From nobody Wed Dec 17 15:53:47 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 602F9311977 for ; Thu, 2 Oct 2025 14:03:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759413833; cv=none; b=N67fR1A5PfG1rfEuDQ/qcm6LwjReFgmMDh0IL5vcFf4Z+kMEJVNOn3fKbqFjZVf0jUB3qoxwz13YR7dgElScWI8Rx2ERZeIzkwvPqyMUUeVf8/F2kRzG4Ua0VRCTFTqQlnK0GLPuZkjVPyBJ2oEMy1EMv7tcm2vZdtMSRHMs8FU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759413833; c=relaxed/simple; bh=7JVOZI3VmA/bJGurezKwfa6xLrTuVpU7TBiH1BVdZ8s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VI0xSb/P3cugblTv60wUcW/pVPLSAtIlQjeR7H7p/VF2Lv7nBYi1OYUhTJwjDqn0gsiLyJS5TZBcW+PH0yjoulBwohu6AW0EphdW/bTBFkf84TNR3H1J+09zpCjPDXUgfwGFEhKRFZmvOGT1RzBpJiD8knG40zaQIOuJxozDI3E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=T46/Ecfo; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="T46/Ecfo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1759413831; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tko8biKCUbQX+Dpp0DpdSt4WwcDqXjayhPPlC8spm3I=; b=T46/EcfoueCU+LzxhLGXj1Rhm2wt+1+03m8cY4SRS3Z3WOpgY19uH7n5LNddoHtQNJThK7 KRLeIJszIzPZ2TKATPgkKoJn+O7e5FepbvGh6HL8hvb8vOhaXFc4CNSMjQ1X3StDO+2U/M wBSJqOaEbaxX8iSDHSftegLF9VLJ0R8= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-447-QzUXAY5DMpaA69dxfRSK4Q-1; Thu, 02 Oct 2025 10:03:48 -0400 X-MC-Unique: QzUXAY5DMpaA69dxfRSK4Q-1 X-Mimecast-MFC-AGG-ID: QzUXAY5DMpaA69dxfRSK4Q_1759413825 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 86A5F19560AD; Thu, 2 Oct 2025 14:03:45 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.24]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id F06E2180057A; Thu, 2 Oct 2025 14:03:42 +0000 (UTC) From: David Howells To: Eric Biggers Cc: David Howells , "Jason A . Donenfeld" , Ard Biesheuvel , Herbert Xu , Stephan Mueller , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 4/5] lib/crypto: Move the SHA3 Iota transform into the single round function Date: Thu, 2 Oct 2025 15:03:18 +0100 Message-ID: <20251002140321.2639064-5-dhowells@redhat.com> In-Reply-To: <20251002140321.2639064-1-dhowells@redhat.com> References: <20251002140321.2639064-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" In crypto/sha3_generic.c, the keccakf() function calls keccakf_round() to do most of the transforms, but not the Iota transform - presumably because that is dependent on round number, whereas the Theta, Rho, Pi and Chi transforms are not. Note that the keccakf_round() function needs to be explicitly non-inlined on certain architectures as gcc's produced output will (or used to) use over 1KiB of stack space if inlined. Now, this code was copied more or less verbatim into lib/crypto/sha3.c, so that has the same aesthetic issue. Fix this there by passing the round number into sha3_keccakf_one_round_generic() and doing the Iota transform there. crypto/sha3_generic.c is left untouched as that will be converted to use lib/crypto/sha3.c at some point. Suggested-by: Eric Biggers Signed-off-by: David Howells cc: Eric Biggers cc: Jason A. Donenfeld cc: Ard Biesheuvel cc: Herbert Xu cc: Stephan Mueller cc: linux-crypto@vger.kernel.org --- lib/crypto/sha3.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/crypto/sha3.c b/lib/crypto/sha3.c index 5f847a5eecdc..2c292b0b3db3 100644 --- a/lib/crypto/sha3.c +++ b/lib/crypto/sha3.c @@ -48,7 +48,8 @@ static const u64 sha3_keccakf_rndc[24] =3D { /* * Perform a single round of Keccak mixing. */ -static SHA3_INLINE void sha3_keccakf_one_round_generic(struct sha3_state *= state) +static SHA3_INLINE void sha3_keccakf_one_round_generic(struct sha3_state *= state, + int round) { u64 *st =3D state->st; u64 t[5], tt, bc[5]; @@ -150,15 +151,15 @@ static SHA3_INLINE void sha3_keccakf_one_round_generi= c(struct sha3_state *state) st[22] ^=3D bc[ 2]; st[23] ^=3D bc[ 3]; st[24] ^=3D bc[ 4]; + + /* Iota */ + state->st[0] ^=3D sha3_keccakf_rndc[round]; } =20 static void sha3_keccakf_rounds_generic(struct sha3_state *state) { - for (int round =3D 0; round < SHA3_KECCAK_ROUNDS; round++) { - sha3_keccakf_one_round_generic(state); - /* Iota */ - state->st[0] ^=3D sha3_keccakf_rndc[round]; - } + for (int round =3D 0; round < SHA3_KECCAK_ROUNDS; round++) + sha3_keccakf_one_round_generic(state, round); } =20 /*