = sha3_final,
240 .descsize = sizeof(struct sha3_state),
241 .base = {
242 .cra_name = "sha3-512",
243 .cra_driver_name = "sha3-512-generic",
244 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
245 .cra_blocksize = SHA3_512_BLOCK_SIZE,
246 .cra_module = THIS_MODULE,
247 }
248};
249
250static int __init sha3_generic_mod_init(void)
251{
252 int ret;
253
254 ret = crypto_register_shash(&sha3_224);
255 if (ret < 0)
256 goto err_out;
257 ret = crypto_register_shash(&sha3_256);
258 if (ret < 0)
259 goto err_out_224;
260 ret = crypto_register_shash(&sha3_384);
261 if (ret < 0)
262 goto err_out_256;
263 ret = crypto_register_shash(&sha3_512);
264 if (ret < 0)
265 goto err_out_384;
266
267 return 0;
268
269err_out_384:
270 crypto_unregister_shash(&sha3_384);
271err_out_256:
272 crypto_unregister_shash(&sha3_256);
273err_out_224:
274 crypto_unregister_shash(&sha3_224);
275err_out:
276 return ret;
277}
278
279static void __exit sha3_generic_mod_fini(void)
280{
281 crypto_unregister_shash(&sha3_224);
282 crypto_unregister_shash(&sha3_256);
283 crypto_unregister_shash(&sha3_384);
284 crypto_unregister_shash(&sha3_512);
285}
286
287module_init(sha3_generic_mod_init);
288module_exit(sha3_generic_mod_fini);
289
290MODULE_LICENSE("GPL");
291MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
292
293MODULE_ALIAS_CRYPTO("sha3-224");
294MODULE_ALIAS_CRYPTO("sha3-224-generic");
295MODULE_ALIAS_CRYPTO("sha3-256");
296MODULE_ALIAS_CRYPTO("sha3-256-generic");
297MODULE_ALIAS_CRYPTO("sha3-384");
298MODULE_ALIAS_CRYPTO("sha3-384-generic");
299MODULE_ALIAS_CRYPTO("sha3-512");
300MODULE_ALIAS_CRYPTO("sha3-512-generic");
301
