[thirdparty/kernel/stable.git] / crypto / sha3_generic.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Cryptographic API.
 *
 * SHA-3, as specified in
 * http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 *
 * SHA-3 code by Jeff Garzik <jeff@garzik.org>
 *               Ard Biesheuvel <ard.biesheuvel@linaro.org>
 */
#include <crypto/internal/hash.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/types.h>
#include <crypto/sha3.h>
#include <asm/unaligned.h>

/*
 * On some 32-bit architectures (h8300), GCC ends up using
 * over 1 KB of stack if we inline the round calculation into the loop
 * in keccakf(). On the other hand, on 64-bit architectures with plenty
 * of [64-bit wide] general purpose registers, not inlining it severely
 * hurts performance. So let's use 64-bitness as a heuristic to decide
 * whether to inline or not.
 */
#ifdef CONFIG_64BIT
#define SHA3_INLINE	inline
#else
#define SHA3_INLINE	noinline
#endif

#define KECCAK_ROUNDS 24

static const u64 keccakf_rndc[24] = {
	0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL,
	0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL,
	0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL,
	0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
	0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL,
	0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL,
	0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL,
	0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
};

/* update the state with given number of rounds */

static SHA3_INLINE void keccakf_round(u64 st[25])
{
	u64 t[5], tt, bc[5];

	/* Theta */
	bc[0] = st[0] ^ st[5] ^ st[10] ^ st[15] ^ st[20];
	bc[1] = st[1] ^ st[6] ^ st[11] ^ st[16] ^ st[21];
	bc[2] = st[2] ^ st[7] ^ st[12] ^ st[17] ^ st[22];
	bc[3] = st[3] ^ st[8] ^ st[13] ^ st[18] ^ st[23];
	bc[4] = st[4] ^ st[9] ^ st[14] ^ st[19] ^ st[24];

	t[0] = bc[4] ^ rol64(bc[1], 1);
	t[1] = bc[0] ^ rol64(bc[2], 1);
	t[2] = bc[1] ^ rol64(bc[3], 1);
	t[3] = bc[2] ^ rol64(bc[4], 1);
	t[4] = bc[3] ^ rol64(bc[0], 1);

	st[0] ^= t[0];

	/* Rho Pi */
	tt = st[1];
	st[ 1] = rol64(st[ 6] ^ t[1], 44);
	st[ 6] = rol64(st[ 9] ^ t[4], 20);
	st[ 9] = rol64(st[22] ^ t[2], 61);
	st[22] = rol64(st[14] ^ t[4], 39);
	st[14] = rol64(st[20] ^ t[0], 18);
	st[20] = rol64(st[ 2] ^ t[2], 62);
	st[ 2] = rol64(st[12] ^ t[2], 43);
	st[12] = rol64(st[13] ^ t[3], 25);
	st[13] = rol64(st[19] ^ t[4],  8);
	st[19] = rol64(st[23] ^ t[3], 56);
	st[23] = rol64(st[15] ^ t[0], 41);
	st[15] = rol64(st[ 4] ^ t[4], 27);
	st[ 4] = rol64(st[24] ^ t[4], 14);
	st[24] = rol64(st[21] ^ t[1],  2);
	st[21] = rol64(st[ 8] ^ t[3], 55);
	st[ 8] = rol64(st[16] ^ t[1], 45);
	st[16] = rol64(st[ 5] ^ t[0], 36);
	st[ 5] = rol64(st[ 3] ^ t[3], 28);
	st[ 3] = rol64(st[18] ^ t[3], 21);
	st[18] = rol64(st[17] ^ t[2], 15);
	st[17] = rol64(st[11] ^ t[1], 10);
	st[11] = rol64(st[ 7] ^ t[2],  6);
	st[ 7] = rol64(st[10] ^ t[0],  3);
	st[10] = rol64(    tt ^ t[1],  1);

	/* Chi */
	bc[ 0] = ~st[ 1] & st[ 2];
	bc[ 1] = ~st[ 2] & st[ 3];
	bc[ 2] = ~st[ 3] & st[ 4];
	bc[ 3] = ~st[ 4] & st[ 0];
	bc[ 4] = ~st[ 0] & st[ 1];
	st[ 0] ^= bc[ 0];
	st[ 1] ^= bc[ 1];
	st[ 2] ^= bc[ 2];
	st[ 3] ^= bc[ 3];
	st[ 4] ^= bc[ 4];

	bc[ 0] = ~st[ 6] & st[ 7];
	bc[ 1] = ~st[ 7] & st[ 8];
	bc[ 2] = ~st[ 8] & st[ 9];
	bc[ 3] = ~st[ 9] & st[ 5];
	bc[ 4] = ~st[ 5] & st[ 6];
	st[ 5] ^= bc[ 0];
	st[ 6] ^= bc[ 1];
	st[ 7] ^= bc[ 2];
	st[ 8] ^= bc[ 3];
	st[ 9] ^= bc[ 4];

	bc[ 0] = ~st[11] & st[12];
	bc[ 1] = ~st[12] & st[13];
	bc[ 2] = ~st[13] & st[14];
	bc[ 3] = ~st[14] & st[10];
	bc[ 4] = ~st[10] & st[11];
	st[10] ^= bc[ 0];
	st[11] ^= bc[ 1];
	st[12] ^= bc[ 2];
	st[13] ^= bc[ 3];
	st[14] ^= bc[ 4];

	bc[ 0] = ~st[16] & st[17];
	bc[ 1] = ~st[17] & st[18];
	bc[ 2] = ~st[18] & st[19];
	bc[ 3] = ~st[19] & st[15];
	bc[ 4] = ~st[15] & st[16];
	st[15] ^= bc[ 0];
	st[16] ^= bc[ 1];
	st[17] ^= bc[ 2];
	st[18] ^= bc[ 3];
	st[19] ^= bc[ 4];

	bc[ 0] = ~st[21] & st[22];
	bc[ 1] = ~st[22] & st[23];
	bc[ 2] = ~st[23] & st[24];
	bc[ 3] = ~st[24] & st[20];
	bc[ 4] = ~st[20] & st[21];
	st[20] ^= bc[ 0];
	st[21] ^= bc[ 1];
	st[22] ^= bc[ 2];
	st[23] ^= bc[ 3];
	st[24] ^= bc[ 4];
}

static void keccakf(u64 st[25])
{
	int round;

	for (round = 0; round < KECCAK_ROUNDS; round++) {
		keccakf_round(st);
		/* Iota */
		st[0] ^= keccakf_rndc[round];
	}
}

int crypto_sha3_init(struct shash_desc *desc)
{
	struct sha3_state *sctx = shash_desc_ctx(desc);
	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);

	sctx->rsiz = 200 - 2 * digest_size;
	sctx->rsizw = sctx->rsiz / 8;
	sctx->partial = 0;

	memset(sctx->st, 0, sizeof(sctx->st));
	return 0;
}
EXPORT_SYMBOL(crypto_sha3_init);

int crypto_sha3_update(struct shash_desc *desc, const u8 *data,
		       unsigned int len)
{
	struct sha3_state *sctx = shash_desc_ctx(desc);
	unsigned int done;
	const u8 *src;

	done = 0;
	src = data;

	if ((sctx->partial + len) > (sctx->rsiz - 1)) {
		if (sctx->partial) {
			done = -sctx->partial;
			memcpy(sctx->buf + sctx->partial, data,
			       done + sctx->rsiz);
			src = sctx->buf;
		}

		do {
			unsigned int i;

			for (i = 0; i < sctx->rsizw; i++)
				sctx->st[i] ^= get_unaligned_le64(src + 8 * i);
			keccakf(sctx->st);

			done += sctx->rsiz;
			src = data + done;
		} while (done + (sctx->rsiz - 1) < len);

		sctx->partial = 0;
	}
	memcpy(sctx->buf + sctx->partial, src, len - done);
	sctx->partial += (len - done);

	return 0;
}
EXPORT_SYMBOL(crypto_sha3_update);

int crypto_sha3_final(struct shash_desc *desc, u8 *out)
{
	struct sha3_state *sctx = shash_desc_ctx(desc);
	unsigned int i, inlen = sctx->partial;
	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
	__le64 *digest = (__le64 *)out;

	sctx->buf[inlen++] = 0x06;
	memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
	sctx->buf[sctx->rsiz - 1] |= 0x80;

	for (i = 0; i < sctx->rsizw; i++)
		sctx->st[i] ^= get_unaligned_le64(sctx->buf + 8 * i);

	keccakf(sctx->st);

	for (i = 0; i < digest_size / 8; i++)
		put_unaligned_le64(sctx->st[i], digest++);

	if (digest_size & 4)
		put_unaligned_le32(sctx->st[i], (__le32 *)digest);

	memset(sctx, 0, sizeof(*sctx));
	return 0;
}
EXPORT_SYMBOL(crypto_sha3_final);

static struct shash_alg algs[] = { {
	.digestsize		= SHA3_224_DIGEST_SIZE,
	.init			= crypto_sha3_init,
	.update			= crypto_sha3_update,
	.final			= crypto_sha3_final,
	.descsize		= sizeof(struct sha3_state),
	.base.cra_name		= "sha3-224",
	.base.cra_driver_name	= "sha3-224-generic",
	.base.cra_blocksize	= SHA3_224_BLOCK_SIZE,
	.base.cra_module	= THIS_MODULE,
}, {
	.digestsize		= SHA3_256_DIGEST_SIZE,
	.init			= crypto_sha3_init,
	.update			= crypto_sha3_update,
	.final			= crypto_sha3_final,
	.descsize		= sizeof(struct sha3_state),
	.base.cra_name		= "sha3-256",
	.base.cra_driver_name	= "sha3-256-generic",
	.base.cra_blocksize	= SHA3_256_BLOCK_SIZE,
	.base.cra_module	= THIS_MODULE,
}, {
	.digestsize		= SHA3_384_DIGEST_SIZE,
	.init			= crypto_sha3_init,
	.update			= crypto_sha3_update,
	.final			= crypto_sha3_final,
	.descsize		= sizeof(struct sha3_state),
	.base.cra_name		= "sha3-384",
	.base.cra_driver_name	= "sha3-384-generic",
	.base.cra_blocksize	= SHA3_384_BLOCK_SIZE,
	.base.cra_module	= THIS_MODULE,
}, {
	.digestsize		= SHA3_512_DIGEST_SIZE,
	.init			= crypto_sha3_init,
	.update			= crypto_sha3_update,
	.final			= crypto_sha3_final,
	.descsize		= sizeof(struct sha3_state),
	.base.cra_name		= "sha3-512",
	.base.cra_driver_name	= "sha3-512-generic",
	.base.cra_blocksize	= SHA3_512_BLOCK_SIZE,
	.base.cra_module	= THIS_MODULE,
} };

static int __init sha3_generic_mod_init(void)
{
	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}

static void __exit sha3_generic_mod_fini(void)
{
	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}

subsys_initcall(sha3_generic_mod_init);
module_exit(sha3_generic_mod_fini);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");

MODULE_ALIAS_CRYPTO("sha3-224");
MODULE_ALIAS_CRYPTO("sha3-224-generic");
MODULE_ALIAS_CRYPTO("sha3-256");
MODULE_ALIAS_CRYPTO("sha3-256-generic");
MODULE_ALIAS_CRYPTO("sha3-384");
MODULE_ALIAS_CRYPTO("sha3-384-generic");
MODULE_ALIAS_CRYPTO("sha3-512");
MODULE_ALIAS_CRYPTO("sha3-512-generic");
Commit	Line	Data
2874c5fd	1	// SPDX-License-Identifier: GPL-2.0-or-later
53964b9e JG	2	/*
	3	* Cryptographic API.
	4	*
	5	* SHA-3, as specified in
	6	* http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
	7	*
	8	* SHA-3 code by Jeff Garzik <jeff@garzik.org>
83dee2ce	9	* Ard Biesheuvel <ard.biesheuvel@linaro.org>
53964b9e JG	10	*/
	11	#include <crypto/internal/hash.h>
	12	#include <linux/init.h>
	13	#include <linux/module.h>
	14	#include <linux/types.h>
	15	#include <crypto/sha3.h>
c013cee9	16	#include <asm/unaligned.h>
53964b9e	17
4767b9ad	18	/*
739d875d	19	* On some 32-bit architectures (h8300), GCC ends up using
4767b9ad AB	20	* over 1 KB of stack if we inline the round calculation into the loop
	21	* in keccakf(). On the other hand, on 64-bit architectures with plenty
	22	* of [64-bit wide] general purpose registers, not inlining it severely
	23	* hurts performance. So let's use 64-bitness as a heuristic to decide
	24	* whether to inline or not.
	25	*/
	26	#ifdef CONFIG_64BIT
	27	#define SHA3_INLINE inline
	28	#else
	29	#define SHA3_INLINE noinline
	30	#endif
	31
53964b9e JG	32	#define KECCAK_ROUNDS 24
53964b9e JG	33
53964b9e	34	static const u64 keccakf_rndc[24] = {
f743e70e GU	35	0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL,
	36	0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL,
	37	0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL,
	38	0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL,
	39	0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL,
	40	0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL,
	41	0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL,
	42	0x8000000000008080ULL, 0x0000000080000001ULL, 0x8000000080008008ULL
53964b9e JG	43	};
53964b9e JG	44
53964b9e JG	45	/* update the state with given number of rounds */
53964b9e JG	46
4767b9ad	47	static SHA3_INLINE void keccakf_round(u64 st[25])
53964b9e	48	{
83dee2ce	49	u64 t[5], tt, bc[5];
53964b9e	50
4767b9ad AB	51	/* Theta */
	52	bc[0] = st[0] ^ st[5] ^ st[10] ^ st[15] ^ st[20];
	53	bc[1] = st[1] ^ st[6] ^ st[11] ^ st[16] ^ st[21];
	54	bc[2] = st[2] ^ st[7] ^ st[12] ^ st[17] ^ st[22];
	55	bc[3] = st[3] ^ st[8] ^ st[13] ^ st[18] ^ st[23];
	56	bc[4] = st[4] ^ st[9] ^ st[14] ^ st[19] ^ st[24];
	57
	58	t[0] = bc[4] ^ rol64(bc[1], 1);
	59	t[1] = bc[0] ^ rol64(bc[2], 1);
	60	t[2] = bc[1] ^ rol64(bc[3], 1);
	61	t[3] = bc[2] ^ rol64(bc[4], 1);
	62	t[4] = bc[3] ^ rol64(bc[0], 1);
	63
	64	st[0] ^= t[0];
	65
	66	/* Rho Pi */
	67	tt = st[1];
	68	st[ 1] = rol64(st[ 6] ^ t[1], 44);
	69	st[ 6] = rol64(st[ 9] ^ t[4], 20);
	70	st[ 9] = rol64(st[22] ^ t[2], 61);
	71	st[22] = rol64(st[14] ^ t[4], 39);
	72	st[14] = rol64(st[20] ^ t[0], 18);
	73	st[20] = rol64(st[ 2] ^ t[2], 62);
	74	st[ 2] = rol64(st[12] ^ t[2], 43);
	75	st[12] = rol64(st[13] ^ t[3], 25);
	76	st[13] = rol64(st[19] ^ t[4], 8);
	77	st[19] = rol64(st[23] ^ t[3], 56);
	78	st[23] = rol64(st[15] ^ t[0], 41);
	79	st[15] = rol64(st[ 4] ^ t[4], 27);
	80	st[ 4] = rol64(st[24] ^ t[4], 14);
	81	st[24] = rol64(st[21] ^ t[1], 2);
	82	st[21] = rol64(st[ 8] ^ t[3], 55);
	83	st[ 8] = rol64(st[16] ^ t[1], 45);
	84	st[16] = rol64(st[ 5] ^ t[0], 36);
	85	st[ 5] = rol64(st[ 3] ^ t[3], 28);
	86	st[ 3] = rol64(st[18] ^ t[3], 21);
	87	st[18] = rol64(st[17] ^ t[2], 15);
	88	st[17] = rol64(st[11] ^ t[1], 10);
	89	st[11] = rol64(st[ 7] ^ t[2], 6);
	90	st[ 7] = rol64(st[10] ^ t[0], 3);
	91	st[10] = rol64( tt ^ t[1], 1);
	92
	93	/* Chi */
	94	bc[ 0] = ~st[ 1] & st[ 2];
	95	bc[ 1] = ~st[ 2] & st[ 3];
	96	bc[ 2] = ~st[ 3] & st[ 4];
	97	bc[ 3] = ~st[ 4] & st[ 0];
	98	bc[ 4] = ~st[ 0] & st[ 1];
	99	st[ 0] ^= bc[ 0];
	100	st[ 1] ^= bc[ 1];
	101	st[ 2] ^= bc[ 2];
	102	st[ 3] ^= bc[ 3];
	103	st[ 4] ^= bc[ 4];
	104
	105	bc[ 0] = ~st[ 6] & st[ 7];
	106	bc[ 1] = ~st[ 7] & st[ 8];
	107	bc[ 2] = ~st[ 8] & st[ 9];
	108	bc[ 3] = ~st[ 9] & st[ 5];
	109	bc[ 4] = ~st[ 5] & st[ 6];
	110	st[ 5] ^= bc[ 0];
	111	st[ 6] ^= bc[ 1];
	112	st[ 7] ^= bc[ 2];
	113	st[ 8] ^= bc[ 3];
	114	st[ 9] ^= bc[ 4];
115
116	bc[ 0] = ~st[11] & st[12];
117	bc[ 1] = ~st[12] & st[13];
118	bc[ 2] = ~st[13] & st[14];
119	bc[ 3] = ~st[14] & st[10];
120	bc[ 4] = ~st[10] & st[11];
121	st[10] ^= bc[ 0];
122	st[11] ^= bc[ 1];
123	st[12] ^= bc[ 2];
124	st[13] ^= bc[ 3];
125	st[14] ^= bc[ 4];
126
127	bc[ 0] = ~st[16] & st[17];
128	bc[ 1] = ~st[17] & st[18];
129	bc[ 2] = ~st[18] & st[19];
130	bc[ 3] = ~st[19] & st[15];
131	bc[ 4] = ~st[15] & st[16];
132	st[15] ^= bc[ 0];
133	st[16] ^= bc[ 1];
134	st[17] ^= bc[ 2];
135	st[18] ^= bc[ 3];
136	st[19] ^= bc[ 4];
137
138	bc[ 0] = ~st[21] & st[22];
139	bc[ 1] = ~st[22] & st[23];
140	bc[ 2] = ~st[23] & st[24];
141	bc[ 3] = ~st[24] & st[20];
142	bc[ 4] = ~st[20] & st[21];
143	st[20] ^= bc[ 0];
144	st[21] ^= bc[ 1];
145	st[22] ^= bc[ 2];
146	st[23] ^= bc[ 3];
147	st[24] ^= bc[ 4];
148	}
53964b9e	149
f044a84e	150	static void keccakf(u64 st[25])
4767b9ad AB	151	{
4767b9ad AB	152	int round;
53964b9e	153
4767b9ad AB	154	for (round = 0; round < KECCAK_ROUNDS; round++) {
4767b9ad AB	155	keccakf_round(st);
53964b9e JG	156	/* Iota */
	157	st[0] ^= keccakf_rndc[round];
	158	}
	159	}
	160
6657674b	161	int crypto_sha3_init(struct shash_desc *desc)
53964b9e JG	162	{
53964b9e JG	163	struct sha3_state *sctx = shash_desc_ctx(desc);
beeb504a	164	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
53964b9e	165
beeb504a AB	166	sctx->rsiz = 200 - 2 * digest_size;
	167	sctx->rsizw = sctx->rsiz / 8;
	168	sctx->partial = 0;
53964b9e	169
beeb504a	170	memset(sctx->st, 0, sizeof(sctx->st));
53964b9e JG	171	return 0;
53964b9e JG	172	}
6657674b	173	EXPORT_SYMBOL(crypto_sha3_init);
53964b9e	174
6657674b	175	int crypto_sha3_update(struct shash_desc desc, const u8 data,
53964b9e JG	176	unsigned int len)
	177	{
	178	struct sha3_state *sctx = shash_desc_ctx(desc);
	179	unsigned int done;
	180	const u8 *src;
	181
	182	done = 0;
	183	src = data;
	184
	185	if ((sctx->partial + len) > (sctx->rsiz - 1)) {
	186	if (sctx->partial) {
	187	done = -sctx->partial;
	188	memcpy(sctx->buf + sctx->partial, data,
	189	done + sctx->rsiz);
	190	src = sctx->buf;
	191	}
	192
	193	do {
	194	unsigned int i;
	195
	196	for (i = 0; i < sctx->rsizw; i++)
c013cee9	197	sctx->st[i] ^= get_unaligned_le64(src + 8 * i);
53964b9e JG	198	keccakf(sctx->st);
	199
	200	done += sctx->rsiz;
	201	src = data + done;
	202	} while (done + (sctx->rsiz - 1) < len);
	203
	204	sctx->partial = 0;
	205	}
	206	memcpy(sctx->buf + sctx->partial, src, len - done);
	207	sctx->partial += (len - done);
	208
	209	return 0;
	210	}
6657674b	211	EXPORT_SYMBOL(crypto_sha3_update);
53964b9e	212
6657674b	213	int crypto_sha3_final(struct shash_desc desc, u8 out)
53964b9e JG	214	{
	215	struct sha3_state *sctx = shash_desc_ctx(desc);
	216	unsigned int i, inlen = sctx->partial;
beeb504a AB	217	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
beeb504a AB	218	__le64 digest = (__le64 )out;
53964b9e JG	219
	220	sctx->buf[inlen++] = 0x06;
	221	memset(sctx->buf + inlen, 0, sctx->rsiz - inlen);
	222	sctx->buf[sctx->rsiz - 1] \|= 0x80;
	223
	224	for (i = 0; i < sctx->rsizw; i++)
c013cee9	225	sctx->st[i] ^= get_unaligned_le64(sctx->buf + 8 * i);
53964b9e JG	226
	227	keccakf(sctx->st);
	228
beeb504a AB	229	for (i = 0; i < digest_size / 8; i++)
beeb504a AB	230	put_unaligned_le64(sctx->st[i], digest++);
53964b9e	231
beeb504a AB	232	if (digest_size & 4)
beeb504a AB	233	put_unaligned_le32(sctx->st[i], (__le32 *)digest);
53964b9e JG	234
	235	memset(sctx, 0, sizeof(*sctx));
	236	return 0;
	237	}
6657674b	238	EXPORT_SYMBOL(crypto_sha3_final);
53964b9e	239
beeb504a AB	240	static struct shash_alg algs[] = { {
beeb504a AB	241	.digestsize = SHA3_224_DIGEST_SIZE,
6657674b AB	242	.init = crypto_sha3_init,
	243	.update = crypto_sha3_update,
	244	.final = crypto_sha3_final,
beeb504a AB	245	.descsize = sizeof(struct sha3_state),
	246	.base.cra_name = "sha3-224",
	247	.base.cra_driver_name = "sha3-224-generic",
beeb504a AB	248	.base.cra_blocksize = SHA3_224_BLOCK_SIZE,
	249	.base.cra_module = THIS_MODULE,
	250	}, {
	251	.digestsize = SHA3_256_DIGEST_SIZE,
6657674b AB	252	.init = crypto_sha3_init,
	253	.update = crypto_sha3_update,
	254	.final = crypto_sha3_final,
beeb504a AB	255	.descsize = sizeof(struct sha3_state),
	256	.base.cra_name = "sha3-256",
	257	.base.cra_driver_name = "sha3-256-generic",
beeb504a AB	258	.base.cra_blocksize = SHA3_256_BLOCK_SIZE,
	259	.base.cra_module = THIS_MODULE,
	260	}, {
	261	.digestsize = SHA3_384_DIGEST_SIZE,
6657674b AB	262	.init = crypto_sha3_init,
	263	.update = crypto_sha3_update,
	264	.final = crypto_sha3_final,
beeb504a AB	265	.descsize = sizeof(struct sha3_state),
	266	.base.cra_name = "sha3-384",
	267	.base.cra_driver_name = "sha3-384-generic",
beeb504a AB	268	.base.cra_blocksize = SHA3_384_BLOCK_SIZE,
	269	.base.cra_module = THIS_MODULE,
	270	}, {
	271	.digestsize = SHA3_512_DIGEST_SIZE,
6657674b AB	272	.init = crypto_sha3_init,
	273	.update = crypto_sha3_update,
	274	.final = crypto_sha3_final,
beeb504a AB	275	.descsize = sizeof(struct sha3_state),
	276	.base.cra_name = "sha3-512",
	277	.base.cra_driver_name = "sha3-512-generic",
beeb504a AB	278	.base.cra_blocksize = SHA3_512_BLOCK_SIZE,
	279	.base.cra_module = THIS_MODULE,
	280	} };
53964b9e JG	281
	282	static int __init sha3_generic_mod_init(void)
	283	{
beeb504a	284	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
53964b9e JG	285	}
	286
	287	static void __exit sha3_generic_mod_fini(void)
	288	{
beeb504a	289	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
53964b9e JG	290	}
53964b9e JG	291
c4741b23	292	subsys_initcall(sha3_generic_mod_init);
53964b9e JG	293	module_exit(sha3_generic_mod_fini);
	294
	295	MODULE_LICENSE("GPL");
	296	MODULE_DESCRIPTION("SHA-3 Secure Hash Algorithm");
	297
	298	MODULE_ALIAS_CRYPTO("sha3-224");
	299	MODULE_ALIAS_CRYPTO("sha3-224-generic");
	300	MODULE_ALIAS_CRYPTO("sha3-256");
	301	MODULE_ALIAS_CRYPTO("sha3-256-generic");
	302	MODULE_ALIAS_CRYPTO("sha3-384");
	303	MODULE_ALIAS_CRYPTO("sha3-384-generic");
	304	MODULE_ALIAS_CRYPTO("sha3-512");
	305	MODULE_ALIAS_CRYPTO("sha3-512-generic");