1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * Common values for SHA-2 algorithms
4 */
5
6 #ifndef _CRYPTO_SHA2_H
7 #define _CRYPTO_SHA2_H
8
9 #include <linux/types.h>
10
11 #define SHA224_DIGEST_SIZE 28
12 #define SHA224_BLOCK_SIZE 64
13
14 #define SHA256_DIGEST_SIZE 32
15 #define SHA256_BLOCK_SIZE 64
16 #define SHA256_STATE_WORDS 8
17
18 #define SHA384_DIGEST_SIZE 48
19 #define SHA384_BLOCK_SIZE 128
20
21 #define SHA512_DIGEST_SIZE 64
22 #define SHA512_BLOCK_SIZE 128
23 #define SHA512_STATE_SIZE 80
24
25 #define SHA224_H0 0xc1059ed8UL
26 #define SHA224_H1 0x367cd507UL
27 #define SHA224_H2 0x3070dd17UL
28 #define SHA224_H3 0xf70e5939UL
29 #define SHA224_H4 0xffc00b31UL
30 #define SHA224_H5 0x68581511UL
31 #define SHA224_H6 0x64f98fa7UL
32 #define SHA224_H7 0xbefa4fa4UL
33
34 #define SHA256_H0 0x6a09e667UL
35 #define SHA256_H1 0xbb67ae85UL
36 #define SHA256_H2 0x3c6ef372UL
37 #define SHA256_H3 0xa54ff53aUL
38 #define SHA256_H4 0x510e527fUL
39 #define SHA256_H5 0x9b05688cUL
40 #define SHA256_H6 0x1f83d9abUL
41 #define SHA256_H7 0x5be0cd19UL
42
43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL
44 #define SHA384_H1 0x629a292a367cd507ULL
45 #define SHA384_H2 0x9159015a3070dd17ULL
46 #define SHA384_H3 0x152fecd8f70e5939ULL
47 #define SHA384_H4 0x67332667ffc00b31ULL
48 #define SHA384_H5 0x8eb44a8768581511ULL
49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL
50 #define SHA384_H7 0x47b5481dbefa4fa4ULL
51
52 #define SHA512_H0 0x6a09e667f3bcc908ULL
53 #define SHA512_H1 0xbb67ae8584caa73bULL
54 #define SHA512_H2 0x3c6ef372fe94f82bULL
55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL
56 #define SHA512_H4 0x510e527fade682d1ULL
57 #define SHA512_H5 0x9b05688c2b3e6c1fULL
58 #define SHA512_H6 0x1f83d9abfb41bd6bULL
59 #define SHA512_H7 0x5be0cd19137e2179ULL
60
61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
62
63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
64
65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE];
66
67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE];
68
69 struct crypto_sha256_state {
70 u32 state[SHA256_STATE_WORDS];
71 u64 count;
72 };
73
sha224_block_init(struct crypto_sha256_state * sctx)74 static inline void sha224_block_init(struct crypto_sha256_state *sctx)
75 {
76 sctx->state[0] = SHA224_H0;
77 sctx->state[1] = SHA224_H1;
78 sctx->state[2] = SHA224_H2;
79 sctx->state[3] = SHA224_H3;
80 sctx->state[4] = SHA224_H4;
81 sctx->state[5] = SHA224_H5;
82 sctx->state[6] = SHA224_H6;
83 sctx->state[7] = SHA224_H7;
84 sctx->count = 0;
85 }
86
sha256_block_init(struct crypto_sha256_state * sctx)87 static inline void sha256_block_init(struct crypto_sha256_state *sctx)
88 {
89 sctx->state[0] = SHA256_H0;
90 sctx->state[1] = SHA256_H1;
91 sctx->state[2] = SHA256_H2;
92 sctx->state[3] = SHA256_H3;
93 sctx->state[4] = SHA256_H4;
94 sctx->state[5] = SHA256_H5;
95 sctx->state[6] = SHA256_H6;
96 sctx->state[7] = SHA256_H7;
97 sctx->count = 0;
98 }
99
100 struct sha256_state {
101 union {
102 struct crypto_sha256_state ctx;
103 struct {
104 u32 state[SHA256_STATE_WORDS];
105 u64 count;
106 };
107 };
108 u8 buf[SHA256_BLOCK_SIZE];
109 };
110
111 struct sha512_state {
112 u64 state[SHA512_DIGEST_SIZE / 8];
113 u64 count[2];
114 u8 buf[SHA512_BLOCK_SIZE];
115 };
116
117 /* State for the SHA-256 (and SHA-224) compression function */
118 struct sha256_block_state {
119 u32 h[SHA256_STATE_WORDS];
120 };
121
122 /*
123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and
124 * sha256_ctx structs wrap this one so that the API has proper typing and
125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily.
126 */
127 struct __sha256_ctx {
128 struct sha256_block_state state;
129 u64 bytecount;
130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64));
131 };
132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len);
133
134 /*
135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256.
136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has
137 * proper typing and doesn't allow mixing the functions arbitrarily.
138 */
139 struct __hmac_sha256_key {
140 struct sha256_block_state istate;
141 struct sha256_block_state ostate;
142 };
143 struct __hmac_sha256_ctx {
144 struct __sha256_ctx sha_ctx;
145 struct sha256_block_state ostate;
146 };
147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx,
148 const struct __hmac_sha256_key *key);
149
150 /**
151 * struct sha224_ctx - Context for hashing a message with SHA-224
152 * @ctx: private
153 */
154 struct sha224_ctx {
155 struct __sha256_ctx ctx;
156 };
157
158 /**
159 * sha224_init() - Initialize a SHA-224 context for a new message
160 * @ctx: the context to initialize
161 *
162 * If you don't need incremental computation, consider sha224() instead.
163 *
164 * Context: Any context.
165 */
166 void sha224_init(struct sha224_ctx *ctx);
167
168 /**
169 * sha224_update() - Update a SHA-224 context with message data
170 * @ctx: the context to update; must have been initialized
171 * @data: the message data
172 * @len: the data length in bytes
173 *
174 * This can be called any number of times.
175 *
176 * Context: Any context.
177 */
sha224_update(struct sha224_ctx * ctx,const u8 * data,size_t len)178 static inline void sha224_update(struct sha224_ctx *ctx,
179 const u8 *data, size_t len)
180 {
181 __sha256_update(&ctx->ctx, data, len);
182 }
183
184 /**
185 * sha224_final() - Finish computing a SHA-224 message digest
186 * @ctx: the context to finalize; must have been initialized
187 * @out: (output) the resulting SHA-224 message digest
188 *
189 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
190 *
191 * Context: Any context.
192 */
193 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
194
195 /**
196 * sha224() - Compute SHA-224 message digest in one shot
197 * @data: the message data
198 * @len: the data length in bytes
199 * @out: (output) the resulting SHA-224 message digest
200 *
201 * Context: Any context.
202 */
203 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]);
204
205 /**
206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224
207 * @key: private
208 */
209 struct hmac_sha224_key {
210 struct __hmac_sha256_key key;
211 };
212
213 /**
214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message
215 * @ctx: private
216 */
217 struct hmac_sha224_ctx {
218 struct __hmac_sha256_ctx ctx;
219 };
220
221 /**
222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224
223 * @key: (output) the key structure to initialize
224 * @raw_key: the raw HMAC-SHA224 key
225 * @raw_key_len: the key length in bytes. All key lengths are supported.
226 *
227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key
228 * and the raw key once they are no longer needed.
229 *
230 * Context: Any context.
231 */
232 void hmac_sha224_preparekey(struct hmac_sha224_key *key,
233 const u8 *raw_key, size_t raw_key_len);
234
235 /**
236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message
237 * @ctx: (output) the HMAC context to initialize
238 * @key: the prepared HMAC key
239 *
240 * If you don't need incremental computation, consider hmac_sha224() instead.
241 *
242 * Context: Any context.
243 */
hmac_sha224_init(struct hmac_sha224_ctx * ctx,const struct hmac_sha224_key * key)244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx,
245 const struct hmac_sha224_key *key)
246 {
247 __hmac_sha256_init(&ctx->ctx, &key->key);
248 }
249
250 /**
251 * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new
252 * message, using a raw key
253 * @ctx: (output) the HMAC context to initialize
254 * @raw_key: the raw HMAC-SHA224 key
255 * @raw_key_len: the key length in bytes. All key lengths are supported.
256 *
257 * If you don't need incremental computation, consider hmac_sha224_usingrawkey()
258 * instead.
259 *
260 * Context: Any context.
261 */
262 void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx,
263 const u8 *raw_key, size_t raw_key_len);
264
265 /**
266 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data
267 * @ctx: the HMAC context to update; must have been initialized
268 * @data: the message data
269 * @data_len: the data length in bytes
270 *
271 * This can be called any number of times.
272 *
273 * Context: Any context.
274 */
hmac_sha224_update(struct hmac_sha224_ctx * ctx,const u8 * data,size_t data_len)275 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx,
276 const u8 *data, size_t data_len)
277 {
278 __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
279 }
280
281 /**
282 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value
283 * @ctx: the HMAC context to finalize; must have been initialized
284 * @out: (output) the resulting HMAC-SHA224 value
285 *
286 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
287 *
288 * Context: Any context.
289 */
290 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
291
292 /**
293 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key
294 * @key: the prepared HMAC key
295 * @data: the message data
296 * @data_len: the data length in bytes
297 * @out: (output) the resulting HMAC-SHA224 value
298 *
299 * If you're using the key only once, consider using hmac_sha224_usingrawkey().
300 *
301 * Context: Any context.
302 */
303 void hmac_sha224(const struct hmac_sha224_key *key,
304 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]);
305
306 /**
307 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key
308 * @raw_key: the raw HMAC-SHA224 key
309 * @raw_key_len: the key length in bytes. All key lengths are supported.
310 * @data: the message data
311 * @data_len: the data length in bytes
312 * @out: (output) the resulting HMAC-SHA224 value
313 *
314 * If you're using the key multiple times, prefer to use
315 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead.
316 *
317 * Context: Any context.
318 */
319 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
320 const u8 *data, size_t data_len,
321 u8 out[SHA224_DIGEST_SIZE]);
322
323 /**
324 * struct sha256_ctx - Context for hashing a message with SHA-256
325 * @ctx: private
326 */
327 struct sha256_ctx {
328 struct __sha256_ctx ctx;
329 };
330
331 /**
332 * sha256_init() - Initialize a SHA-256 context for a new message
333 * @ctx: the context to initialize
334 *
335 * If you don't need incremental computation, consider sha256() instead.
336 *
337 * Context: Any context.
338 */
339 void sha256_init(struct sha256_ctx *ctx);
340
341 /**
342 * sha256_update() - Update a SHA-256 context with message data
343 * @ctx: the context to update; must have been initialized
344 * @data: the message data
345 * @len: the data length in bytes
346 *
347 * This can be called any number of times.
348 *
349 * Context: Any context.
350 */
sha256_update(struct sha256_ctx * ctx,const u8 * data,size_t len)351 static inline void sha256_update(struct sha256_ctx *ctx,
352 const u8 *data, size_t len)
353 {
354 __sha256_update(&ctx->ctx, data, len);
355 }
356
357 /**
358 * sha256_final() - Finish computing a SHA-256 message digest
359 * @ctx: the context to finalize; must have been initialized
360 * @out: (output) the resulting SHA-256 message digest
361 *
362 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
363 *
364 * Context: Any context.
365 */
366 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
367
368 /**
369 * sha256() - Compute SHA-256 message digest in one shot
370 * @data: the message data
371 * @len: the data length in bytes
372 * @out: (output) the resulting SHA-256 message digest
373 *
374 * Context: Any context.
375 */
376 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]);
377
378 /**
379 * struct hmac_sha256_key - Prepared key for HMAC-SHA256
380 * @key: private
381 */
382 struct hmac_sha256_key {
383 struct __hmac_sha256_key key;
384 };
385
386 /**
387 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message
388 * @ctx: private
389 */
390 struct hmac_sha256_ctx {
391 struct __hmac_sha256_ctx ctx;
392 };
393
394 /**
395 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256
396 * @key: (output) the key structure to initialize
397 * @raw_key: the raw HMAC-SHA256 key
398 * @raw_key_len: the key length in bytes. All key lengths are supported.
399 *
400 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key
401 * and the raw key once they are no longer needed.
402 *
403 * Context: Any context.
404 */
405 void hmac_sha256_preparekey(struct hmac_sha256_key *key,
406 const u8 *raw_key, size_t raw_key_len);
407
408 /**
409 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message
410 * @ctx: (output) the HMAC context to initialize
411 * @key: the prepared HMAC key
412 *
413 * If you don't need incremental computation, consider hmac_sha256() instead.
414 *
415 * Context: Any context.
416 */
hmac_sha256_init(struct hmac_sha256_ctx * ctx,const struct hmac_sha256_key * key)417 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
418 const struct hmac_sha256_key *key)
419 {
420 __hmac_sha256_init(&ctx->ctx, &key->key);
421 }
422
423 /**
424 * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new
425 * message, using a raw key
426 * @ctx: (output) the HMAC context to initialize
427 * @raw_key: the raw HMAC-SHA256 key
428 * @raw_key_len: the key length in bytes. All key lengths are supported.
429 *
430 * If you don't need incremental computation, consider hmac_sha256_usingrawkey()
431 * instead.
432 *
433 * Context: Any context.
434 */
435 void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx,
436 const u8 *raw_key, size_t raw_key_len);
437
438 /**
439 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data
440 * @ctx: the HMAC context to update; must have been initialized
441 * @data: the message data
442 * @data_len: the data length in bytes
443 *
444 * This can be called any number of times.
445 *
446 * Context: Any context.
447 */
hmac_sha256_update(struct hmac_sha256_ctx * ctx,const u8 * data,size_t data_len)448 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx,
449 const u8 *data, size_t data_len)
450 {
451 __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
452 }
453
454 /**
455 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value
456 * @ctx: the HMAC context to finalize; must have been initialized
457 * @out: (output) the resulting HMAC-SHA256 value
458 *
459 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
460 *
461 * Context: Any context.
462 */
463 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
464
465 /**
466 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key
467 * @key: the prepared HMAC key
468 * @data: the message data
469 * @data_len: the data length in bytes
470 * @out: (output) the resulting HMAC-SHA256 value
471 *
472 * If you're using the key only once, consider using hmac_sha256_usingrawkey().
473 *
474 * Context: Any context.
475 */
476 void hmac_sha256(const struct hmac_sha256_key *key,
477 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]);
478
479 /**
480 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key
481 * @raw_key: the raw HMAC-SHA256 key
482 * @raw_key_len: the key length in bytes. All key lengths are supported.
483 * @data: the message data
484 * @data_len: the data length in bytes
485 * @out: (output) the resulting HMAC-SHA256 value
486 *
487 * If you're using the key multiple times, prefer to use
488 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead.
489 *
490 * Context: Any context.
491 */
492 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
493 const u8 *data, size_t data_len,
494 u8 out[SHA256_DIGEST_SIZE]);
495
496 /* State for the SHA-512 (and SHA-384) compression function */
497 struct sha512_block_state {
498 u64 h[8];
499 };
500
501 /*
502 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and
503 * sha512_ctx structs wrap this one so that the API has proper typing and
504 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily.
505 */
506 struct __sha512_ctx {
507 struct sha512_block_state state;
508 u64 bytecount_lo;
509 u64 bytecount_hi;
510 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64));
511 };
512 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len);
513
514 /*
515 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512.
516 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has
517 * proper typing and doesn't allow mixing the functions arbitrarily.
518 */
519 struct __hmac_sha512_key {
520 struct sha512_block_state istate;
521 struct sha512_block_state ostate;
522 };
523 struct __hmac_sha512_ctx {
524 struct __sha512_ctx sha_ctx;
525 struct sha512_block_state ostate;
526 };
527 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx,
528 const struct __hmac_sha512_key *key);
529
530 /**
531 * struct sha384_ctx - Context for hashing a message with SHA-384
532 * @ctx: private
533 */
534 struct sha384_ctx {
535 struct __sha512_ctx ctx;
536 };
537
538 /**
539 * sha384_init() - Initialize a SHA-384 context for a new message
540 * @ctx: the context to initialize
541 *
542 * If you don't need incremental computation, consider sha384() instead.
543 *
544 * Context: Any context.
545 */
546 void sha384_init(struct sha384_ctx *ctx);
547
548 /**
549 * sha384_update() - Update a SHA-384 context with message data
550 * @ctx: the context to update; must have been initialized
551 * @data: the message data
552 * @len: the data length in bytes
553 *
554 * This can be called any number of times.
555 *
556 * Context: Any context.
557 */
sha384_update(struct sha384_ctx * ctx,const u8 * data,size_t len)558 static inline void sha384_update(struct sha384_ctx *ctx,
559 const u8 *data, size_t len)
560 {
561 __sha512_update(&ctx->ctx, data, len);
562 }
563
564 /**
565 * sha384_final() - Finish computing a SHA-384 message digest
566 * @ctx: the context to finalize; must have been initialized
567 * @out: (output) the resulting SHA-384 message digest
568 *
569 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
570 *
571 * Context: Any context.
572 */
573 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
574
575 /**
576 * sha384() - Compute SHA-384 message digest in one shot
577 * @data: the message data
578 * @len: the data length in bytes
579 * @out: (output) the resulting SHA-384 message digest
580 *
581 * Context: Any context.
582 */
583 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]);
584
585 /**
586 * struct hmac_sha384_key - Prepared key for HMAC-SHA384
587 * @key: private
588 */
589 struct hmac_sha384_key {
590 struct __hmac_sha512_key key;
591 };
592
593 /**
594 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message
595 * @ctx: private
596 */
597 struct hmac_sha384_ctx {
598 struct __hmac_sha512_ctx ctx;
599 };
600
601 /**
602 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384
603 * @key: (output) the key structure to initialize
604 * @raw_key: the raw HMAC-SHA384 key
605 * @raw_key_len: the key length in bytes. All key lengths are supported.
606 *
607 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key
608 * and the raw key once they are no longer needed.
609 *
610 * Context: Any context.
611 */
612 void hmac_sha384_preparekey(struct hmac_sha384_key *key,
613 const u8 *raw_key, size_t raw_key_len);
614
615 /**
616 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message
617 * @ctx: (output) the HMAC context to initialize
618 * @key: the prepared HMAC key
619 *
620 * If you don't need incremental computation, consider hmac_sha384() instead.
621 *
622 * Context: Any context.
623 */
hmac_sha384_init(struct hmac_sha384_ctx * ctx,const struct hmac_sha384_key * key)624 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx,
625 const struct hmac_sha384_key *key)
626 {
627 __hmac_sha512_init(&ctx->ctx, &key->key);
628 }
629
630 /**
631 * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new
632 * message, using a raw key
633 * @ctx: (output) the HMAC context to initialize
634 * @raw_key: the raw HMAC-SHA384 key
635 * @raw_key_len: the key length in bytes. All key lengths are supported.
636 *
637 * If you don't need incremental computation, consider hmac_sha384_usingrawkey()
638 * instead.
639 *
640 * Context: Any context.
641 */
642 void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
643 const u8 *raw_key, size_t raw_key_len);
644
645 /**
646 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data
647 * @ctx: the HMAC context to update; must have been initialized
648 * @data: the message data
649 * @data_len: the data length in bytes
650 *
651 * This can be called any number of times.
652 *
653 * Context: Any context.
654 */
hmac_sha384_update(struct hmac_sha384_ctx * ctx,const u8 * data,size_t data_len)655 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx,
656 const u8 *data, size_t data_len)
657 {
658 __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
659 }
660
661 /**
662 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value
663 * @ctx: the HMAC context to finalize; must have been initialized
664 * @out: (output) the resulting HMAC-SHA384 value
665 *
666 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
667 *
668 * Context: Any context.
669 */
670 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
671
672 /**
673 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key
674 * @key: the prepared HMAC key
675 * @data: the message data
676 * @data_len: the data length in bytes
677 * @out: (output) the resulting HMAC-SHA384 value
678 *
679 * If you're using the key only once, consider using hmac_sha384_usingrawkey().
680 *
681 * Context: Any context.
682 */
683 void hmac_sha384(const struct hmac_sha384_key *key,
684 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]);
685
686 /**
687 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key
688 * @raw_key: the raw HMAC-SHA384 key
689 * @raw_key_len: the key length in bytes. All key lengths are supported.
690 * @data: the message data
691 * @data_len: the data length in bytes
692 * @out: (output) the resulting HMAC-SHA384 value
693 *
694 * If you're using the key multiple times, prefer to use
695 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead.
696 *
697 * Context: Any context.
698 */
699 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
700 const u8 *data, size_t data_len,
701 u8 out[SHA384_DIGEST_SIZE]);
702
703 /**
704 * struct sha512_ctx - Context for hashing a message with SHA-512
705 * @ctx: private
706 */
707 struct sha512_ctx {
708 struct __sha512_ctx ctx;
709 };
710
711 /**
712 * sha512_init() - Initialize a SHA-512 context for a new message
713 * @ctx: the context to initialize
714 *
715 * If you don't need incremental computation, consider sha512() instead.
716 *
717 * Context: Any context.
718 */
719 void sha512_init(struct sha512_ctx *ctx);
720
721 /**
722 * sha512_update() - Update a SHA-512 context with message data
723 * @ctx: the context to update; must have been initialized
724 * @data: the message data
725 * @len: the data length in bytes
726 *
727 * This can be called any number of times.
728 *
729 * Context: Any context.
730 */
sha512_update(struct sha512_ctx * ctx,const u8 * data,size_t len)731 static inline void sha512_update(struct sha512_ctx *ctx,
732 const u8 *data, size_t len)
733 {
734 __sha512_update(&ctx->ctx, data, len);
735 }
736
737 /**
738 * sha512_final() - Finish computing a SHA-512 message digest
739 * @ctx: the context to finalize; must have been initialized
740 * @out: (output) the resulting SHA-512 message digest
741 *
742 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
743 *
744 * Context: Any context.
745 */
746 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
747
748 /**
749 * sha512() - Compute SHA-512 message digest in one shot
750 * @data: the message data
751 * @len: the data length in bytes
752 * @out: (output) the resulting SHA-512 message digest
753 *
754 * Context: Any context.
755 */
756 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]);
757
758 /**
759 * struct hmac_sha512_key - Prepared key for HMAC-SHA512
760 * @key: private
761 */
762 struct hmac_sha512_key {
763 struct __hmac_sha512_key key;
764 };
765
766 /**
767 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message
768 * @ctx: private
769 */
770 struct hmac_sha512_ctx {
771 struct __hmac_sha512_ctx ctx;
772 };
773
774 /**
775 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512
776 * @key: (output) the key structure to initialize
777 * @raw_key: the raw HMAC-SHA512 key
778 * @raw_key_len: the key length in bytes. All key lengths are supported.
779 *
780 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key
781 * and the raw key once they are no longer needed.
782 *
783 * Context: Any context.
784 */
785 void hmac_sha512_preparekey(struct hmac_sha512_key *key,
786 const u8 *raw_key, size_t raw_key_len);
787
788 /**
789 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message
790 * @ctx: (output) the HMAC context to initialize
791 * @key: the prepared HMAC key
792 *
793 * If you don't need incremental computation, consider hmac_sha512() instead.
794 *
795 * Context: Any context.
796 */
hmac_sha512_init(struct hmac_sha512_ctx * ctx,const struct hmac_sha512_key * key)797 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx,
798 const struct hmac_sha512_key *key)
799 {
800 __hmac_sha512_init(&ctx->ctx, &key->key);
801 }
802
803 /**
804 * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new
805 * message, using a raw key
806 * @ctx: (output) the HMAC context to initialize
807 * @raw_key: the raw HMAC-SHA512 key
808 * @raw_key_len: the key length in bytes. All key lengths are supported.
809 *
810 * If you don't need incremental computation, consider hmac_sha512_usingrawkey()
811 * instead.
812 *
813 * Context: Any context.
814 */
815 void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
816 const u8 *raw_key, size_t raw_key_len);
817
818 /**
819 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data
820 * @ctx: the HMAC context to update; must have been initialized
821 * @data: the message data
822 * @data_len: the data length in bytes
823 *
824 * This can be called any number of times.
825 *
826 * Context: Any context.
827 */
hmac_sha512_update(struct hmac_sha512_ctx * ctx,const u8 * data,size_t data_len)828 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx,
829 const u8 *data, size_t data_len)
830 {
831 __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
832 }
833
834 /**
835 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value
836 * @ctx: the HMAC context to finalize; must have been initialized
837 * @out: (output) the resulting HMAC-SHA512 value
838 *
839 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
840 *
841 * Context: Any context.
842 */
843 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
844
845 /**
846 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key
847 * @key: the prepared HMAC key
848 * @data: the message data
849 * @data_len: the data length in bytes
850 * @out: (output) the resulting HMAC-SHA512 value
851 *
852 * If you're using the key only once, consider using hmac_sha512_usingrawkey().
853 *
854 * Context: Any context.
855 */
856 void hmac_sha512(const struct hmac_sha512_key *key,
857 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]);
858
859 /**
860 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key
861 * @raw_key: the raw HMAC-SHA512 key
862 * @raw_key_len: the key length in bytes. All key lengths are supported.
863 * @data: the message data
864 * @data_len: the data length in bytes
865 * @out: (output) the resulting HMAC-SHA512 value
866 *
867 * If you're using the key multiple times, prefer to use
868 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead.
869 *
870 * Context: Any context.
871 */
872 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
873 const u8 *data, size_t data_len,
874 u8 out[SHA512_DIGEST_SIZE]);
875
876 #endif /* _CRYPTO_SHA2_H */
877