1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for SHA-2 algorithms 4 */ 5 6 #ifndef _CRYPTO_SHA2_H 7 #define _CRYPTO_SHA2_H 8 9 #include <linux/types.h> 10 11 #define SHA224_DIGEST_SIZE 28 12 #define SHA224_BLOCK_SIZE 64 13 14 #define SHA256_DIGEST_SIZE 32 15 #define SHA256_BLOCK_SIZE 64 16 #define SHA256_STATE_WORDS 8 17 18 #define SHA384_DIGEST_SIZE 48 19 #define SHA384_BLOCK_SIZE 128 20 21 #define SHA512_DIGEST_SIZE 64 22 #define SHA512_BLOCK_SIZE 128 23 #define SHA512_STATE_SIZE 80 24 25 #define SHA224_H0 0xc1059ed8UL 26 #define SHA224_H1 0x367cd507UL 27 #define SHA224_H2 0x3070dd17UL 28 #define SHA224_H3 0xf70e5939UL 29 #define SHA224_H4 0xffc00b31UL 30 #define SHA224_H5 0x68581511UL 31 #define SHA224_H6 0x64f98fa7UL 32 #define SHA224_H7 0xbefa4fa4UL 33 34 #define SHA256_H0 0x6a09e667UL 35 #define SHA256_H1 0xbb67ae85UL 36 #define SHA256_H2 0x3c6ef372UL 37 #define SHA256_H3 0xa54ff53aUL 38 #define SHA256_H4 0x510e527fUL 39 #define SHA256_H5 0x9b05688cUL 40 #define SHA256_H6 0x1f83d9abUL 41 #define SHA256_H7 0x5be0cd19UL 42 43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 44 #define SHA384_H1 0x629a292a367cd507ULL 45 #define SHA384_H2 0x9159015a3070dd17ULL 46 #define SHA384_H3 0x152fecd8f70e5939ULL 47 #define SHA384_H4 0x67332667ffc00b31ULL 48 #define SHA384_H5 0x8eb44a8768581511ULL 49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 50 #define SHA384_H7 0x47b5481dbefa4fa4ULL 51 52 #define SHA512_H0 0x6a09e667f3bcc908ULL 53 #define SHA512_H1 0xbb67ae8584caa73bULL 54 #define SHA512_H2 0x3c6ef372fe94f82bULL 55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 56 #define SHA512_H4 0x510e527fade682d1ULL 57 #define SHA512_H5 0x9b05688c2b3e6c1fULL 58 #define SHA512_H6 0x1f83d9abfb41bd6bULL 59 #define SHA512_H7 0x5be0cd19137e2179ULL 60 61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; 62 63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; 64 65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; 66 67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; 68 69 struct crypto_sha256_state { 70 u32 state[SHA256_STATE_WORDS]; 71 u64 count; 72 }; 73 74 static inline void sha224_block_init(struct crypto_sha256_state *sctx) 75 { 76 sctx->state[0] = SHA224_H0; 77 sctx->state[1] = SHA224_H1; 78 sctx->state[2] = SHA224_H2; 79 sctx->state[3] = SHA224_H3; 80 sctx->state[4] = SHA224_H4; 81 sctx->state[5] = SHA224_H5; 82 sctx->state[6] = SHA224_H6; 83 sctx->state[7] = SHA224_H7; 84 sctx->count = 0; 85 } 86 87 static inline void sha256_block_init(struct crypto_sha256_state *sctx) 88 { 89 sctx->state[0] = SHA256_H0; 90 sctx->state[1] = SHA256_H1; 91 sctx->state[2] = SHA256_H2; 92 sctx->state[3] = SHA256_H3; 93 sctx->state[4] = SHA256_H4; 94 sctx->state[5] = SHA256_H5; 95 sctx->state[6] = SHA256_H6; 96 sctx->state[7] = SHA256_H7; 97 sctx->count = 0; 98 } 99 100 struct sha256_state { 101 union { 102 struct crypto_sha256_state ctx; 103 struct { 104 u32 state[SHA256_STATE_WORDS]; 105 u64 count; 106 }; 107 }; 108 u8 buf[SHA256_BLOCK_SIZE]; 109 }; 110 111 struct sha512_state { 112 u64 state[SHA512_DIGEST_SIZE / 8]; 113 u64 count[2]; 114 u8 buf[SHA512_BLOCK_SIZE]; 115 }; 116 117 /* State for the SHA-256 (and SHA-224) compression function */ 118 struct sha256_block_state { 119 u32 h[SHA256_STATE_WORDS]; 120 }; 121 122 /* 123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and 124 * sha256_ctx structs wrap this one so that the API has proper typing and 125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. 126 */ 127 struct __sha256_ctx { 128 struct sha256_block_state state; 129 u64 bytecount; 130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); 131 }; 132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); 133 134 /* 135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. 136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has 137 * proper typing and doesn't allow mixing the functions arbitrarily. 138 */ 139 struct __hmac_sha256_key { 140 struct sha256_block_state istate; 141 struct sha256_block_state ostate; 142 }; 143 struct __hmac_sha256_ctx { 144 struct __sha256_ctx sha_ctx; 145 struct sha256_block_state ostate; 146 }; 147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, 148 const struct __hmac_sha256_key *key); 149 150 /** 151 * struct sha224_ctx - Context for hashing a message with SHA-224 152 * @ctx: private 153 */ 154 struct sha224_ctx { 155 struct __sha256_ctx ctx; 156 }; 157 158 /** 159 * sha224_init() - Initialize a SHA-224 context for a new message 160 * @ctx: the context to initialize 161 * 162 * If you don't need incremental computation, consider sha224() instead. 163 * 164 * Context: Any context. 165 */ 166 void sha224_init(struct sha224_ctx *ctx); 167 168 /** 169 * sha224_update() - Update a SHA-224 context with message data 170 * @ctx: the context to update; must have been initialized 171 * @data: the message data 172 * @len: the data length in bytes 173 * 174 * This can be called any number of times. 175 * 176 * Context: Any context. 177 */ 178 static inline void sha224_update(struct sha224_ctx *ctx, 179 const u8 *data, size_t len) 180 { 181 __sha256_update(&ctx->ctx, data, len); 182 } 183 184 /** 185 * sha224_final() - Finish computing a SHA-224 message digest 186 * @ctx: the context to finalize; must have been initialized 187 * @out: (output) the resulting SHA-224 message digest 188 * 189 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 190 * 191 * Context: Any context. 192 */ 193 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 194 195 /** 196 * sha224() - Compute SHA-224 message digest in one shot 197 * @data: the message data 198 * @len: the data length in bytes 199 * @out: (output) the resulting SHA-224 message digest 200 * 201 * Context: Any context. 202 */ 203 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); 204 205 /** 206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224 207 * @key: private 208 */ 209 struct hmac_sha224_key { 210 struct __hmac_sha256_key key; 211 }; 212 213 /** 214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message 215 * @ctx: private 216 */ 217 struct hmac_sha224_ctx { 218 struct __hmac_sha256_ctx ctx; 219 }; 220 221 /** 222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 223 * @key: (output) the key structure to initialize 224 * @raw_key: the raw HMAC-SHA224 key 225 * @raw_key_len: the key length in bytes. All key lengths are supported. 226 * 227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key 228 * and the raw key once they are no longer needed. 229 * 230 * Context: Any context. 231 */ 232 void hmac_sha224_preparekey(struct hmac_sha224_key *key, 233 const u8 *raw_key, size_t raw_key_len); 234 235 /** 236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message 237 * @ctx: (output) the HMAC context to initialize 238 * @key: the prepared HMAC key 239 * 240 * If you don't need incremental computation, consider hmac_sha224() instead. 241 * 242 * Context: Any context. 243 */ 244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, 245 const struct hmac_sha224_key *key) 246 { 247 __hmac_sha256_init(&ctx->ctx, &key->key); 248 } 249 250 /** 251 * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new 252 * message, using a raw key 253 * @ctx: (output) the HMAC context to initialize 254 * @raw_key: the raw HMAC-SHA224 key 255 * @raw_key_len: the key length in bytes. All key lengths are supported. 256 * 257 * If you don't need incremental computation, consider hmac_sha224_usingrawkey() 258 * instead. 259 * 260 * Context: Any context. 261 */ 262 void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx, 263 const u8 *raw_key, size_t raw_key_len); 264 265 /** 266 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data 267 * @ctx: the HMAC context to update; must have been initialized 268 * @data: the message data 269 * @data_len: the data length in bytes 270 * 271 * This can be called any number of times. 272 * 273 * Context: Any context. 274 */ 275 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, 276 const u8 *data, size_t data_len) 277 { 278 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 279 } 280 281 /** 282 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value 283 * @ctx: the HMAC context to finalize; must have been initialized 284 * @out: (output) the resulting HMAC-SHA224 value 285 * 286 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 287 * 288 * Context: Any context. 289 */ 290 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 291 292 /** 293 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key 294 * @key: the prepared HMAC key 295 * @data: the message data 296 * @data_len: the data length in bytes 297 * @out: (output) the resulting HMAC-SHA224 value 298 * 299 * If you're using the key only once, consider using hmac_sha224_usingrawkey(). 300 * 301 * Context: Any context. 302 */ 303 void hmac_sha224(const struct hmac_sha224_key *key, 304 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); 305 306 /** 307 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key 308 * @raw_key: the raw HMAC-SHA224 key 309 * @raw_key_len: the key length in bytes. All key lengths are supported. 310 * @data: the message data 311 * @data_len: the data length in bytes 312 * @out: (output) the resulting HMAC-SHA224 value 313 * 314 * If you're using the key multiple times, prefer to use 315 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. 316 * 317 * Context: Any context. 318 */ 319 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, 320 const u8 *data, size_t data_len, 321 u8 out[SHA224_DIGEST_SIZE]); 322 323 /** 324 * struct sha256_ctx - Context for hashing a message with SHA-256 325 * @ctx: private 326 */ 327 struct sha256_ctx { 328 struct __sha256_ctx ctx; 329 }; 330 331 /** 332 * sha256_init() - Initialize a SHA-256 context for a new message 333 * @ctx: the context to initialize 334 * 335 * If you don't need incremental computation, consider sha256() instead. 336 * 337 * Context: Any context. 338 */ 339 void sha256_init(struct sha256_ctx *ctx); 340 341 /** 342 * sha256_update() - Update a SHA-256 context with message data 343 * @ctx: the context to update; must have been initialized 344 * @data: the message data 345 * @len: the data length in bytes 346 * 347 * This can be called any number of times. 348 * 349 * Context: Any context. 350 */ 351 static inline void sha256_update(struct sha256_ctx *ctx, 352 const u8 *data, size_t len) 353 { 354 __sha256_update(&ctx->ctx, data, len); 355 } 356 357 /** 358 * sha256_final() - Finish computing a SHA-256 message digest 359 * @ctx: the context to finalize; must have been initialized 360 * @out: (output) the resulting SHA-256 message digest 361 * 362 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 363 * 364 * Context: Any context. 365 */ 366 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 367 368 /** 369 * sha256() - Compute SHA-256 message digest in one shot 370 * @data: the message data 371 * @len: the data length in bytes 372 * @out: (output) the resulting SHA-256 message digest 373 * 374 * Context: Any context. 375 */ 376 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); 377 378 /** 379 * sha256_finup_2x() - Compute two SHA-256 digests from a common initial 380 * context. On some CPUs, this is faster than sequentially 381 * computing each digest. 382 * @ctx: an optional initial context, which may have already processed data. If 383 * NULL, a default initial context is used (equivalent to sha256_init()). 384 * @data1: data for the first message 385 * @data2: data for the second message 386 * @len: the length of each of @data1 and @data2, in bytes 387 * @out1: (output) the first SHA-256 message digest 388 * @out2: (output) the second SHA-256 message digest 389 * 390 * Context: Any context. 391 */ 392 void sha256_finup_2x(const struct sha256_ctx *ctx, const u8 *data1, 393 const u8 *data2, size_t len, u8 out1[SHA256_DIGEST_SIZE], 394 u8 out2[SHA256_DIGEST_SIZE]); 395 396 /** 397 * sha256_finup_2x_is_optimized() - Check if sha256_finup_2x() is using a real 398 * interleaved implementation, as opposed to a 399 * sequential fallback 400 * @return: true if optimized 401 * 402 * Context: Any context. 403 */ 404 bool sha256_finup_2x_is_optimized(void); 405 406 /** 407 * struct hmac_sha256_key - Prepared key for HMAC-SHA256 408 * @key: private 409 */ 410 struct hmac_sha256_key { 411 struct __hmac_sha256_key key; 412 }; 413 414 /** 415 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message 416 * @ctx: private 417 */ 418 struct hmac_sha256_ctx { 419 struct __hmac_sha256_ctx ctx; 420 }; 421 422 /** 423 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 424 * @key: (output) the key structure to initialize 425 * @raw_key: the raw HMAC-SHA256 key 426 * @raw_key_len: the key length in bytes. All key lengths are supported. 427 * 428 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key 429 * and the raw key once they are no longer needed. 430 * 431 * Context: Any context. 432 */ 433 void hmac_sha256_preparekey(struct hmac_sha256_key *key, 434 const u8 *raw_key, size_t raw_key_len); 435 436 /** 437 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message 438 * @ctx: (output) the HMAC context to initialize 439 * @key: the prepared HMAC key 440 * 441 * If you don't need incremental computation, consider hmac_sha256() instead. 442 * 443 * Context: Any context. 444 */ 445 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, 446 const struct hmac_sha256_key *key) 447 { 448 __hmac_sha256_init(&ctx->ctx, &key->key); 449 } 450 451 /** 452 * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new 453 * message, using a raw key 454 * @ctx: (output) the HMAC context to initialize 455 * @raw_key: the raw HMAC-SHA256 key 456 * @raw_key_len: the key length in bytes. All key lengths are supported. 457 * 458 * If you don't need incremental computation, consider hmac_sha256_usingrawkey() 459 * instead. 460 * 461 * Context: Any context. 462 */ 463 void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx, 464 const u8 *raw_key, size_t raw_key_len); 465 466 /** 467 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data 468 * @ctx: the HMAC context to update; must have been initialized 469 * @data: the message data 470 * @data_len: the data length in bytes 471 * 472 * This can be called any number of times. 473 * 474 * Context: Any context. 475 */ 476 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, 477 const u8 *data, size_t data_len) 478 { 479 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 480 } 481 482 /** 483 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value 484 * @ctx: the HMAC context to finalize; must have been initialized 485 * @out: (output) the resulting HMAC-SHA256 value 486 * 487 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 488 * 489 * Context: Any context. 490 */ 491 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 492 493 /** 494 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key 495 * @key: the prepared HMAC key 496 * @data: the message data 497 * @data_len: the data length in bytes 498 * @out: (output) the resulting HMAC-SHA256 value 499 * 500 * If you're using the key only once, consider using hmac_sha256_usingrawkey(). 501 * 502 * Context: Any context. 503 */ 504 void hmac_sha256(const struct hmac_sha256_key *key, 505 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); 506 507 /** 508 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key 509 * @raw_key: the raw HMAC-SHA256 key 510 * @raw_key_len: the key length in bytes. All key lengths are supported. 511 * @data: the message data 512 * @data_len: the data length in bytes 513 * @out: (output) the resulting HMAC-SHA256 value 514 * 515 * If you're using the key multiple times, prefer to use 516 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. 517 * 518 * Context: Any context. 519 */ 520 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, 521 const u8 *data, size_t data_len, 522 u8 out[SHA256_DIGEST_SIZE]); 523 524 /* State for the SHA-512 (and SHA-384) compression function */ 525 struct sha512_block_state { 526 u64 h[8]; 527 }; 528 529 /* 530 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and 531 * sha512_ctx structs wrap this one so that the API has proper typing and 532 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. 533 */ 534 struct __sha512_ctx { 535 struct sha512_block_state state; 536 u64 bytecount_lo; 537 u64 bytecount_hi; 538 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); 539 }; 540 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); 541 542 /* 543 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. 544 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has 545 * proper typing and doesn't allow mixing the functions arbitrarily. 546 */ 547 struct __hmac_sha512_key { 548 struct sha512_block_state istate; 549 struct sha512_block_state ostate; 550 }; 551 struct __hmac_sha512_ctx { 552 struct __sha512_ctx sha_ctx; 553 struct sha512_block_state ostate; 554 }; 555 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, 556 const struct __hmac_sha512_key *key); 557 558 /** 559 * struct sha384_ctx - Context for hashing a message with SHA-384 560 * @ctx: private 561 */ 562 struct sha384_ctx { 563 struct __sha512_ctx ctx; 564 }; 565 566 /** 567 * sha384_init() - Initialize a SHA-384 context for a new message 568 * @ctx: the context to initialize 569 * 570 * If you don't need incremental computation, consider sha384() instead. 571 * 572 * Context: Any context. 573 */ 574 void sha384_init(struct sha384_ctx *ctx); 575 576 /** 577 * sha384_update() - Update a SHA-384 context with message data 578 * @ctx: the context to update; must have been initialized 579 * @data: the message data 580 * @len: the data length in bytes 581 * 582 * This can be called any number of times. 583 * 584 * Context: Any context. 585 */ 586 static inline void sha384_update(struct sha384_ctx *ctx, 587 const u8 *data, size_t len) 588 { 589 __sha512_update(&ctx->ctx, data, len); 590 } 591 592 /** 593 * sha384_final() - Finish computing a SHA-384 message digest 594 * @ctx: the context to finalize; must have been initialized 595 * @out: (output) the resulting SHA-384 message digest 596 * 597 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 598 * 599 * Context: Any context. 600 */ 601 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 602 603 /** 604 * sha384() - Compute SHA-384 message digest in one shot 605 * @data: the message data 606 * @len: the data length in bytes 607 * @out: (output) the resulting SHA-384 message digest 608 * 609 * Context: Any context. 610 */ 611 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); 612 613 /** 614 * struct hmac_sha384_key - Prepared key for HMAC-SHA384 615 * @key: private 616 */ 617 struct hmac_sha384_key { 618 struct __hmac_sha512_key key; 619 }; 620 621 /** 622 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message 623 * @ctx: private 624 */ 625 struct hmac_sha384_ctx { 626 struct __hmac_sha512_ctx ctx; 627 }; 628 629 /** 630 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 631 * @key: (output) the key structure to initialize 632 * @raw_key: the raw HMAC-SHA384 key 633 * @raw_key_len: the key length in bytes. All key lengths are supported. 634 * 635 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key 636 * and the raw key once they are no longer needed. 637 * 638 * Context: Any context. 639 */ 640 void hmac_sha384_preparekey(struct hmac_sha384_key *key, 641 const u8 *raw_key, size_t raw_key_len); 642 643 /** 644 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message 645 * @ctx: (output) the HMAC context to initialize 646 * @key: the prepared HMAC key 647 * 648 * If you don't need incremental computation, consider hmac_sha384() instead. 649 * 650 * Context: Any context. 651 */ 652 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, 653 const struct hmac_sha384_key *key) 654 { 655 __hmac_sha512_init(&ctx->ctx, &key->key); 656 } 657 658 /** 659 * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new 660 * message, using a raw key 661 * @ctx: (output) the HMAC context to initialize 662 * @raw_key: the raw HMAC-SHA384 key 663 * @raw_key_len: the key length in bytes. All key lengths are supported. 664 * 665 * If you don't need incremental computation, consider hmac_sha384_usingrawkey() 666 * instead. 667 * 668 * Context: Any context. 669 */ 670 void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx, 671 const u8 *raw_key, size_t raw_key_len); 672 673 /** 674 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data 675 * @ctx: the HMAC context to update; must have been initialized 676 * @data: the message data 677 * @data_len: the data length in bytes 678 * 679 * This can be called any number of times. 680 * 681 * Context: Any context. 682 */ 683 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, 684 const u8 *data, size_t data_len) 685 { 686 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 687 } 688 689 /** 690 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value 691 * @ctx: the HMAC context to finalize; must have been initialized 692 * @out: (output) the resulting HMAC-SHA384 value 693 * 694 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 695 * 696 * Context: Any context. 697 */ 698 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 699 700 /** 701 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key 702 * @key: the prepared HMAC key 703 * @data: the message data 704 * @data_len: the data length in bytes 705 * @out: (output) the resulting HMAC-SHA384 value 706 * 707 * If you're using the key only once, consider using hmac_sha384_usingrawkey(). 708 * 709 * Context: Any context. 710 */ 711 void hmac_sha384(const struct hmac_sha384_key *key, 712 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); 713 714 /** 715 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key 716 * @raw_key: the raw HMAC-SHA384 key 717 * @raw_key_len: the key length in bytes. All key lengths are supported. 718 * @data: the message data 719 * @data_len: the data length in bytes 720 * @out: (output) the resulting HMAC-SHA384 value 721 * 722 * If you're using the key multiple times, prefer to use 723 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. 724 * 725 * Context: Any context. 726 */ 727 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, 728 const u8 *data, size_t data_len, 729 u8 out[SHA384_DIGEST_SIZE]); 730 731 /** 732 * struct sha512_ctx - Context for hashing a message with SHA-512 733 * @ctx: private 734 */ 735 struct sha512_ctx { 736 struct __sha512_ctx ctx; 737 }; 738 739 /** 740 * sha512_init() - Initialize a SHA-512 context for a new message 741 * @ctx: the context to initialize 742 * 743 * If you don't need incremental computation, consider sha512() instead. 744 * 745 * Context: Any context. 746 */ 747 void sha512_init(struct sha512_ctx *ctx); 748 749 /** 750 * sha512_update() - Update a SHA-512 context with message data 751 * @ctx: the context to update; must have been initialized 752 * @data: the message data 753 * @len: the data length in bytes 754 * 755 * This can be called any number of times. 756 * 757 * Context: Any context. 758 */ 759 static inline void sha512_update(struct sha512_ctx *ctx, 760 const u8 *data, size_t len) 761 { 762 __sha512_update(&ctx->ctx, data, len); 763 } 764 765 /** 766 * sha512_final() - Finish computing a SHA-512 message digest 767 * @ctx: the context to finalize; must have been initialized 768 * @out: (output) the resulting SHA-512 message digest 769 * 770 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 771 * 772 * Context: Any context. 773 */ 774 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 775 776 /** 777 * sha512() - Compute SHA-512 message digest in one shot 778 * @data: the message data 779 * @len: the data length in bytes 780 * @out: (output) the resulting SHA-512 message digest 781 * 782 * Context: Any context. 783 */ 784 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); 785 786 /** 787 * struct hmac_sha512_key - Prepared key for HMAC-SHA512 788 * @key: private 789 */ 790 struct hmac_sha512_key { 791 struct __hmac_sha512_key key; 792 }; 793 794 /** 795 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message 796 * @ctx: private 797 */ 798 struct hmac_sha512_ctx { 799 struct __hmac_sha512_ctx ctx; 800 }; 801 802 /** 803 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 804 * @key: (output) the key structure to initialize 805 * @raw_key: the raw HMAC-SHA512 key 806 * @raw_key_len: the key length in bytes. All key lengths are supported. 807 * 808 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key 809 * and the raw key once they are no longer needed. 810 * 811 * Context: Any context. 812 */ 813 void hmac_sha512_preparekey(struct hmac_sha512_key *key, 814 const u8 *raw_key, size_t raw_key_len); 815 816 /** 817 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message 818 * @ctx: (output) the HMAC context to initialize 819 * @key: the prepared HMAC key 820 * 821 * If you don't need incremental computation, consider hmac_sha512() instead. 822 * 823 * Context: Any context. 824 */ 825 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, 826 const struct hmac_sha512_key *key) 827 { 828 __hmac_sha512_init(&ctx->ctx, &key->key); 829 } 830 831 /** 832 * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new 833 * message, using a raw key 834 * @ctx: (output) the HMAC context to initialize 835 * @raw_key: the raw HMAC-SHA512 key 836 * @raw_key_len: the key length in bytes. All key lengths are supported. 837 * 838 * If you don't need incremental computation, consider hmac_sha512_usingrawkey() 839 * instead. 840 * 841 * Context: Any context. 842 */ 843 void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx, 844 const u8 *raw_key, size_t raw_key_len); 845 846 /** 847 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data 848 * @ctx: the HMAC context to update; must have been initialized 849 * @data: the message data 850 * @data_len: the data length in bytes 851 * 852 * This can be called any number of times. 853 * 854 * Context: Any context. 855 */ 856 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, 857 const u8 *data, size_t data_len) 858 { 859 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 860 } 861 862 /** 863 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value 864 * @ctx: the HMAC context to finalize; must have been initialized 865 * @out: (output) the resulting HMAC-SHA512 value 866 * 867 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 868 * 869 * Context: Any context. 870 */ 871 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 872 873 /** 874 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key 875 * @key: the prepared HMAC key 876 * @data: the message data 877 * @data_len: the data length in bytes 878 * @out: (output) the resulting HMAC-SHA512 value 879 * 880 * If you're using the key only once, consider using hmac_sha512_usingrawkey(). 881 * 882 * Context: Any context. 883 */ 884 void hmac_sha512(const struct hmac_sha512_key *key, 885 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); 886 887 /** 888 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key 889 * @raw_key: the raw HMAC-SHA512 key 890 * @raw_key_len: the key length in bytes. All key lengths are supported. 891 * @data: the message data 892 * @data_len: the data length in bytes 893 * @out: (output) the resulting HMAC-SHA512 value 894 * 895 * If you're using the key multiple times, prefer to use 896 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. 897 * 898 * Context: Any context. 899 */ 900 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, 901 const u8 *data, size_t data_len, 902 u8 out[SHA512_DIGEST_SIZE]); 903 904 #endif /* _CRYPTO_SHA2_H */ 905