Hi,
Le 14/01/2018 à 17:41, Ard Biesheuvel a écrit :
Ensure that the input is byte swabbed before injecting it into the
Nitpick : s/swabbed/swapped/
SHA3 transform. Use the get_unaligned() accessor for this so that
we don't perform unaligned access inadvertently on architectures
that do not
On Sun, Jan 14, 2018 at 10:40:36PM +0100, Arnd Bergmann wrote:
> Right. I've done some more investigation anyway, starting over with the
> analysis of the gcc options that change it. I've found now that turning
> off '-fcode-hoisting' but leaving on the other options I had suspected
> earlier (-O2
On Fri, Jan 12, 2018 at 11:10 PM, Segher Boessenkool
wrote:
> On Fri, Jan 12, 2018 at 10:45:31PM +0100, Arnd Bergmann wrote:
>> > I guess you could enable the _x routines whenever you use ubsan? Ubsan
>> > will cause much bigger code growth than the handful of insns
tree:
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
head: 9555003a3373b0cb7ca753779115f1d6f96fcab1
commit: 148b974deea927f5dbb6c468af2707b488bfa2de [130/135] crypto: aes-generic
- build with -Os on gcc-7+
config: powerpc-ppc6xx_defconfig (attached as
Ensure that the input is byte swabbed before injecting it into the
SHA3 transform. Use the get_unaligned() accessor for this so that
we don't perform unaligned access inadvertently on architectures
that do not support that.
Signed-off-by: Ard Biesheuvel
---
All current SHA3 test cases are smaller than the SHA3 block size, which
means not all code paths are being exercised. So add a new test case to
each variant, and make one of the existing test cases chunked.
Signed-off-by: Ard Biesheuvel
---
crypto/testmgr.h | 550
Add an implementation of SHA3 to arm64 using the new special instructions,
and another one using scalar instructions but coded in assembler (#2)
In preparation of that, fix a bug in the SHA3 (#1) and add some new test
vectors to get better test coverage (#3).
v2: Drop generic SHA3 as a fallback
Implement the various flavours of SHA3 using scalar instructions, and
using the new optional EOR3/RAX1/XAR/BCAX instructions introduced by
ARMv8.2.
Note that the scalar asm version is *much* faster than the C based
generic implementation: the SHA3 state matrix already occupies 25
registers,