1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for SHA-2 algorithms 4 */ 5 6 #ifndef _CRYPTO_SHA2_H 7 #define _CRYPTO_SHA2_H 8 9 #include <linux/types.h> 10 11 #define SHA224_DIGEST_SIZE 28 12 #define SHA224_BLOCK_SIZE 64 13 14 #define SHA256_DIGEST_SIZE 32 15 #define SHA256_BLOCK_SIZE 64 16 #define SHA256_STATE_WORDS 8 17 18 #define SHA384_DIGEST_SIZE 48 19 #define SHA384_BLOCK_SIZE 128 20 21 #define SHA512_DIGEST_SIZE 64 22 #define SHA512_BLOCK_SIZE 128 23 #define SHA512_STATE_SIZE 80 24 25 #define SHA224_H0 0xc1059ed8UL 26 #define SHA224_H1 0x367cd507UL 27 #define SHA224_H2 0x3070dd17UL 28 #define SHA224_H3 0xf70e5939UL 29 #define SHA224_H4 0xffc00b31UL 30 #define SHA224_H5 0x68581511UL 31 #define SHA224_H6 0x64f98fa7UL 32 #define SHA224_H7 0xbefa4fa4UL 33 34 #define SHA256_H0 0x6a09e667UL 35 #define SHA256_H1 0xbb67ae85UL 36 #define SHA256_H2 0x3c6ef372UL 37 #define SHA256_H3 0xa54ff53aUL 38 #define SHA256_H4 0x510e527fUL 39 #define SHA256_H5 0x9b05688cUL 40 #define SHA256_H6 0x1f83d9abUL 41 #define SHA256_H7 0x5be0cd19UL 42 43 #define SHA384_H0 0xcbbb9d5dc1059ed8ULL 44 #define SHA384_H1 0x629a292a367cd507ULL 45 #define SHA384_H2 0x9159015a3070dd17ULL 46 #define SHA384_H3 0x152fecd8f70e5939ULL 47 #define SHA384_H4 0x67332667ffc00b31ULL 48 #define SHA384_H5 0x8eb44a8768581511ULL 49 #define SHA384_H6 0xdb0c2e0d64f98fa7ULL 50 #define SHA384_H7 0x47b5481dbefa4fa4ULL 51 52 #define SHA512_H0 0x6a09e667f3bcc908ULL 53 #define SHA512_H1 0xbb67ae8584caa73bULL 54 #define SHA512_H2 0x3c6ef372fe94f82bULL 55 #define SHA512_H3 0xa54ff53a5f1d36f1ULL 56 #define SHA512_H4 0x510e527fade682d1ULL 57 #define SHA512_H5 0x9b05688c2b3e6c1fULL 58 #define SHA512_H6 0x1f83d9abfb41bd6bULL 59 #define SHA512_H7 0x5be0cd19137e2179ULL 60 61 extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; 62 63 extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; 64 65 extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; 66 67 extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; 68 69 struct crypto_sha256_state { 70 u32 state[SHA256_STATE_WORDS]; 71 u64 count; 72 }; 73 74 static inline void sha224_block_init(struct crypto_sha256_state *sctx) 75 { 76 sctx->state[0] = SHA224_H0; 77 sctx->state[1] = SHA224_H1; 78 sctx->state[2] = SHA224_H2; 79 sctx->state[3] = SHA224_H3; 80 sctx->state[4] = SHA224_H4; 81 sctx->state[5] = SHA224_H5; 82 sctx->state[6] = SHA224_H6; 83 sctx->state[7] = SHA224_H7; 84 sctx->count = 0; 85 } 86 87 static inline void sha256_block_init(struct crypto_sha256_state *sctx) 88 { 89 sctx->state[0] = SHA256_H0; 90 sctx->state[1] = SHA256_H1; 91 sctx->state[2] = SHA256_H2; 92 sctx->state[3] = SHA256_H3; 93 sctx->state[4] = SHA256_H4; 94 sctx->state[5] = SHA256_H5; 95 sctx->state[6] = SHA256_H6; 96 sctx->state[7] = SHA256_H7; 97 sctx->count = 0; 98 } 99 100 struct sha256_state { 101 union { 102 struct crypto_sha256_state ctx; 103 struct { 104 u32 state[SHA256_STATE_WORDS]; 105 u64 count; 106 }; 107 }; 108 u8 buf[SHA256_BLOCK_SIZE]; 109 }; 110 111 struct sha512_state { 112 u64 state[SHA512_DIGEST_SIZE / 8]; 113 u64 count[2]; 114 u8 buf[SHA512_BLOCK_SIZE]; 115 }; 116 117 /* State for the SHA-256 (and SHA-224) compression function */ 118 struct sha256_block_state { 119 u32 h[SHA256_STATE_WORDS]; 120 }; 121 122 /* 123 * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and 124 * sha256_ctx structs wrap this one so that the API has proper typing and 125 * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. 126 */ 127 struct __sha256_ctx { 128 struct sha256_block_state state; 129 u64 bytecount; 130 u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); 131 }; 132 void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); 133 134 /* 135 * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. 136 * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has 137 * proper typing and doesn't allow mixing the functions arbitrarily. 138 */ 139 struct __hmac_sha256_key { 140 struct sha256_block_state istate; 141 struct sha256_block_state ostate; 142 }; 143 struct __hmac_sha256_ctx { 144 struct __sha256_ctx sha_ctx; 145 struct sha256_block_state ostate; 146 }; 147 void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, 148 const struct __hmac_sha256_key *key); 149 150 /** 151 * struct sha224_ctx - Context for hashing a message with SHA-224 152 * @ctx: private 153 */ 154 struct sha224_ctx { 155 struct __sha256_ctx ctx; 156 }; 157 158 /** 159 * sha224_init() - Initialize a SHA-224 context for a new message 160 * @ctx: the context to initialize 161 * 162 * If you don't need incremental computation, consider sha224() instead. 163 * 164 * Context: Any context. 165 */ 166 void sha224_init(struct sha224_ctx *ctx); 167 168 /** 169 * sha224_update() - Update a SHA-224 context with message data 170 * @ctx: the context to update; must have been initialized 171 * @data: the message data 172 * @len: the data length in bytes 173 * 174 * This can be called any number of times. 175 * 176 * Context: Any context. 177 */ 178 static inline void sha224_update(struct sha224_ctx *ctx, 179 const u8 *data, size_t len) 180 { 181 __sha256_update(&ctx->ctx, data, len); 182 } 183 184 /** 185 * sha224_final() - Finish computing a SHA-224 message digest 186 * @ctx: the context to finalize; must have been initialized 187 * @out: (output) the resulting SHA-224 message digest 188 * 189 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 190 * 191 * Context: Any context. 192 */ 193 void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 194 195 /** 196 * sha224() - Compute SHA-224 message digest in one shot 197 * @data: the message data 198 * @len: the data length in bytes 199 * @out: (output) the resulting SHA-224 message digest 200 * 201 * Context: Any context. 202 */ 203 void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); 204 205 /** 206 * struct hmac_sha224_key - Prepared key for HMAC-SHA224 207 * @key: private 208 */ 209 struct hmac_sha224_key { 210 struct __hmac_sha256_key key; 211 }; 212 213 /** 214 * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message 215 * @ctx: private 216 */ 217 struct hmac_sha224_ctx { 218 struct __hmac_sha256_ctx ctx; 219 }; 220 221 /** 222 * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 223 * @key: (output) the key structure to initialize 224 * @raw_key: the raw HMAC-SHA224 key 225 * @raw_key_len: the key length in bytes. All key lengths are supported. 226 * 227 * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key 228 * and the raw key once they are no longer needed. 229 * 230 * Context: Any context. 231 */ 232 void hmac_sha224_preparekey(struct hmac_sha224_key *key, 233 const u8 *raw_key, size_t raw_key_len); 234 235 /** 236 * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message 237 * @ctx: (output) the HMAC context to initialize 238 * @key: the prepared HMAC key 239 * 240 * If you don't need incremental computation, consider hmac_sha224() instead. 241 * 242 * Context: Any context. 243 */ 244 static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, 245 const struct hmac_sha224_key *key) 246 { 247 __hmac_sha256_init(&ctx->ctx, &key->key); 248 } 249 250 /** 251 * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new 252 * message, using a raw key 253 * @ctx: (output) the HMAC context to initialize 254 * @raw_key: the raw HMAC-SHA224 key 255 * @raw_key_len: the key length in bytes. All key lengths are supported. 256 * 257 * If you don't need incremental computation, consider hmac_sha224_usingrawkey() 258 * instead. 259 * 260 * Context: Any context. 261 */ 262 void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx, 263 const u8 *raw_key, size_t raw_key_len); 264 265 /** 266 * hmac_sha224_update() - Update an HMAC-SHA224 context with message data 267 * @ctx: the HMAC context to update; must have been initialized 268 * @data: the message data 269 * @data_len: the data length in bytes 270 * 271 * This can be called any number of times. 272 * 273 * Context: Any context. 274 */ 275 static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, 276 const u8 *data, size_t data_len) 277 { 278 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 279 } 280 281 /** 282 * hmac_sha224_final() - Finish computing an HMAC-SHA224 value 283 * @ctx: the HMAC context to finalize; must have been initialized 284 * @out: (output) the resulting HMAC-SHA224 value 285 * 286 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 287 * 288 * Context: Any context. 289 */ 290 void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); 291 292 /** 293 * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key 294 * @key: the prepared HMAC key 295 * @data: the message data 296 * @data_len: the data length in bytes 297 * @out: (output) the resulting HMAC-SHA224 value 298 * 299 * If you're using the key only once, consider using hmac_sha224_usingrawkey(). 300 * 301 * Context: Any context. 302 */ 303 void hmac_sha224(const struct hmac_sha224_key *key, 304 const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); 305 306 /** 307 * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key 308 * @raw_key: the raw HMAC-SHA224 key 309 * @raw_key_len: the key length in bytes. All key lengths are supported. 310 * @data: the message data 311 * @data_len: the data length in bytes 312 * @out: (output) the resulting HMAC-SHA224 value 313 * 314 * If you're using the key multiple times, prefer to use 315 * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. 316 * 317 * Context: Any context. 318 */ 319 void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, 320 const u8 *data, size_t data_len, 321 u8 out[SHA224_DIGEST_SIZE]); 322 323 /** 324 * struct sha256_ctx - Context for hashing a message with SHA-256 325 * @ctx: private 326 */ 327 struct sha256_ctx { 328 struct __sha256_ctx ctx; 329 }; 330 331 /** 332 * sha256_init() - Initialize a SHA-256 context for a new message 333 * @ctx: the context to initialize 334 * 335 * If you don't need incremental computation, consider sha256() instead. 336 * 337 * Context: Any context. 338 */ 339 void sha256_init(struct sha256_ctx *ctx); 340 341 /** 342 * sha256_update() - Update a SHA-256 context with message data 343 * @ctx: the context to update; must have been initialized 344 * @data: the message data 345 * @len: the data length in bytes 346 * 347 * This can be called any number of times. 348 * 349 * Context: Any context. 350 */ 351 static inline void sha256_update(struct sha256_ctx *ctx, 352 const u8 *data, size_t len) 353 { 354 __sha256_update(&ctx->ctx, data, len); 355 } 356 357 /** 358 * sha256_final() - Finish computing a SHA-256 message digest 359 * @ctx: the context to finalize; must have been initialized 360 * @out: (output) the resulting SHA-256 message digest 361 * 362 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 363 * 364 * Context: Any context. 365 */ 366 void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 367 368 /** 369 * sha256() - Compute SHA-256 message digest in one shot 370 * @data: the message data 371 * @len: the data length in bytes 372 * @out: (output) the resulting SHA-256 message digest 373 * 374 * Context: Any context. 375 */ 376 void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); 377 378 /** 379 * struct hmac_sha256_key - Prepared key for HMAC-SHA256 380 * @key: private 381 */ 382 struct hmac_sha256_key { 383 struct __hmac_sha256_key key; 384 }; 385 386 /** 387 * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message 388 * @ctx: private 389 */ 390 struct hmac_sha256_ctx { 391 struct __hmac_sha256_ctx ctx; 392 }; 393 394 /** 395 * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 396 * @key: (output) the key structure to initialize 397 * @raw_key: the raw HMAC-SHA256 key 398 * @raw_key_len: the key length in bytes. All key lengths are supported. 399 * 400 * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key 401 * and the raw key once they are no longer needed. 402 * 403 * Context: Any context. 404 */ 405 void hmac_sha256_preparekey(struct hmac_sha256_key *key, 406 const u8 *raw_key, size_t raw_key_len); 407 408 /** 409 * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message 410 * @ctx: (output) the HMAC context to initialize 411 * @key: the prepared HMAC key 412 * 413 * If you don't need incremental computation, consider hmac_sha256() instead. 414 * 415 * Context: Any context. 416 */ 417 static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, 418 const struct hmac_sha256_key *key) 419 { 420 __hmac_sha256_init(&ctx->ctx, &key->key); 421 } 422 423 /** 424 * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new 425 * message, using a raw key 426 * @ctx: (output) the HMAC context to initialize 427 * @raw_key: the raw HMAC-SHA256 key 428 * @raw_key_len: the key length in bytes. All key lengths are supported. 429 * 430 * If you don't need incremental computation, consider hmac_sha256_usingrawkey() 431 * instead. 432 * 433 * Context: Any context. 434 */ 435 void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx, 436 const u8 *raw_key, size_t raw_key_len); 437 438 /** 439 * hmac_sha256_update() - Update an HMAC-SHA256 context with message data 440 * @ctx: the HMAC context to update; must have been initialized 441 * @data: the message data 442 * @data_len: the data length in bytes 443 * 444 * This can be called any number of times. 445 * 446 * Context: Any context. 447 */ 448 static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, 449 const u8 *data, size_t data_len) 450 { 451 __sha256_update(&ctx->ctx.sha_ctx, data, data_len); 452 } 453 454 /** 455 * hmac_sha256_final() - Finish computing an HMAC-SHA256 value 456 * @ctx: the HMAC context to finalize; must have been initialized 457 * @out: (output) the resulting HMAC-SHA256 value 458 * 459 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 460 * 461 * Context: Any context. 462 */ 463 void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); 464 465 /** 466 * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key 467 * @key: the prepared HMAC key 468 * @data: the message data 469 * @data_len: the data length in bytes 470 * @out: (output) the resulting HMAC-SHA256 value 471 * 472 * If you're using the key only once, consider using hmac_sha256_usingrawkey(). 473 * 474 * Context: Any context. 475 */ 476 void hmac_sha256(const struct hmac_sha256_key *key, 477 const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); 478 479 /** 480 * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key 481 * @raw_key: the raw HMAC-SHA256 key 482 * @raw_key_len: the key length in bytes. All key lengths are supported. 483 * @data: the message data 484 * @data_len: the data length in bytes 485 * @out: (output) the resulting HMAC-SHA256 value 486 * 487 * If you're using the key multiple times, prefer to use 488 * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. 489 * 490 * Context: Any context. 491 */ 492 void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, 493 const u8 *data, size_t data_len, 494 u8 out[SHA256_DIGEST_SIZE]); 495 496 /* State for the SHA-512 (and SHA-384) compression function */ 497 struct sha512_block_state { 498 u64 h[8]; 499 }; 500 501 /* 502 * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and 503 * sha512_ctx structs wrap this one so that the API has proper typing and 504 * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. 505 */ 506 struct __sha512_ctx { 507 struct sha512_block_state state; 508 u64 bytecount_lo; 509 u64 bytecount_hi; 510 u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); 511 }; 512 void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); 513 514 /* 515 * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. 516 * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has 517 * proper typing and doesn't allow mixing the functions arbitrarily. 518 */ 519 struct __hmac_sha512_key { 520 struct sha512_block_state istate; 521 struct sha512_block_state ostate; 522 }; 523 struct __hmac_sha512_ctx { 524 struct __sha512_ctx sha_ctx; 525 struct sha512_block_state ostate; 526 }; 527 void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, 528 const struct __hmac_sha512_key *key); 529 530 /** 531 * struct sha384_ctx - Context for hashing a message with SHA-384 532 * @ctx: private 533 */ 534 struct sha384_ctx { 535 struct __sha512_ctx ctx; 536 }; 537 538 /** 539 * sha384_init() - Initialize a SHA-384 context for a new message 540 * @ctx: the context to initialize 541 * 542 * If you don't need incremental computation, consider sha384() instead. 543 * 544 * Context: Any context. 545 */ 546 void sha384_init(struct sha384_ctx *ctx); 547 548 /** 549 * sha384_update() - Update a SHA-384 context with message data 550 * @ctx: the context to update; must have been initialized 551 * @data: the message data 552 * @len: the data length in bytes 553 * 554 * This can be called any number of times. 555 * 556 * Context: Any context. 557 */ 558 static inline void sha384_update(struct sha384_ctx *ctx, 559 const u8 *data, size_t len) 560 { 561 __sha512_update(&ctx->ctx, data, len); 562 } 563 564 /** 565 * sha384_final() - Finish computing a SHA-384 message digest 566 * @ctx: the context to finalize; must have been initialized 567 * @out: (output) the resulting SHA-384 message digest 568 * 569 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 570 * 571 * Context: Any context. 572 */ 573 void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 574 575 /** 576 * sha384() - Compute SHA-384 message digest in one shot 577 * @data: the message data 578 * @len: the data length in bytes 579 * @out: (output) the resulting SHA-384 message digest 580 * 581 * Context: Any context. 582 */ 583 void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); 584 585 /** 586 * struct hmac_sha384_key - Prepared key for HMAC-SHA384 587 * @key: private 588 */ 589 struct hmac_sha384_key { 590 struct __hmac_sha512_key key; 591 }; 592 593 /** 594 * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message 595 * @ctx: private 596 */ 597 struct hmac_sha384_ctx { 598 struct __hmac_sha512_ctx ctx; 599 }; 600 601 /** 602 * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 603 * @key: (output) the key structure to initialize 604 * @raw_key: the raw HMAC-SHA384 key 605 * @raw_key_len: the key length in bytes. All key lengths are supported. 606 * 607 * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key 608 * and the raw key once they are no longer needed. 609 * 610 * Context: Any context. 611 */ 612 void hmac_sha384_preparekey(struct hmac_sha384_key *key, 613 const u8 *raw_key, size_t raw_key_len); 614 615 /** 616 * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message 617 * @ctx: (output) the HMAC context to initialize 618 * @key: the prepared HMAC key 619 * 620 * If you don't need incremental computation, consider hmac_sha384() instead. 621 * 622 * Context: Any context. 623 */ 624 static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, 625 const struct hmac_sha384_key *key) 626 { 627 __hmac_sha512_init(&ctx->ctx, &key->key); 628 } 629 630 /** 631 * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new 632 * message, using a raw key 633 * @ctx: (output) the HMAC context to initialize 634 * @raw_key: the raw HMAC-SHA384 key 635 * @raw_key_len: the key length in bytes. All key lengths are supported. 636 * 637 * If you don't need incremental computation, consider hmac_sha384_usingrawkey() 638 * instead. 639 * 640 * Context: Any context. 641 */ 642 void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx, 643 const u8 *raw_key, size_t raw_key_len); 644 645 /** 646 * hmac_sha384_update() - Update an HMAC-SHA384 context with message data 647 * @ctx: the HMAC context to update; must have been initialized 648 * @data: the message data 649 * @data_len: the data length in bytes 650 * 651 * This can be called any number of times. 652 * 653 * Context: Any context. 654 */ 655 static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, 656 const u8 *data, size_t data_len) 657 { 658 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 659 } 660 661 /** 662 * hmac_sha384_final() - Finish computing an HMAC-SHA384 value 663 * @ctx: the HMAC context to finalize; must have been initialized 664 * @out: (output) the resulting HMAC-SHA384 value 665 * 666 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 667 * 668 * Context: Any context. 669 */ 670 void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); 671 672 /** 673 * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key 674 * @key: the prepared HMAC key 675 * @data: the message data 676 * @data_len: the data length in bytes 677 * @out: (output) the resulting HMAC-SHA384 value 678 * 679 * If you're using the key only once, consider using hmac_sha384_usingrawkey(). 680 * 681 * Context: Any context. 682 */ 683 void hmac_sha384(const struct hmac_sha384_key *key, 684 const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); 685 686 /** 687 * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key 688 * @raw_key: the raw HMAC-SHA384 key 689 * @raw_key_len: the key length in bytes. All key lengths are supported. 690 * @data: the message data 691 * @data_len: the data length in bytes 692 * @out: (output) the resulting HMAC-SHA384 value 693 * 694 * If you're using the key multiple times, prefer to use 695 * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. 696 * 697 * Context: Any context. 698 */ 699 void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, 700 const u8 *data, size_t data_len, 701 u8 out[SHA384_DIGEST_SIZE]); 702 703 /** 704 * struct sha512_ctx - Context for hashing a message with SHA-512 705 * @ctx: private 706 */ 707 struct sha512_ctx { 708 struct __sha512_ctx ctx; 709 }; 710 711 /** 712 * sha512_init() - Initialize a SHA-512 context for a new message 713 * @ctx: the context to initialize 714 * 715 * If you don't need incremental computation, consider sha512() instead. 716 * 717 * Context: Any context. 718 */ 719 void sha512_init(struct sha512_ctx *ctx); 720 721 /** 722 * sha512_update() - Update a SHA-512 context with message data 723 * @ctx: the context to update; must have been initialized 724 * @data: the message data 725 * @len: the data length in bytes 726 * 727 * This can be called any number of times. 728 * 729 * Context: Any context. 730 */ 731 static inline void sha512_update(struct sha512_ctx *ctx, 732 const u8 *data, size_t len) 733 { 734 __sha512_update(&ctx->ctx, data, len); 735 } 736 737 /** 738 * sha512_final() - Finish computing a SHA-512 message digest 739 * @ctx: the context to finalize; must have been initialized 740 * @out: (output) the resulting SHA-512 message digest 741 * 742 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 743 * 744 * Context: Any context. 745 */ 746 void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 747 748 /** 749 * sha512() - Compute SHA-512 message digest in one shot 750 * @data: the message data 751 * @len: the data length in bytes 752 * @out: (output) the resulting SHA-512 message digest 753 * 754 * Context: Any context. 755 */ 756 void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); 757 758 /** 759 * struct hmac_sha512_key - Prepared key for HMAC-SHA512 760 * @key: private 761 */ 762 struct hmac_sha512_key { 763 struct __hmac_sha512_key key; 764 }; 765 766 /** 767 * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message 768 * @ctx: private 769 */ 770 struct hmac_sha512_ctx { 771 struct __hmac_sha512_ctx ctx; 772 }; 773 774 /** 775 * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 776 * @key: (output) the key structure to initialize 777 * @raw_key: the raw HMAC-SHA512 key 778 * @raw_key_len: the key length in bytes. All key lengths are supported. 779 * 780 * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key 781 * and the raw key once they are no longer needed. 782 * 783 * Context: Any context. 784 */ 785 void hmac_sha512_preparekey(struct hmac_sha512_key *key, 786 const u8 *raw_key, size_t raw_key_len); 787 788 /** 789 * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message 790 * @ctx: (output) the HMAC context to initialize 791 * @key: the prepared HMAC key 792 * 793 * If you don't need incremental computation, consider hmac_sha512() instead. 794 * 795 * Context: Any context. 796 */ 797 static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, 798 const struct hmac_sha512_key *key) 799 { 800 __hmac_sha512_init(&ctx->ctx, &key->key); 801 } 802 803 /** 804 * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new 805 * message, using a raw key 806 * @ctx: (output) the HMAC context to initialize 807 * @raw_key: the raw HMAC-SHA512 key 808 * @raw_key_len: the key length in bytes. All key lengths are supported. 809 * 810 * If you don't need incremental computation, consider hmac_sha512_usingrawkey() 811 * instead. 812 * 813 * Context: Any context. 814 */ 815 void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx, 816 const u8 *raw_key, size_t raw_key_len); 817 818 /** 819 * hmac_sha512_update() - Update an HMAC-SHA512 context with message data 820 * @ctx: the HMAC context to update; must have been initialized 821 * @data: the message data 822 * @data_len: the data length in bytes 823 * 824 * This can be called any number of times. 825 * 826 * Context: Any context. 827 */ 828 static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, 829 const u8 *data, size_t data_len) 830 { 831 __sha512_update(&ctx->ctx.sha_ctx, data, data_len); 832 } 833 834 /** 835 * hmac_sha512_final() - Finish computing an HMAC-SHA512 value 836 * @ctx: the HMAC context to finalize; must have been initialized 837 * @out: (output) the resulting HMAC-SHA512 value 838 * 839 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 840 * 841 * Context: Any context. 842 */ 843 void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); 844 845 /** 846 * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key 847 * @key: the prepared HMAC key 848 * @data: the message data 849 * @data_len: the data length in bytes 850 * @out: (output) the resulting HMAC-SHA512 value 851 * 852 * If you're using the key only once, consider using hmac_sha512_usingrawkey(). 853 * 854 * Context: Any context. 855 */ 856 void hmac_sha512(const struct hmac_sha512_key *key, 857 const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); 858 859 /** 860 * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key 861 * @raw_key: the raw HMAC-SHA512 key 862 * @raw_key_len: the key length in bytes. All key lengths are supported. 863 * @data: the message data 864 * @data_len: the data length in bytes 865 * @out: (output) the resulting HMAC-SHA512 value 866 * 867 * If you're using the key multiple times, prefer to use 868 * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. 869 * 870 * Context: Any context. 871 */ 872 void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, 873 const u8 *data, size_t data_len, 874 u8 out[SHA512_DIGEST_SIZE]); 875 876 #endif /* _CRYPTO_SHA2_H */ 877