1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * Common values for SHA-2 algorithms
4 */
5
6 #ifndef _CRYPTO_SHA2_H
7 #define _CRYPTO_SHA2_H
8
9 #include <linux/types.h>
10
11 #define SHA224_DIGEST_SIZE 28
12 #define SHA224_BLOCK_SIZE 64
13
14 #define SHA256_DIGEST_SIZE 32
15 #define SHA256_BLOCK_SIZE 64
16 #define SHA256_STATE_WORDS 8
17
18 #define SHA384_DIGEST_SIZE 48
19 #define SHA384_BLOCK_SIZE 128
20
21 #define SHA512_DIGEST_SIZE 64
22 #define SHA512_BLOCK_SIZE 128
23 #define SHA512_STATE_SIZE 80
24
25 #define SHA224_H0 0xc1059ed8UL
26 #define SHA224_H1 0x367cd507UL
27 #define SHA224_H2 0x3070dd17UL
28 #define SHA224_H3 0xf70e5939UL
29 #define SHA224_H4 0xffc00b31UL
30 #define SHA224_H5 0x68581511UL
31 #define SHA224_H6 0x64f98fa7UL
32 #define SHA224_H7 0xbefa4fa4UL
33
34 #define SHA256_H0 0x6a09e667UL
35 #define SHA256_H1 0xbb67ae85UL
36 #define SHA256_H2 0x3c6ef372UL
37 #define SHA256_H3 0xa54ff53aUL
38 #define SHA256_H4 0x510e527fUL
39 #define SHA256_H5 0x9b05688cUL
40 #define SHA256_H6 0x1f83d9abUL
41 #define SHA256_H7 0x5be0cd19UL
42
43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL
44 #define SHA384_H1 0x629a292a367cd507ULL
45 #define SHA384_H2 0x9159015a3070dd17ULL
46 #define SHA384_H3 0x152fecd8f70e5939ULL
47 #define SHA384_H4 0x67332667ffc00b31ULL
48 #define SHA384_H5 0x8eb44a8768581511ULL
49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL
50 #define SHA384_H7 0x47b5481dbefa4fa4ULL
51
52 #define SHA512_H0 0x6a09e667f3bcc908ULL
53 #define SHA512_H1 0xbb67ae8584caa73bULL
54 #define SHA512_H2 0x3c6ef372fe94f82bULL
55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL
56 #define SHA512_H4 0x510e527fade682d1ULL
57 #define SHA512_H5 0x9b05688c2b3e6c1fULL
58 #define SHA512_H6 0x1f83d9abfb41bd6bULL
59 #define SHA512_H7 0x5be0cd19137e2179ULL
60
61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
62
63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
64
65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE];
66
67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE];
68
69 struct crypto_sha256_state {
70 u32 state[SHA256_STATE_WORDS];
71 u64 count;
72 };
73
sha224_block_init(struct crypto_sha256_state * sctx)74 static inline void sha224_block_init(struct crypto_sha256_state *sctx)
75 {
76 sctx->state[0] = SHA224_H0;
77 sctx->state[1] = SHA224_H1;
78 sctx->state[2] = SHA224_H2;
79 sctx->state[3] = SHA224_H3;
80 sctx->state[4] = SHA224_H4;
81 sctx->state[5] = SHA224_H5;
82 sctx->state[6] = SHA224_H6;
83 sctx->state[7] = SHA224_H7;
84 sctx->count = 0;
85 }
86
sha256_block_init(struct crypto_sha256_state * sctx)87 static inline void sha256_block_init(struct crypto_sha256_state *sctx)
88 {
89 sctx->state[0] = SHA256_H0;
90 sctx->state[1] = SHA256_H1;
91 sctx->state[2] = SHA256_H2;
92 sctx->state[3] = SHA256_H3;
93 sctx->state[4] = SHA256_H4;
94 sctx->state[5] = SHA256_H5;
95 sctx->state[6] = SHA256_H6;
96 sctx->state[7] = SHA256_H7;
97 sctx->count = 0;
98 }
99
100 struct sha256_state {
101 union {
102 struct crypto_sha256_state ctx;
103 struct {
104 u32 state[SHA256_STATE_WORDS];
105 u64 count;
106 };
107 };
108 u8 buf[SHA256_BLOCK_SIZE];
109 };
110
111 struct sha512_state {
112 u64 state[SHA512_DIGEST_SIZE / 8];
113 u64 count[2];
114 u8 buf[SHA512_BLOCK_SIZE];
115 };
116
117 /* State for the SHA-256 (and SHA-224) compression function */
118 struct sha256_block_state {
119 u32 h[SHA256_STATE_WORDS];
120 };
121
122 /*
123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and
124 * sha256_ctx structs wrap this one so that the API has proper typing and
125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily.
126 */
127 struct __sha256_ctx {
128 struct sha256_block_state state;
129 u64 bytecount;
130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64));
131 };
132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len);
133
134 /*
135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256.
136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has
137 * proper typing and doesn't allow mixing the functions arbitrarily.
138 */
139 struct __hmac_sha256_key {
140 struct sha256_block_state istate;
141 struct sha256_block_state ostate;
142 };
143 struct __hmac_sha256_ctx {
144 struct __sha256_ctx sha_ctx;
145 struct sha256_block_state ostate;
146 };
147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx,
148 const struct __hmac_sha256_key *key);
149
150 /**
151 * struct sha224_ctx - Context for hashing a message with SHA-224
152 * @ctx: private
153 */
154 struct sha224_ctx {
155 struct __sha256_ctx ctx;
156 };
157
158 /**
159 * sha224_init() - Initialize a SHA-224 context for a new message
160 * @ctx: the context to initialize
161 *
162 * If you don't need incremental computation, consider sha224() instead.
163 *
164 * Context: Any context.
165 */
166 void sha224_init(struct sha224_ctx *ctx);
167
168 /**
169 * sha224_update() - Update a SHA-224 context with message data
170 * @ctx: the context to update; must have been initialized
171 * @data: the message data
172 * @len: the data length in bytes
173 *
174 * This can be called any number of times.
175 *
176 * Context: Any context.
177 */
sha224_update(struct sha224_ctx * ctx,const u8 * data,size_t len)178 static inline void sha224_update(struct sha224_ctx *ctx,
179 const u8 *data, size_t len)
180 {
181 __sha256_update(&ctx->ctx, data, len);
182 }
183
184 /**
185 * sha224_final() - Finish computing a SHA-224 message digest
186 * @ctx: the context to finalize; must have been initialized
187 * @out: (output) the resulting SHA-224 message digest
188 *
189 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
190 *
191 * Context: Any context.
192 */
193 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
194
195 /**
196 * sha224() - Compute SHA-224 message digest in one shot
197 * @data: the message data
198 * @len: the data length in bytes
199 * @out: (output) the resulting SHA-224 message digest
200 *
201 * Context: Any context.
202 */
203 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]);
204
205 /**
206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224
207 * @key: private
208 */
209 struct hmac_sha224_key {
210 struct __hmac_sha256_key key;
211 };
212
213 /**
214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message
215 * @ctx: private
216 */
217 struct hmac_sha224_ctx {
218 struct __hmac_sha256_ctx ctx;
219 };
220
221 /**
222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224
223 * @key: (output) the key structure to initialize
224 * @raw_key: the raw HMAC-SHA224 key
225 * @raw_key_len: the key length in bytes. All key lengths are supported.
226 *
227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key
228 * and the raw key once they are no longer needed.
229 *
230 * Context: Any context.
231 */
232 void hmac_sha224_preparekey(struct hmac_sha224_key *key,
233 const u8 *raw_key, size_t raw_key_len);
234
235 /**
236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message
237 * @ctx: (output) the HMAC context to initialize
238 * @key: the prepared HMAC key
239 *
240 * If you don't need incremental computation, consider hmac_sha224() instead.
241 *
242 * Context: Any context.
243 */
hmac_sha224_init(struct hmac_sha224_ctx * ctx,const struct hmac_sha224_key * key)244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx,
245 const struct hmac_sha224_key *key)
246 {
247 __hmac_sha256_init(&ctx->ctx, &key->key);
248 }
249
250 /**
251 * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new
252 * message, using a raw key
253 * @ctx: (output) the HMAC context to initialize
254 * @raw_key: the raw HMAC-SHA224 key
255 * @raw_key_len: the key length in bytes. All key lengths are supported.
256 *
257 * If you don't need incremental computation, consider hmac_sha224_usingrawkey()
258 * instead.
259 *
260 * Context: Any context.
261 */
262 void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx,
263 const u8 *raw_key, size_t raw_key_len);
264
265 /**
266 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data
267 * @ctx: the HMAC context to update; must have been initialized
268 * @data: the message data
269 * @data_len: the data length in bytes
270 *
271 * This can be called any number of times.
272 *
273 * Context: Any context.
274 */
hmac_sha224_update(struct hmac_sha224_ctx * ctx,const u8 * data,size_t data_len)275 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx,
276 const u8 *data, size_t data_len)
277 {
278 __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
279 }
280
281 /**
282 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value
283 * @ctx: the HMAC context to finalize; must have been initialized
284 * @out: (output) the resulting HMAC-SHA224 value
285 *
286 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
287 *
288 * Context: Any context.
289 */
290 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]);
291
292 /**
293 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key
294 * @key: the prepared HMAC key
295 * @data: the message data
296 * @data_len: the data length in bytes
297 * @out: (output) the resulting HMAC-SHA224 value
298 *
299 * If you're using the key only once, consider using hmac_sha224_usingrawkey().
300 *
301 * Context: Any context.
302 */
303 void hmac_sha224(const struct hmac_sha224_key *key,
304 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]);
305
306 /**
307 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key
308 * @raw_key: the raw HMAC-SHA224 key
309 * @raw_key_len: the key length in bytes. All key lengths are supported.
310 * @data: the message data
311 * @data_len: the data length in bytes
312 * @out: (output) the resulting HMAC-SHA224 value
313 *
314 * If you're using the key multiple times, prefer to use
315 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead.
316 *
317 * Context: Any context.
318 */
319 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
320 const u8 *data, size_t data_len,
321 u8 out[SHA224_DIGEST_SIZE]);
322
323 /**
324 * struct sha256_ctx - Context for hashing a message with SHA-256
325 * @ctx: private
326 */
327 struct sha256_ctx {
328 struct __sha256_ctx ctx;
329 };
330
331 /**
332 * sha256_init() - Initialize a SHA-256 context for a new message
333 * @ctx: the context to initialize
334 *
335 * If you don't need incremental computation, consider sha256() instead.
336 *
337 * Context: Any context.
338 */
339 void sha256_init(struct sha256_ctx *ctx);
340
341 /**
342 * sha256_update() - Update a SHA-256 context with message data
343 * @ctx: the context to update; must have been initialized
344 * @data: the message data
345 * @len: the data length in bytes
346 *
347 * This can be called any number of times.
348 *
349 * Context: Any context.
350 */
sha256_update(struct sha256_ctx * ctx,const u8 * data,size_t len)351 static inline void sha256_update(struct sha256_ctx *ctx,
352 const u8 *data, size_t len)
353 {
354 __sha256_update(&ctx->ctx, data, len);
355 }
356
357 /**
358 * sha256_final() - Finish computing a SHA-256 message digest
359 * @ctx: the context to finalize; must have been initialized
360 * @out: (output) the resulting SHA-256 message digest
361 *
362 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
363 *
364 * Context: Any context.
365 */
366 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
367
368 /**
369 * sha256() - Compute SHA-256 message digest in one shot
370 * @data: the message data
371 * @len: the data length in bytes
372 * @out: (output) the resulting SHA-256 message digest
373 *
374 * Context: Any context.
375 */
376 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]);
377
378 /**
379 * sha256_finup_2x() - Compute two SHA-256 digests from a common initial
380 * context. On some CPUs, this is faster than sequentially
381 * computing each digest.
382 * @ctx: an optional initial context, which may have already processed data. If
383 * NULL, a default initial context is used (equivalent to sha256_init()).
384 * @data1: data for the first message
385 * @data2: data for the second message
386 * @len: the length of each of @data1 and @data2, in bytes
387 * @out1: (output) the first SHA-256 message digest
388 * @out2: (output) the second SHA-256 message digest
389 *
390 * Context: Any context.
391 */
392 void sha256_finup_2x(const struct sha256_ctx *ctx, const u8 *data1,
393 const u8 *data2, size_t len, u8 out1[SHA256_DIGEST_SIZE],
394 u8 out2[SHA256_DIGEST_SIZE]);
395
396 /**
397 * sha256_finup_2x_is_optimized() - Check if sha256_finup_2x() is using a real
398 * interleaved implementation, as opposed to a
399 * sequential fallback
400 * @return: true if optimized
401 *
402 * Context: Any context.
403 */
404 bool sha256_finup_2x_is_optimized(void);
405
406 /**
407 * struct hmac_sha256_key - Prepared key for HMAC-SHA256
408 * @key: private
409 */
410 struct hmac_sha256_key {
411 struct __hmac_sha256_key key;
412 };
413
414 /**
415 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message
416 * @ctx: private
417 */
418 struct hmac_sha256_ctx {
419 struct __hmac_sha256_ctx ctx;
420 };
421
422 /**
423 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256
424 * @key: (output) the key structure to initialize
425 * @raw_key: the raw HMAC-SHA256 key
426 * @raw_key_len: the key length in bytes. All key lengths are supported.
427 *
428 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key
429 * and the raw key once they are no longer needed.
430 *
431 * Context: Any context.
432 */
433 void hmac_sha256_preparekey(struct hmac_sha256_key *key,
434 const u8 *raw_key, size_t raw_key_len);
435
436 /**
437 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message
438 * @ctx: (output) the HMAC context to initialize
439 * @key: the prepared HMAC key
440 *
441 * If you don't need incremental computation, consider hmac_sha256() instead.
442 *
443 * Context: Any context.
444 */
hmac_sha256_init(struct hmac_sha256_ctx * ctx,const struct hmac_sha256_key * key)445 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
446 const struct hmac_sha256_key *key)
447 {
448 __hmac_sha256_init(&ctx->ctx, &key->key);
449 }
450
451 /**
452 * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new
453 * message, using a raw key
454 * @ctx: (output) the HMAC context to initialize
455 * @raw_key: the raw HMAC-SHA256 key
456 * @raw_key_len: the key length in bytes. All key lengths are supported.
457 *
458 * If you don't need incremental computation, consider hmac_sha256_usingrawkey()
459 * instead.
460 *
461 * Context: Any context.
462 */
463 void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx,
464 const u8 *raw_key, size_t raw_key_len);
465
466 /**
467 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data
468 * @ctx: the HMAC context to update; must have been initialized
469 * @data: the message data
470 * @data_len: the data length in bytes
471 *
472 * This can be called any number of times.
473 *
474 * Context: Any context.
475 */
hmac_sha256_update(struct hmac_sha256_ctx * ctx,const u8 * data,size_t data_len)476 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx,
477 const u8 *data, size_t data_len)
478 {
479 __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
480 }
481
482 /**
483 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value
484 * @ctx: the HMAC context to finalize; must have been initialized
485 * @out: (output) the resulting HMAC-SHA256 value
486 *
487 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
488 *
489 * Context: Any context.
490 */
491 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]);
492
493 /**
494 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key
495 * @key: the prepared HMAC key
496 * @data: the message data
497 * @data_len: the data length in bytes
498 * @out: (output) the resulting HMAC-SHA256 value
499 *
500 * If you're using the key only once, consider using hmac_sha256_usingrawkey().
501 *
502 * Context: Any context.
503 */
504 void hmac_sha256(const struct hmac_sha256_key *key,
505 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]);
506
507 /**
508 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key
509 * @raw_key: the raw HMAC-SHA256 key
510 * @raw_key_len: the key length in bytes. All key lengths are supported.
511 * @data: the message data
512 * @data_len: the data length in bytes
513 * @out: (output) the resulting HMAC-SHA256 value
514 *
515 * If you're using the key multiple times, prefer to use
516 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead.
517 *
518 * Context: Any context.
519 */
520 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
521 const u8 *data, size_t data_len,
522 u8 out[SHA256_DIGEST_SIZE]);
523
524 /* State for the SHA-512 (and SHA-384) compression function */
525 struct sha512_block_state {
526 u64 h[8];
527 };
528
529 /*
530 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and
531 * sha512_ctx structs wrap this one so that the API has proper typing and
532 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily.
533 */
534 struct __sha512_ctx {
535 struct sha512_block_state state;
536 u64 bytecount_lo;
537 u64 bytecount_hi;
538 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64));
539 };
540 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len);
541
542 /*
543 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512.
544 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has
545 * proper typing and doesn't allow mixing the functions arbitrarily.
546 */
547 struct __hmac_sha512_key {
548 struct sha512_block_state istate;
549 struct sha512_block_state ostate;
550 };
551 struct __hmac_sha512_ctx {
552 struct __sha512_ctx sha_ctx;
553 struct sha512_block_state ostate;
554 };
555 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx,
556 const struct __hmac_sha512_key *key);
557
558 /**
559 * struct sha384_ctx - Context for hashing a message with SHA-384
560 * @ctx: private
561 */
562 struct sha384_ctx {
563 struct __sha512_ctx ctx;
564 };
565
566 /**
567 * sha384_init() - Initialize a SHA-384 context for a new message
568 * @ctx: the context to initialize
569 *
570 * If you don't need incremental computation, consider sha384() instead.
571 *
572 * Context: Any context.
573 */
574 void sha384_init(struct sha384_ctx *ctx);
575
576 /**
577 * sha384_update() - Update a SHA-384 context with message data
578 * @ctx: the context to update; must have been initialized
579 * @data: the message data
580 * @len: the data length in bytes
581 *
582 * This can be called any number of times.
583 *
584 * Context: Any context.
585 */
sha384_update(struct sha384_ctx * ctx,const u8 * data,size_t len)586 static inline void sha384_update(struct sha384_ctx *ctx,
587 const u8 *data, size_t len)
588 {
589 __sha512_update(&ctx->ctx, data, len);
590 }
591
592 /**
593 * sha384_final() - Finish computing a SHA-384 message digest
594 * @ctx: the context to finalize; must have been initialized
595 * @out: (output) the resulting SHA-384 message digest
596 *
597 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
598 *
599 * Context: Any context.
600 */
601 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
602
603 /**
604 * sha384() - Compute SHA-384 message digest in one shot
605 * @data: the message data
606 * @len: the data length in bytes
607 * @out: (output) the resulting SHA-384 message digest
608 *
609 * Context: Any context.
610 */
611 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]);
612
613 /**
614 * struct hmac_sha384_key - Prepared key for HMAC-SHA384
615 * @key: private
616 */
617 struct hmac_sha384_key {
618 struct __hmac_sha512_key key;
619 };
620
621 /**
622 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message
623 * @ctx: private
624 */
625 struct hmac_sha384_ctx {
626 struct __hmac_sha512_ctx ctx;
627 };
628
629 /**
630 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384
631 * @key: (output) the key structure to initialize
632 * @raw_key: the raw HMAC-SHA384 key
633 * @raw_key_len: the key length in bytes. All key lengths are supported.
634 *
635 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key
636 * and the raw key once they are no longer needed.
637 *
638 * Context: Any context.
639 */
640 void hmac_sha384_preparekey(struct hmac_sha384_key *key,
641 const u8 *raw_key, size_t raw_key_len);
642
643 /**
644 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message
645 * @ctx: (output) the HMAC context to initialize
646 * @key: the prepared HMAC key
647 *
648 * If you don't need incremental computation, consider hmac_sha384() instead.
649 *
650 * Context: Any context.
651 */
hmac_sha384_init(struct hmac_sha384_ctx * ctx,const struct hmac_sha384_key * key)652 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx,
653 const struct hmac_sha384_key *key)
654 {
655 __hmac_sha512_init(&ctx->ctx, &key->key);
656 }
657
658 /**
659 * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new
660 * message, using a raw key
661 * @ctx: (output) the HMAC context to initialize
662 * @raw_key: the raw HMAC-SHA384 key
663 * @raw_key_len: the key length in bytes. All key lengths are supported.
664 *
665 * If you don't need incremental computation, consider hmac_sha384_usingrawkey()
666 * instead.
667 *
668 * Context: Any context.
669 */
670 void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
671 const u8 *raw_key, size_t raw_key_len);
672
673 /**
674 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data
675 * @ctx: the HMAC context to update; must have been initialized
676 * @data: the message data
677 * @data_len: the data length in bytes
678 *
679 * This can be called any number of times.
680 *
681 * Context: Any context.
682 */
hmac_sha384_update(struct hmac_sha384_ctx * ctx,const u8 * data,size_t data_len)683 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx,
684 const u8 *data, size_t data_len)
685 {
686 __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
687 }
688
689 /**
690 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value
691 * @ctx: the HMAC context to finalize; must have been initialized
692 * @out: (output) the resulting HMAC-SHA384 value
693 *
694 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
695 *
696 * Context: Any context.
697 */
698 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]);
699
700 /**
701 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key
702 * @key: the prepared HMAC key
703 * @data: the message data
704 * @data_len: the data length in bytes
705 * @out: (output) the resulting HMAC-SHA384 value
706 *
707 * If you're using the key only once, consider using hmac_sha384_usingrawkey().
708 *
709 * Context: Any context.
710 */
711 void hmac_sha384(const struct hmac_sha384_key *key,
712 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]);
713
714 /**
715 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key
716 * @raw_key: the raw HMAC-SHA384 key
717 * @raw_key_len: the key length in bytes. All key lengths are supported.
718 * @data: the message data
719 * @data_len: the data length in bytes
720 * @out: (output) the resulting HMAC-SHA384 value
721 *
722 * If you're using the key multiple times, prefer to use
723 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead.
724 *
725 * Context: Any context.
726 */
727 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
728 const u8 *data, size_t data_len,
729 u8 out[SHA384_DIGEST_SIZE]);
730
731 /**
732 * struct sha512_ctx - Context for hashing a message with SHA-512
733 * @ctx: private
734 */
735 struct sha512_ctx {
736 struct __sha512_ctx ctx;
737 };
738
739 /**
740 * sha512_init() - Initialize a SHA-512 context for a new message
741 * @ctx: the context to initialize
742 *
743 * If you don't need incremental computation, consider sha512() instead.
744 *
745 * Context: Any context.
746 */
747 void sha512_init(struct sha512_ctx *ctx);
748
749 /**
750 * sha512_update() - Update a SHA-512 context with message data
751 * @ctx: the context to update; must have been initialized
752 * @data: the message data
753 * @len: the data length in bytes
754 *
755 * This can be called any number of times.
756 *
757 * Context: Any context.
758 */
sha512_update(struct sha512_ctx * ctx,const u8 * data,size_t len)759 static inline void sha512_update(struct sha512_ctx *ctx,
760 const u8 *data, size_t len)
761 {
762 __sha512_update(&ctx->ctx, data, len);
763 }
764
765 /**
766 * sha512_final() - Finish computing a SHA-512 message digest
767 * @ctx: the context to finalize; must have been initialized
768 * @out: (output) the resulting SHA-512 message digest
769 *
770 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
771 *
772 * Context: Any context.
773 */
774 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
775
776 /**
777 * sha512() - Compute SHA-512 message digest in one shot
778 * @data: the message data
779 * @len: the data length in bytes
780 * @out: (output) the resulting SHA-512 message digest
781 *
782 * Context: Any context.
783 */
784 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]);
785
786 /**
787 * struct hmac_sha512_key - Prepared key for HMAC-SHA512
788 * @key: private
789 */
790 struct hmac_sha512_key {
791 struct __hmac_sha512_key key;
792 };
793
794 /**
795 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message
796 * @ctx: private
797 */
798 struct hmac_sha512_ctx {
799 struct __hmac_sha512_ctx ctx;
800 };
801
802 /**
803 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512
804 * @key: (output) the key structure to initialize
805 * @raw_key: the raw HMAC-SHA512 key
806 * @raw_key_len: the key length in bytes. All key lengths are supported.
807 *
808 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key
809 * and the raw key once they are no longer needed.
810 *
811 * Context: Any context.
812 */
813 void hmac_sha512_preparekey(struct hmac_sha512_key *key,
814 const u8 *raw_key, size_t raw_key_len);
815
816 /**
817 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message
818 * @ctx: (output) the HMAC context to initialize
819 * @key: the prepared HMAC key
820 *
821 * If you don't need incremental computation, consider hmac_sha512() instead.
822 *
823 * Context: Any context.
824 */
hmac_sha512_init(struct hmac_sha512_ctx * ctx,const struct hmac_sha512_key * key)825 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx,
826 const struct hmac_sha512_key *key)
827 {
828 __hmac_sha512_init(&ctx->ctx, &key->key);
829 }
830
831 /**
832 * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new
833 * message, using a raw key
834 * @ctx: (output) the HMAC context to initialize
835 * @raw_key: the raw HMAC-SHA512 key
836 * @raw_key_len: the key length in bytes. All key lengths are supported.
837 *
838 * If you don't need incremental computation, consider hmac_sha512_usingrawkey()
839 * instead.
840 *
841 * Context: Any context.
842 */
843 void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
844 const u8 *raw_key, size_t raw_key_len);
845
846 /**
847 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data
848 * @ctx: the HMAC context to update; must have been initialized
849 * @data: the message data
850 * @data_len: the data length in bytes
851 *
852 * This can be called any number of times.
853 *
854 * Context: Any context.
855 */
hmac_sha512_update(struct hmac_sha512_ctx * ctx,const u8 * data,size_t data_len)856 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx,
857 const u8 *data, size_t data_len)
858 {
859 __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
860 }
861
862 /**
863 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value
864 * @ctx: the HMAC context to finalize; must have been initialized
865 * @out: (output) the resulting HMAC-SHA512 value
866 *
867 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
868 *
869 * Context: Any context.
870 */
871 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]);
872
873 /**
874 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key
875 * @key: the prepared HMAC key
876 * @data: the message data
877 * @data_len: the data length in bytes
878 * @out: (output) the resulting HMAC-SHA512 value
879 *
880 * If you're using the key only once, consider using hmac_sha512_usingrawkey().
881 *
882 * Context: Any context.
883 */
884 void hmac_sha512(const struct hmac_sha512_key *key,
885 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]);
886
887 /**
888 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key
889 * @raw_key: the raw HMAC-SHA512 key
890 * @raw_key_len: the key length in bytes. All key lengths are supported.
891 * @data: the message data
892 * @data_len: the data length in bytes
893 * @out: (output) the resulting HMAC-SHA512 value
894 *
895 * If you're using the key multiple times, prefer to use
896 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead.
897 *
898 * Context: Any context.
899 */
900 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
901 const u8 *data, size_t data_len,
902 u8 out[SHA512_DIGEST_SIZE]);
903
904 #endif /* _CRYPTO_SHA2_H */
905