1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for SHA-2 algorithms 4 */ 5 6 #ifndef _CRYPTO_SHA2_H 7 #define _CRYPTO_SHA2_H 8 9 #include <linux/types.h> 10 11 #define SHA224_DIGEST_SIZE 28 12 #define SHA224_BLOCK_SIZE 64 13 14 #define SHA256_DIGEST_SIZE 32 15 #define SHA256_BLOCK_SIZE 64 16 #define SHA256_STATE_WORDS 8 17 18 #define SHA384_DIGEST_SIZE 48 19 #define SHA384_BLOCK_SIZE 128 20 21 #define SHA512_DIGEST_SIZE 64 22 #define SHA512_BLOCK_SIZE 128 23 #define SHA512_STATE_SIZE 80 24 25 #define SHA224_H0 0xc1059ed8UL 26 #define SHA224_H1 0x367cd507UL 27 #define SHA224_H2 0x3070dd17UL 28 #define SHA224_H3 0xf70e5939UL 29 #define SHA224_H4 0xffc00b31UL 30 #define SHA224_H5 0x68581511UL 31 #define SHA224_H6 0x64f98fa7UL 32 #define SHA224_H7 0xbefa4fa4UL 33 34 #define SHA256_H0 0x6a09e667UL 35 #define SHA256_H1 0xbb67ae85UL 36 #define SHA256_H2 0x3c6ef372UL 37 #define SHA256_H3 0xa54ff53aUL 38 #define SHA256_H4 0x510e527fUL 39 #define SHA256_H5 0x9b05688cUL 40 #define SHA256_H6 0x1f83d9abUL 41 #define SHA256_H7 0x5be0cd19UL 42 43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 44 #define SHA384_H1 0x629a292a367cd507ULL 45 #define SHA384_H2 0x9159015a3070dd17ULL 46 #define SHA384_H3 0x152fecd8f70e5939ULL 47 #define SHA384_H4 0x67332667ffc00b31ULL 48 #define SHA384_H5 0x8eb44a8768581511ULL 49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 50 #define SHA384_H7 0x47b5481dbefa4fa4ULL 51 52 #define SHA512_H0 0x6a09e667f3bcc908ULL 53 #define SHA512_H1 0xbb67ae8584caa73bULL 54 #define SHA512_H2 0x3c6ef372fe94f82bULL 55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 56 #define SHA512_H4 0x510e527fade682d1ULL 57 #define SHA512_H5 0x9b05688c2b3e6c1fULL 58 #define SHA512_H6 0x1f83d9abfb41bd6bULL 59 #define SHA512_H7 0x5be0cd19137e2179ULL 60 61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; 62 63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; 64 65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; 66 67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; 68 69 struct crypto_sha256_state { 70 u32 state[SHA256_STATE_WORDS]; 71 u64 count; 72 }; 73 74 static inline void sha224_block_init(struct crypto_sha256_state *sctx) 75 { 76 sctx->state[0] = SHA224_H0; 77 sctx->state[1] = SHA224_H1; 78 sctx->state[2] = SHA224_H2; 79 sctx->state[3] = SHA224_H3; 80 sctx->state[4] = SHA224_H4; 81 sctx->state[5] = SHA224_H5; 82 sctx->state[6] = SHA224_H6; 83 sctx->state[7] = SHA224_H7; 84 sctx->count = 0; 85 } 86 87 static inline void sha256_block_init(struct crypto_sha256_state *sctx) 88 { 89 sctx->state[0] = SHA256_H0; 90 sctx->state[1] = SHA256_H1; 91 sctx->state[2] = SHA256_H2; 92 sctx->state[3] = SHA256_H3; 93 sctx->state[4] = SHA256_H4; 94 sctx->state[5] = SHA256_H5; 95 sctx->state[6] = SHA256_H6; 96 sctx->state[7] = SHA256_H7; 97 sctx->count = 0; 98 } 99 100 struct sha256_state { 101 union { 102 struct crypto_sha256_state ctx; 103 struct { 104 u32 state[SHA256_STATE_WORDS]; 105 u64 count; 106 }; 107 }; 108 u8 buf[SHA256_BLOCK_SIZE]; 109 }; 110 111 struct sha512_state { 112 u64 state[SHA512_DIGEST_SIZE / 8]; 113 u64 count[2]; 114 u8 buf[SHA512_BLOCK_SIZE]; 115 }; 116 117 /* State for the SHA-256 (and SHA-224) compression function */ 118 struct sha256_block_state { 119 u32 h[SHA256_STATE_WORDS]; 120 }; 121 122 /* 123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and 124 * sha256_ctx structs wrap this one so that the API has proper typing and 125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. 126 */ 127 struct __sha256_ctx { 128 struct sha256_block_state state; 129 u64 bytecount; 130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); 131 }; 132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); 133 134 /* 135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. 136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has 137 * proper typing and doesn't allow mixing the functions arbitrarily. 138 */ 139 struct __hmac_sha256_key { 140 struct sha256_block_state istate; 141 struct sha256_block_state ostate; 142 }; 143 struct __hmac_sha256_ctx { 144 struct __sha256_ctx sha_ctx; 145 struct sha256_block_state ostate; 146 }; 147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, 148 const struct __hmac_sha256_key *key); 149 150 /** 151 * struct sha224_ctx - Context for hashing a message with SHA-224 152 * @ctx: private 153 */ 154 struct sha224_ctx { 155 struct __sha256_ctx ctx; 156 }; 157 158 /** 159 * sha224_init() - Initialize a SHA-224 context for a new message 160 * @ctx: the context to initialize 161 * 162 * If you don't need incremental computation, consider sha224() instead. 163 * 164 * Context: Any context. 165 */ 166 void sha224_init(struct sha224_ctx *ctx); 167 168 /** 169 * sha224_update() - Update a SHA-224 context with message data 170 * @ctx: the context to update; must have been initialized 171 * @data: the message data 172 * @len: the data length in bytes 173 * 174 * This can be called any number of times. 175 * 176 * Context: Any context. 177 */ 178 static inline void sha224_update(struct sha224_ctx *ctx, 179 const u8 *data, size_t len) 180 { 181 __sha256_update(&ctx->ctx, data, len); 182 } 183 184 /** 185 * sha224_final() - Finish computing a SHA-224 message digest 186 * @ctx: the context to finalize; must have been initialized 187 * @out: (output) the resulting SHA-224 message digest 188 * 189 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 190 * 191 * Context: Any context. 192 */ 193 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 194 195 /** 196 * sha224() - Compute SHA-224 message digest in one shot 197 * @data: the message data 198 * @len: the data length in bytes 199 * @out: (output) the resulting SHA-224 message digest 200 * 201 * Context: Any context. 202 */ 203 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); 204 205 /** 206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224 207 * @key: private 208 */ 209 struct hmac_sha224_key { 210 struct __hmac_sha256_key key; 211 }; 212 213 /** 214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message 215 * @ctx: private 216 */ 217 struct hmac_sha224_ctx { 218 struct __hmac_sha256_ctx ctx; 219 }; 220 221 /** 222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 223 * @key: (output) the key structure to initialize 224 * @raw_key: the raw HMAC-SHA224 key 225 * @raw_key_len: the key length in bytes. All key lengths are supported. 226 * 227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key 228 * and the raw key once they are no longer needed. 229 * 230 * Context: Any context. 231 */ 232 void hmac_sha224_preparekey(struct hmac_sha224_key *key, 233 const u8 *raw_key, size_t raw_key_len); 234 235 /** 236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message 237 * @ctx: (output) the HMAC context to initialize 238 * @key: the prepared HMAC key 239 * 240 * If you don't need incremental computation, consider hmac_sha224() instead. 241 * 242 * Context: Any context. 243 */ 244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, 245 const struct hmac_sha224_key *key) 246 { 247 __hmac_sha256_init(&ctx->ctx, &key->key); 248 } 249 250 /** 251 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data 252 * @ctx: the HMAC context to update; must have been initialized 253 * @data: the message data 254 * @data_len: the data length in bytes 255 * 256 * This can be called any number of times. 257 * 258 * Context: Any context. 259 */ 260 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, 261 const u8 *data, size_t data_len) 262 { 263 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 264 } 265 266 /** 267 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value 268 * @ctx: the HMAC context to finalize; must have been initialized 269 * @out: (output) the resulting HMAC-SHA224 value 270 * 271 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 272 * 273 * Context: Any context. 274 */ 275 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 276 277 /** 278 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key 279 * @key: the prepared HMAC key 280 * @data: the message data 281 * @data_len: the data length in bytes 282 * @out: (output) the resulting HMAC-SHA224 value 283 * 284 * If you're using the key only once, consider using hmac_sha224_usingrawkey(). 285 * 286 * Context: Any context. 287 */ 288 void hmac_sha224(const struct hmac_sha224_key *key, 289 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); 290 291 /** 292 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key 293 * @raw_key: the raw HMAC-SHA224 key 294 * @raw_key_len: the key length in bytes. All key lengths are supported. 295 * @data: the message data 296 * @data_len: the data length in bytes 297 * @out: (output) the resulting HMAC-SHA224 value 298 * 299 * If you're using the key multiple times, prefer to use 300 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. 301 * 302 * Context: Any context. 303 */ 304 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, 305 const u8 *data, size_t data_len, 306 u8 out[SHA224_DIGEST_SIZE]); 307 308 /** 309 * struct sha256_ctx - Context for hashing a message with SHA-256 310 * @ctx: private 311 */ 312 struct sha256_ctx { 313 struct __sha256_ctx ctx; 314 }; 315 316 /** 317 * sha256_init() - Initialize a SHA-256 context for a new message 318 * @ctx: the context to initialize 319 * 320 * If you don't need incremental computation, consider sha256() instead. 321 * 322 * Context: Any context. 323 */ 324 void sha256_init(struct sha256_ctx *ctx); 325 326 /** 327 * sha256_update() - Update a SHA-256 context with message data 328 * @ctx: the context to update; must have been initialized 329 * @data: the message data 330 * @len: the data length in bytes 331 * 332 * This can be called any number of times. 333 * 334 * Context: Any context. 335 */ 336 static inline void sha256_update(struct sha256_ctx *ctx, 337 const u8 *data, size_t len) 338 { 339 __sha256_update(&ctx->ctx, data, len); 340 } 341 342 /** 343 * sha256_final() - Finish computing a SHA-256 message digest 344 * @ctx: the context to finalize; must have been initialized 345 * @out: (output) the resulting SHA-256 message digest 346 * 347 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 348 * 349 * Context: Any context. 350 */ 351 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 352 353 /** 354 * sha256() - Compute SHA-256 message digest in one shot 355 * @data: the message data 356 * @len: the data length in bytes 357 * @out: (output) the resulting SHA-256 message digest 358 * 359 * Context: Any context. 360 */ 361 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); 362 363 /** 364 * struct hmac_sha256_key - Prepared key for HMAC-SHA256 365 * @key: private 366 */ 367 struct hmac_sha256_key { 368 struct __hmac_sha256_key key; 369 }; 370 371 /** 372 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message 373 * @ctx: private 374 */ 375 struct hmac_sha256_ctx { 376 struct __hmac_sha256_ctx ctx; 377 }; 378 379 /** 380 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 381 * @key: (output) the key structure to initialize 382 * @raw_key: the raw HMAC-SHA256 key 383 * @raw_key_len: the key length in bytes. All key lengths are supported. 384 * 385 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key 386 * and the raw key once they are no longer needed. 387 * 388 * Context: Any context. 389 */ 390 void hmac_sha256_preparekey(struct hmac_sha256_key *key, 391 const u8 *raw_key, size_t raw_key_len); 392 393 /** 394 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message 395 * @ctx: (output) the HMAC context to initialize 396 * @key: the prepared HMAC key 397 * 398 * If you don't need incremental computation, consider hmac_sha256() instead. 399 * 400 * Context: Any context. 401 */ 402 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, 403 const struct hmac_sha256_key *key) 404 { 405 __hmac_sha256_init(&ctx->ctx, &key->key); 406 } 407 408 /** 409 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data 410 * @ctx: the HMAC context to update; must have been initialized 411 * @data: the message data 412 * @data_len: the data length in bytes 413 * 414 * This can be called any number of times. 415 * 416 * Context: Any context. 417 */ 418 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, 419 const u8 *data, size_t data_len) 420 { 421 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 422 } 423 424 /** 425 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value 426 * @ctx: the HMAC context to finalize; must have been initialized 427 * @out: (output) the resulting HMAC-SHA256 value 428 * 429 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 430 * 431 * Context: Any context. 432 */ 433 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 434 435 /** 436 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key 437 * @key: the prepared HMAC key 438 * @data: the message data 439 * @data_len: the data length in bytes 440 * @out: (output) the resulting HMAC-SHA256 value 441 * 442 * If you're using the key only once, consider using hmac_sha256_usingrawkey(). 443 * 444 * Context: Any context. 445 */ 446 void hmac_sha256(const struct hmac_sha256_key *key, 447 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); 448 449 /** 450 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key 451 * @raw_key: the raw HMAC-SHA256 key 452 * @raw_key_len: the key length in bytes. All key lengths are supported. 453 * @data: the message data 454 * @data_len: the data length in bytes 455 * @out: (output) the resulting HMAC-SHA256 value 456 * 457 * If you're using the key multiple times, prefer to use 458 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. 459 * 460 * Context: Any context. 461 */ 462 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, 463 const u8 *data, size_t data_len, 464 u8 out[SHA256_DIGEST_SIZE]); 465 466 /* State for the SHA-512 (and SHA-384) compression function */ 467 struct sha512_block_state { 468 u64 h[8]; 469 }; 470 471 /* 472 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and 473 * sha512_ctx structs wrap this one so that the API has proper typing and 474 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. 475 */ 476 struct __sha512_ctx { 477 struct sha512_block_state state; 478 u64 bytecount_lo; 479 u64 bytecount_hi; 480 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); 481 }; 482 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); 483 484 /* 485 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. 486 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has 487 * proper typing and doesn't allow mixing the functions arbitrarily. 488 */ 489 struct __hmac_sha512_key { 490 struct sha512_block_state istate; 491 struct sha512_block_state ostate; 492 }; 493 struct __hmac_sha512_ctx { 494 struct __sha512_ctx sha_ctx; 495 struct sha512_block_state ostate; 496 }; 497 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, 498 const struct __hmac_sha512_key *key); 499 500 /** 501 * struct sha384_ctx - Context for hashing a message with SHA-384 502 * @ctx: private 503 */ 504 struct sha384_ctx { 505 struct __sha512_ctx ctx; 506 }; 507 508 /** 509 * sha384_init() - Initialize a SHA-384 context for a new message 510 * @ctx: the context to initialize 511 * 512 * If you don't need incremental computation, consider sha384() instead. 513 * 514 * Context: Any context. 515 */ 516 void sha384_init(struct sha384_ctx *ctx); 517 518 /** 519 * sha384_update() - Update a SHA-384 context with message data 520 * @ctx: the context to update; must have been initialized 521 * @data: the message data 522 * @len: the data length in bytes 523 * 524 * This can be called any number of times. 525 * 526 * Context: Any context. 527 */ 528 static inline void sha384_update(struct sha384_ctx *ctx, 529 const u8 *data, size_t len) 530 { 531 __sha512_update(&ctx->ctx, data, len); 532 } 533 534 /** 535 * sha384_final() - Finish computing a SHA-384 message digest 536 * @ctx: the context to finalize; must have been initialized 537 * @out: (output) the resulting SHA-384 message digest 538 * 539 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 540 * 541 * Context: Any context. 542 */ 543 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 544 545 /** 546 * sha384() - Compute SHA-384 message digest in one shot 547 * @data: the message data 548 * @len: the data length in bytes 549 * @out: (output) the resulting SHA-384 message digest 550 * 551 * Context: Any context. 552 */ 553 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); 554 555 /** 556 * struct hmac_sha384_key - Prepared key for HMAC-SHA384 557 * @key: private 558 */ 559 struct hmac_sha384_key { 560 struct __hmac_sha512_key key; 561 }; 562 563 /** 564 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message 565 * @ctx: private 566 */ 567 struct hmac_sha384_ctx { 568 struct __hmac_sha512_ctx ctx; 569 }; 570 571 /** 572 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 573 * @key: (output) the key structure to initialize 574 * @raw_key: the raw HMAC-SHA384 key 575 * @raw_key_len: the key length in bytes. All key lengths are supported. 576 * 577 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key 578 * and the raw key once they are no longer needed. 579 * 580 * Context: Any context. 581 */ 582 void hmac_sha384_preparekey(struct hmac_sha384_key *key, 583 const u8 *raw_key, size_t raw_key_len); 584 585 /** 586 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message 587 * @ctx: (output) the HMAC context to initialize 588 * @key: the prepared HMAC key 589 * 590 * If you don't need incremental computation, consider hmac_sha384() instead. 591 * 592 * Context: Any context. 593 */ 594 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, 595 const struct hmac_sha384_key *key) 596 { 597 __hmac_sha512_init(&ctx->ctx, &key->key); 598 } 599 600 /** 601 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data 602 * @ctx: the HMAC context to update; must have been initialized 603 * @data: the message data 604 * @data_len: the data length in bytes 605 * 606 * This can be called any number of times. 607 * 608 * Context: Any context. 609 */ 610 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, 611 const u8 *data, size_t data_len) 612 { 613 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 614 } 615 616 /** 617 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value 618 * @ctx: the HMAC context to finalize; must have been initialized 619 * @out: (output) the resulting HMAC-SHA384 value 620 * 621 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 622 * 623 * Context: Any context. 624 */ 625 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 626 627 /** 628 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key 629 * @key: the prepared HMAC key 630 * @data: the message data 631 * @data_len: the data length in bytes 632 * @out: (output) the resulting HMAC-SHA384 value 633 * 634 * If you're using the key only once, consider using hmac_sha384_usingrawkey(). 635 * 636 * Context: Any context. 637 */ 638 void hmac_sha384(const struct hmac_sha384_key *key, 639 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); 640 641 /** 642 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key 643 * @raw_key: the raw HMAC-SHA384 key 644 * @raw_key_len: the key length in bytes. All key lengths are supported. 645 * @data: the message data 646 * @data_len: the data length in bytes 647 * @out: (output) the resulting HMAC-SHA384 value 648 * 649 * If you're using the key multiple times, prefer to use 650 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. 651 * 652 * Context: Any context. 653 */ 654 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, 655 const u8 *data, size_t data_len, 656 u8 out[SHA384_DIGEST_SIZE]); 657 658 /** 659 * struct sha512_ctx - Context for hashing a message with SHA-512 660 * @ctx: private 661 */ 662 struct sha512_ctx { 663 struct __sha512_ctx ctx; 664 }; 665 666 /** 667 * sha512_init() - Initialize a SHA-512 context for a new message 668 * @ctx: the context to initialize 669 * 670 * If you don't need incremental computation, consider sha512() instead. 671 * 672 * Context: Any context. 673 */ 674 void sha512_init(struct sha512_ctx *ctx); 675 676 /** 677 * sha512_update() - Update a SHA-512 context with message data 678 * @ctx: the context to update; must have been initialized 679 * @data: the message data 680 * @len: the data length in bytes 681 * 682 * This can be called any number of times. 683 * 684 * Context: Any context. 685 */ 686 static inline void sha512_update(struct sha512_ctx *ctx, 687 const u8 *data, size_t len) 688 { 689 __sha512_update(&ctx->ctx, data, len); 690 } 691 692 /** 693 * sha512_final() - Finish computing a SHA-512 message digest 694 * @ctx: the context to finalize; must have been initialized 695 * @out: (output) the resulting SHA-512 message digest 696 * 697 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 698 * 699 * Context: Any context. 700 */ 701 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 702 703 /** 704 * sha512() - Compute SHA-512 message digest in one shot 705 * @data: the message data 706 * @len: the data length in bytes 707 * @out: (output) the resulting SHA-512 message digest 708 * 709 * Context: Any context. 710 */ 711 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); 712 713 /** 714 * struct hmac_sha512_key - Prepared key for HMAC-SHA512 715 * @key: private 716 */ 717 struct hmac_sha512_key { 718 struct __hmac_sha512_key key; 719 }; 720 721 /** 722 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message 723 * @ctx: private 724 */ 725 struct hmac_sha512_ctx { 726 struct __hmac_sha512_ctx ctx; 727 }; 728 729 /** 730 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 731 * @key: (output) the key structure to initialize 732 * @raw_key: the raw HMAC-SHA512 key 733 * @raw_key_len: the key length in bytes. All key lengths are supported. 734 * 735 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key 736 * and the raw key once they are no longer needed. 737 * 738 * Context: Any context. 739 */ 740 void hmac_sha512_preparekey(struct hmac_sha512_key *key, 741 const u8 *raw_key, size_t raw_key_len); 742 743 /** 744 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message 745 * @ctx: (output) the HMAC context to initialize 746 * @key: the prepared HMAC key 747 * 748 * If you don't need incremental computation, consider hmac_sha512() instead. 749 * 750 * Context: Any context. 751 */ 752 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, 753 const struct hmac_sha512_key *key) 754 { 755 __hmac_sha512_init(&ctx->ctx, &key->key); 756 } 757 758 /** 759 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data 760 * @ctx: the HMAC context to update; must have been initialized 761 * @data: the message data 762 * @data_len: the data length in bytes 763 * 764 * This can be called any number of times. 765 * 766 * Context: Any context. 767 */ 768 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, 769 const u8 *data, size_t data_len) 770 { 771 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 772 } 773 774 /** 775 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value 776 * @ctx: the HMAC context to finalize; must have been initialized 777 * @out: (output) the resulting HMAC-SHA512 value 778 * 779 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 780 * 781 * Context: Any context. 782 */ 783 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 784 785 /** 786 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key 787 * @key: the prepared HMAC key 788 * @data: the message data 789 * @data_len: the data length in bytes 790 * @out: (output) the resulting HMAC-SHA512 value 791 * 792 * If you're using the key only once, consider using hmac_sha512_usingrawkey(). 793 * 794 * Context: Any context. 795 */ 796 void hmac_sha512(const struct hmac_sha512_key *key, 797 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); 798 799 /** 800 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key 801 * @raw_key: the raw HMAC-SHA512 key 802 * @raw_key_len: the key length in bytes. All key lengths are supported. 803 * @data: the message data 804 * @data_len: the data length in bytes 805 * @out: (output) the resulting HMAC-SHA512 value 806 * 807 * If you're using the key multiple times, prefer to use 808 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. 809 * 810 * Context: Any context. 811 */ 812 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, 813 const u8 *data, size_t data_len, 814 u8 out[SHA512_DIGEST_SIZE]); 815 816 #endif /* _CRYPTO_SHA2_H */ 817