1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Common values for SHA-1 algorithms
4 */
5
6#ifndef _CRYPTO_SHA1_H
7#define _CRYPTO_SHA1_H
8
9#include <linux/types.h>
10
11#define SHA1_DIGEST_SIZE 20
12#define SHA1_BLOCK_SIZE 64
13#define SHA1_STATE_SIZE offsetof(struct sha1_state, buffer)
14
15#define SHA1_H0 0x67452301UL
16#define SHA1_H1 0xefcdab89UL
17#define SHA1_H2 0x98badcfeUL
18#define SHA1_H3 0x10325476UL
19#define SHA1_H4 0xc3d2e1f0UL
20
21extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
22
23struct sha1_state {
24 u32 state[SHA1_DIGEST_SIZE / 4];
25 u64 count;
26 u8 buffer[SHA1_BLOCK_SIZE];
27};
28
29/*
30 * An implementation of SHA-1's compression function. Don't use in new code!
31 * You shouldn't be using SHA-1, and even if you *have* to use SHA-1, this isn't
32 * the correct way to hash something with SHA-1 (use crypto_shash instead).
33 */
34#define SHA1_DIGEST_WORDS (SHA1_DIGEST_SIZE / 4)
35#define SHA1_WORKSPACE_WORDS 16
36void sha1_init_raw(__u32 *buf);
37void sha1_transform(__u32 *digest, const char *data, __u32 *W);
38
39/* State for the SHA-1 compression function */
40struct sha1_block_state {
41 u32 h[SHA1_DIGEST_SIZE / 4];
42};
43
44/**
45 * struct sha1_ctx - Context for hashing a message with SHA-1
46 * @state: the compression function state
47 * @bytecount: number of bytes processed so far
48 * @buf: partial block buffer; bytecount % SHA1_BLOCK_SIZE bytes are valid
49 */
50struct sha1_ctx {
51 struct sha1_block_state state;
52 u64 bytecount;
53 u8 buf[SHA1_BLOCK_SIZE];
54};
55
56/**
57 * sha1_init() - Initialize a SHA-1 context for a new message
58 * @ctx: the context to initialize
59 *
60 * If you don't need incremental computation, consider sha1() instead.
61 *
62 * Context: Any context.
63 */
64void sha1_init(struct sha1_ctx *ctx);
65
66/**
67 * sha1_update() - Update a SHA-1 context with message data
68 * @ctx: the context to update; must have been initialized
69 * @data: the message data
70 * @len: the data length in bytes
71 *
72 * This can be called any number of times.
73 *
74 * Context: Any context.
75 */
76void sha1_update(struct sha1_ctx *ctx, const u8 *data, size_t len);
77
78/**
79 * sha1_final() - Finish computing a SHA-1 message digest
80 * @ctx: the context to finalize; must have been initialized
81 * @out: (output) the resulting SHA-1 message digest
82 *
83 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
84 *
85 * Context: Any context.
86 */
87void sha1_final(struct sha1_ctx *ctx, u8 out[SHA1_DIGEST_SIZE]);
88
89/**
90 * sha1() - Compute SHA-1 message digest in one shot
91 * @data: the message data
92 * @len: the data length in bytes
93 * @out: (output) the resulting SHA-1 message digest
94 *
95 * Context: Any context.
96 */
97void sha1(const u8 *data, size_t len, u8 out[SHA1_DIGEST_SIZE]);
98
99/**
100 * struct hmac_sha1_key - Prepared key for HMAC-SHA1
101 * @istate: private
102 * @ostate: private
103 */
104struct hmac_sha1_key {
105 struct sha1_block_state istate;
106 struct sha1_block_state ostate;
107};
108
109/**
110 * struct hmac_sha1_ctx - Context for computing HMAC-SHA1 of a message
111 * @sha_ctx: private
112 * @ostate: private
113 */
114struct hmac_sha1_ctx {
115 struct sha1_ctx sha_ctx;
116 struct sha1_block_state ostate;
117};
118
119/**
120 * hmac_sha1_preparekey() - Prepare a key for HMAC-SHA1
121 * @key: (output) the key structure to initialize
122 * @raw_key: the raw HMAC-SHA1 key
123 * @raw_key_len: the key length in bytes. All key lengths are supported.
124 *
125 * Note: the caller is responsible for zeroizing both the struct hmac_sha1_key
126 * and the raw key once they are no longer needed.
127 *
128 * Context: Any context.
129 */
130void hmac_sha1_preparekey(struct hmac_sha1_key *key,
131 const u8 *raw_key, size_t raw_key_len);
132
133/**
134 * hmac_sha1_init() - Initialize an HMAC-SHA1 context for a new message
135 * @ctx: (output) the HMAC context to initialize
136 * @key: the prepared HMAC key
137 *
138 * If you don't need incremental computation, consider hmac_sha1() instead.
139 *
140 * Context: Any context.
141 */
142void hmac_sha1_init(struct hmac_sha1_ctx *ctx, const struct hmac_sha1_key *key);
143
144/**
145 * hmac_sha1_init_usingrawkey() - Initialize an HMAC-SHA1 context for a new
146 * message, using a raw key
147 * @ctx: (output) the HMAC context to initialize
148 * @raw_key: the raw HMAC-SHA1 key
149 * @raw_key_len: the key length in bytes. All key lengths are supported.
150 *
151 * If you don't need incremental computation, consider hmac_sha1_usingrawkey()
152 * instead.
153 *
154 * Context: Any context.
155 */
156void hmac_sha1_init_usingrawkey(struct hmac_sha1_ctx *ctx,
157 const u8 *raw_key, size_t raw_key_len);
158
159/**
160 * hmac_sha1_update() - Update an HMAC-SHA1 context with message data
161 * @ctx: the HMAC context to update; must have been initialized
162 * @data: the message data
163 * @data_len: the data length in bytes
164 *
165 * This can be called any number of times.
166 *
167 * Context: Any context.
168 */
169static inline void hmac_sha1_update(struct hmac_sha1_ctx *ctx,
170 const u8 *data, size_t data_len)
171{
172 sha1_update(ctx: &ctx->sha_ctx, data, len: data_len);
173}
174
175/**
176 * hmac_sha1_final() - Finish computing an HMAC-SHA1 value
177 * @ctx: the HMAC context to finalize; must have been initialized
178 * @out: (output) the resulting HMAC-SHA1 value
179 *
180 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
181 *
182 * Context: Any context.
183 */
184void hmac_sha1_final(struct hmac_sha1_ctx *ctx, u8 out[SHA1_DIGEST_SIZE]);
185
186/**
187 * hmac_sha1() - Compute HMAC-SHA1 in one shot, using a prepared key
188 * @key: the prepared HMAC key
189 * @data: the message data
190 * @data_len: the data length in bytes
191 * @out: (output) the resulting HMAC-SHA1 value
192 *
193 * If you're using the key only once, consider using hmac_sha1_usingrawkey().
194 *
195 * Context: Any context.
196 */
197void hmac_sha1(const struct hmac_sha1_key *key,
198 const u8 *data, size_t data_len, u8 out[SHA1_DIGEST_SIZE]);
199
200/**
201 * hmac_sha1_usingrawkey() - Compute HMAC-SHA1 in one shot, using a raw key
202 * @raw_key: the raw HMAC-SHA1 key
203 * @raw_key_len: the key length in bytes. All key lengths are supported.
204 * @data: the message data
205 * @data_len: the data length in bytes
206 * @out: (output) the resulting HMAC-SHA1 value
207 *
208 * If you're using the key multiple times, prefer to use hmac_sha1_preparekey()
209 * followed by multiple calls to hmac_sha1() instead.
210 *
211 * Context: Any context.
212 */
213void hmac_sha1_usingrawkey(const u8 *raw_key, size_t raw_key_len,
214 const u8 *data, size_t data_len,
215 u8 out[SHA1_DIGEST_SIZE]);
216
217#endif /* _CRYPTO_SHA1_H */
218