[PATCH] crypto: Add Skein hash algorithm variants
This is the first draft of the Skein hash algorithm that was recently
mentioned, as a prominent submission to NIST's SHA-3 competition.
Website:http://www.schneier.com/skein.html
It still needs more work, linux-ifying, testing, and reviewing.
One note I forgot to mention in the commit itself, but should be
considered when reviewing this:
Skein permits the output digest size to be specified by the user.
Skein-256 means 256 bits of internal state, NOT 256 bits of output
digest. The output digest size is specified to Skein at init time.
In my implementation below, I attempted to follow the Principle of Least
Surprise, by hardcoding output digest size == internal state size.
Thus, in my implementation, skein256 really does mean 256 output bits.
I am currently pushing this work to the 'skein' branch of
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/misc-2.6.git skein
Comments welcome!
---
crypto/Kconfig | 12 +
crypto/Makefile|3 +
crypto/skein.h | 265 ++
crypto/skein1024_generic.c | 518
crypto/skein256_generic.c | 367 +++
crypto/skein512_generic.c | 417 +++
6 files changed, 1582 insertions(+), 0 deletions(-)
create mode 100644 crypto/skein.h
create mode 100644 crypto/skein1024_generic.c
create mode 100644 crypto/skein256_generic.c
create mode 100644 crypto/skein512_generic.c
Jeff Garzik (1):
[CRYPTO] Add Skein hash algorithm, 256-, 512-, and 1024-bit variants
Import the public domain reference implementation of the Skein hash
algorithm into the Linux Crypto API. This is a prominent submission
to the NIST's competition for SHA-3.
See Skein website for more info: http://www.schneier.com/skein.html
This is just a rough import, and still needs more cleaning and Linux-ifying.
Signed-off-by: Jeff Garzik [EMAIL PROTECTED]
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 39dbd8e..f18868f 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -352,6 +352,18 @@ config CRYPTO_SHA512
This code also includes SHA-384, a 384 bit hash with 192 bits
of security against collision attacks.
+config CRYPTO_SKEIN256
+ tristate Skein-256(256) digest algorithm
+ select CRYPTO_ALGAPI
+
+config CRYPTO_SKEIN512
+ tristate Skein-512(512) digest algorithm
+ select CRYPTO_ALGAPI
+
+config CRYPTO_SKEIN1024
+ tristate Skein-1024(1024) digest algorithm
+ select CRYPTO_ALGAPI
+
config CRYPTO_TGR192
tristate Tiger digest algorithms
select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index 5862b80..10c3ca8 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -39,6 +39,9 @@ obj-$(CONFIG_CRYPTO_RMD320) += rmd320.o
obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
+obj-$(CONFIG_CRYPTO_SKEIN256) += skein256_generic.o
+obj-$(CONFIG_CRYPTO_SKEIN512) += skein512_generic.o
+obj-$(CONFIG_CRYPTO_SKEIN1024) += skein1024_generic.o
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
diff --git a/crypto/skein.h b/crypto/skein.h
new file mode 100644
index 000..2753b55
--- /dev/null
+++ b/crypto/skein.h
@@ -0,0 +1,265 @@
+#ifndef _SKEIN_H_
+#define _SKEIN_H_ 1
+/**
+**
+** Interface declarations and internal definitions for Skein hashing.
+**
+** Source code author: Doug Whiting, 2008.
+**
+** This algorithm and source code is released to the public domain.
+**
+***
+**
+** The following compile-time switches may be defined to control some
+** tradeoffs between speed, code size, error checking, and security.
+**
+** The default note explains what happens when the switch is not defined.
+**
+** SKEIN_DEBUG-- make callouts from inside Skein code
+**to examine/display intermediate values.
+**[default: no callouts (no overhead)]
+**
+** SKEIN_ERR_CHECK-- how error checking is handled inside Skein
+**code. If not defined, most error checking
+**is disabled (for performance). Otherwise,
+**the switch value is interpreted as:
+**0: use assert() to flag errors
+**1: return SKEIN_FAIL to flag errors
+**
+***/
+
+#include linux/types.h
+
+enum {
+ SKEIN_SUCCESS = 0, /* return codes from Skein calls */
+ SKEIN_FAIL = 1,
+ SKEIN_BAD_HASHLEN = 2
+};
+
+#define SKEIN_MODIFIER_WORDS ( 2)/* number of
[PATCH] crypto: add test vectors for skein256/512/1024
I grabed them from http://www.schneier.com/skein.html. The last test vector
(3) in every category is currently deactivated because it failed always.
It is unlikely that I made a type because I copy+pasted the tables + vim
magiced them. So maybe code may missbehave on requests lengths which are
not a multiple of 4 or the vectors can not be used due to some other
limitations that I've overseen.
Signed-off-by: Sebastian Andrzej Siewior [EMAIL PROTECTED]
---
crypto/tcrypt.c | 24
crypto/testmgr.c | 27 +
crypto/testmgr.h | 166 +-
3 files changed, 216 insertions(+), 1 deletions(-)
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 28a45a1..c7717e8 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -661,6 +661,18 @@ static void do_test(int m)
tcrypt_test(ecb(seed));
break;
+ case 44:
+ tcrypt_test(skein256);
+ break;
+
+ case 45:
+ tcrypt_test(skein512);
+ break;
+
+ case 46:
+ tcrypt_test(skein1024);
+ break;
+
case 100:
tcrypt_test(hmac(md5));
break;
@@ -851,6 +863,18 @@ static void do_test(int m)
test_hash_speed(rmd320, sec, generic_hash_speed_template);
if (mode 300 mode 400) break;
+ case 318:
+ test_hash_speed(skein256, sec, generic_hash_speed_template);
+ if (mode 300 mode 400) break;
+
+ case 319:
+ test_hash_speed(skein512, sec, generic_hash_speed_template);
+ if (mode 300 mode 400) break;
+
+ case 320:
+ test_hash_speed(skein1024, sec, generic_hash_speed_template);
+ if (mode 300 mode 400) break;
+
case 399:
break;
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index b828c6c..bc6fc7f 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1693,6 +1693,33 @@ static const struct alg_test_desc alg_test_descs[] = {
}
}
}, {
+ .alg = skein1024,
+ .test = alg_test_hash,
+ .suite = {
+ .hash = {
+ .vecs = skein1024_tv_template,
+ .count = SKEIN1024_TEST_VECTORS
+ }
+ }
+ }, {
+ .alg = skein256,
+ .test = alg_test_hash,
+ .suite = {
+ .hash = {
+ .vecs = skein256_tv_template,
+ .count = SKEIN256_TEST_VECTORS
+ }
+ }
+ }, {
+ .alg = skein512,
+ .test = alg_test_hash,
+ .suite = {
+ .hash = {
+ .vecs = skein512_tv_template,
+ .count = SKEIN512_TEST_VECTORS
+ }
+ }
+ }, {
.alg = tgr128,
.test = alg_test_hash,
.suite = {
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index dee94d9..ebed56f 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -27,7 +27,7 @@ struct hash_testvec {
char *plaintext;
char *digest;
unsigned char tap[MAX_TAP];
- unsigned char psize;
+ u16 psize;
unsigned char np;
unsigned char ksize;
};
@@ -986,6 +986,170 @@ static struct hash_testvec tgr128_tv_template[] = {
};
/*
+ * SKEIN uses test vectors
+ * from http://www.schneier.com/code/skein_NIST_CD_101308.zip
+ * NIST/CD/KAT_MCT/skein_golden_kat_short.txt
+ */
+#define SKEIN256_TEST_VECTORS 2
+static struct hash_testvec skein256_tv_template[] = {
+ {
+ /* :Skein-256: 256-bit hash, msgLen = 8 bits */
+ .plaintext = \xff,
+ .psize = 1,
+ .digest =
\xa4\x7b\xe7\x1a\x18\x5b\xa0\xaf\x82\x0b\x3c\xe8\x45\xa3\xd3\x5a
+
\x80\xec\x64\xf9\x6a\x0d\x6a\x36\xe3\xf5\x36\x36\x24\xd8\xa0\x91,
+ }, {
+ /* :Skein-256: 256-bit hash, msgLen = 512 bits */
+ .plaintext =
\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0
+
\xef\xee\xed\xec\xeb\xea\xe9\xe8\xe7\xe6\xe5\xe4\xe3\xe2\xe1\xe0
+
\xdf\xde\xdd\xdc\xdb\xda\xd9\xd8\xd7\xd6\xd5\xd4\xd3\xd2\xd1\xd0
+
\xcf\xce\xcd\xcc\xcb\xca\xc9\xc8\xc7\xc6\xc5\xc4\xc3\xc2\xc1\xc0,
+ .psize = 64,
+ .digest =
\xfa\x1a\x76\x2b\x6b\x1c\x72\xb7\x0d\x52\x92\x63\x53\xe1\x0e\xb8
+
\xfb\x0e\xdd\x73\x13\xda\x20\xa2\x41\x31\x80\xb8\xe2\x89\xb8\x72,
+ }, {
+ /* :Skein-256: 256-bit hash, msgLen = 1016 bits. Tree:
leaf=02, node=02, maxLevels=02 */
+ .plaintext =
Re: [PATCH] crypto: add test vectors for skein256/512/1024
Sebastian Andrzej Siewior wrote: I grabed them from http://www.schneier.com/skein.html. The last test vector (3) in every category is currently deactivated because it failed always. It is unlikely that I made a type because I copy+pasted the tables + vim magiced them. So maybe code may missbehave on requests lengths which are not a multiple of 4 or the vectors can not be used due to some other limitations that I've overseen. Another thought: did you verify that the test vectors' output sizes matched the Linux kernel's? My implementation assumed a 256-bit output size for Skein-256, for example, but it is quite possible that Schneier and co. ran tests where the output size differed from the internal state size. Jeff -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
