Commit ee55fe55 authored by Jason Cooper's avatar Jason Cooper Committed by Greg Kroah-Hartman

staging/skein: Remove Skein and Threefish code

It's been four years since this was added.  In the interim, skein has
not seen any mainstream adoption.  Same with the threefish block cipher
upon which it's based.

In the discussion over which hash algorithm will replace SHA1 in git,
it's not one of the contenders.

There's absolutely no reason to think that there is anything wrong with
Skein or Threefish.  The only reason for this removal is a lack of
adoption.

If a real user comes forward, I'd be happy to assist with integrating
this code into mainline.
Signed-off-by: default avatarJason Cooper <jason@lakedaemon.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7f5d8f71
...@@ -84,8 +84,6 @@ source "drivers/staging/dgnc/Kconfig" ...@@ -84,8 +84,6 @@ source "drivers/staging/dgnc/Kconfig"
source "drivers/staging/gs_fpgaboot/Kconfig" source "drivers/staging/gs_fpgaboot/Kconfig"
source "drivers/staging/skein/Kconfig"
source "drivers/staging/unisys/Kconfig" source "drivers/staging/unisys/Kconfig"
source "drivers/staging/clocking-wizard/Kconfig" source "drivers/staging/clocking-wizard/Kconfig"
......
...@@ -33,7 +33,6 @@ obj-$(CONFIG_GOLDFISH) += goldfish/ ...@@ -33,7 +33,6 @@ obj-$(CONFIG_GOLDFISH) += goldfish/
obj-$(CONFIG_DGNC) += dgnc/ obj-$(CONFIG_DGNC) += dgnc/
obj-$(CONFIG_MTD_SPINAND_MT29F) += mt29f_spinand/ obj-$(CONFIG_MTD_SPINAND_MT29F) += mt29f_spinand/
obj-$(CONFIG_GS_FPGABOOT) += gs_fpgaboot/ obj-$(CONFIG_GS_FPGABOOT) += gs_fpgaboot/
obj-$(CONFIG_CRYPTO_SKEIN) += skein/
obj-$(CONFIG_UNISYSSPAR) += unisys/ obj-$(CONFIG_UNISYSSPAR) += unisys/
obj-$(CONFIG_COMMON_CLK_XLNX_CLKWZRD) += clocking-wizard/ obj-$(CONFIG_COMMON_CLK_XLNX_CLKWZRD) += clocking-wizard/
obj-$(CONFIG_FB_TFT) += fbtft/ obj-$(CONFIG_FB_TFT) += fbtft/
......
config CRYPTO_SKEIN
tristate "Skein digest algorithm"
depends on (X86 || UML_X86) && 64BIT && CRYPTO
select CRYPTO_HASH
select CRYPTO_ALGAPI
help
Skein secure hash algorithm is one of 5 finalists from the NIST SHA3
competition.
Skein is optimized for modern, 64bit processors and is highly
customizable. See:
http://www.skein-hash.info/sites/default/files/skein1.3.pdf
for more information. This module also contains the threefish block
cipher algorithm.
# SPDX-License-Identifier: GPL-2.0
#
# Makefile for the skein secure hash algorithm
#
obj-$(CONFIG_CRYPTO_SKEIN) += skein.o
skein-y := skein_base.o \
skein_api.o \
skein_block.o \
threefish_block.o \
threefish_api.o \
skein_generic.o
skein/threefish TODO
- move macros into appropriate header files
- add / pass test vectors
- module support
Please send patches to Jason Cooper <jason@lakedaemon.net> in addition to the
staging tree mailinglist.
/*
* Copyright (c) 2010 Werner Dittmann
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use,
* copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#include <linux/string.h>
#include "skein_api.h"
int skein_ctx_prepare(struct skein_ctx *ctx, enum skein_size size)
{
skein_assert_ret(ctx && size, SKEIN_FAIL);
memset(ctx, 0, sizeof(struct skein_ctx));
ctx->skein_size = size;
return SKEIN_SUCCESS;
}
int skein_init(struct skein_ctx *ctx, size_t hash_bit_len)
{
int ret = SKEIN_FAIL;
size_t x_len = 0;
u64 *x = NULL;
u64 tree_info = SKEIN_CFG_TREE_INFO_SEQUENTIAL;
skein_assert_ret(ctx, SKEIN_FAIL);
/*
* The following two lines rely of the fact that the real Skein
* contexts are a union in out context and thus have tha maximum
* memory available. The beauty of C :-) .
*/
x = ctx->m.s256.x;
x_len = ctx->skein_size / 8;
/*
* If size is the same and hash bit length is zero then reuse
* the save chaining variables.
*/
switch (ctx->skein_size) {
case SKEIN_256:
ret = skein_256_init_ext(&ctx->m.s256, hash_bit_len,
tree_info, NULL, 0);
break;
case SKEIN_512:
ret = skein_512_init_ext(&ctx->m.s512, hash_bit_len,
tree_info, NULL, 0);
break;
case SKEIN_1024:
ret = skein_1024_init_ext(&ctx->m.s1024, hash_bit_len,
tree_info, NULL, 0);
break;
}
if (ret == SKEIN_SUCCESS) {
/*
* Save chaining variables for this combination of size and
* hash_bit_len
*/
memcpy(ctx->x_save, x, x_len);
}
return ret;
}
int skein_mac_init(struct skein_ctx *ctx, const u8 *key, size_t key_len,
size_t hash_bit_len)
{
int ret = SKEIN_FAIL;
u64 *x = NULL;
size_t x_len = 0;
u64 tree_info = SKEIN_CFG_TREE_INFO_SEQUENTIAL;
skein_assert_ret(ctx, SKEIN_FAIL);
x = ctx->m.s256.x;
x_len = ctx->skein_size / 8;
skein_assert_ret(hash_bit_len, SKEIN_BAD_HASHLEN);
switch (ctx->skein_size) {
case SKEIN_256:
ret = skein_256_init_ext(&ctx->m.s256, hash_bit_len,
tree_info, key, key_len);
break;
case SKEIN_512:
ret = skein_512_init_ext(&ctx->m.s512, hash_bit_len,
tree_info, key, key_len);
break;
case SKEIN_1024:
ret = skein_1024_init_ext(&ctx->m.s1024, hash_bit_len,
tree_info, key, key_len);
break;
}
if (ret == SKEIN_SUCCESS) {
/*
* Save chaining variables for this combination of key,
* key_len, hash_bit_len
*/
memcpy(ctx->x_save, x, x_len);
}
return ret;
}
void skein_reset(struct skein_ctx *ctx)
{
size_t x_len = 0;
u64 *x;
/*
* The following two lines rely of the fact that the real Skein
* contexts are a union in out context and thus have tha maximum
* memory available. The beautiy of C :-) .
*/
x = ctx->m.s256.x;
x_len = ctx->skein_size / 8;
/* Restore the chaing variable, reset byte counter */
memcpy(x, ctx->x_save, x_len);
/* Setup context to process the message */
skein_start_new_type(&ctx->m, MSG);
}
int skein_update(struct skein_ctx *ctx, const u8 *msg,
size_t msg_byte_cnt)
{
int ret = SKEIN_FAIL;
skein_assert_ret(ctx, SKEIN_FAIL);
switch (ctx->skein_size) {
case SKEIN_256:
ret = skein_256_update(&ctx->m.s256, msg, msg_byte_cnt);
break;
case SKEIN_512:
ret = skein_512_update(&ctx->m.s512, msg, msg_byte_cnt);
break;
case SKEIN_1024:
ret = skein_1024_update(&ctx->m.s1024, msg, msg_byte_cnt);
break;
}
return ret;
}
int skein_update_bits(struct skein_ctx *ctx, const u8 *msg,
size_t msg_bit_cnt)
{
/*
* I've used the bit pad implementation from skein_test.c (see NIST CD)
* and modified it to use the convenience functions and added some
* pointer arithmetic.
*/
size_t length;
u8 mask;
u8 *up;
/*
* only the final Update() call is allowed do partial bytes, else
* assert an error
*/
skein_assert_ret((ctx->m.h.T[1] & SKEIN_T1_FLAG_BIT_PAD) == 0 ||
msg_bit_cnt == 0, SKEIN_FAIL);
/* if number of bits is a multiple of bytes - that's easy */
if ((msg_bit_cnt & 0x7) == 0)
return skein_update(ctx, msg, msg_bit_cnt >> 3);
skein_update(ctx, msg, (msg_bit_cnt >> 3) + 1);
/*
* The next line rely on the fact that the real Skein contexts
* are a union in our context. After the addition the pointer points to
* Skein's real partial block buffer.
* If this layout ever changes we have to adapt this as well.
*/
up = (u8 *)ctx->m.s256.x + ctx->skein_size / 8;
/* set tweak flag for the skein_final call */
skein_set_bit_pad_flag(ctx->m.h);
/* now "pad" the final partial byte the way NIST likes */
/* get the b_cnt value (same location for all block sizes) */
length = ctx->m.h.b_cnt;
/* internal sanity check: there IS a partial byte in the buffer! */
skein_assert(length != 0);
/* partial byte bit mask */
mask = (u8)(1u << (7 - (msg_bit_cnt & 7)));
/* apply bit padding on final byte (in the buffer) */
up[length - 1] = (up[length - 1] & (0 - mask)) | mask;
return SKEIN_SUCCESS;
}
int skein_final(struct skein_ctx *ctx, u8 *hash)
{
int ret = SKEIN_FAIL;
skein_assert_ret(ctx, SKEIN_FAIL);
switch (ctx->skein_size) {
case SKEIN_256:
ret = skein_256_final(&ctx->m.s256, hash);
break;
case SKEIN_512:
ret = skein_512_final(&ctx->m.s512, hash);
break;
case SKEIN_1024:
ret = skein_1024_final(&ctx->m.s1024, hash);
break;
}
return ret;
}
/**
* Copyright (c) 2010 Werner Dittmann
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use,
* copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef SKEINAPI_H
#define SKEINAPI_H
/**
* @file skein_api.h
* @brief A Skein API and its functions.
* @{
*
* This API and the functions that implement this API simplify the usage
* of Skein. The design and the way to use the functions follow the openSSL
* design but at the same time take care of some Skein specific behaviour
* and possibilities.
*
* The functions enable applications to create a normal Skein hashes and
* message authentication codes (MAC).
*
* Using these functions is simple and straight forward:
*
* @code
*
* #include "skein_api.h"
*
* ...
* struct skein_ctx ctx; // a Skein hash or MAC context
*
* // prepare context, here for a Skein with a state size of 512 bits.
* skein_ctx_prepare(&ctx, SKEIN_512);
*
* // Initialize the context to set the requested hash length in bits
* // here request a output hash size of 31 bits (Skein supports variable
* // output sizes even very strange sizes)
* skein_init(&ctx, 31);
*
* // Now update Skein with any number of message bits. A function that
* // takes a number of bytes is also available.
* skein_update_bits(&ctx, message, msg_length);
*
* // Now get the result of the Skein hash. The output buffer must be
* // large enough to hold the request number of output bits. The application
* // may now extract the bits.
* skein_final(&ctx, result);
* ...
* @endcode
*
* An application may use @c skein_reset to reset a Skein context and use
* it for creation of another hash with the same Skein state size and output
* bit length. In this case the API implementation restores some internal
* internal state data and saves a full Skein initialization round.
*
* To create a MAC the application just uses @c skein_mac_init instead of
* @c skein_init. All other functions calls remain the same.
*
*/
#include <linux/types.h>
#include "skein_base.h"
/**
* Which Skein size to use
*/
enum skein_size {
SKEIN_256 = 256, /*!< Skein with 256 bit state */
SKEIN_512 = 512, /*!< Skein with 512 bit state */
SKEIN_1024 = 1024 /*!< Skein with 1024 bit state */
};
/**
* Context for Skein.
*
* This structure was setup with some know-how of the internal
* Skein structures, in particular ordering of header and size dependent
* variables. If Skein implementation changes this, then adapt these
* structures as well.
*/
struct skein_ctx {
u64 skein_size;
u64 x_save[SKEIN_MAX_STATE_WORDS]; /* save area for state variables */
union {
struct skein_ctx_hdr h;
struct skein_256_ctx s256;
struct skein_512_ctx s512;
struct skein_1024_ctx s1024;
} m;
};
/**
* Prepare a Skein context.
*
* An application must call this function before it can use the Skein
* context. The functions clears memory and initializes size dependent
* variables.
*
* @param ctx
* Pointer to a Skein context.
* @param size
* Which Skein size to use.
* @return
* SKEIN_SUCCESS of SKEIN_FAIL
*/
int skein_ctx_prepare(struct skein_ctx *ctx, enum skein_size size);
/**
* Initialize a Skein context.
*
* Initializes the context with this data and saves the resulting Skein
* state variables for further use.
*
* @param ctx
* Pointer to a Skein context.
* @param hash_bit_len
* Number of MAC hash bits to compute
* @return
* SKEIN_SUCCESS of SKEIN_FAIL
* @see skein_reset
*/
int skein_init(struct skein_ctx *ctx, size_t hash_bit_len);
/**
* Resets a Skein context for further use.
*
* Restores the saved chaining variables to reset the Skein context.
* Thus applications can reuse the same setup to process several
* messages. This saves a complete Skein initialization cycle.
*
* @param ctx
* Pointer to a pre-initialized Skein MAC context
*/
void skein_reset(struct skein_ctx *ctx);
/**
* Initializes a Skein context for MAC usage.
*
* Initializes the context with this data and saves the resulting Skein
* state variables for further use.
*
* Applications call the normal Skein functions to update the MAC and
* get the final result.
*
* @param ctx
* Pointer to an empty or preinitialized Skein MAC context
* @param key
* Pointer to key bytes or NULL
* @param key_len
* Length of the key in bytes or zero
* @param hash_bit_len
* Number of MAC hash bits to compute
* @return
* SKEIN_SUCCESS of SKEIN_FAIL
*/
int skein_mac_init(struct skein_ctx *ctx, const u8 *key, size_t key_len,
size_t hash_bit_len);
/**
* Update Skein with the next part of the message.
*
* @param ctx
* Pointer to initialized Skein context
* @param msg
* Pointer to the message.
* @param msg_byte_cnt
* Length of the message in @b bytes
* @return
* Success or error code.
*/
int skein_update(struct skein_ctx *ctx, const u8 *msg,
size_t msg_byte_cnt);
/**
* Update the hash with a message bit string.
*
* Skein can handle data not only as bytes but also as bit strings of
* arbitrary length (up to its maximum design size).
*
* @param ctx
* Pointer to initialized Skein context
* @param msg
* Pointer to the message.
* @param msg_bit_cnt
* Length of the message in @b bits.
*/
int skein_update_bits(struct skein_ctx *ctx, const u8 *msg,
size_t msg_bit_cnt);
/**
* Finalize Skein and return the hash.
*
* Before an application can reuse a Skein setup the application must
* reset the Skein context.
*
* @param ctx
* Pointer to initialized Skein context
* @param hash
* Pointer to buffer that receives the hash. The buffer must be large
* enough to store @c hash_bit_len bits.
* @return
* Success or error code.
* @see skein_reset
*/
int skein_final(struct skein_ctx *ctx, u8 *hash);
/**
* @}
*/
#endif
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
/*
* Cryptographic API.
*
* Skein256 Hash Algorithm.
*
* Derived from cryptoapi implementation, adapted for in-place
* scatterlist interface.
*
* Copyright (c) Eric Rost <eric.rost@mybabylon.net>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
*/
#include <linux/types.h>
#include <linux/init.h>
#include <linux/module.h>
#include <crypto/internal/hash.h>
#include "skein_base.h"
static int skein256_init(struct shash_desc *desc)
{
return skein_256_init((struct skein_256_ctx *)shash_desc_ctx(desc),
SKEIN256_DIGEST_BIT_SIZE);
}
static int skein256_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
return skein_256_update((struct skein_256_ctx *)shash_desc_ctx(desc),
data, len);
}
static int skein256_final(struct shash_desc *desc, u8 *out)
{
return skein_256_final((struct skein_256_ctx *)shash_desc_ctx(desc),
out);
}
static int skein256_export(struct shash_desc *desc, void *out)
{
struct skein_256_ctx *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int skein256_import(struct shash_desc *desc, const void *in)
{
struct skein_256_ctx *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static int skein512_init(struct shash_desc *desc)
{
return skein_512_init((struct skein_512_ctx *)shash_desc_ctx(desc),
SKEIN512_DIGEST_BIT_SIZE);
}
static int skein512_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
return skein_512_update((struct skein_512_ctx *)shash_desc_ctx(desc),
data, len);
}
static int skein512_final(struct shash_desc *desc, u8 *out)
{
return skein_512_final((struct skein_512_ctx *)shash_desc_ctx(desc),
out);
}
static int skein512_export(struct shash_desc *desc, void *out)
{
struct skein_512_ctx *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int skein512_import(struct shash_desc *desc, const void *in)
{
struct skein_512_ctx *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static int skein1024_init(struct shash_desc *desc)
{
return skein_1024_init((struct skein_1024_ctx *)shash_desc_ctx(desc),
SKEIN1024_DIGEST_BIT_SIZE);
}
static int skein1024_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
return skein_1024_update((struct skein_1024_ctx *)shash_desc_ctx(desc),
data, len);
}
static int skein1024_final(struct shash_desc *desc, u8 *out)
{
return skein_1024_final((struct skein_1024_ctx *)shash_desc_ctx(desc),
out);
}
static int skein1024_export(struct shash_desc *desc, void *out)
{
struct skein_1024_ctx *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int skein1024_import(struct shash_desc *desc, const void *in)
{
struct skein_1024_ctx *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static struct shash_alg alg256 = {
.digestsize = (SKEIN256_DIGEST_BIT_SIZE / 8),
.init = skein256_init,
.update = skein256_update,
.final = skein256_final,
.export = skein256_export,
.import = skein256_import,
.descsize = sizeof(struct skein_256_ctx),
.statesize = sizeof(struct skein_256_ctx),
.base = {
.cra_name = "skein256",
.cra_driver_name = "skein",
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
.cra_blocksize = SKEIN_256_BLOCK_BYTES,
.cra_module = THIS_MODULE,
}
};
static struct shash_alg alg512 = {
.digestsize = (SKEIN512_DIGEST_BIT_SIZE / 8),
.init = skein512_init,
.update = skein512_update,
.final = skein512_final,
.export = skein512_export,
.import = skein512_import,
.descsize = sizeof(struct skein_512_ctx),
.statesize = sizeof(struct skein_512_ctx),
.base = {
.cra_name = "skein512",
.cra_driver_name = "skein",
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
.cra_blocksize = SKEIN_512_BLOCK_BYTES,
.cra_module = THIS_MODULE,
}
};
static struct shash_alg alg1024 = {
.digestsize = (SKEIN1024_DIGEST_BIT_SIZE / 8),
.init = skein1024_init,
.update = skein1024_update,
.final = skein1024_final,
.export = skein1024_export,
.import = skein1024_import,
.descsize = sizeof(struct skein_1024_ctx),
.statesize = sizeof(struct skein_1024_ctx),
.base = {
.cra_name = "skein1024",
.cra_driver_name = "skein",
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
.cra_blocksize = SKEIN_1024_BLOCK_BYTES,
.cra_module = THIS_MODULE,
}
};
static int __init skein_generic_init(void)
{
if (crypto_register_shash(&alg256))
goto out;
if (crypto_register_shash(&alg512))
goto unreg256;
if (crypto_register_shash(&alg1024))
goto unreg512;
return 0;
unreg512:
crypto_unregister_shash(&alg512);
unreg256:
crypto_unregister_shash(&alg256);
out:
return -1;
}
static void __exit skein_generic_fini(void)
{
crypto_unregister_shash(&alg256);
crypto_unregister_shash(&alg512);
crypto_unregister_shash(&alg1024);
}
module_init(skein_generic_init);
module_exit(skein_generic_fini);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Skein Hash Algorithm");
MODULE_ALIAS("skein");
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _SKEIN_IV_H_
#define _SKEIN_IV_H_
#include "skein_base.h" /* get Skein macros and types */
/*
**************** Pre-computed Skein IVs *******************
*
* NOTE: these values are not "magic" constants, but
* are generated using the Threefish block function.
* They are pre-computed here only for speed; i.e., to
* avoid the need for a Threefish call during Init().
*
* The IV for any fixed hash length may be pre-computed.
* Only the most common values are included here.
*
***********************************************************
*/
#define MK_64 SKEIN_MK_64
/* blkSize = 256 bits. hashSize = 128 bits */
static const u64 SKEIN_256_IV_128[] = {
MK_64(0xE1111906, 0x964D7260),
MK_64(0x883DAAA7, 0x7C8D811C),
MK_64(0x10080DF4, 0x91960F7A),
MK_64(0xCCF7DDE5, 0xB45BC1C2)
};
/* blkSize = 256 bits. hashSize = 160 bits */
static const u64 SKEIN_256_IV_160[] = {
MK_64(0x14202314, 0x72825E98),
MK_64(0x2AC4E9A2, 0x5A77E590),
MK_64(0xD47A5856, 0x8838D63E),
MK_64(0x2DD2E496, 0x8586AB7D)
};
/* blkSize = 256 bits. hashSize = 224 bits */
static const u64 SKEIN_256_IV_224[] = {
MK_64(0xC6098A8C, 0x9AE5EA0B),
MK_64(0x876D5686, 0x08C5191C),
MK_64(0x99CB88D7, 0xD7F53884),
MK_64(0x384BDDB1, 0xAEDDB5DE)
};
/* blkSize = 256 bits. hashSize = 256 bits */
static const u64 SKEIN_256_IV_256[] = {
MK_64(0xFC9DA860, 0xD048B449),
MK_64(0x2FCA6647, 0x9FA7D833),
MK_64(0xB33BC389, 0x6656840F),
MK_64(0x6A54E920, 0xFDE8DA69)
};
/* blkSize = 512 bits. hashSize = 128 bits */
static const u64 SKEIN_512_IV_128[] = {
MK_64(0xA8BC7BF3, 0x6FBF9F52),
MK_64(0x1E9872CE, 0xBD1AF0AA),
MK_64(0x309B1790, 0xB32190D3),
MK_64(0xBCFBB854, 0x3F94805C),
MK_64(0x0DA61BCD, 0x6E31B11B),
MK_64(0x1A18EBEA, 0xD46A32E3),
MK_64(0xA2CC5B18, 0xCE84AA82),
MK_64(0x6982AB28, 0x9D46982D)
};
/* blkSize = 512 bits. hashSize = 160 bits */
static const u64 SKEIN_512_IV_160[] = {
MK_64(0x28B81A2A, 0xE013BD91),
MK_64(0xC2F11668, 0xB5BDF78F),
MK_64(0x1760D8F3, 0xF6A56F12),
MK_64(0x4FB74758, 0x8239904F),
MK_64(0x21EDE07F, 0x7EAF5056),
MK_64(0xD908922E, 0x63ED70B8),
MK_64(0xB8EC76FF, 0xECCB52FA),
MK_64(0x01A47BB8, 0xA3F27A6E)
};
/* blkSize = 512 bits. hashSize = 224 bits */
static const u64 SKEIN_512_IV_224[] = {
MK_64(0xCCD06162, 0x48677224),
MK_64(0xCBA65CF3, 0xA92339EF),
MK_64(0x8CCD69D6, 0x52FF4B64),
MK_64(0x398AED7B, 0x3AB890B4),
MK_64(0x0F59D1B1, 0x457D2BD0),
MK_64(0x6776FE65, 0x75D4EB3D),
MK_64(0x99FBC70E, 0x997413E9),
MK_64(0x9E2CFCCF, 0xE1C41EF7)
};
/* blkSize = 512 bits. hashSize = 256 bits */
static const u64 SKEIN_512_IV_256[] = {
MK_64(0xCCD044A1, 0x2FDB3E13),
MK_64(0xE8359030, 0x1A79A9EB),
MK_64(0x55AEA061, 0x4F816E6F),
MK_64(0x2A2767A4, 0xAE9B94DB),
MK_64(0xEC06025E, 0x74DD7683),
MK_64(0xE7A436CD, 0xC4746251),
MK_64(0xC36FBAF9, 0x393AD185),
MK_64(0x3EEDBA18, 0x33EDFC13)
};
/* blkSize = 512 bits. hashSize = 384 bits */
static const u64 SKEIN_512_IV_384[] = {
MK_64(0xA3F6C6BF, 0x3A75EF5F),
MK_64(0xB0FEF9CC, 0xFD84FAA4),
MK_64(0x9D77DD66, 0x3D770CFE),
MK_64(0xD798CBF3, 0xB468FDDA),
MK_64(0x1BC4A666, 0x8A0E4465),
MK_64(0x7ED7D434, 0xE5807407),
MK_64(0x548FC1AC, 0xD4EC44D6),
MK_64(0x266E1754, 0x6AA18FF8)
};
/* blkSize = 512 bits. hashSize = 512 bits */
static const u64 SKEIN_512_IV_512[] = {
MK_64(0x4903ADFF, 0x749C51CE),
MK_64(0x0D95DE39, 0x9746DF03),
MK_64(0x8FD19341, 0x27C79BCE),
MK_64(0x9A255629, 0xFF352CB1),
MK_64(0x5DB62599, 0xDF6CA7B0),
MK_64(0xEABE394C, 0xA9D5C3F4),
MK_64(0x991112C7, 0x1A75B523),
MK_64(0xAE18A40B, 0x660FCC33)
};
/* blkSize = 1024 bits. hashSize = 384 bits */
static const u64 SKEIN_1024_IV_384[] = {
MK_64(0x5102B6B8, 0xC1894A35),
MK_64(0xFEEBC9E3, 0xFE8AF11A),
MK_64(0x0C807F06, 0xE32BED71),
MK_64(0x60C13A52, 0xB41A91F6),
MK_64(0x9716D35D, 0xD4917C38),
MK_64(0xE780DF12, 0x6FD31D3A),
MK_64(0x797846B6, 0xC898303A),
MK_64(0xB172C2A8, 0xB3572A3B),
MK_64(0xC9BC8203, 0xA6104A6C),
MK_64(0x65909338, 0xD75624F4),
MK_64(0x94BCC568, 0x4B3F81A0),
MK_64(0x3EBBF51E, 0x10ECFD46),
MK_64(0x2DF50F0B, 0xEEB08542),
MK_64(0x3B5A6530, 0x0DBC6516),
MK_64(0x484B9CD2, 0x167BBCE1),
MK_64(0x2D136947, 0xD4CBAFEA)
};
/* blkSize = 1024 bits. hashSize = 512 bits */
static const u64 SKEIN_1024_IV_512[] = {
MK_64(0xCAEC0E5D, 0x7C1B1B18),
MK_64(0xA01B0E04, 0x5F03E802),
MK_64(0x33840451, 0xED912885),
MK_64(0x374AFB04, 0xEAEC2E1C),
MK_64(0xDF25A0E2, 0x813581F7),
MK_64(0xE4004093, 0x8B12F9D2),
MK_64(0xA662D539, 0xC2ED39B6),
MK_64(0xFA8B85CF, 0x45D8C75A),
MK_64(0x8316ED8E, 0x29EDE796),
MK_64(0x053289C0, 0x2E9F91B8),
MK_64(0xC3F8EF1D, 0x6D518B73),
MK_64(0xBDCEC3C4, 0xD5EF332E),
MK_64(0x549A7E52, 0x22974487),
MK_64(0x67070872, 0x5B749816),
MK_64(0xB9CD28FB, 0xF0581BD1),
MK_64(0x0E2940B8, 0x15804974)
};
/* blkSize = 1024 bits. hashSize = 1024 bits */
static const u64 SKEIN_1024_IV_1024[] = {
MK_64(0xD593DA07, 0x41E72355),
MK_64(0x15B5E511, 0xAC73E00C),
MK_64(0x5180E5AE, 0xBAF2C4F0),
MK_64(0x03BD41D3, 0xFCBCAFAF),
MK_64(0x1CAEC6FD, 0x1983A898),
MK_64(0x6E510B8B, 0xCDD0589F),
MK_64(0x77E2BDFD, 0xC6394ADA),
MK_64(0xC11E1DB5, 0x24DCB0A3),
MK_64(0xD6D14AF9, 0xC6329AB5),
MK_64(0x6A9B0BFC, 0x6EB67E0D),
MK_64(0x9243C60D, 0xCCFF1332),
MK_64(0x1A1F1DDE, 0x743F02D4),
MK_64(0x0996753C, 0x10ED0BB8),
MK_64(0x6572DD22, 0xF2B4969A),
MK_64(0x61FD3062, 0xD00A579A),
MK_64(0x1DE0536E, 0x8682E539)
};
#endif /* _SKEIN_IV_H_ */
// SPDX-License-Identifier: GPL-2.0
#include <linux/string.h>
#include "threefish_api.h"
void threefish_set_key(struct threefish_key *key_ctx,
enum threefish_size state_size,
u64 *key_data, u64 *tweak)
{
int key_words = state_size / 64;
int i;
u64 parity = KEY_SCHEDULE_CONST;
key_ctx->tweak[0] = tweak[0];
key_ctx->tweak[1] = tweak[1];
key_ctx->tweak[2] = tweak[0] ^ tweak[1];
for (i = 0; i < key_words; i++) {
key_ctx->key[i] = key_data[i];
parity ^= key_data[i];
}
key_ctx->key[i] = parity;
key_ctx->state_size = state_size;
}
void threefish_encrypt_block_bytes(struct threefish_key *key_ctx, u8 *in,
u8 *out)
{
u64 plain[SKEIN_MAX_STATE_WORDS]; /* max number of words*/
u64 cipher[SKEIN_MAX_STATE_WORDS];
skein_get64_lsb_first(plain, in, key_ctx->state_size / 64);
threefish_encrypt_block_words(key_ctx, plain, cipher);
skein_put64_lsb_first(out, cipher, key_ctx->state_size / 8);
}
void threefish_encrypt_block_words(struct threefish_key *key_ctx, u64 *in,
u64 *out)
{
switch (key_ctx->state_size) {
case THREEFISH_256:
threefish_encrypt_256(key_ctx, in, out);
break;
case THREEFISH_512:
threefish_encrypt_512(key_ctx, in, out);
break;
case THREEFISH_1024:
threefish_encrypt_1024(key_ctx, in, out);
break;
}
}
void threefish_decrypt_block_bytes(struct threefish_key *key_ctx, u8 *in,
u8 *out)
{
u64 plain[SKEIN_MAX_STATE_WORDS]; /* max number of words*/
u64 cipher[SKEIN_MAX_STATE_WORDS];
skein_get64_lsb_first(cipher, in, key_ctx->state_size / 64);
threefish_decrypt_block_words(key_ctx, cipher, plain);
skein_put64_lsb_first(out, plain, key_ctx->state_size / 8);
}
void threefish_decrypt_block_words(struct threefish_key *key_ctx, u64 *in,
u64 *out)
{
switch (key_ctx->state_size) {
case THREEFISH_256:
threefish_decrypt_256(key_ctx, in, out);
break;
case THREEFISH_512:
threefish_decrypt_512(key_ctx, in, out);
break;
case THREEFISH_1024:
threefish_decrypt_1024(key_ctx, in, out);
break;
}
}
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef THREEFISHAPI_H
#define THREEFISHAPI_H
/**
* @file threefish_api.h
* @brief A Threefish cipher API and its functions.
* @{
*
* This API and the functions that implement this API simplify the usage
* of the Threefish cipher. The design and the way to use the functions
* follow the openSSL design but at the same time take care of some Threefish
* specific behaviour and possibilities.
*
* These are the low level functions that deal with Threefish blocks only.
* Implementations for cipher modes such as ECB, CFB, or CBC may use these
* functions.
*
@code
// Threefish cipher context data
struct threefish_key key_ctx;
// Initialize the context
threefish_set_key(&key_ctx, THREEFISH_512, key, tweak);
// Encrypt
threefish_encrypt_block_bytes(&key_ctx, input, cipher);
@endcode
*/
#include <linux/types.h>
#include "skein_base.h"
#define KEY_SCHEDULE_CONST 0x1BD11BDAA9FC1A22L
/**
* Which Threefish size to use
*/
enum threefish_size {
THREEFISH_256 = 256, /*!< Skein with 256 bit state */
THREEFISH_512 = 512, /*!< Skein with 512 bit state */
THREEFISH_1024 = 1024 /*!< Skein with 1024 bit state */
};
/**
* Context for Threefish key and tweak words.
*
* This structure was setup with some know-how of the internal
* Skein structures, in particular ordering of header and size dependent
* variables. If Skein implementation changes this, the adapt these
* structures as well.
*/
struct threefish_key {
u64 state_size;
u64 key[SKEIN_MAX_STATE_WORDS + 1]; /* max number of key words*/
u64 tweak[3];
};
/**
* Set Threefish key and tweak data.
*
* This function sets the key and tweak data for the Threefish cipher of
* the given size. The key data must have the same length (number of bits)
* as the state size
*
* @param key_ctx
* Pointer to a Threefish key structure.
* @param size
* Which Skein size to use.
* @param key_data
* Pointer to the key words (word has 64 bits).
* @param tweak
* Pointer to the two tweak words (word has 64 bits).
*/
void threefish_set_key(struct threefish_key *key_ctx,
enum threefish_size state_size,
u64 *key_data, u64 *tweak);
/**
* Encrypt Threefish block (bytes).
*
* The buffer must have at least the same length (number of bits) as the
* state size for this key. The function uses the first @c state_size bits
* of the input buffer, encrypts them and stores the result in the output
* buffer.
*
* @param key_ctx
* Pointer to a Threefish key structure.
* @param in
* Poionter to plaintext data buffer.
* @param out
* Pointer to cipher buffer.
*/
void threefish_encrypt_block_bytes(struct threefish_key *key_ctx, u8 *in,
u8 *out);
/**
* Encrypt Threefish block (words).
*
* The buffer must have at least the same length (number of bits) as the
* state size for this key. The function uses the first @c state_size bits
* of the input buffer, encrypts them and stores the result in the output
* buffer.
*
* The wordsize ist set to 64 bits.
*
* @param key_ctx
* Pointer to a Threefish key structure.
* @param in
* Poionter to plaintext data buffer.
* @param out
* Pointer to cipher buffer.
*/
void threefish_encrypt_block_words(struct threefish_key *key_ctx, u64 *in,
u64 *out);
/**
* Decrypt Threefish block (bytes).
*
* The buffer must have at least the same length (number of bits) as the
* state size for this key. The function uses the first @c state_size bits
* of the input buffer, decrypts them and stores the result in the output
* buffer
*
* @param key_ctx
* Pointer to a Threefish key structure.
* @param in
* Poionter to cipher data buffer.
* @param out
* Pointer to plaintext buffer.
*/
void threefish_decrypt_block_bytes(struct threefish_key *key_ctx, u8 *in,
u8 *out);
/**
* Decrypt Threefish block (words).
*
* The buffer must have at least the same length (number of bits) as the
* state size for this key. The function uses the first @c state_size bits
* of the input buffer, encrypts them and stores the result in the output
* buffer.
*
* The wordsize ist set to 64 bits.
*
* @param key_ctx
* Pointer to a Threefish key structure.
* @param in
* Poionter to cipher data buffer.
* @param out
* Pointer to plaintext buffer.
*/
void threefish_decrypt_block_words(struct threefish_key *key_ctx, u64 *in,
u64 *out);
void threefish_encrypt_256(struct threefish_key *key_ctx, u64 *input,
u64 *output);
void threefish_encrypt_512(struct threefish_key *key_ctx, u64 *input,
u64 *output);
void threefish_encrypt_1024(struct threefish_key *key_ctx, u64 *input,
u64 *output);
void threefish_decrypt_256(struct threefish_key *key_ctx, u64 *input,
u64 *output);
void threefish_decrypt_512(struct threefish_key *key_ctx, u64 *input,
u64 *output);
void threefish_decrypt_1024(struct threefish_key *key_ctx, u64 *input,
u64 *output);
/**
* @}
*/
#endif
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment