| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | /* |
| 3 | * Common values for SHA-2 algorithms |
| 4 | */ |
| 5 | |
| 6 | #ifndef _CRYPTO_SHA2_H |
| 7 | #define _CRYPTO_SHA2_H |
| 8 | |
| 9 | #include <linux/types.h> |
| 10 | |
| 11 | #define SHA224_DIGEST_SIZE 28 |
| 12 | #define SHA224_BLOCK_SIZE 64 |
| 13 | |
| 14 | #define SHA256_DIGEST_SIZE 32 |
| 15 | #define SHA256_BLOCK_SIZE 64 |
| 16 | #define SHA256_STATE_WORDS 8 |
| 17 | |
| 18 | #define SHA384_DIGEST_SIZE 48 |
| 19 | #define SHA384_BLOCK_SIZE 128 |
| 20 | |
| 21 | #define SHA512_DIGEST_SIZE 64 |
| 22 | #define SHA512_BLOCK_SIZE 128 |
| 23 | #define SHA512_STATE_SIZE 80 |
| 24 | |
| 25 | #define SHA224_H0 0xc1059ed8UL |
| 26 | #define SHA224_H1 0x367cd507UL |
| 27 | #define SHA224_H2 0x3070dd17UL |
| 28 | #define SHA224_H3 0xf70e5939UL |
| 29 | #define SHA224_H4 0xffc00b31UL |
| 30 | #define SHA224_H5 0x68581511UL |
| 31 | #define SHA224_H6 0x64f98fa7UL |
| 32 | #define SHA224_H7 0xbefa4fa4UL |
| 33 | |
| 34 | #define SHA256_H0 0x6a09e667UL |
| 35 | #define SHA256_H1 0xbb67ae85UL |
| 36 | #define SHA256_H2 0x3c6ef372UL |
| 37 | #define SHA256_H3 0xa54ff53aUL |
| 38 | #define SHA256_H4 0x510e527fUL |
| 39 | #define SHA256_H5 0x9b05688cUL |
| 40 | #define SHA256_H6 0x1f83d9abUL |
| 41 | #define SHA256_H7 0x5be0cd19UL |
| 42 | |
| 43 | #define SHA384_H0 0xcbbb9d5dc1059ed8ULL |
| 44 | #define SHA384_H1 0x629a292a367cd507ULL |
| 45 | #define SHA384_H2 0x9159015a3070dd17ULL |
| 46 | #define SHA384_H3 0x152fecd8f70e5939ULL |
| 47 | #define SHA384_H4 0x67332667ffc00b31ULL |
| 48 | #define SHA384_H5 0x8eb44a8768581511ULL |
| 49 | #define SHA384_H6 0xdb0c2e0d64f98fa7ULL |
| 50 | #define SHA384_H7 0x47b5481dbefa4fa4ULL |
| 51 | |
| 52 | #define SHA512_H0 0x6a09e667f3bcc908ULL |
| 53 | #define SHA512_H1 0xbb67ae8584caa73bULL |
| 54 | #define SHA512_H2 0x3c6ef372fe94f82bULL |
| 55 | #define SHA512_H3 0xa54ff53a5f1d36f1ULL |
| 56 | #define SHA512_H4 0x510e527fade682d1ULL |
| 57 | #define SHA512_H5 0x9b05688c2b3e6c1fULL |
| 58 | #define SHA512_H6 0x1f83d9abfb41bd6bULL |
| 59 | #define SHA512_H7 0x5be0cd19137e2179ULL |
| 60 | |
| 61 | extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; |
| 62 | |
| 63 | extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; |
| 64 | |
| 65 | extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; |
| 66 | |
| 67 | extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; |
| 68 | |
| 69 | struct crypto_sha256_state { |
| 70 | u32 state[SHA256_STATE_WORDS]; |
| 71 | u64 count; |
| 72 | }; |
| 73 | |
| 74 | static inline void sha224_block_init(struct crypto_sha256_state *sctx) |
| 75 | { |
| 76 | sctx->state[0] = SHA224_H0; |
| 77 | sctx->state[1] = SHA224_H1; |
| 78 | sctx->state[2] = SHA224_H2; |
| 79 | sctx->state[3] = SHA224_H3; |
| 80 | sctx->state[4] = SHA224_H4; |
| 81 | sctx->state[5] = SHA224_H5; |
| 82 | sctx->state[6] = SHA224_H6; |
| 83 | sctx->state[7] = SHA224_H7; |
| 84 | sctx->count = 0; |
| 85 | } |
| 86 | |
| 87 | static inline void sha256_block_init(struct crypto_sha256_state *sctx) |
| 88 | { |
| 89 | sctx->state[0] = SHA256_H0; |
| 90 | sctx->state[1] = SHA256_H1; |
| 91 | sctx->state[2] = SHA256_H2; |
| 92 | sctx->state[3] = SHA256_H3; |
| 93 | sctx->state[4] = SHA256_H4; |
| 94 | sctx->state[5] = SHA256_H5; |
| 95 | sctx->state[6] = SHA256_H6; |
| 96 | sctx->state[7] = SHA256_H7; |
| 97 | sctx->count = 0; |
| 98 | } |
| 99 | |
| 100 | struct sha256_state { |
| 101 | union { |
| 102 | struct crypto_sha256_state ctx; |
| 103 | struct { |
| 104 | u32 state[SHA256_STATE_WORDS]; |
| 105 | u64 count; |
| 106 | }; |
| 107 | }; |
| 108 | u8 buf[SHA256_BLOCK_SIZE]; |
| 109 | }; |
| 110 | |
| 111 | struct sha512_state { |
| 112 | u64 state[SHA512_DIGEST_SIZE / 8]; |
| 113 | u64 count[2]; |
| 114 | u8 buf[SHA512_BLOCK_SIZE]; |
| 115 | }; |
| 116 | |
| 117 | /* State for the SHA-256 (and SHA-224) compression function */ |
| 118 | struct sha256_block_state { |
| 119 | u32 h[SHA256_STATE_WORDS]; |
| 120 | }; |
| 121 | |
| 122 | /* |
| 123 | * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and |
| 124 | * sha256_ctx structs wrap this one so that the API has proper typing and |
| 125 | * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. |
| 126 | */ |
| 127 | struct __sha256_ctx { |
| 128 | struct sha256_block_state state; |
| 129 | u64 bytecount; |
| 130 | u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); |
| 131 | }; |
| 132 | void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); |
| 133 | |
| 134 | /* |
| 135 | * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. |
| 136 | * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has |
| 137 | * proper typing and doesn't allow mixing the functions arbitrarily. |
| 138 | */ |
| 139 | struct __hmac_sha256_key { |
| 140 | struct sha256_block_state istate; |
| 141 | struct sha256_block_state ostate; |
| 142 | }; |
| 143 | struct __hmac_sha256_ctx { |
| 144 | struct __sha256_ctx sha_ctx; |
| 145 | struct sha256_block_state ostate; |
| 146 | }; |
| 147 | void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, |
| 148 | const struct __hmac_sha256_key *key); |
| 149 | |
| 150 | /** |
| 151 | * struct sha224_ctx - Context for hashing a message with SHA-224 |
| 152 | * @ctx: private |
| 153 | */ |
| 154 | struct sha224_ctx { |
| 155 | struct __sha256_ctx ctx; |
| 156 | }; |
| 157 | |
| 158 | /** |
| 159 | * sha224_init() - Initialize a SHA-224 context for a new message |
| 160 | * @ctx: the context to initialize |
| 161 | * |
| 162 | * If you don't need incremental computation, consider sha224() instead. |
| 163 | * |
| 164 | * Context: Any context. |
| 165 | */ |
| 166 | void sha224_init(struct sha224_ctx *ctx); |
| 167 | |
| 168 | /** |
| 169 | * sha224_update() - Update a SHA-224 context with message data |
| 170 | * @ctx: the context to update; must have been initialized |
| 171 | * @data: the message data |
| 172 | * @len: the data length in bytes |
| 173 | * |
| 174 | * This can be called any number of times. |
| 175 | * |
| 176 | * Context: Any context. |
| 177 | */ |
| 178 | static inline void sha224_update(struct sha224_ctx *ctx, |
| 179 | const u8 *data, size_t len) |
| 180 | { |
| 181 | __sha256_update(ctx: &ctx->ctx, data, len); |
| 182 | } |
| 183 | |
| 184 | /** |
| 185 | * sha224_final() - Finish computing a SHA-224 message digest |
| 186 | * @ctx: the context to finalize; must have been initialized |
| 187 | * @out: (output) the resulting SHA-224 message digest |
| 188 | * |
| 189 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 190 | * |
| 191 | * Context: Any context. |
| 192 | */ |
| 193 | void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); |
| 194 | |
| 195 | /** |
| 196 | * sha224() - Compute SHA-224 message digest in one shot |
| 197 | * @data: the message data |
| 198 | * @len: the data length in bytes |
| 199 | * @out: (output) the resulting SHA-224 message digest |
| 200 | * |
| 201 | * Context: Any context. |
| 202 | */ |
| 203 | void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); |
| 204 | |
| 205 | /** |
| 206 | * struct hmac_sha224_key - Prepared key for HMAC-SHA224 |
| 207 | * @key: private |
| 208 | */ |
| 209 | struct hmac_sha224_key { |
| 210 | struct __hmac_sha256_key key; |
| 211 | }; |
| 212 | |
| 213 | /** |
| 214 | * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message |
| 215 | * @ctx: private |
| 216 | */ |
| 217 | struct hmac_sha224_ctx { |
| 218 | struct __hmac_sha256_ctx ctx; |
| 219 | }; |
| 220 | |
| 221 | /** |
| 222 | * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 |
| 223 | * @key: (output) the key structure to initialize |
| 224 | * @raw_key: the raw HMAC-SHA224 key |
| 225 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 226 | * |
| 227 | * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key |
| 228 | * and the raw key once they are no longer needed. |
| 229 | * |
| 230 | * Context: Any context. |
| 231 | */ |
| 232 | void hmac_sha224_preparekey(struct hmac_sha224_key *key, |
| 233 | const u8 *raw_key, size_t raw_key_len); |
| 234 | |
| 235 | /** |
| 236 | * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message |
| 237 | * @ctx: (output) the HMAC context to initialize |
| 238 | * @key: the prepared HMAC key |
| 239 | * |
| 240 | * If you don't need incremental computation, consider hmac_sha224() instead. |
| 241 | * |
| 242 | * Context: Any context. |
| 243 | */ |
| 244 | static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, |
| 245 | const struct hmac_sha224_key *key) |
| 246 | { |
| 247 | __hmac_sha256_init(ctx: &ctx->ctx, key: &key->key); |
| 248 | } |
| 249 | |
| 250 | /** |
| 251 | * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new |
| 252 | * message, using a raw key |
| 253 | * @ctx: (output) the HMAC context to initialize |
| 254 | * @raw_key: the raw HMAC-SHA224 key |
| 255 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 256 | * |
| 257 | * If you don't need incremental computation, consider hmac_sha224_usingrawkey() |
| 258 | * instead. |
| 259 | * |
| 260 | * Context: Any context. |
| 261 | */ |
| 262 | void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx, |
| 263 | const u8 *raw_key, size_t raw_key_len); |
| 264 | |
| 265 | /** |
| 266 | * hmac_sha224_update() - Update an HMAC-SHA224 context with message data |
| 267 | * @ctx: the HMAC context to update; must have been initialized |
| 268 | * @data: the message data |
| 269 | * @data_len: the data length in bytes |
| 270 | * |
| 271 | * This can be called any number of times. |
| 272 | * |
| 273 | * Context: Any context. |
| 274 | */ |
| 275 | static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, |
| 276 | const u8 *data, size_t data_len) |
| 277 | { |
| 278 | __sha256_update(ctx: &ctx->ctx.sha_ctx, data, len: data_len); |
| 279 | } |
| 280 | |
| 281 | /** |
| 282 | * hmac_sha224_final() - Finish computing an HMAC-SHA224 value |
| 283 | * @ctx: the HMAC context to finalize; must have been initialized |
| 284 | * @out: (output) the resulting HMAC-SHA224 value |
| 285 | * |
| 286 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 287 | * |
| 288 | * Context: Any context. |
| 289 | */ |
| 290 | void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); |
| 291 | |
| 292 | /** |
| 293 | * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key |
| 294 | * @key: the prepared HMAC key |
| 295 | * @data: the message data |
| 296 | * @data_len: the data length in bytes |
| 297 | * @out: (output) the resulting HMAC-SHA224 value |
| 298 | * |
| 299 | * If you're using the key only once, consider using hmac_sha224_usingrawkey(). |
| 300 | * |
| 301 | * Context: Any context. |
| 302 | */ |
| 303 | void hmac_sha224(const struct hmac_sha224_key *key, |
| 304 | const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); |
| 305 | |
| 306 | /** |
| 307 | * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key |
| 308 | * @raw_key: the raw HMAC-SHA224 key |
| 309 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 310 | * @data: the message data |
| 311 | * @data_len: the data length in bytes |
| 312 | * @out: (output) the resulting HMAC-SHA224 value |
| 313 | * |
| 314 | * If you're using the key multiple times, prefer to use |
| 315 | * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. |
| 316 | * |
| 317 | * Context: Any context. |
| 318 | */ |
| 319 | void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, |
| 320 | const u8 *data, size_t data_len, |
| 321 | u8 out[SHA224_DIGEST_SIZE]); |
| 322 | |
| 323 | /** |
| 324 | * struct sha256_ctx - Context for hashing a message with SHA-256 |
| 325 | * @ctx: private |
| 326 | */ |
| 327 | struct sha256_ctx { |
| 328 | struct __sha256_ctx ctx; |
| 329 | }; |
| 330 | |
| 331 | /** |
| 332 | * sha256_init() - Initialize a SHA-256 context for a new message |
| 333 | * @ctx: the context to initialize |
| 334 | * |
| 335 | * If you don't need incremental computation, consider sha256() instead. |
| 336 | * |
| 337 | * Context: Any context. |
| 338 | */ |
| 339 | void sha256_init(struct sha256_ctx *ctx); |
| 340 | |
| 341 | /** |
| 342 | * sha256_update() - Update a SHA-256 context with message data |
| 343 | * @ctx: the context to update; must have been initialized |
| 344 | * @data: the message data |
| 345 | * @len: the data length in bytes |
| 346 | * |
| 347 | * This can be called any number of times. |
| 348 | * |
| 349 | * Context: Any context. |
| 350 | */ |
| 351 | static inline void sha256_update(struct sha256_ctx *ctx, |
| 352 | const u8 *data, size_t len) |
| 353 | { |
| 354 | __sha256_update(ctx: &ctx->ctx, data, len); |
| 355 | } |
| 356 | |
| 357 | /** |
| 358 | * sha256_final() - Finish computing a SHA-256 message digest |
| 359 | * @ctx: the context to finalize; must have been initialized |
| 360 | * @out: (output) the resulting SHA-256 message digest |
| 361 | * |
| 362 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 363 | * |
| 364 | * Context: Any context. |
| 365 | */ |
| 366 | void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); |
| 367 | |
| 368 | /** |
| 369 | * sha256() - Compute SHA-256 message digest in one shot |
| 370 | * @data: the message data |
| 371 | * @len: the data length in bytes |
| 372 | * @out: (output) the resulting SHA-256 message digest |
| 373 | * |
| 374 | * Context: Any context. |
| 375 | */ |
| 376 | void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); |
| 377 | |
| 378 | /** |
| 379 | * sha256_finup_2x() - Compute two SHA-256 digests from a common initial |
| 380 | * context. On some CPUs, this is faster than sequentially |
| 381 | * computing each digest. |
| 382 | * @ctx: an optional initial context, which may have already processed data. If |
| 383 | * NULL, a default initial context is used (equivalent to sha256_init()). |
| 384 | * @data1: data for the first message |
| 385 | * @data2: data for the second message |
| 386 | * @len: the length of each of @data1 and @data2, in bytes |
| 387 | * @out1: (output) the first SHA-256 message digest |
| 388 | * @out2: (output) the second SHA-256 message digest |
| 389 | * |
| 390 | * Context: Any context. |
| 391 | */ |
| 392 | void sha256_finup_2x(const struct sha256_ctx *ctx, const u8 *data1, |
| 393 | const u8 *data2, size_t len, u8 out1[SHA256_DIGEST_SIZE], |
| 394 | u8 out2[SHA256_DIGEST_SIZE]); |
| 395 | |
| 396 | /** |
| 397 | * sha256_finup_2x_is_optimized() - Check if sha256_finup_2x() is using a real |
| 398 | * interleaved implementation, as opposed to a |
| 399 | * sequential fallback |
| 400 | * @return: true if optimized |
| 401 | * |
| 402 | * Context: Any context. |
| 403 | */ |
| 404 | bool sha256_finup_2x_is_optimized(void); |
| 405 | |
| 406 | /** |
| 407 | * struct hmac_sha256_key - Prepared key for HMAC-SHA256 |
| 408 | * @key: private |
| 409 | */ |
| 410 | struct hmac_sha256_key { |
| 411 | struct __hmac_sha256_key key; |
| 412 | }; |
| 413 | |
| 414 | /** |
| 415 | * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message |
| 416 | * @ctx: private |
| 417 | */ |
| 418 | struct hmac_sha256_ctx { |
| 419 | struct __hmac_sha256_ctx ctx; |
| 420 | }; |
| 421 | |
| 422 | /** |
| 423 | * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 |
| 424 | * @key: (output) the key structure to initialize |
| 425 | * @raw_key: the raw HMAC-SHA256 key |
| 426 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 427 | * |
| 428 | * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key |
| 429 | * and the raw key once they are no longer needed. |
| 430 | * |
| 431 | * Context: Any context. |
| 432 | */ |
| 433 | void hmac_sha256_preparekey(struct hmac_sha256_key *key, |
| 434 | const u8 *raw_key, size_t raw_key_len); |
| 435 | |
| 436 | /** |
| 437 | * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message |
| 438 | * @ctx: (output) the HMAC context to initialize |
| 439 | * @key: the prepared HMAC key |
| 440 | * |
| 441 | * If you don't need incremental computation, consider hmac_sha256() instead. |
| 442 | * |
| 443 | * Context: Any context. |
| 444 | */ |
| 445 | static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, |
| 446 | const struct hmac_sha256_key *key) |
| 447 | { |
| 448 | __hmac_sha256_init(ctx: &ctx->ctx, key: &key->key); |
| 449 | } |
| 450 | |
| 451 | /** |
| 452 | * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new |
| 453 | * message, using a raw key |
| 454 | * @ctx: (output) the HMAC context to initialize |
| 455 | * @raw_key: the raw HMAC-SHA256 key |
| 456 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 457 | * |
| 458 | * If you don't need incremental computation, consider hmac_sha256_usingrawkey() |
| 459 | * instead. |
| 460 | * |
| 461 | * Context: Any context. |
| 462 | */ |
| 463 | void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx, |
| 464 | const u8 *raw_key, size_t raw_key_len); |
| 465 | |
| 466 | /** |
| 467 | * hmac_sha256_update() - Update an HMAC-SHA256 context with message data |
| 468 | * @ctx: the HMAC context to update; must have been initialized |
| 469 | * @data: the message data |
| 470 | * @data_len: the data length in bytes |
| 471 | * |
| 472 | * This can be called any number of times. |
| 473 | * |
| 474 | * Context: Any context. |
| 475 | */ |
| 476 | static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, |
| 477 | const u8 *data, size_t data_len) |
| 478 | { |
| 479 | __sha256_update(ctx: &ctx->ctx.sha_ctx, data, len: data_len); |
| 480 | } |
| 481 | |
| 482 | /** |
| 483 | * hmac_sha256_final() - Finish computing an HMAC-SHA256 value |
| 484 | * @ctx: the HMAC context to finalize; must have been initialized |
| 485 | * @out: (output) the resulting HMAC-SHA256 value |
| 486 | * |
| 487 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 488 | * |
| 489 | * Context: Any context. |
| 490 | */ |
| 491 | void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); |
| 492 | |
| 493 | /** |
| 494 | * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key |
| 495 | * @key: the prepared HMAC key |
| 496 | * @data: the message data |
| 497 | * @data_len: the data length in bytes |
| 498 | * @out: (output) the resulting HMAC-SHA256 value |
| 499 | * |
| 500 | * If you're using the key only once, consider using hmac_sha256_usingrawkey(). |
| 501 | * |
| 502 | * Context: Any context. |
| 503 | */ |
| 504 | void hmac_sha256(const struct hmac_sha256_key *key, |
| 505 | const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); |
| 506 | |
| 507 | /** |
| 508 | * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key |
| 509 | * @raw_key: the raw HMAC-SHA256 key |
| 510 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 511 | * @data: the message data |
| 512 | * @data_len: the data length in bytes |
| 513 | * @out: (output) the resulting HMAC-SHA256 value |
| 514 | * |
| 515 | * If you're using the key multiple times, prefer to use |
| 516 | * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. |
| 517 | * |
| 518 | * Context: Any context. |
| 519 | */ |
| 520 | void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, |
| 521 | const u8 *data, size_t data_len, |
| 522 | u8 out[SHA256_DIGEST_SIZE]); |
| 523 | |
| 524 | /* State for the SHA-512 (and SHA-384) compression function */ |
| 525 | struct sha512_block_state { |
| 526 | u64 h[8]; |
| 527 | }; |
| 528 | |
| 529 | /* |
| 530 | * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and |
| 531 | * sha512_ctx structs wrap this one so that the API has proper typing and |
| 532 | * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. |
| 533 | */ |
| 534 | struct __sha512_ctx { |
| 535 | struct sha512_block_state state; |
| 536 | u64 bytecount_lo; |
| 537 | u64 bytecount_hi; |
| 538 | u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); |
| 539 | }; |
| 540 | void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); |
| 541 | |
| 542 | /* |
| 543 | * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. |
| 544 | * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has |
| 545 | * proper typing and doesn't allow mixing the functions arbitrarily. |
| 546 | */ |
| 547 | struct __hmac_sha512_key { |
| 548 | struct sha512_block_state istate; |
| 549 | struct sha512_block_state ostate; |
| 550 | }; |
| 551 | struct __hmac_sha512_ctx { |
| 552 | struct __sha512_ctx sha_ctx; |
| 553 | struct sha512_block_state ostate; |
| 554 | }; |
| 555 | void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, |
| 556 | const struct __hmac_sha512_key *key); |
| 557 | |
| 558 | /** |
| 559 | * struct sha384_ctx - Context for hashing a message with SHA-384 |
| 560 | * @ctx: private |
| 561 | */ |
| 562 | struct sha384_ctx { |
| 563 | struct __sha512_ctx ctx; |
| 564 | }; |
| 565 | |
| 566 | /** |
| 567 | * sha384_init() - Initialize a SHA-384 context for a new message |
| 568 | * @ctx: the context to initialize |
| 569 | * |
| 570 | * If you don't need incremental computation, consider sha384() instead. |
| 571 | * |
| 572 | * Context: Any context. |
| 573 | */ |
| 574 | void sha384_init(struct sha384_ctx *ctx); |
| 575 | |
| 576 | /** |
| 577 | * sha384_update() - Update a SHA-384 context with message data |
| 578 | * @ctx: the context to update; must have been initialized |
| 579 | * @data: the message data |
| 580 | * @len: the data length in bytes |
| 581 | * |
| 582 | * This can be called any number of times. |
| 583 | * |
| 584 | * Context: Any context. |
| 585 | */ |
| 586 | static inline void sha384_update(struct sha384_ctx *ctx, |
| 587 | const u8 *data, size_t len) |
| 588 | { |
| 589 | __sha512_update(ctx: &ctx->ctx, data, len); |
| 590 | } |
| 591 | |
| 592 | /** |
| 593 | * sha384_final() - Finish computing a SHA-384 message digest |
| 594 | * @ctx: the context to finalize; must have been initialized |
| 595 | * @out: (output) the resulting SHA-384 message digest |
| 596 | * |
| 597 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 598 | * |
| 599 | * Context: Any context. |
| 600 | */ |
| 601 | void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); |
| 602 | |
| 603 | /** |
| 604 | * sha384() - Compute SHA-384 message digest in one shot |
| 605 | * @data: the message data |
| 606 | * @len: the data length in bytes |
| 607 | * @out: (output) the resulting SHA-384 message digest |
| 608 | * |
| 609 | * Context: Any context. |
| 610 | */ |
| 611 | void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); |
| 612 | |
| 613 | /** |
| 614 | * struct hmac_sha384_key - Prepared key for HMAC-SHA384 |
| 615 | * @key: private |
| 616 | */ |
| 617 | struct hmac_sha384_key { |
| 618 | struct __hmac_sha512_key key; |
| 619 | }; |
| 620 | |
| 621 | /** |
| 622 | * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message |
| 623 | * @ctx: private |
| 624 | */ |
| 625 | struct hmac_sha384_ctx { |
| 626 | struct __hmac_sha512_ctx ctx; |
| 627 | }; |
| 628 | |
| 629 | /** |
| 630 | * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 |
| 631 | * @key: (output) the key structure to initialize |
| 632 | * @raw_key: the raw HMAC-SHA384 key |
| 633 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 634 | * |
| 635 | * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key |
| 636 | * and the raw key once they are no longer needed. |
| 637 | * |
| 638 | * Context: Any context. |
| 639 | */ |
| 640 | void hmac_sha384_preparekey(struct hmac_sha384_key *key, |
| 641 | const u8 *raw_key, size_t raw_key_len); |
| 642 | |
| 643 | /** |
| 644 | * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message |
| 645 | * @ctx: (output) the HMAC context to initialize |
| 646 | * @key: the prepared HMAC key |
| 647 | * |
| 648 | * If you don't need incremental computation, consider hmac_sha384() instead. |
| 649 | * |
| 650 | * Context: Any context. |
| 651 | */ |
| 652 | static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, |
| 653 | const struct hmac_sha384_key *key) |
| 654 | { |
| 655 | __hmac_sha512_init(ctx: &ctx->ctx, key: &key->key); |
| 656 | } |
| 657 | |
| 658 | /** |
| 659 | * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new |
| 660 | * message, using a raw key |
| 661 | * @ctx: (output) the HMAC context to initialize |
| 662 | * @raw_key: the raw HMAC-SHA384 key |
| 663 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 664 | * |
| 665 | * If you don't need incremental computation, consider hmac_sha384_usingrawkey() |
| 666 | * instead. |
| 667 | * |
| 668 | * Context: Any context. |
| 669 | */ |
| 670 | void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx, |
| 671 | const u8 *raw_key, size_t raw_key_len); |
| 672 | |
| 673 | /** |
| 674 | * hmac_sha384_update() - Update an HMAC-SHA384 context with message data |
| 675 | * @ctx: the HMAC context to update; must have been initialized |
| 676 | * @data: the message data |
| 677 | * @data_len: the data length in bytes |
| 678 | * |
| 679 | * This can be called any number of times. |
| 680 | * |
| 681 | * Context: Any context. |
| 682 | */ |
| 683 | static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, |
| 684 | const u8 *data, size_t data_len) |
| 685 | { |
| 686 | __sha512_update(ctx: &ctx->ctx.sha_ctx, data, len: data_len); |
| 687 | } |
| 688 | |
| 689 | /** |
| 690 | * hmac_sha384_final() - Finish computing an HMAC-SHA384 value |
| 691 | * @ctx: the HMAC context to finalize; must have been initialized |
| 692 | * @out: (output) the resulting HMAC-SHA384 value |
| 693 | * |
| 694 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 695 | * |
| 696 | * Context: Any context. |
| 697 | */ |
| 698 | void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); |
| 699 | |
| 700 | /** |
| 701 | * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key |
| 702 | * @key: the prepared HMAC key |
| 703 | * @data: the message data |
| 704 | * @data_len: the data length in bytes |
| 705 | * @out: (output) the resulting HMAC-SHA384 value |
| 706 | * |
| 707 | * If you're using the key only once, consider using hmac_sha384_usingrawkey(). |
| 708 | * |
| 709 | * Context: Any context. |
| 710 | */ |
| 711 | void hmac_sha384(const struct hmac_sha384_key *key, |
| 712 | const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); |
| 713 | |
| 714 | /** |
| 715 | * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key |
| 716 | * @raw_key: the raw HMAC-SHA384 key |
| 717 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 718 | * @data: the message data |
| 719 | * @data_len: the data length in bytes |
| 720 | * @out: (output) the resulting HMAC-SHA384 value |
| 721 | * |
| 722 | * If you're using the key multiple times, prefer to use |
| 723 | * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. |
| 724 | * |
| 725 | * Context: Any context. |
| 726 | */ |
| 727 | void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, |
| 728 | const u8 *data, size_t data_len, |
| 729 | u8 out[SHA384_DIGEST_SIZE]); |
| 730 | |
| 731 | /** |
| 732 | * struct sha512_ctx - Context for hashing a message with SHA-512 |
| 733 | * @ctx: private |
| 734 | */ |
| 735 | struct sha512_ctx { |
| 736 | struct __sha512_ctx ctx; |
| 737 | }; |
| 738 | |
| 739 | /** |
| 740 | * sha512_init() - Initialize a SHA-512 context for a new message |
| 741 | * @ctx: the context to initialize |
| 742 | * |
| 743 | * If you don't need incremental computation, consider sha512() instead. |
| 744 | * |
| 745 | * Context: Any context. |
| 746 | */ |
| 747 | void sha512_init(struct sha512_ctx *ctx); |
| 748 | |
| 749 | /** |
| 750 | * sha512_update() - Update a SHA-512 context with message data |
| 751 | * @ctx: the context to update; must have been initialized |
| 752 | * @data: the message data |
| 753 | * @len: the data length in bytes |
| 754 | * |
| 755 | * This can be called any number of times. |
| 756 | * |
| 757 | * Context: Any context. |
| 758 | */ |
| 759 | static inline void sha512_update(struct sha512_ctx *ctx, |
| 760 | const u8 *data, size_t len) |
| 761 | { |
| 762 | __sha512_update(ctx: &ctx->ctx, data, len); |
| 763 | } |
| 764 | |
| 765 | /** |
| 766 | * sha512_final() - Finish computing a SHA-512 message digest |
| 767 | * @ctx: the context to finalize; must have been initialized |
| 768 | * @out: (output) the resulting SHA-512 message digest |
| 769 | * |
| 770 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 771 | * |
| 772 | * Context: Any context. |
| 773 | */ |
| 774 | void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); |
| 775 | |
| 776 | /** |
| 777 | * sha512() - Compute SHA-512 message digest in one shot |
| 778 | * @data: the message data |
| 779 | * @len: the data length in bytes |
| 780 | * @out: (output) the resulting SHA-512 message digest |
| 781 | * |
| 782 | * Context: Any context. |
| 783 | */ |
| 784 | void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); |
| 785 | |
| 786 | /** |
| 787 | * struct hmac_sha512_key - Prepared key for HMAC-SHA512 |
| 788 | * @key: private |
| 789 | */ |
| 790 | struct hmac_sha512_key { |
| 791 | struct __hmac_sha512_key key; |
| 792 | }; |
| 793 | |
| 794 | /** |
| 795 | * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message |
| 796 | * @ctx: private |
| 797 | */ |
| 798 | struct hmac_sha512_ctx { |
| 799 | struct __hmac_sha512_ctx ctx; |
| 800 | }; |
| 801 | |
| 802 | /** |
| 803 | * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 |
| 804 | * @key: (output) the key structure to initialize |
| 805 | * @raw_key: the raw HMAC-SHA512 key |
| 806 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 807 | * |
| 808 | * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key |
| 809 | * and the raw key once they are no longer needed. |
| 810 | * |
| 811 | * Context: Any context. |
| 812 | */ |
| 813 | void hmac_sha512_preparekey(struct hmac_sha512_key *key, |
| 814 | const u8 *raw_key, size_t raw_key_len); |
| 815 | |
| 816 | /** |
| 817 | * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message |
| 818 | * @ctx: (output) the HMAC context to initialize |
| 819 | * @key: the prepared HMAC key |
| 820 | * |
| 821 | * If you don't need incremental computation, consider hmac_sha512() instead. |
| 822 | * |
| 823 | * Context: Any context. |
| 824 | */ |
| 825 | static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, |
| 826 | const struct hmac_sha512_key *key) |
| 827 | { |
| 828 | __hmac_sha512_init(ctx: &ctx->ctx, key: &key->key); |
| 829 | } |
| 830 | |
| 831 | /** |
| 832 | * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new |
| 833 | * message, using a raw key |
| 834 | * @ctx: (output) the HMAC context to initialize |
| 835 | * @raw_key: the raw HMAC-SHA512 key |
| 836 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 837 | * |
| 838 | * If you don't need incremental computation, consider hmac_sha512_usingrawkey() |
| 839 | * instead. |
| 840 | * |
| 841 | * Context: Any context. |
| 842 | */ |
| 843 | void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx, |
| 844 | const u8 *raw_key, size_t raw_key_len); |
| 845 | |
| 846 | /** |
| 847 | * hmac_sha512_update() - Update an HMAC-SHA512 context with message data |
| 848 | * @ctx: the HMAC context to update; must have been initialized |
| 849 | * @data: the message data |
| 850 | * @data_len: the data length in bytes |
| 851 | * |
| 852 | * This can be called any number of times. |
| 853 | * |
| 854 | * Context: Any context. |
| 855 | */ |
| 856 | static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, |
| 857 | const u8 *data, size_t data_len) |
| 858 | { |
| 859 | __sha512_update(ctx: &ctx->ctx.sha_ctx, data, len: data_len); |
| 860 | } |
| 861 | |
| 862 | /** |
| 863 | * hmac_sha512_final() - Finish computing an HMAC-SHA512 value |
| 864 | * @ctx: the HMAC context to finalize; must have been initialized |
| 865 | * @out: (output) the resulting HMAC-SHA512 value |
| 866 | * |
| 867 | * After finishing, this zeroizes @ctx. So the caller does not need to do it. |
| 868 | * |
| 869 | * Context: Any context. |
| 870 | */ |
| 871 | void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); |
| 872 | |
| 873 | /** |
| 874 | * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key |
| 875 | * @key: the prepared HMAC key |
| 876 | * @data: the message data |
| 877 | * @data_len: the data length in bytes |
| 878 | * @out: (output) the resulting HMAC-SHA512 value |
| 879 | * |
| 880 | * If you're using the key only once, consider using hmac_sha512_usingrawkey(). |
| 881 | * |
| 882 | * Context: Any context. |
| 883 | */ |
| 884 | void hmac_sha512(const struct hmac_sha512_key *key, |
| 885 | const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); |
| 886 | |
| 887 | /** |
| 888 | * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key |
| 889 | * @raw_key: the raw HMAC-SHA512 key |
| 890 | * @raw_key_len: the key length in bytes. All key lengths are supported. |
| 891 | * @data: the message data |
| 892 | * @data_len: the data length in bytes |
| 893 | * @out: (output) the resulting HMAC-SHA512 value |
| 894 | * |
| 895 | * If you're using the key multiple times, prefer to use |
| 896 | * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. |
| 897 | * |
| 898 | * Context: Any context. |
| 899 | */ |
| 900 | void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, |
| 901 | const u8 *data, size_t data_len, |
| 902 | u8 out[SHA512_DIGEST_SIZE]); |
| 903 | |
| 904 | #endif /* _CRYPTO_SHA2_H */ |
| 905 |
Generated while processing Linux/arch/x86/entry/syscall_32.c
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.