Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm
Am Donnerstag, 16. Juni 2016, 21:39:17 schrieb Raveendra Padasalagi: Hi Raveendra, > I need some clarification to address your comment > > "Shouldn't there be a priority here?" > > What I know regarding priority value for an algorithm > is higher the priority value it will be get selected for execution. > > For example, let's say for software implementation of the algorithm if > priority value > is specified as 100 and hardware driver implementation of the same > algorithm uses > the priority value of 300 then hardware algo is what selected for execution. > > I just had a look at priority value specified for other hash > algorithm's and none of the > software implementation specify any value, So it will be 0. > > I think it's okay to not to specify any priority value for software > implementation, > as hardware implementation can use non zero value if it needs higher > priority. > > What's your opinion ? You are fully correct. To be in line with the other hashes, maybe let us leave it at 0. I was thinking about "backend" ciphers that should never ever be selected (like the Intel AES-NI examples) which should have a lower prio than any other cipher. But then, they have unique cra_names, so it does not really matter :-) Ciao Stephan
Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm
Hi Stephan, Yes, I was initially thinking of to put it as FIPS but looked at the existing "crypto/Kconfig" for other algorithms and found it to be using DFIPS. So kept this also the same :) I need some clarification to address your comment "Shouldn't there be a priority here?" What I know regarding priority value for an algorithm is higher the priority value it will be get selected for execution. For example, let's say for software implementation of the algorithm if priority value is specified as 100 and hardware driver implementation of the same algorithm uses the priority value of 300 then hardware algo is what selected for execution. I just had a look at priority value specified for other hash algorithm's and none of the software implementation specify any value, So it will be 0. I think it's okay to not to specify any priority value for software implementation, as hardware implementation can use non zero value if it needs higher priority. What's your opinion ? Regards, Raveendra On Thu, Jun 16, 2016 at 9:10 PM, Stephan Mueller wrote: > Am Donnerstag, 16. Juni 2016, 14:44:57 schrieb Raveendra Padasalagi: > > Hi Raveendra, > >> > Typo DFIPS? >> >> It's not typo, DFIPS mean here Draft FIPS 202. >> Do you want me to put it in another way ? > > I have never seen DFIPS. Besides, most FIPS standards are drafts (including of > FIPS 140-2 :-) ), because it would require a signature from some ministry big- > wig in the US govt to "release" it. Hence, I expect that it would retain its > draft state for a long time :-) > > But if DFIPS is what you think is right, leave it :-) > > Ciao > Stephan
Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm
Am Donnerstag, 16. Juni 2016, 14:44:57 schrieb Raveendra Padasalagi: Hi Raveendra, > > Typo DFIPS? > > It's not typo, DFIPS mean here Draft FIPS 202. > Do you want me to put it in another way ? I have never seen DFIPS. Besides, most FIPS standards are drafts (including of FIPS 140-2 :-) ), because it would require a signature from some ministry big- wig in the US govt to "release" it. Hence, I expect that it would retain its draft state for a long time :-) But if DFIPS is what you think is right, leave it :-) Ciao Stephan
Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm
Hi Stephan,
Thanks for the review comments. I will address it in the next patch.
Please look at my reply below against each comment.
Regards,
Raveendra
On Wed, Jun 15, 2016 at 5:12 PM, Stephan Mueller wrote:
> Am Mittwoch, 15. Juni 2016, 15:11:58 schrieb Raveendra Padasalagi:
>
> Hi Raveendra,
>
>> From: Jeff Garzik
>>
>> This patch adds the implementation of SHA3 algorithm
>> in software and it's based on original implementation
>> pushed in patch https://lwn.net/Articles/518415/ with
>> additional changes to match the padding rules specified
>> in SHA-3 specification.
>>
>> Signed-off-by: Jeff Garzik
>> Signed-off-by: Raveendra Padasalagi
>> ---
>> crypto/Kconfig| 10 ++
>> crypto/Makefile | 1 +
>> crypto/sha3_generic.c | 296
>> ++ include/crypto/sha3.h |
>> 29 +
>> 4 files changed, 336 insertions(+)
>> create mode 100644 crypto/sha3_generic.c
>> create mode 100644 include/crypto/sha3.h
>>
>> diff --git a/crypto/Kconfig b/crypto/Kconfig
>> index 1d33beb..83ee8cb 100644
>> --- a/crypto/Kconfig
>> +++ b/crypto/Kconfig
>> @@ -750,6 +750,16 @@ config CRYPTO_SHA512_SPARC64
>> SHA-512 secure hash standard (DFIPS 180-2) implemented
>> using sparc64 crypto instructions, when available.
>>
>> +config CRYPTO_SHA3
>> + tristate "SHA3 digest algorithm"
>> + select CRYPTO_HASH
>> + help
>> + SHA-3 secure hash standard (DFIPS 202). It's based on
>
> Typo DFIPS?
It's not typo, DFIPS mean here Draft FIPS 202.
Do you want me to put it in another way ?
>> + cryptographic sponge function family called Keccak.
>> +
>> + References:
>> + http://keccak.noekeon.org/
>> +
>> config CRYPTO_TGR192
>> tristate "Tiger digest algorithms"
>> select CRYPTO_HASH
>> diff --git a/crypto/Makefile b/crypto/Makefile
>> index 4f4ef7e..0b82c47 100644
>> --- a/crypto/Makefile
>> +++ b/crypto/Makefile
>> @@ -61,6 +61,7 @@ obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
>> obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
>> obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
>> obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
>> +obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
>> obj-$(CONFIG_CRYPTO_WP512) += wp512.o
>> obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
>> obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
>> diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
>> new file mode 100644
>> index 000..162dfc3
>> --- /dev/null
>> +++ b/crypto/sha3_generic.c
>> @@ -0,0 +1,296 @@
>> +/*
>> + * Cryptographic API.
>> + *
>> + * SHA-3, as specified in
>> + * http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
>> + *
>> + * SHA-3 code by Jeff Garzik
>> + *
>> + * This program is free software; you can redistribute it and/or modify it
>> + * under the terms of the GNU General Public License as published by the
>> Free + * Software Foundation; either version 2 of the License, or (at your
>> option)• + * any later version.
>> + *
>> + */
>> +#include
>> +#include
>> +#include
>> +#include
>> +#include
>> +#include
>> +
>> +#define KECCAK_ROUNDS 24
>> +
>> +#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y
>> +
>> +static const u64 keccakf_rndc[24] = {
>> + 0x0001, 0x8082, 0x8000808a,
>> + 0x800080008000, 0x808b, 0x8001,
>> + 0x800080008081, 0x80008009, 0x008a,
>> + 0x0088, 0x80008009, 0x800a,
>> + 0x8000808b, 0x808b, 0x80008089,
>> + 0x80008003, 0x80008002, 0x8080,
>> + 0x800a, 0x8000800a, 0x800080008081,
>> + 0x80008080, 0x8001, 0x800080008008
>> +};
>> +
>> +static const int keccakf_rotc[24] = {
>> + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
>> + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
>> +};
>> +
>> +static const int keccakf_piln[24] = {
>> + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
>> + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
>> +};
>> +
>> +/* update the state with given number of rounds */
>> +
>> +static void keccakf(u64 st[25])
>> +{
>> + int i, j, round;
>> + u64 t, bc[5];
>> +
>> + for (round = 0; round < KECCAK_ROUNDS; round++) {
>> +
>> + /* Theta */
>> + for (i = 0; i < 5; i++)
>> + bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
>> + ^ st[i + 20];
>> +
>> + for (i = 0; i < 5; i++) {
>> + t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
>> + for (j = 0; j < 25; j += 5)
>> + st[j + i] ^= t;
>> + }
>> +
>> + /* Rho Pi */
>> + t = st[1];
>> + for (i = 0; i < 24; i++) {
>> + j = keccakf_piln[i];
>> + bc[0] = st[j];
>> + st[j] = ROTL64(
Re: [PATCH 1/2] Crypto: Add SHA-3 hash algorithm
Am Mittwoch, 15. Juni 2016, 15:11:58 schrieb Raveendra Padasalagi:
Hi Raveendra,
> From: Jeff Garzik
>
> This patch adds the implementation of SHA3 algorithm
> in software and it's based on original implementation
> pushed in patch https://lwn.net/Articles/518415/ with
> additional changes to match the padding rules specified
> in SHA-3 specification.
>
> Signed-off-by: Jeff Garzik
> Signed-off-by: Raveendra Padasalagi
> ---
> crypto/Kconfig| 10 ++
> crypto/Makefile | 1 +
> crypto/sha3_generic.c | 296
> ++ include/crypto/sha3.h |
> 29 +
> 4 files changed, 336 insertions(+)
> create mode 100644 crypto/sha3_generic.c
> create mode 100644 include/crypto/sha3.h
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 1d33beb..83ee8cb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -750,6 +750,16 @@ config CRYPTO_SHA512_SPARC64
> SHA-512 secure hash standard (DFIPS 180-2) implemented
> using sparc64 crypto instructions, when available.
>
> +config CRYPTO_SHA3
> + tristate "SHA3 digest algorithm"
> + select CRYPTO_HASH
> + help
> + SHA-3 secure hash standard (DFIPS 202). It's based on
Typo DFIPS?
> + cryptographic sponge function family called Keccak.
> +
> + References:
> + http://keccak.noekeon.org/
> +
> config CRYPTO_TGR192
> tristate "Tiger digest algorithms"
> select CRYPTO_HASH
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 4f4ef7e..0b82c47 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -61,6 +61,7 @@ obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
> obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
> obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
> obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
> +obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
> obj-$(CONFIG_CRYPTO_WP512) += wp512.o
> obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
> obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
> diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
> new file mode 100644
> index 000..162dfc3
> --- /dev/null
> +++ b/crypto/sha3_generic.c
> @@ -0,0 +1,296 @@
> +/*
> + * Cryptographic API.
> + *
> + * SHA-3, as specified in
> + * http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
> + *
> + * SHA-3 code by Jeff Garzik
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> Free + * Software Foundation; either version 2 of the License, or (at your
> option)• + * any later version.
> + *
> + */
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +#define KECCAK_ROUNDS 24
> +
> +#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y
> +
> +static const u64 keccakf_rndc[24] = {
> + 0x0001, 0x8082, 0x8000808a,
> + 0x800080008000, 0x808b, 0x8001,
> + 0x800080008081, 0x80008009, 0x008a,
> + 0x0088, 0x80008009, 0x800a,
> + 0x8000808b, 0x808b, 0x80008089,
> + 0x80008003, 0x80008002, 0x8080,
> + 0x800a, 0x8000800a, 0x800080008081,
> + 0x80008080, 0x8001, 0x800080008008
> +};
> +
> +static const int keccakf_rotc[24] = {
> + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
> + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
> +};
> +
> +static const int keccakf_piln[24] = {
> + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
> + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
> +};
> +
> +/* update the state with given number of rounds */
> +
> +static void keccakf(u64 st[25])
> +{
> + int i, j, round;
> + u64 t, bc[5];
> +
> + for (round = 0; round < KECCAK_ROUNDS; round++) {
> +
> + /* Theta */
> + for (i = 0; i < 5; i++)
> + bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15]
> + ^ st[i + 20];
> +
> + for (i = 0; i < 5; i++) {
> + t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
> + for (j = 0; j < 25; j += 5)
> + st[j + i] ^= t;
> + }
> +
> + /* Rho Pi */
> + t = st[1];
> + for (i = 0; i < 24; i++) {
> + j = keccakf_piln[i];
> + bc[0] = st[j];
> + st[j] = ROTL64(t, keccakf_rotc[i]);
> + t = bc[0];
> + }
> +
> + /* Chi */
> + for (j = 0; j < 25; j += 5) {
> + for (i = 0; i < 5; i++)
> + bc[i] = st[j + i];
> + for (i = 0; i < 5; i++)
> + st[j + i] ^= (~bc[(i + 1) % 5]) &
> + bc[(i + 2) % 5];
> +
