1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for SHA-2 algorithms 4 */ 5 6 #ifndef _CRYPTO_SHA2_H 7 #define _CRYPTO_SHA2_H 8 9 #include <linux/types.h> 10 11 #define SHA224_DIGEST_SIZE 28 12 #define SHA224_BLOCK_SIZE 64 13 14 #define SHA256_DIGEST_SIZE 32 15 #define SHA256_BLOCK_SIZE 64 16 #define SHA256_STATE_WORDS 8 17 18 #define SHA384_DIGEST_SIZE 48 19 #define SHA384_BLOCK_SIZE 128 20 21 #define SHA512_DIGEST_SIZE 64 22 #define SHA512_BLOCK_SIZE 128 23 #define SHA512_STATE_SIZE 80 24 25 #define SHA224_H0 0xc1059ed8UL 26 #define SHA224_H1 0x367cd507UL 27 #define SHA224_H2 0x3070dd17UL 28 #define SHA224_H3 0xf70e5939UL 29 #define SHA224_H4 0xffc00b31UL 30 #define SHA224_H5 0x68581511UL 31 #define SHA224_H6 0x64f98fa7UL 32 #define SHA224_H7 0xbefa4fa4UL 33 34 #define SHA256_H0 0x6a09e667UL 35 #define SHA256_H1 0xbb67ae85UL 36 #define SHA256_H2 0x3c6ef372UL 37 #define SHA256_H3 0xa54ff53aUL 38 #define SHA256_H4 0x510e527fUL 39 #define SHA256_H5 0x9b05688cUL 40 #define SHA256_H6 0x1f83d9abUL 41 #define SHA256_H7 0x5be0cd19UL 42 43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 44 #define SHA384_H1 0x629a292a367cd507ULL 45 #define SHA384_H2 0x9159015a3070dd17ULL 46 #define SHA384_H3 0x152fecd8f70e5939ULL 47 #define SHA384_H4 0x67332667ffc00b31ULL 48 #define SHA384_H5 0x8eb44a8768581511ULL 49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 50 #define SHA384_H7 0x47b5481dbefa4fa4ULL 51 52 #define SHA512_H0 0x6a09e667f3bcc908ULL 53 #define SHA512_H1 0xbb67ae8584caa73bULL 54 #define SHA512_H2 0x3c6ef372fe94f82bULL 55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 56 #define SHA512_H4 0x510e527fade682d1ULL 57 #define SHA512_H5 0x9b05688c2b3e6c1fULL 58 #define SHA512_H6 0x1f83d9abfb41bd6bULL 59 #define SHA512_H7 0x5be0cd19137e2179ULL 60 61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; 62 63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; 64 65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; 66 67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; 68 69 struct crypto_sha256_state { 70 u32 state[SHA256_STATE_WORDS]; 71 u64 count; 72 }; 73 74 static inline void sha224_block_init(struct crypto_sha256_state *sctx) 75 { 76 sctx->state[0] = SHA224_H0; 77 sctx->state[1] = SHA224_H1; 78 sctx->state[2] = SHA224_H2; 79 sctx->state[3] = SHA224_H3; 80 sctx->state[4] = SHA224_H4; 81 sctx->state[5] = SHA224_H5; 82 sctx->state[6] = SHA224_H6; 83 sctx->state[7] = SHA224_H7; 84 sctx->count = 0; 85 } 86 87 static inline void sha256_block_init(struct crypto_sha256_state *sctx) 88 { 89 sctx->state[0] = SHA256_H0; 90 sctx->state[1] = SHA256_H1; 91 sctx->state[2] = SHA256_H2; 92 sctx->state[3] = SHA256_H3; 93 sctx->state[4] = SHA256_H4; 94 sctx->state[5] = SHA256_H5; 95 sctx->state[6] = SHA256_H6; 96 sctx->state[7] = SHA256_H7; 97 sctx->count = 0; 98 } 99 100 struct sha256_state { 101 union { 102 struct crypto_sha256_state ctx; 103 struct { 104 u32 state[SHA256_STATE_WORDS]; 105 u64 count; 106 }; 107 }; 108 u8 buf[SHA256_BLOCK_SIZE]; 109 }; 110 111 struct sha512_state { 112 u64 state[SHA512_DIGEST_SIZE / 8]; 113 u64 count[2]; 114 u8 buf[SHA512_BLOCK_SIZE]; 115 }; 116 117 /* State for the SHA-256 (and SHA-224) compression function */ 118 struct sha256_block_state { 119 u32 h[SHA256_STATE_WORDS]; 120 }; 121 122 /* 123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and 124 * sha256_ctx structs wrap this one so that the API has proper typing and 125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. 126 */ 127 struct __sha256_ctx { 128 struct sha256_block_state state; 129 u64 bytecount; 130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); 131 }; 132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); 133 134 /* 135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. 136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has 137 * proper typing and doesn't allow mixing the functions arbitrarily. 138 */ 139 struct __hmac_sha256_key { 140 struct sha256_block_state istate; 141 struct sha256_block_state ostate; 142 }; 143 struct __hmac_sha256_ctx { 144 struct __sha256_ctx sha_ctx; 145 struct sha256_block_state ostate; 146 }; 147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, 148 const struct __hmac_sha256_key *key); 149 150 /** 151 * struct sha224_ctx - Context for hashing a message with SHA-224 152 * @ctx: private 153 */ 154 struct sha224_ctx { 155 struct __sha256_ctx ctx; 156 }; 157 158 /** 159 * sha224_init() - Initialize a SHA-224 context for a new message 160 * @ctx: the context to initialize 161 * 162 * If you don't need incremental computation, consider sha224() instead. 163 * 164 * Context: Any context. 165 */ 166 void sha224_init(struct sha224_ctx *ctx); 167 168 /** 169 * sha224_update() - Update a SHA-224 context with message data 170 * @ctx: the context to update; must have been initialized 171 * @data: the message data 172 * @len: the data length in bytes 173 * 174 * This can be called any number of times. 175 * 176 * Context: Any context. 177 */ 178 static inline void sha224_update(struct sha224_ctx *ctx, 179 const u8 *data, size_t len) 180 { 181 __sha256_update(&ctx->ctx, data, len); 182 } 183 184 /** 185 * sha224_final() - Finish computing a SHA-224 message digest 186 * @ctx: the context to finalize; must have been initialized 187 * @out: (output) the resulting SHA-224 message digest 188 * 189 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 190 * 191 * Context: Any context. 192 */ 193 void sha224_final(struct sha224_ctx *ctx, u8 out[at_least SHA224_DIGEST_SIZE]); 194 195 /** 196 * sha224() - Compute SHA-224 message digest in one shot 197 * @data: the message data 198 * @len: the data length in bytes 199 * @out: (output) the resulting SHA-224 message digest 200 * 201 * Context: Any context. 202 */ 203 void sha224(const u8 *data, size_t len, u8 out[at_least SHA224_DIGEST_SIZE]); 204 205 /** 206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224 207 * @key: private 208 */ 209 struct hmac_sha224_key { 210 struct __hmac_sha256_key key; 211 }; 212 213 /** 214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message 215 * @ctx: private 216 */ 217 struct hmac_sha224_ctx { 218 struct __hmac_sha256_ctx ctx; 219 }; 220 221 /** 222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 223 * @key: (output) the key structure to initialize 224 * @raw_key: the raw HMAC-SHA224 key 225 * @raw_key_len: the key length in bytes. All key lengths are supported. 226 * 227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key 228 * and the raw key once they are no longer needed. 229 * 230 * Context: Any context. 231 */ 232 void hmac_sha224_preparekey(struct hmac_sha224_key *key, 233 const u8 *raw_key, size_t raw_key_len); 234 235 /** 236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message 237 * @ctx: (output) the HMAC context to initialize 238 * @key: the prepared HMAC key 239 * 240 * If you don't need incremental computation, consider hmac_sha224() instead. 241 * 242 * Context: Any context. 243 */ 244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, 245 const struct hmac_sha224_key *key) 246 { 247 __hmac_sha256_init(&ctx->ctx, &key->key); 248 } 249 250 /** 251 * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new 252 * message, using a raw key 253 * @ctx: (output) the HMAC context to initialize 254 * @raw_key: the raw HMAC-SHA224 key 255 * @raw_key_len: the key length in bytes. All key lengths are supported. 256 * 257 * If you don't need incremental computation, consider hmac_sha224_usingrawkey() 258 * instead. 259 * 260 * Context: Any context. 261 */ 262 void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx, 263 const u8 *raw_key, size_t raw_key_len); 264 265 /** 266 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data 267 * @ctx: the HMAC context to update; must have been initialized 268 * @data: the message data 269 * @data_len: the data length in bytes 270 * 271 * This can be called any number of times. 272 * 273 * Context: Any context. 274 */ 275 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, 276 const u8 *data, size_t data_len) 277 { 278 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 279 } 280 281 /** 282 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value 283 * @ctx: the HMAC context to finalize; must have been initialized 284 * @out: (output) the resulting HMAC-SHA224 value 285 * 286 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 287 * 288 * Context: Any context. 289 */ 290 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, 291 u8 out[at_least SHA224_DIGEST_SIZE]); 292 293 /** 294 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key 295 * @key: the prepared HMAC key 296 * @data: the message data 297 * @data_len: the data length in bytes 298 * @out: (output) the resulting HMAC-SHA224 value 299 * 300 * If you're using the key only once, consider using hmac_sha224_usingrawkey(). 301 * 302 * Context: Any context. 303 */ 304 void hmac_sha224(const struct hmac_sha224_key *key, 305 const u8 *data, size_t data_len, 306 u8 out[at_least SHA224_DIGEST_SIZE]); 307 308 /** 309 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key 310 * @raw_key: the raw HMAC-SHA224 key 311 * @raw_key_len: the key length in bytes. All key lengths are supported. 312 * @data: the message data 313 * @data_len: the data length in bytes 314 * @out: (output) the resulting HMAC-SHA224 value 315 * 316 * If you're using the key multiple times, prefer to use 317 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. 318 * 319 * Context: Any context. 320 */ 321 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, 322 const u8 *data, size_t data_len, 323 u8 out[at_least SHA224_DIGEST_SIZE]); 324 325 /** 326 * struct sha256_ctx - Context for hashing a message with SHA-256 327 * @ctx: private 328 */ 329 struct sha256_ctx { 330 struct __sha256_ctx ctx; 331 }; 332 333 /** 334 * sha256_init() - Initialize a SHA-256 context for a new message 335 * @ctx: the context to initialize 336 * 337 * If you don't need incremental computation, consider sha256() instead. 338 * 339 * Context: Any context. 340 */ 341 void sha256_init(struct sha256_ctx *ctx); 342 343 /** 344 * sha256_update() - Update a SHA-256 context with message data 345 * @ctx: the context to update; must have been initialized 346 * @data: the message data 347 * @len: the data length in bytes 348 * 349 * This can be called any number of times. 350 * 351 * Context: Any context. 352 */ 353 static inline void sha256_update(struct sha256_ctx *ctx, 354 const u8 *data, size_t len) 355 { 356 __sha256_update(&ctx->ctx, data, len); 357 } 358 359 /** 360 * sha256_final() - Finish computing a SHA-256 message digest 361 * @ctx: the context to finalize; must have been initialized 362 * @out: (output) the resulting SHA-256 message digest 363 * 364 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 365 * 366 * Context: Any context. 367 */ 368 void sha256_final(struct sha256_ctx *ctx, u8 out[at_least SHA256_DIGEST_SIZE]); 369 370 /** 371 * sha256() - Compute SHA-256 message digest in one shot 372 * @data: the message data 373 * @len: the data length in bytes 374 * @out: (output) the resulting SHA-256 message digest 375 * 376 * Context: Any context. 377 */ 378 void sha256(const u8 *data, size_t len, u8 out[at_least SHA256_DIGEST_SIZE]); 379 380 /** 381 * sha256_finup_2x() - Compute two SHA-256 digests from a common initial 382 * context. On some CPUs, this is faster than sequentially 383 * computing each digest. 384 * @ctx: an optional initial context, which may have already processed data. If 385 * NULL, a default initial context is used (equivalent to sha256_init()). 386 * @data1: data for the first message 387 * @data2: data for the second message 388 * @len: the length of each of @data1 and @data2, in bytes 389 * @out1: (output) the first SHA-256 message digest 390 * @out2: (output) the second SHA-256 message digest 391 * 392 * Context: Any context. 393 */ 394 void sha256_finup_2x(const struct sha256_ctx *ctx, const u8 *data1, 395 const u8 *data2, size_t len, 396 u8 out1[at_least SHA256_DIGEST_SIZE], 397 u8 out2[at_least SHA256_DIGEST_SIZE]); 398 399 /** 400 * sha256_finup_2x_is_optimized() - Check if sha256_finup_2x() is using a real 401 * interleaved implementation, as opposed to a 402 * sequential fallback 403 * @return: true if optimized 404 * 405 * Context: Any context. 406 */ 407 bool sha256_finup_2x_is_optimized(void); 408 409 /** 410 * struct hmac_sha256_key - Prepared key for HMAC-SHA256 411 * @key: private 412 */ 413 struct hmac_sha256_key { 414 struct __hmac_sha256_key key; 415 }; 416 417 /** 418 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message 419 * @ctx: private 420 */ 421 struct hmac_sha256_ctx { 422 struct __hmac_sha256_ctx ctx; 423 }; 424 425 /** 426 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 427 * @key: (output) the key structure to initialize 428 * @raw_key: the raw HMAC-SHA256 key 429 * @raw_key_len: the key length in bytes. All key lengths are supported. 430 * 431 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key 432 * and the raw key once they are no longer needed. 433 * 434 * Context: Any context. 435 */ 436 void hmac_sha256_preparekey(struct hmac_sha256_key *key, 437 const u8 *raw_key, size_t raw_key_len); 438 439 /** 440 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message 441 * @ctx: (output) the HMAC context to initialize 442 * @key: the prepared HMAC key 443 * 444 * If you don't need incremental computation, consider hmac_sha256() instead. 445 * 446 * Context: Any context. 447 */ 448 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, 449 const struct hmac_sha256_key *key) 450 { 451 __hmac_sha256_init(&ctx->ctx, &key->key); 452 } 453 454 /** 455 * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new 456 * message, using a raw key 457 * @ctx: (output) the HMAC context to initialize 458 * @raw_key: the raw HMAC-SHA256 key 459 * @raw_key_len: the key length in bytes. All key lengths are supported. 460 * 461 * If you don't need incremental computation, consider hmac_sha256_usingrawkey() 462 * instead. 463 * 464 * Context: Any context. 465 */ 466 void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx, 467 const u8 *raw_key, size_t raw_key_len); 468 469 /** 470 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data 471 * @ctx: the HMAC context to update; must have been initialized 472 * @data: the message data 473 * @data_len: the data length in bytes 474 * 475 * This can be called any number of times. 476 * 477 * Context: Any context. 478 */ 479 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, 480 const u8 *data, size_t data_len) 481 { 482 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 483 } 484 485 /** 486 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value 487 * @ctx: the HMAC context to finalize; must have been initialized 488 * @out: (output) the resulting HMAC-SHA256 value 489 * 490 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 491 * 492 * Context: Any context. 493 */ 494 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, 495 u8 out[at_least SHA256_DIGEST_SIZE]); 496 497 /** 498 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key 499 * @key: the prepared HMAC key 500 * @data: the message data 501 * @data_len: the data length in bytes 502 * @out: (output) the resulting HMAC-SHA256 value 503 * 504 * If you're using the key only once, consider using hmac_sha256_usingrawkey(). 505 * 506 * Context: Any context. 507 */ 508 void hmac_sha256(const struct hmac_sha256_key *key, 509 const u8 *data, size_t data_len, 510 u8 out[at_least SHA256_DIGEST_SIZE]); 511 512 /** 513 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key 514 * @raw_key: the raw HMAC-SHA256 key 515 * @raw_key_len: the key length in bytes. All key lengths are supported. 516 * @data: the message data 517 * @data_len: the data length in bytes 518 * @out: (output) the resulting HMAC-SHA256 value 519 * 520 * If you're using the key multiple times, prefer to use 521 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. 522 * 523 * Context: Any context. 524 */ 525 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, 526 const u8 *data, size_t data_len, 527 u8 out[at_least SHA256_DIGEST_SIZE]); 528 529 /* State for the SHA-512 (and SHA-384) compression function */ 530 struct sha512_block_state { 531 u64 h[8]; 532 }; 533 534 /* 535 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and 536 * sha512_ctx structs wrap this one so that the API has proper typing and 537 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. 538 */ 539 struct __sha512_ctx { 540 struct sha512_block_state state; 541 u64 bytecount_lo; 542 u64 bytecount_hi; 543 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); 544 }; 545 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); 546 547 /* 548 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. 549 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has 550 * proper typing and doesn't allow mixing the functions arbitrarily. 551 */ 552 struct __hmac_sha512_key { 553 struct sha512_block_state istate; 554 struct sha512_block_state ostate; 555 }; 556 struct __hmac_sha512_ctx { 557 struct __sha512_ctx sha_ctx; 558 struct sha512_block_state ostate; 559 }; 560 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, 561 const struct __hmac_sha512_key *key); 562 563 /** 564 * struct sha384_ctx - Context for hashing a message with SHA-384 565 * @ctx: private 566 */ 567 struct sha384_ctx { 568 struct __sha512_ctx ctx; 569 }; 570 571 /** 572 * sha384_init() - Initialize a SHA-384 context for a new message 573 * @ctx: the context to initialize 574 * 575 * If you don't need incremental computation, consider sha384() instead. 576 * 577 * Context: Any context. 578 */ 579 void sha384_init(struct sha384_ctx *ctx); 580 581 /** 582 * sha384_update() - Update a SHA-384 context with message data 583 * @ctx: the context to update; must have been initialized 584 * @data: the message data 585 * @len: the data length in bytes 586 * 587 * This can be called any number of times. 588 * 589 * Context: Any context. 590 */ 591 static inline void sha384_update(struct sha384_ctx *ctx, 592 const u8 *data, size_t len) 593 { 594 __sha512_update(&ctx->ctx, data, len); 595 } 596 597 /** 598 * sha384_final() - Finish computing a SHA-384 message digest 599 * @ctx: the context to finalize; must have been initialized 600 * @out: (output) the resulting SHA-384 message digest 601 * 602 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 603 * 604 * Context: Any context. 605 */ 606 void sha384_final(struct sha384_ctx *ctx, u8 out[at_least SHA384_DIGEST_SIZE]); 607 608 /** 609 * sha384() - Compute SHA-384 message digest in one shot 610 * @data: the message data 611 * @len: the data length in bytes 612 * @out: (output) the resulting SHA-384 message digest 613 * 614 * Context: Any context. 615 */ 616 void sha384(const u8 *data, size_t len, u8 out[at_least SHA384_DIGEST_SIZE]); 617 618 /** 619 * struct hmac_sha384_key - Prepared key for HMAC-SHA384 620 * @key: private 621 */ 622 struct hmac_sha384_key { 623 struct __hmac_sha512_key key; 624 }; 625 626 /** 627 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message 628 * @ctx: private 629 */ 630 struct hmac_sha384_ctx { 631 struct __hmac_sha512_ctx ctx; 632 }; 633 634 /** 635 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 636 * @key: (output) the key structure to initialize 637 * @raw_key: the raw HMAC-SHA384 key 638 * @raw_key_len: the key length in bytes. All key lengths are supported. 639 * 640 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key 641 * and the raw key once they are no longer needed. 642 * 643 * Context: Any context. 644 */ 645 void hmac_sha384_preparekey(struct hmac_sha384_key *key, 646 const u8 *raw_key, size_t raw_key_len); 647 648 /** 649 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message 650 * @ctx: (output) the HMAC context to initialize 651 * @key: the prepared HMAC key 652 * 653 * If you don't need incremental computation, consider hmac_sha384() instead. 654 * 655 * Context: Any context. 656 */ 657 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, 658 const struct hmac_sha384_key *key) 659 { 660 __hmac_sha512_init(&ctx->ctx, &key->key); 661 } 662 663 /** 664 * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new 665 * message, using a raw key 666 * @ctx: (output) the HMAC context to initialize 667 * @raw_key: the raw HMAC-SHA384 key 668 * @raw_key_len: the key length in bytes. All key lengths are supported. 669 * 670 * If you don't need incremental computation, consider hmac_sha384_usingrawkey() 671 * instead. 672 * 673 * Context: Any context. 674 */ 675 void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx, 676 const u8 *raw_key, size_t raw_key_len); 677 678 /** 679 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data 680 * @ctx: the HMAC context to update; must have been initialized 681 * @data: the message data 682 * @data_len: the data length in bytes 683 * 684 * This can be called any number of times. 685 * 686 * Context: Any context. 687 */ 688 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, 689 const u8 *data, size_t data_len) 690 { 691 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 692 } 693 694 /** 695 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value 696 * @ctx: the HMAC context to finalize; must have been initialized 697 * @out: (output) the resulting HMAC-SHA384 value 698 * 699 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 700 * 701 * Context: Any context. 702 */ 703 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, 704 u8 out[at_least SHA384_DIGEST_SIZE]); 705 706 /** 707 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key 708 * @key: the prepared HMAC key 709 * @data: the message data 710 * @data_len: the data length in bytes 711 * @out: (output) the resulting HMAC-SHA384 value 712 * 713 * If you're using the key only once, consider using hmac_sha384_usingrawkey(). 714 * 715 * Context: Any context. 716 */ 717 void hmac_sha384(const struct hmac_sha384_key *key, 718 const u8 *data, size_t data_len, 719 u8 out[at_least SHA384_DIGEST_SIZE]); 720 721 /** 722 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key 723 * @raw_key: the raw HMAC-SHA384 key 724 * @raw_key_len: the key length in bytes. All key lengths are supported. 725 * @data: the message data 726 * @data_len: the data length in bytes 727 * @out: (output) the resulting HMAC-SHA384 value 728 * 729 * If you're using the key multiple times, prefer to use 730 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. 731 * 732 * Context: Any context. 733 */ 734 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, 735 const u8 *data, size_t data_len, 736 u8 out[at_least SHA384_DIGEST_SIZE]); 737 738 /** 739 * struct sha512_ctx - Context for hashing a message with SHA-512 740 * @ctx: private 741 */ 742 struct sha512_ctx { 743 struct __sha512_ctx ctx; 744 }; 745 746 /** 747 * sha512_init() - Initialize a SHA-512 context for a new message 748 * @ctx: the context to initialize 749 * 750 * If you don't need incremental computation, consider sha512() instead. 751 * 752 * Context: Any context. 753 */ 754 void sha512_init(struct sha512_ctx *ctx); 755 756 /** 757 * sha512_update() - Update a SHA-512 context with message data 758 * @ctx: the context to update; must have been initialized 759 * @data: the message data 760 * @len: the data length in bytes 761 * 762 * This can be called any number of times. 763 * 764 * Context: Any context. 765 */ 766 static inline void sha512_update(struct sha512_ctx *ctx, 767 const u8 *data, size_t len) 768 { 769 __sha512_update(&ctx->ctx, data, len); 770 } 771 772 /** 773 * sha512_final() - Finish computing a SHA-512 message digest 774 * @ctx: the context to finalize; must have been initialized 775 * @out: (output) the resulting SHA-512 message digest 776 * 777 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 778 * 779 * Context: Any context. 780 */ 781 void sha512_final(struct sha512_ctx *ctx, u8 out[at_least SHA512_DIGEST_SIZE]); 782 783 /** 784 * sha512() - Compute SHA-512 message digest in one shot 785 * @data: the message data 786 * @len: the data length in bytes 787 * @out: (output) the resulting SHA-512 message digest 788 * 789 * Context: Any context. 790 */ 791 void sha512(const u8 *data, size_t len, u8 out[at_least SHA512_DIGEST_SIZE]); 792 793 /** 794 * struct hmac_sha512_key - Prepared key for HMAC-SHA512 795 * @key: private 796 */ 797 struct hmac_sha512_key { 798 struct __hmac_sha512_key key; 799 }; 800 801 /** 802 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message 803 * @ctx: private 804 */ 805 struct hmac_sha512_ctx { 806 struct __hmac_sha512_ctx ctx; 807 }; 808 809 /** 810 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 811 * @key: (output) the key structure to initialize 812 * @raw_key: the raw HMAC-SHA512 key 813 * @raw_key_len: the key length in bytes. All key lengths are supported. 814 * 815 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key 816 * and the raw key once they are no longer needed. 817 * 818 * Context: Any context. 819 */ 820 void hmac_sha512_preparekey(struct hmac_sha512_key *key, 821 const u8 *raw_key, size_t raw_key_len); 822 823 /** 824 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message 825 * @ctx: (output) the HMAC context to initialize 826 * @key: the prepared HMAC key 827 * 828 * If you don't need incremental computation, consider hmac_sha512() instead. 829 * 830 * Context: Any context. 831 */ 832 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, 833 const struct hmac_sha512_key *key) 834 { 835 __hmac_sha512_init(&ctx->ctx, &key->key); 836 } 837 838 /** 839 * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new 840 * message, using a raw key 841 * @ctx: (output) the HMAC context to initialize 842 * @raw_key: the raw HMAC-SHA512 key 843 * @raw_key_len: the key length in bytes. All key lengths are supported. 844 * 845 * If you don't need incremental computation, consider hmac_sha512_usingrawkey() 846 * instead. 847 * 848 * Context: Any context. 849 */ 850 void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx, 851 const u8 *raw_key, size_t raw_key_len); 852 853 /** 854 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data 855 * @ctx: the HMAC context to update; must have been initialized 856 * @data: the message data 857 * @data_len: the data length in bytes 858 * 859 * This can be called any number of times. 860 * 861 * Context: Any context. 862 */ 863 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, 864 const u8 *data, size_t data_len) 865 { 866 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 867 } 868 869 /** 870 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value 871 * @ctx: the HMAC context to finalize; must have been initialized 872 * @out: (output) the resulting HMAC-SHA512 value 873 * 874 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 875 * 876 * Context: Any context. 877 */ 878 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, 879 u8 out[at_least SHA512_DIGEST_SIZE]); 880 881 /** 882 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key 883 * @key: the prepared HMAC key 884 * @data: the message data 885 * @data_len: the data length in bytes 886 * @out: (output) the resulting HMAC-SHA512 value 887 * 888 * If you're using the key only once, consider using hmac_sha512_usingrawkey(). 889 * 890 * Context: Any context. 891 */ 892 void hmac_sha512(const struct hmac_sha512_key *key, 893 const u8 *data, size_t data_len, 894 u8 out[at_least SHA512_DIGEST_SIZE]); 895 896 /** 897 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key 898 * @raw_key: the raw HMAC-SHA512 key 899 * @raw_key_len: the key length in bytes. All key lengths are supported. 900 * @data: the message data 901 * @data_len: the data length in bytes 902 * @out: (output) the resulting HMAC-SHA512 value 903 * 904 * If you're using the key multiple times, prefer to use 905 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. 906 * 907 * Context: Any context. 908 */ 909 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, 910 const u8 *data, size_t data_len, 911 u8 out[at_least SHA512_DIGEST_SIZE]); 912 913 #endif /* _CRYPTO_SHA2_H */ 914