1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256 4 * 5 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> 6 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 8 * SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com> 9 * Copyright 2025 Google LLC 10 */ 11 #include <crypto/internal/hash.h> 12 #include <crypto/sha2.h> 13 #include <linux/kernel.h> 14 #include <linux/module.h> 15 16 /* 17 * Export and import functions. crypto_shash wants a particular format that 18 * matches that used by some legacy drivers. It currently is the same as the 19 * library SHA context, except the value in bytecount must be block-aligned and 20 * the remainder must be stored in an extra u8 appended to the struct. 21 */ 22 23 #define SHA256_SHASH_STATE_SIZE 105 24 static_assert(offsetof(struct __sha256_ctx, state) == 0); 25 static_assert(offsetof(struct __sha256_ctx, bytecount) == 32); 26 static_assert(offsetof(struct __sha256_ctx, buf) == 40); 27 static_assert(sizeof(struct __sha256_ctx) + 1 == SHA256_SHASH_STATE_SIZE); 28 29 static int __crypto_sha256_export(const struct __sha256_ctx *ctx0, void *out) 30 { 31 struct __sha256_ctx ctx = *ctx0; 32 unsigned int partial; 33 u8 *p = out; 34 35 partial = ctx.bytecount % SHA256_BLOCK_SIZE; 36 ctx.bytecount -= partial; 37 memcpy(p, &ctx, sizeof(ctx)); 38 p += sizeof(ctx); 39 *p = partial; 40 return 0; 41 } 42 43 static int __crypto_sha256_import(struct __sha256_ctx *ctx, const void *in) 44 { 45 const u8 *p = in; 46 47 memcpy(ctx, p, sizeof(*ctx)); 48 p += sizeof(*ctx); 49 ctx->bytecount += *p; 50 return 0; 51 } 52 53 /* SHA-224 */ 54 55 const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = { 56 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 57 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 58 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4, 59 0x2f 60 }; 61 EXPORT_SYMBOL_GPL(sha224_zero_message_hash); 62 63 #define SHA224_CTX(desc) ((struct sha224_ctx *)shash_desc_ctx(desc)) 64 65 static int crypto_sha224_init(struct shash_desc *desc) 66 { 67 sha224_init(SHA224_CTX(desc)); 68 return 0; 69 } 70 71 static int crypto_sha224_update(struct shash_desc *desc, 72 const u8 *data, unsigned int len) 73 { 74 sha224_update(SHA224_CTX(desc), data, len); 75 return 0; 76 } 77 78 static int crypto_sha224_final(struct shash_desc *desc, u8 *out) 79 { 80 sha224_final(SHA224_CTX(desc), out); 81 return 0; 82 } 83 84 static int crypto_sha224_digest(struct shash_desc *desc, 85 const u8 *data, unsigned int len, u8 *out) 86 { 87 sha224(data, len, out); 88 return 0; 89 } 90 91 static int crypto_sha224_export(struct shash_desc *desc, void *out) 92 { 93 return __crypto_sha256_export(&SHA224_CTX(desc)->ctx, out); 94 } 95 96 static int crypto_sha224_import(struct shash_desc *desc, const void *in) 97 { 98 return __crypto_sha256_import(&SHA224_CTX(desc)->ctx, in); 99 } 100 101 /* SHA-256 */ 102 103 const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = { 104 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 105 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 106 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 107 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 108 }; 109 EXPORT_SYMBOL_GPL(sha256_zero_message_hash); 110 111 #define SHA256_CTX(desc) ((struct sha256_ctx *)shash_desc_ctx(desc)) 112 113 static int crypto_sha256_init(struct shash_desc *desc) 114 { 115 sha256_init(SHA256_CTX(desc)); 116 return 0; 117 } 118 119 static int crypto_sha256_update(struct shash_desc *desc, 120 const u8 *data, unsigned int len) 121 { 122 sha256_update(SHA256_CTX(desc), data, len); 123 return 0; 124 } 125 126 static int crypto_sha256_final(struct shash_desc *desc, u8 *out) 127 { 128 sha256_final(SHA256_CTX(desc), out); 129 return 0; 130 } 131 132 static int crypto_sha256_digest(struct shash_desc *desc, 133 const u8 *data, unsigned int len, u8 *out) 134 { 135 sha256(data, len, out); 136 return 0; 137 } 138 139 static int crypto_sha256_export(struct shash_desc *desc, void *out) 140 { 141 return __crypto_sha256_export(&SHA256_CTX(desc)->ctx, out); 142 } 143 144 static int crypto_sha256_import(struct shash_desc *desc, const void *in) 145 { 146 return __crypto_sha256_import(&SHA256_CTX(desc)->ctx, in); 147 } 148 149 /* HMAC-SHA224 */ 150 151 #define HMAC_SHA224_KEY(tfm) ((struct hmac_sha224_key *)crypto_shash_ctx(tfm)) 152 #define HMAC_SHA224_CTX(desc) ((struct hmac_sha224_ctx *)shash_desc_ctx(desc)) 153 154 static int crypto_hmac_sha224_setkey(struct crypto_shash *tfm, 155 const u8 *raw_key, unsigned int keylen) 156 { 157 hmac_sha224_preparekey(HMAC_SHA224_KEY(tfm), raw_key, keylen); 158 return 0; 159 } 160 161 static int crypto_hmac_sha224_init(struct shash_desc *desc) 162 { 163 hmac_sha224_init(HMAC_SHA224_CTX(desc), HMAC_SHA224_KEY(desc->tfm)); 164 return 0; 165 } 166 167 static int crypto_hmac_sha224_update(struct shash_desc *desc, 168 const u8 *data, unsigned int len) 169 { 170 hmac_sha224_update(HMAC_SHA224_CTX(desc), data, len); 171 return 0; 172 } 173 174 static int crypto_hmac_sha224_final(struct shash_desc *desc, u8 *out) 175 { 176 hmac_sha224_final(HMAC_SHA224_CTX(desc), out); 177 return 0; 178 } 179 180 static int crypto_hmac_sha224_digest(struct shash_desc *desc, 181 const u8 *data, unsigned int len, 182 u8 *out) 183 { 184 hmac_sha224(HMAC_SHA224_KEY(desc->tfm), data, len, out); 185 return 0; 186 } 187 188 static int crypto_hmac_sha224_export(struct shash_desc *desc, void *out) 189 { 190 return __crypto_sha256_export(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx, out); 191 } 192 193 static int crypto_hmac_sha224_import(struct shash_desc *desc, const void *in) 194 { 195 struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc); 196 197 ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate; 198 return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 199 } 200 201 /* HMAC-SHA256 */ 202 203 #define HMAC_SHA256_KEY(tfm) ((struct hmac_sha256_key *)crypto_shash_ctx(tfm)) 204 #define HMAC_SHA256_CTX(desc) ((struct hmac_sha256_ctx *)shash_desc_ctx(desc)) 205 206 static int crypto_hmac_sha256_setkey(struct crypto_shash *tfm, 207 const u8 *raw_key, unsigned int keylen) 208 { 209 hmac_sha256_preparekey(HMAC_SHA256_KEY(tfm), raw_key, keylen); 210 return 0; 211 } 212 213 static int crypto_hmac_sha256_init(struct shash_desc *desc) 214 { 215 hmac_sha256_init(HMAC_SHA256_CTX(desc), HMAC_SHA256_KEY(desc->tfm)); 216 return 0; 217 } 218 219 static int crypto_hmac_sha256_update(struct shash_desc *desc, 220 const u8 *data, unsigned int len) 221 { 222 hmac_sha256_update(HMAC_SHA256_CTX(desc), data, len); 223 return 0; 224 } 225 226 static int crypto_hmac_sha256_final(struct shash_desc *desc, u8 *out) 227 { 228 hmac_sha256_final(HMAC_SHA256_CTX(desc), out); 229 return 0; 230 } 231 232 static int crypto_hmac_sha256_digest(struct shash_desc *desc, 233 const u8 *data, unsigned int len, 234 u8 *out) 235 { 236 hmac_sha256(HMAC_SHA256_KEY(desc->tfm), data, len, out); 237 return 0; 238 } 239 240 static int crypto_hmac_sha256_export(struct shash_desc *desc, void *out) 241 { 242 return __crypto_sha256_export(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx, out); 243 } 244 245 static int crypto_hmac_sha256_import(struct shash_desc *desc, const void *in) 246 { 247 struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc); 248 249 ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate; 250 return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 251 } 252 253 /* Algorithm definitions */ 254 255 static struct shash_alg algs[] = { 256 { 257 .base.cra_name = "sha224", 258 .base.cra_driver_name = "sha224-lib", 259 .base.cra_priority = 300, 260 .base.cra_blocksize = SHA224_BLOCK_SIZE, 261 .base.cra_module = THIS_MODULE, 262 .digestsize = SHA224_DIGEST_SIZE, 263 .init = crypto_sha224_init, 264 .update = crypto_sha224_update, 265 .final = crypto_sha224_final, 266 .digest = crypto_sha224_digest, 267 .export = crypto_sha224_export, 268 .import = crypto_sha224_import, 269 .descsize = sizeof(struct sha224_ctx), 270 .statesize = SHA256_SHASH_STATE_SIZE, 271 }, 272 { 273 .base.cra_name = "sha256", 274 .base.cra_driver_name = "sha256-lib", 275 .base.cra_priority = 300, 276 .base.cra_blocksize = SHA256_BLOCK_SIZE, 277 .base.cra_module = THIS_MODULE, 278 .digestsize = SHA256_DIGEST_SIZE, 279 .init = crypto_sha256_init, 280 .update = crypto_sha256_update, 281 .final = crypto_sha256_final, 282 .digest = crypto_sha256_digest, 283 .export = crypto_sha256_export, 284 .import = crypto_sha256_import, 285 .descsize = sizeof(struct sha256_ctx), 286 .statesize = SHA256_SHASH_STATE_SIZE, 287 }, 288 { 289 .base.cra_name = "hmac(sha224)", 290 .base.cra_driver_name = "hmac-sha224-lib", 291 .base.cra_priority = 300, 292 .base.cra_blocksize = SHA224_BLOCK_SIZE, 293 .base.cra_ctxsize = sizeof(struct hmac_sha224_key), 294 .base.cra_module = THIS_MODULE, 295 .digestsize = SHA224_DIGEST_SIZE, 296 .setkey = crypto_hmac_sha224_setkey, 297 .init = crypto_hmac_sha224_init, 298 .update = crypto_hmac_sha224_update, 299 .final = crypto_hmac_sha224_final, 300 .digest = crypto_hmac_sha224_digest, 301 .export = crypto_hmac_sha224_export, 302 .import = crypto_hmac_sha224_import, 303 .descsize = sizeof(struct hmac_sha224_ctx), 304 .statesize = SHA256_SHASH_STATE_SIZE, 305 }, 306 { 307 .base.cra_name = "hmac(sha256)", 308 .base.cra_driver_name = "hmac-sha256-lib", 309 .base.cra_priority = 300, 310 .base.cra_blocksize = SHA256_BLOCK_SIZE, 311 .base.cra_ctxsize = sizeof(struct hmac_sha256_key), 312 .base.cra_module = THIS_MODULE, 313 .digestsize = SHA256_DIGEST_SIZE, 314 .setkey = crypto_hmac_sha256_setkey, 315 .init = crypto_hmac_sha256_init, 316 .update = crypto_hmac_sha256_update, 317 .final = crypto_hmac_sha256_final, 318 .digest = crypto_hmac_sha256_digest, 319 .export = crypto_hmac_sha256_export, 320 .import = crypto_hmac_sha256_import, 321 .descsize = sizeof(struct hmac_sha256_ctx), 322 .statesize = SHA256_SHASH_STATE_SIZE, 323 }, 324 }; 325 326 static int __init crypto_sha256_mod_init(void) 327 { 328 return crypto_register_shashes(algs, ARRAY_SIZE(algs)); 329 } 330 module_init(crypto_sha256_mod_init); 331 332 static void __exit crypto_sha256_mod_exit(void) 333 { 334 crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 335 } 336 module_exit(crypto_sha256_mod_exit); 337 338 MODULE_LICENSE("GPL"); 339 MODULE_DESCRIPTION("Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256"); 340 341 MODULE_ALIAS_CRYPTO("sha224"); 342 MODULE_ALIAS_CRYPTO("sha224-lib"); 343 MODULE_ALIAS_CRYPTO("sha256"); 344 MODULE_ALIAS_CRYPTO("sha256-lib"); 345 MODULE_ALIAS_CRYPTO("hmac(sha224)"); 346 MODULE_ALIAS_CRYPTO("hmac-sha224-lib"); 347 MODULE_ALIAS_CRYPTO("hmac(sha256)"); 348 MODULE_ALIAS_CRYPTO("hmac-sha256-lib"); 349