SHAKE128/256 'digest' algos need to be available for the ML-DSA pre-digest, which is a selectable algorithm and need to be available through the same API as, say, SHA3-512 and SHA512 both. Resqueezability (probably) isn't required for this and they'll produce the default number of bytes as the digest size.
Also, increase MAX_ALGAPI_BLOCKSIZE to accommodate SHAKE128. Signed-off-by: David Howells <[email protected]> cc: Eric Biggers <[email protected]> cc: Jason A. Donenfeld <[email protected]> cc: Ard Biesheuvel <[email protected]> cc: Herbert Xu <[email protected]> cc: Stephan Mueller <[email protected]> cc: [email protected] --- crypto/sha3_generic.c | 26 ++++++++++++++++++++++++++ include/crypto/algapi.h | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c index 7b16e4c27fc8..3e5a23022596 100644 --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -95,6 +95,28 @@ static struct shash_alg algs[] = { { .base.cra_flags = 0, .base.cra_blocksize = SHA3_512_BLOCK_SIZE, .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHAKE128_DEFAULT_SIZE, + .init = crypto_sha3_init, + .update = crypto_sha3_update, + .finup = crypto_sha3_finup, + .descsize = sizeof(struct sha3_ctx), + .base.cra_name = "shake128", + .base.cra_driver_name = "shake128-generic", + .base.cra_flags = 0, + .base.cra_blocksize = SHAKE128_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = SHAKE256_DEFAULT_SIZE, + .init = crypto_sha3_init, + .update = crypto_sha3_update, + .finup = crypto_sha3_finup, + .descsize = sizeof(struct sha3_ctx), + .base.cra_name = "shake256", + .base.cra_driver_name = "shake256-generic", + .base.cra_flags = 0, + .base.cra_blocksize = SHAKE256_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, } }; static int __init sha3_generic_mod_init(void) @@ -121,3 +143,7 @@ MODULE_ALIAS_CRYPTO("sha3-384"); MODULE_ALIAS_CRYPTO("sha3-384-generic"); MODULE_ALIAS_CRYPTO("sha3-512"); MODULE_ALIAS_CRYPTO("sha3-512-generic"); +MODULE_ALIAS_CRYPTO("shake128"); +MODULE_ALIAS_CRYPTO("shake128-generic"); +MODULE_ALIAS_CRYPTO("shake256"); +MODULE_ALIAS_CRYPTO("shake256-generic"); diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index fc4574940636..6209762736c4 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -20,7 +20,7 @@ * static buffers that are big enough for any combination of * algs and architectures. Ciphers have a lower maximum size. */ -#define MAX_ALGAPI_BLOCKSIZE 160 +#define MAX_ALGAPI_BLOCKSIZE 168 #define MAX_ALGAPI_ALIGNMASK 127 #define MAX_CIPHER_BLOCKSIZE 16 #define MAX_CIPHER_ALIGNMASK 15
