1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Crypto API support for SHA-1 and HMAC-SHA1 4 * 5 * Copyright (c) Alan Smithee. 6 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 7 * Copyright (c) Jean-Francois Dive <jef@linuxbe.org> 8 * Copyright 2025 Google LLC 9 */ 10 #include <crypto/internal/hash.h> 11 #include <crypto/sha1.h> 12 #include <linux/kernel.h> 13 #include <linux/module.h> 14 15 /* 16 * Export and import functions. crypto_shash wants a particular format that 17 * matches that used by some legacy drivers. It currently is the same as the 18 * library SHA context, except the value in bytecount must be block-aligned and 19 * the remainder must be stored in an extra u8 appended to the struct. 20 */ 21 22 #define SHA1_SHASH_STATE_SIZE (sizeof(struct sha1_ctx) + 1) 23 static_assert(sizeof(struct sha1_ctx) == sizeof(struct sha1_state)); 24 static_assert(offsetof(struct sha1_ctx, state) == offsetof(struct sha1_state, state)); 25 static_assert(offsetof(struct sha1_ctx, bytecount) == offsetof(struct sha1_state, count)); 26 static_assert(offsetof(struct sha1_ctx, buf) == offsetof(struct sha1_state, buffer)); 27 28 static int __crypto_sha1_export(const struct sha1_ctx *ctx0, void *out) 29 { 30 struct sha1_ctx ctx = *ctx0; 31 unsigned int partial; 32 u8 *p = out; 33 34 partial = ctx.bytecount % SHA1_BLOCK_SIZE; 35 ctx.bytecount -= partial; 36 memcpy(p, &ctx, sizeof(ctx)); 37 p += sizeof(ctx); 38 *p = partial; 39 return 0; 40 } 41 42 static int __crypto_sha1_import(struct sha1_ctx *ctx, const void *in) 43 { 44 const u8 *p = in; 45 46 memcpy(ctx, p, sizeof(*ctx)); 47 p += sizeof(*ctx); 48 ctx->bytecount += *p; 49 return 0; 50 } 51 52 const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = { 53 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 54 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 55 0xaf, 0xd8, 0x07, 0x09 56 }; 57 EXPORT_SYMBOL_GPL(sha1_zero_message_hash); 58 59 #define SHA1_CTX(desc) ((struct sha1_ctx *)shash_desc_ctx(desc)) 60 61 static int crypto_sha1_init(struct shash_desc *desc) 62 { 63 sha1_init(SHA1_CTX(desc)); 64 return 0; 65 } 66 67 static int crypto_sha1_update(struct shash_desc *desc, 68 const u8 *data, unsigned int len) 69 { 70 sha1_update(SHA1_CTX(desc), data, len); 71 return 0; 72 } 73 74 static int crypto_sha1_final(struct shash_desc *desc, u8 *out) 75 { 76 sha1_final(SHA1_CTX(desc), out); 77 return 0; 78 } 79 80 static int crypto_sha1_digest(struct shash_desc *desc, 81 const u8 *data, unsigned int len, u8 *out) 82 { 83 sha1(data, len, out); 84 return 0; 85 } 86 87 static int crypto_sha1_export(struct shash_desc *desc, void *out) 88 { 89 return __crypto_sha1_export(SHA1_CTX(desc), out); 90 } 91 92 static int crypto_sha1_import(struct shash_desc *desc, const void *in) 93 { 94 return __crypto_sha1_import(SHA1_CTX(desc), in); 95 } 96 97 #define HMAC_SHA1_KEY(tfm) ((struct hmac_sha1_key *)crypto_shash_ctx(tfm)) 98 #define HMAC_SHA1_CTX(desc) ((struct hmac_sha1_ctx *)shash_desc_ctx(desc)) 99 100 static int crypto_hmac_sha1_setkey(struct crypto_shash *tfm, 101 const u8 *raw_key, unsigned int keylen) 102 { 103 hmac_sha1_preparekey(HMAC_SHA1_KEY(tfm), raw_key, keylen); 104 return 0; 105 } 106 107 static int crypto_hmac_sha1_init(struct shash_desc *desc) 108 { 109 hmac_sha1_init(HMAC_SHA1_CTX(desc), HMAC_SHA1_KEY(desc->tfm)); 110 return 0; 111 } 112 113 static int crypto_hmac_sha1_update(struct shash_desc *desc, 114 const u8 *data, unsigned int len) 115 { 116 hmac_sha1_update(HMAC_SHA1_CTX(desc), data, len); 117 return 0; 118 } 119 120 static int crypto_hmac_sha1_final(struct shash_desc *desc, u8 *out) 121 { 122 hmac_sha1_final(HMAC_SHA1_CTX(desc), out); 123 return 0; 124 } 125 126 static int crypto_hmac_sha1_digest(struct shash_desc *desc, 127 const u8 *data, unsigned int len, u8 *out) 128 { 129 hmac_sha1(HMAC_SHA1_KEY(desc->tfm), data, len, out); 130 return 0; 131 } 132 133 static int crypto_hmac_sha1_export(struct shash_desc *desc, void *out) 134 { 135 return __crypto_sha1_export(&HMAC_SHA1_CTX(desc)->sha_ctx, out); 136 } 137 138 static int crypto_hmac_sha1_import(struct shash_desc *desc, const void *in) 139 { 140 struct hmac_sha1_ctx *ctx = HMAC_SHA1_CTX(desc); 141 142 ctx->ostate = HMAC_SHA1_KEY(desc->tfm)->ostate; 143 return __crypto_sha1_import(&ctx->sha_ctx, in); 144 } 145 146 static struct shash_alg algs[] = { 147 { 148 .base.cra_name = "sha1", 149 .base.cra_driver_name = "sha1-lib", 150 .base.cra_priority = 300, 151 .base.cra_blocksize = SHA1_BLOCK_SIZE, 152 .base.cra_module = THIS_MODULE, 153 .digestsize = SHA1_DIGEST_SIZE, 154 .init = crypto_sha1_init, 155 .update = crypto_sha1_update, 156 .final = crypto_sha1_final, 157 .digest = crypto_sha1_digest, 158 .export = crypto_sha1_export, 159 .import = crypto_sha1_import, 160 .descsize = sizeof(struct sha1_ctx), 161 .statesize = SHA1_SHASH_STATE_SIZE, 162 }, 163 { 164 .base.cra_name = "hmac(sha1)", 165 .base.cra_driver_name = "hmac-sha1-lib", 166 .base.cra_priority = 300, 167 .base.cra_blocksize = SHA1_BLOCK_SIZE, 168 .base.cra_ctxsize = sizeof(struct hmac_sha1_key), 169 .base.cra_module = THIS_MODULE, 170 .digestsize = SHA1_DIGEST_SIZE, 171 .setkey = crypto_hmac_sha1_setkey, 172 .init = crypto_hmac_sha1_init, 173 .update = crypto_hmac_sha1_update, 174 .final = crypto_hmac_sha1_final, 175 .digest = crypto_hmac_sha1_digest, 176 .export = crypto_hmac_sha1_export, 177 .import = crypto_hmac_sha1_import, 178 .descsize = sizeof(struct hmac_sha1_ctx), 179 .statesize = SHA1_SHASH_STATE_SIZE, 180 }, 181 }; 182 183 static int __init crypto_sha1_mod_init(void) 184 { 185 return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 186 } 187 module_init(crypto_sha1_mod_init); 188 189 static void __exit crypto_sha1_mod_exit(void) 190 { 191 crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 192 } 193 module_exit(crypto_sha1_mod_exit); 194 195 MODULE_LICENSE("GPL"); 196 MODULE_DESCRIPTION("Crypto API support for SHA-1 and HMAC-SHA1"); 197 198 MODULE_ALIAS_CRYPTO("sha1"); 199 MODULE_ALIAS_CRYPTO("sha1-lib"); 200 MODULE_ALIAS_CRYPTO("hmac(sha1)"); 201 MODULE_ALIAS_CRYPTO("hmac-sha1-lib"); 202