Skip to content

Commit 73c2437

Browse files
herbertxherbertx
committed
crypto: s390/sha3 - Use cpu byte-order when exporting
The sha3 partial hash on s390 is in little-endian just like the final hash. However the generic implementation produces native or big-endian partial hashes. Make s390 sha3 conform to that by doing the byte-swap on export and import. Reported-by: Ingo Franzki <ifranzki@linux.ibm.com> Fixes: 6f90ba7 ("crypto: s390/sha3 - Use API partial block handling") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent 1b39bc4 commit 73c2437

File tree

3 files changed

+37
-15
lines changed

3 files changed

+37
-15
lines changed

arch/s390/crypto/sha.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ struct s390_sha_ctx {
2727
u64 state[SHA512_DIGEST_SIZE / sizeof(u64)];
2828
u64 count_hi;
2929
} sha512;
30+
struct {
31+
__le64 state[SHA3_STATE_SIZE / sizeof(u64)];
32+
} sha3;
3033
};
3134
int func; /* KIMD function to use */
3235
bool first_message_part;

arch/s390/crypto/sha3_256_s390.c

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -35,23 +35,33 @@ static int sha3_256_init(struct shash_desc *desc)
3535
static int sha3_256_export(struct shash_desc *desc, void *out)
3636
{
3737
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
38-
struct sha3_state *octx = out;
38+
union {
39+
u8 *u8;
40+
u64 *u64;
41+
} p = { .u8 = out };
42+
int i;
3943

4044
if (sctx->first_message_part) {
41-
memset(sctx->state, 0, sizeof(sctx->state));
42-
sctx->first_message_part = 0;
45+
memset(out, 0, SHA3_STATE_SIZE);
46+
return 0;
4347
}
44-
memcpy(octx->st, sctx->state, sizeof(octx->st));
48+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
49+
put_unaligned(le64_to_cpu(sctx->sha3.state[i]), p.u64++);
4550
return 0;
4651
}
4752

4853
static int sha3_256_import(struct shash_desc *desc, const void *in)
4954
{
5055
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
51-
const struct sha3_state *ictx = in;
52-
56+
union {
57+
const u8 *u8;
58+
const u64 *u64;
59+
} p = { .u8 = in };
60+
int i;
61+
62+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
63+
sctx->sha3.state[i] = cpu_to_le64(get_unaligned(p.u64++));
5364
sctx->count = 0;
54-
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
5565
sctx->first_message_part = 0;
5666
sctx->func = CPACF_KIMD_SHA3_256;
5767

arch/s390/crypto/sha3_512_s390.c

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,24 +34,33 @@ static int sha3_512_init(struct shash_desc *desc)
3434
static int sha3_512_export(struct shash_desc *desc, void *out)
3535
{
3636
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
37-
struct sha3_state *octx = out;
38-
37+
union {
38+
u8 *u8;
39+
u64 *u64;
40+
} p = { .u8 = out };
41+
int i;
3942

4043
if (sctx->first_message_part) {
41-
memset(sctx->state, 0, sizeof(sctx->state));
42-
sctx->first_message_part = 0;
44+
memset(out, 0, SHA3_STATE_SIZE);
45+
return 0;
4346
}
44-
memcpy(octx->st, sctx->state, sizeof(octx->st));
47+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
48+
put_unaligned(le64_to_cpu(sctx->sha3.state[i]), p.u64++);
4549
return 0;
4650
}
4751

4852
static int sha3_512_import(struct shash_desc *desc, const void *in)
4953
{
5054
struct s390_sha_ctx *sctx = shash_desc_ctx(desc);
51-
const struct sha3_state *ictx = in;
52-
55+
union {
56+
const u8 *u8;
57+
const u64 *u64;
58+
} p = { .u8 = in };
59+
int i;
60+
61+
for (i = 0; i < SHA3_STATE_SIZE / 8; i++)
62+
sctx->sha3.state[i] = cpu_to_le64(get_unaligned(p.u64++));
5363
sctx->count = 0;
54-
memcpy(sctx->state, ictx->st, sizeof(ictx->st));
5564
sctx->first_message_part = 0;
5665
sctx->func = CPACF_KIMD_SHA3_512;
5766

0 commit comments

Comments
 (0)