Re: [PATCH v2 00/15] SHA-3 library

[Harald Freudenberger]

On 2025-11-03 18:34, Eric Biggers wrote:
> On Sat, Oct 25, 2025 at 10:50:17PM -0700, Eric Biggers wrote:
> > This series is targeting libcrypto-next.  It can also be retrieved 
> > from:
> >
> >     git fetch 
> > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git 
> > sha3-lib-v2
> >
> > This series adds SHA-3 support to lib/crypto/.  This includes support
> > for the digest algorithms SHA3-224, SHA3-256, SHA3-384, and SHA3-512,
> > and also support for the extendable-output functions SHAKE128 and
> > SHAKE256.  The SHAKE128 and SHAKE256 support will be needed by ML-DSA.
> >
> > The architecture-optimized SHA-3 code for arm64 and s390 is migrated
> > into lib/crypto/.  (The existing s390 code couldn't really be reused, 
> > so
> > really I rewrote it from scratch.)  This makes the SHA-3 library
> > functions be accelerated on these architectures.
> >
> > Finally, the sha3-224, sha3-256, sha3-384, and sha3-512 crypto_shash
> > algorithms are reimplemented on top of the library API.
>
> I've applied this series to
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next,
> excluding the following 2 patches which are waiting on benchmark 
> results
> from the s390 folks:
>
>     lib/crypto: sha3: Support arch overrides of one-shot digest 
> functions
>     lib/crypto: s390/sha3: Add optimized one-shot SHA-3 digest 
> functions
>
> I'd be glad to apply those too if they're shown to be worthwhile.
>
> Note: I also reordered the commits in libcrypto-next to put the new
> KUnit test suites (blake2b and sha3) last, and to put the AES-GCM
> improvements on a separate branch that's merged in.  This will allow
> making separate pull requests for the tests and the AES-GCM
> improvements, which I think aligns with what Linus had requested before
> (https://lore.kernel.org/linux-crypto/CAHk-=wi5d4K+sF2L=tuRW6AopVxO1DDXzstMQaECmU2QHN13KA@xxxxxxxxxxxxxx/).
>
> - Eric

Here are now some measurements on a LPAR with 500 runs once with
sha3-lib-v2 branch full ("with") and once with reverting only the
b2e169dd8ca5 lib/crypto: s390/sha3: Add optimized one-shot SHA-3 digest 
functions
patch ("without"). With the help of gnuplot I generated distribution
charts over the results of the len=16, 64, 256, 1024 and 4096 benchmark.
See attached pictures - Sorry but I see no other way to provide this 
data
than using an attachment.

Clearly the patch brings a boost - especially for the 256 byte case.

Harald Freudenberger

Attachment: len-16.png
Description: PNG image

Attachment: len-64.png
Description: PNG image

Attachment: len-256.png
Description: PNG image

Attachment: len-1024.png
Description: PNG image

Attachment: len-4096.png
Description: PNG image