| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- .. SPDX-License-Identifier: GPL-2.0-or-later
- ==========================
- SHA-3 Algorithm Collection
- ==========================
- .. contents::
- Overview
- ========
- The SHA-3 family of algorithms, as specified in NIST FIPS-202 [1]_, contains six
- algorithms based on the Keccak sponge function. The differences between them
- are: the "rate" (how much of the state buffer gets updated with new data between
- invocations of the Keccak function and analogous to the "block size"), what
- domain separation suffix gets appended to the input data, and how much output
- data is extracted at the end. The Keccak sponge function is designed such that
- arbitrary amounts of output can be obtained for certain algorithms.
- Four digest algorithms are provided:
- - SHA3-224
- - SHA3-256
- - SHA3-384
- - SHA3-512
- Additionally, two Extendable-Output Functions (XOFs) are provided:
- - SHAKE128
- - SHAKE256
- The SHA-3 library API supports all six of these algorithms. The four digest
- algorithms are also supported by the crypto_shash and crypto_ahash APIs.
- This document describes the SHA-3 library API.
- Digests
- =======
- The following functions compute SHA-3 digests::
- void sha3_224(const u8 *in, size_t in_len, u8 out[SHA3_224_DIGEST_SIZE]);
- void sha3_256(const u8 *in, size_t in_len, u8 out[SHA3_256_DIGEST_SIZE]);
- void sha3_384(const u8 *in, size_t in_len, u8 out[SHA3_384_DIGEST_SIZE]);
- void sha3_512(const u8 *in, size_t in_len, u8 out[SHA3_512_DIGEST_SIZE]);
- For users that need to pass in data incrementally, an incremental API is also
- provided. The incremental API uses the following struct::
- struct sha3_ctx { ... };
- Initialization is done with one of::
- void sha3_224_init(struct sha3_ctx *ctx);
- void sha3_256_init(struct sha3_ctx *ctx);
- void sha3_384_init(struct sha3_ctx *ctx);
- void sha3_512_init(struct sha3_ctx *ctx);
- Input data is then added with any number of calls to::
- void sha3_update(struct sha3_ctx *ctx, const u8 *in, size_t in_len);
- Finally, the digest is generated using::
- void sha3_final(struct sha3_ctx *ctx, u8 *out);
- which also zeroizes the context. The length of the digest is determined by the
- initialization function that was called.
- Extendable-Output Functions
- ===========================
- The following functions compute the SHA-3 extendable-output functions (XOFs)::
- void shake128(const u8 *in, size_t in_len, u8 *out, size_t out_len);
- void shake256(const u8 *in, size_t in_len, u8 *out, size_t out_len);
- For users that need to provide the input data incrementally and/or receive the
- output data incrementally, an incremental API is also provided. The incremental
- API uses the following struct::
- struct shake_ctx { ... };
- Initialization is done with one of::
- void shake128_init(struct shake_ctx *ctx);
- void shake256_init(struct shake_ctx *ctx);
- Input data is then added with any number of calls to::
- void shake_update(struct shake_ctx *ctx, const u8 *in, size_t in_len);
- Finally, the output data is extracted with any number of calls to::
- void shake_squeeze(struct shake_ctx *ctx, u8 *out, size_t out_len);
- and telling it how much data should be extracted. Note that performing multiple
- squeezes, with the output laid consecutively in a buffer, gets exactly the same
- output as doing a single squeeze for the combined amount over the same buffer.
- More input data cannot be added after squeezing has started.
- Once all the desired output has been extracted, zeroize the context::
- void shake_zeroize_ctx(struct shake_ctx *ctx);
- Testing
- =======
- To test the SHA-3 code, use sha3_kunit (CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST).
- Since the SHA-3 algorithms are FIPS-approved, when the kernel is booted in FIPS
- mode the SHA-3 library also performs a simple self-test. This is purely to meet
- a FIPS requirement. Normal testing done by kernel developers and integrators
- should use the much more comprehensive KUnit test suite instead.
- References
- ==========
- .. [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
- API Function Reference
- ======================
- .. kernel-doc:: include/crypto/sha3.h
|