1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for SHA-2 algorithms 4 */ 5 6 #ifndef _CRYPTO_SHA2_H 7 #define _CRYPTO_SHA2_H 8 9 #include <linux/types.h> 10 11 #define SHA224_DIGEST_SIZE 28 12 #define SHA224_BLOCK_SIZE 64 13 14 #define SHA256_DIGEST_SIZE 32 15 #define SHA256_BLOCK_SIZE 64 16 #define SHA256_STATE_WORDS 8 17 18 #define SHA384_DIGEST_SIZE 48 19 #define SHA384_BLOCK_SIZE 128 20 21 #define SHA512_DIGEST_SIZE 64 22 #define SHA512_BLOCK_SIZE 128 23 #define SHA512_STATE_SIZE 80 24 25 #define SHA224_H0 0xc1059ed8UL 26 #define SHA224_H1 0x367cd507UL 27 #define SHA224_H2 0x3070dd17UL 28 #define SHA224_H3 0xf70e5939UL 29 #define SHA224_H4 0xffc00b31UL 30 #define SHA224_H5 0x68581511UL 31 #define SHA224_H6 0x64f98fa7UL 32 #define SHA224_H7 0xbefa4fa4UL 33 34 #define SHA256_H0 0x6a09e667UL 35 #define SHA256_H1 0xbb67ae85UL 36 #define SHA256_H2 0x3c6ef372UL 37 #define SHA256_H3 0xa54ff53aUL 38 #define SHA256_H4 0x510e527fUL 39 #define SHA256_H5 0x9b05688cUL 40 #define SHA256_H6 0x1f83d9abUL 41 #define SHA256_H7 0x5be0cd19UL 42 43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 44 #define SHA384_H1 0x629a292a367cd507ULL 45 #define SHA384_H2 0x9159015a3070dd17ULL 46 #define SHA384_H3 0x152fecd8f70e5939ULL 47 #define SHA384_H4 0x67332667ffc00b31ULL 48 #define SHA384_H5 0x8eb44a8768581511ULL 49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 50 #define SHA384_H7 0x47b5481dbefa4fa4ULL 51 52 #define SHA512_H0 0x6a09e667f3bcc908ULL 53 #define SHA512_H1 0xbb67ae8584caa73bULL 54 #define SHA512_H2 0x3c6ef372fe94f82bULL 55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 56 #define SHA512_H4 0x510e527fade682d1ULL 57 #define SHA512_H5 0x9b05688c2b3e6c1fULL 58 #define SHA512_H6 0x1f83d9abfb41bd6bULL 59 #define SHA512_H7 0x5be0cd19137e2179ULL 60 61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; 62 63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; 64 65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; 66 67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; 68 69 struct crypto_sha256_state { 70 u32 state[SHA256_STATE_WORDS]; 71 u64 count; 72 }; 73 74 static inline void sha224_block_init(struct crypto_sha256_state *sctx) 75 { 76 sctx->state[0] = SHA224_H0; 77 sctx->state[1] = SHA224_H1; 78 sctx->state[2] = SHA224_H2; 79 sctx->state[3] = SHA224_H3; 80 sctx->state[4] = SHA224_H4; 81 sctx->state[5] = SHA224_H5; 82 sctx->state[6] = SHA224_H6; 83 sctx->state[7] = SHA224_H7; 84 sctx->count = 0; 85 } 86 87 static inline void sha256_block_init(struct crypto_sha256_state *sctx) 88 { 89 sctx->state[0] = SHA256_H0; 90 sctx->state[1] = SHA256_H1; 91 sctx->state[2] = SHA256_H2; 92 sctx->state[3] = SHA256_H3; 93 sctx->state[4] = SHA256_H4; 94 sctx->state[5] = SHA256_H5; 95 sctx->state[6] = SHA256_H6; 96 sctx->state[7] = SHA256_H7; 97 sctx->count = 0; 98 } 99 100 struct sha256_state { 101 union { 102 struct crypto_sha256_state ctx; 103 struct { 104 u32 state[SHA256_STATE_WORDS]; 105 u64 count; 106 }; 107 }; 108 u8 buf[SHA256_BLOCK_SIZE]; 109 }; 110 111 struct sha512_state { 112 u64 state[SHA512_DIGEST_SIZE / 8]; 113 u64 count[2]; 114 u8 buf[SHA512_BLOCK_SIZE]; 115 }; 116 117 /* State for the SHA-256 (and SHA-224) compression function */ 118 struct sha256_block_state { 119 u32 h[SHA256_STATE_WORDS]; 120 }; 121 122 /* 123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and 124 * sha256_ctx structs wrap this one so that the API has proper typing and 125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. 126 */ 127 struct __sha256_ctx { 128 struct sha256_block_state state; 129 u64 bytecount; 130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); 131 }; 132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); 133 134 /* 135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. 136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has 137 * proper typing and doesn't allow mixing the functions arbitrarily. 138 */ 139 struct __hmac_sha256_key { 140 struct sha256_block_state istate; 141 struct sha256_block_state ostate; 142 }; 143 struct __hmac_sha256_ctx { 144 struct __sha256_ctx sha_ctx; 145 struct sha256_block_state ostate; 146 }; 147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, 148 const struct __hmac_sha256_key *key); 149 150 /** 151 * struct sha224_ctx - Context for hashing a message with SHA-224 152 * @ctx: private 153 */ 154 struct sha224_ctx { 155 struct __sha256_ctx ctx; 156 }; 157 158 void sha224_init(struct sha224_ctx *ctx); 159 static inline void sha224_update(struct sha224_ctx *ctx, 160 const u8 *data, size_t len) 161 { 162 __sha256_update(&ctx->ctx, data, len); 163 } 164 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 165 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); 166 167 /** 168 * struct hmac_sha224_key - Prepared key for HMAC-SHA224 169 * @key: private 170 */ 171 struct hmac_sha224_key { 172 struct __hmac_sha256_key key; 173 }; 174 175 /** 176 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message 177 * @ctx: private 178 */ 179 struct hmac_sha224_ctx { 180 struct __hmac_sha256_ctx ctx; 181 }; 182 183 /** 184 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 185 * @key: (output) the key structure to initialize 186 * @raw_key: the raw HMAC-SHA224 key 187 * @raw_key_len: the key length in bytes. All key lengths are supported. 188 * 189 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key 190 * and the raw key once they are no longer needed. 191 * 192 * Context: Any context. 193 */ 194 void hmac_sha224_preparekey(struct hmac_sha224_key *key, 195 const u8 *raw_key, size_t raw_key_len); 196 197 /** 198 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message 199 * @ctx: (output) the HMAC context to initialize 200 * @key: the prepared HMAC key 201 * 202 * If you don't need incremental computation, consider hmac_sha224() instead. 203 * 204 * Context: Any context. 205 */ 206 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, 207 const struct hmac_sha224_key *key) 208 { 209 __hmac_sha256_init(&ctx->ctx, &key->key); 210 } 211 212 /** 213 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data 214 * @ctx: the HMAC context to update; must have been initialized 215 * @data: the message data 216 * @data_len: the data length in bytes 217 * 218 * This can be called any number of times. 219 * 220 * Context: Any context. 221 */ 222 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, 223 const u8 *data, size_t data_len) 224 { 225 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 226 } 227 228 /** 229 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value 230 * @ctx: the HMAC context to finalize; must have been initialized 231 * @out: (output) the resulting HMAC-SHA224 value 232 * 233 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 234 * 235 * Context: Any context. 236 */ 237 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 238 239 /** 240 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key 241 * @key: the prepared HMAC key 242 * @data: the message data 243 * @data_len: the data length in bytes 244 * @out: (output) the resulting HMAC-SHA224 value 245 * 246 * If you're using the key only once, consider using hmac_sha224_usingrawkey(). 247 * 248 * Context: Any context. 249 */ 250 void hmac_sha224(const struct hmac_sha224_key *key, 251 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); 252 253 /** 254 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key 255 * @raw_key: the raw HMAC-SHA224 key 256 * @raw_key_len: the key length in bytes. All key lengths are supported. 257 * @data: the message data 258 * @data_len: the data length in bytes 259 * @out: (output) the resulting HMAC-SHA224 value 260 * 261 * If you're using the key multiple times, prefer to use 262 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. 263 * 264 * Context: Any context. 265 */ 266 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, 267 const u8 *data, size_t data_len, 268 u8 out[SHA224_DIGEST_SIZE]); 269 270 /** 271 * struct sha256_ctx - Context for hashing a message with SHA-256 272 * @ctx: private 273 */ 274 struct sha256_ctx { 275 struct __sha256_ctx ctx; 276 }; 277 278 void sha256_init(struct sha256_ctx *ctx); 279 static inline void sha256_update(struct sha256_ctx *ctx, 280 const u8 *data, size_t len) 281 { 282 __sha256_update(&ctx->ctx, data, len); 283 } 284 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 285 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); 286 287 /** 288 * struct hmac_sha256_key - Prepared key for HMAC-SHA256 289 * @key: private 290 */ 291 struct hmac_sha256_key { 292 struct __hmac_sha256_key key; 293 }; 294 295 /** 296 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message 297 * @ctx: private 298 */ 299 struct hmac_sha256_ctx { 300 struct __hmac_sha256_ctx ctx; 301 }; 302 303 /** 304 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 305 * @key: (output) the key structure to initialize 306 * @raw_key: the raw HMAC-SHA256 key 307 * @raw_key_len: the key length in bytes. All key lengths are supported. 308 * 309 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key 310 * and the raw key once they are no longer needed. 311 * 312 * Context: Any context. 313 */ 314 void hmac_sha256_preparekey(struct hmac_sha256_key *key, 315 const u8 *raw_key, size_t raw_key_len); 316 317 /** 318 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message 319 * @ctx: (output) the HMAC context to initialize 320 * @key: the prepared HMAC key 321 * 322 * If you don't need incremental computation, consider hmac_sha256() instead. 323 * 324 * Context: Any context. 325 */ 326 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, 327 const struct hmac_sha256_key *key) 328 { 329 __hmac_sha256_init(&ctx->ctx, &key->key); 330 } 331 332 /** 333 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data 334 * @ctx: the HMAC context to update; must have been initialized 335 * @data: the message data 336 * @data_len: the data length in bytes 337 * 338 * This can be called any number of times. 339 * 340 * Context: Any context. 341 */ 342 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, 343 const u8 *data, size_t data_len) 344 { 345 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 346 } 347 348 /** 349 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value 350 * @ctx: the HMAC context to finalize; must have been initialized 351 * @out: (output) the resulting HMAC-SHA256 value 352 * 353 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 354 * 355 * Context: Any context. 356 */ 357 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 358 359 /** 360 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key 361 * @key: the prepared HMAC key 362 * @data: the message data 363 * @data_len: the data length in bytes 364 * @out: (output) the resulting HMAC-SHA256 value 365 * 366 * If you're using the key only once, consider using hmac_sha256_usingrawkey(). 367 * 368 * Context: Any context. 369 */ 370 void hmac_sha256(const struct hmac_sha256_key *key, 371 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); 372 373 /** 374 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key 375 * @raw_key: the raw HMAC-SHA256 key 376 * @raw_key_len: the key length in bytes. All key lengths are supported. 377 * @data: the message data 378 * @data_len: the data length in bytes 379 * @out: (output) the resulting HMAC-SHA256 value 380 * 381 * If you're using the key multiple times, prefer to use 382 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. 383 * 384 * Context: Any context. 385 */ 386 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, 387 const u8 *data, size_t data_len, 388 u8 out[SHA256_DIGEST_SIZE]); 389 390 /* State for the SHA-512 (and SHA-384) compression function */ 391 struct sha512_block_state { 392 u64 h[8]; 393 }; 394 395 /* 396 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and 397 * sha512_ctx structs wrap this one so that the API has proper typing and 398 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. 399 */ 400 struct __sha512_ctx { 401 struct sha512_block_state state; 402 u64 bytecount_lo; 403 u64 bytecount_hi; 404 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); 405 }; 406 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); 407 408 /* 409 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. 410 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has 411 * proper typing and doesn't allow mixing the functions arbitrarily. 412 */ 413 struct __hmac_sha512_key { 414 struct sha512_block_state istate; 415 struct sha512_block_state ostate; 416 }; 417 struct __hmac_sha512_ctx { 418 struct __sha512_ctx sha_ctx; 419 struct sha512_block_state ostate; 420 }; 421 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, 422 const struct __hmac_sha512_key *key); 423 424 /** 425 * struct sha384_ctx - Context for hashing a message with SHA-384 426 * @ctx: private 427 */ 428 struct sha384_ctx { 429 struct __sha512_ctx ctx; 430 }; 431 432 /** 433 * sha384_init() - Initialize a SHA-384 context for a new message 434 * @ctx: the context to initialize 435 * 436 * If you don't need incremental computation, consider sha384() instead. 437 * 438 * Context: Any context. 439 */ 440 void sha384_init(struct sha384_ctx *ctx); 441 442 /** 443 * sha384_update() - Update a SHA-384 context with message data 444 * @ctx: the context to update; must have been initialized 445 * @data: the message data 446 * @len: the data length in bytes 447 * 448 * This can be called any number of times. 449 * 450 * Context: Any context. 451 */ 452 static inline void sha384_update(struct sha384_ctx *ctx, 453 const u8 *data, size_t len) 454 { 455 __sha512_update(&ctx->ctx, data, len); 456 } 457 458 /** 459 * sha384_final() - Finish computing a SHA-384 message digest 460 * @ctx: the context to finalize; must have been initialized 461 * @out: (output) the resulting SHA-384 message digest 462 * 463 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 464 * 465 * Context: Any context. 466 */ 467 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 468 469 /** 470 * sha384() - Compute SHA-384 message digest in one shot 471 * @data: the message data 472 * @len: the data length in bytes 473 * @out: (output) the resulting SHA-384 message digest 474 * 475 * Context: Any context. 476 */ 477 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); 478 479 /** 480 * struct hmac_sha384_key - Prepared key for HMAC-SHA384 481 * @key: private 482 */ 483 struct hmac_sha384_key { 484 struct __hmac_sha512_key key; 485 }; 486 487 /** 488 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message 489 * @ctx: private 490 */ 491 struct hmac_sha384_ctx { 492 struct __hmac_sha512_ctx ctx; 493 }; 494 495 /** 496 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 497 * @key: (output) the key structure to initialize 498 * @raw_key: the raw HMAC-SHA384 key 499 * @raw_key_len: the key length in bytes. All key lengths are supported. 500 * 501 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key 502 * and the raw key once they are no longer needed. 503 * 504 * Context: Any context. 505 */ 506 void hmac_sha384_preparekey(struct hmac_sha384_key *key, 507 const u8 *raw_key, size_t raw_key_len); 508 509 /** 510 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message 511 * @ctx: (output) the HMAC context to initialize 512 * @key: the prepared HMAC key 513 * 514 * If you don't need incremental computation, consider hmac_sha384() instead. 515 * 516 * Context: Any context. 517 */ 518 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, 519 const struct hmac_sha384_key *key) 520 { 521 __hmac_sha512_init(&ctx->ctx, &key->key); 522 } 523 524 /** 525 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data 526 * @ctx: the HMAC context to update; must have been initialized 527 * @data: the message data 528 * @data_len: the data length in bytes 529 * 530 * This can be called any number of times. 531 * 532 * Context: Any context. 533 */ 534 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, 535 const u8 *data, size_t data_len) 536 { 537 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 538 } 539 540 /** 541 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value 542 * @ctx: the HMAC context to finalize; must have been initialized 543 * @out: (output) the resulting HMAC-SHA384 value 544 * 545 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 546 * 547 * Context: Any context. 548 */ 549 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 550 551 /** 552 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key 553 * @key: the prepared HMAC key 554 * @data: the message data 555 * @data_len: the data length in bytes 556 * @out: (output) the resulting HMAC-SHA384 value 557 * 558 * If you're using the key only once, consider using hmac_sha384_usingrawkey(). 559 * 560 * Context: Any context. 561 */ 562 void hmac_sha384(const struct hmac_sha384_key *key, 563 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); 564 565 /** 566 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key 567 * @raw_key: the raw HMAC-SHA384 key 568 * @raw_key_len: the key length in bytes. All key lengths are supported. 569 * @data: the message data 570 * @data_len: the data length in bytes 571 * @out: (output) the resulting HMAC-SHA384 value 572 * 573 * If you're using the key multiple times, prefer to use 574 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. 575 * 576 * Context: Any context. 577 */ 578 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, 579 const u8 *data, size_t data_len, 580 u8 out[SHA384_DIGEST_SIZE]); 581 582 /** 583 * struct sha512_ctx - Context for hashing a message with SHA-512 584 * @ctx: private 585 */ 586 struct sha512_ctx { 587 struct __sha512_ctx ctx; 588 }; 589 590 /** 591 * sha512_init() - Initialize a SHA-512 context for a new message 592 * @ctx: the context to initialize 593 * 594 * If you don't need incremental computation, consider sha512() instead. 595 * 596 * Context: Any context. 597 */ 598 void sha512_init(struct sha512_ctx *ctx); 599 600 /** 601 * sha512_update() - Update a SHA-512 context with message data 602 * @ctx: the context to update; must have been initialized 603 * @data: the message data 604 * @len: the data length in bytes 605 * 606 * This can be called any number of times. 607 * 608 * Context: Any context. 609 */ 610 static inline void sha512_update(struct sha512_ctx *ctx, 611 const u8 *data, size_t len) 612 { 613 __sha512_update(&ctx->ctx, data, len); 614 } 615 616 /** 617 * sha512_final() - Finish computing a SHA-512 message digest 618 * @ctx: the context to finalize; must have been initialized 619 * @out: (output) the resulting SHA-512 message digest 620 * 621 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 622 * 623 * Context: Any context. 624 */ 625 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 626 627 /** 628 * sha512() - Compute SHA-512 message digest in one shot 629 * @data: the message data 630 * @len: the data length in bytes 631 * @out: (output) the resulting SHA-512 message digest 632 * 633 * Context: Any context. 634 */ 635 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); 636 637 /** 638 * struct hmac_sha512_key - Prepared key for HMAC-SHA512 639 * @key: private 640 */ 641 struct hmac_sha512_key { 642 struct __hmac_sha512_key key; 643 }; 644 645 /** 646 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message 647 * @ctx: private 648 */ 649 struct hmac_sha512_ctx { 650 struct __hmac_sha512_ctx ctx; 651 }; 652 653 /** 654 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 655 * @key: (output) the key structure to initialize 656 * @raw_key: the raw HMAC-SHA512 key 657 * @raw_key_len: the key length in bytes. All key lengths are supported. 658 * 659 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key 660 * and the raw key once they are no longer needed. 661 * 662 * Context: Any context. 663 */ 664 void hmac_sha512_preparekey(struct hmac_sha512_key *key, 665 const u8 *raw_key, size_t raw_key_len); 666 667 /** 668 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message 669 * @ctx: (output) the HMAC context to initialize 670 * @key: the prepared HMAC key 671 * 672 * If you don't need incremental computation, consider hmac_sha512() instead. 673 * 674 * Context: Any context. 675 */ 676 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, 677 const struct hmac_sha512_key *key) 678 { 679 __hmac_sha512_init(&ctx->ctx, &key->key); 680 } 681 682 /** 683 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data 684 * @ctx: the HMAC context to update; must have been initialized 685 * @data: the message data 686 * @data_len: the data length in bytes 687 * 688 * This can be called any number of times. 689 * 690 * Context: Any context. 691 */ 692 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, 693 const u8 *data, size_t data_len) 694 { 695 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 696 } 697 698 /** 699 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value 700 * @ctx: the HMAC context to finalize; must have been initialized 701 * @out: (output) the resulting HMAC-SHA512 value 702 * 703 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 704 * 705 * Context: Any context. 706 */ 707 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 708 709 /** 710 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key 711 * @key: the prepared HMAC key 712 * @data: the message data 713 * @data_len: the data length in bytes 714 * @out: (output) the resulting HMAC-SHA512 value 715 * 716 * If you're using the key only once, consider using hmac_sha512_usingrawkey(). 717 * 718 * Context: Any context. 719 */ 720 void hmac_sha512(const struct hmac_sha512_key *key, 721 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); 722 723 /** 724 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key 725 * @raw_key: the raw HMAC-SHA512 key 726 * @raw_key_len: the key length in bytes. All key lengths are supported. 727 * @data: the message data 728 * @data_len: the data length in bytes 729 * @out: (output) the resulting HMAC-SHA512 value 730 * 731 * If you're using the key multiple times, prefer to use 732 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. 733 * 734 * Context: Any context. 735 */ 736 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, 737 const u8 *data, size_t data_len, 738 u8 out[SHA512_DIGEST_SIZE]); 739 740 #endif /* _CRYPTO_SHA2_H */ 741