lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250623131830.2194643-2-stefanb@linux.ibm.com>
Date: Mon, 23 Jun 2025 09:18:27 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
        davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, James.Bottomley@...senPartnership.com,
        dhowells@...hat.com, simo@...hat.com,
        Stefan Berger <stefanb@...ux.ibm.com>
Subject: [RFC PATCH 1/4] crypto: Add squeeze function to shash_alg for support of XOFs

Add a squeeze function for support of shake128/256 XOFs. This function
accepts a variable-length output buffer for the XOFs to return their data
in. The final parameter clears the state of an XOF and should only be set
to 'true' when the last output is requested.

Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
---
 crypto/shash.c        |  9 +++++++++
 include/crypto/hash.h | 20 ++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/crypto/shash.c b/crypto/shash.c
index 301ab42bf849..258494f49fce 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -59,6 +59,15 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out)
 }
 EXPORT_SYMBOL_GPL(crypto_shash_final);
 
+int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen,
+			 bool final)
+{
+	if (!crypto_shash_alg(desc->tfm)->squeeze)
+		return -EINVAL;
+	return crypto_shash_alg(desc->tfm)->squeeze(desc, out, outlen, final);
+}
+EXPORT_SYMBOL_GPL(crypto_shash_squeeze);
+
 static int shash_default_finup(struct shash_desc *desc, const u8 *data,
 			       unsigned int len, u8 *out)
 {
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index a67988316d06..9072652e8e60 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -183,6 +183,7 @@ struct shash_desc {
  * @final: see struct ahash_alg
  * @finup: see struct ahash_alg
  * @digest: see struct ahash_alg
+ * @squeeze: Get data from an XOF type of hash
  * @export: see struct ahash_alg
  * @import: see struct ahash_alg
  * @setkey: see struct ahash_alg
@@ -213,6 +214,8 @@ struct shash_alg {
 		     unsigned int len, u8 *out);
 	int (*digest)(struct shash_desc *desc, const u8 *data,
 		      unsigned int len, u8 *out);
+	int (*squeeze)(struct shash_desc *desc, u8 *out, size_t outlen,
+		       bool final);
 	int (*export)(struct shash_desc *desc, void *out);
 	int (*import)(struct shash_desc *desc, const void *in);
 	int (*setkey)(struct crypto_shash *tfm, const u8 *key,
@@ -980,6 +983,23 @@ int crypto_shash_final(struct shash_desc *desc, u8 *out);
 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
 		       unsigned int len, u8 *out);
 
+/**
+ * crypto_shash_squeeze() - get xof message digest data
+ * @desc: operational state handle that is already filled with data
+ * @out: output buffer filled with the XOF message digest
+ * @outlen: number of bytes to get from the XOF
+ * @final: whether this is the final squeeze call
+ *
+ * Get message digest data from an extend output function (XOF)
+ *
+ * Context: Any context.
+ * Return: 0 if the data could be created successfully; < 0 if an error
+ *         occurred
+ */
+int crypto_shash_squeeze(struct shash_desc *desc, u8 *out, size_t outlen,
+			 bool final);
+
+
 static inline void shash_desc_zero(struct shash_desc *desc)
 {
 	memzero_explicit(desc,
-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ