sha2.h 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. /*
  3. * Common values for SHA-2 algorithms
  4. */
  5. #ifndef _CRYPTO_SHA2_H
  6. #define _CRYPTO_SHA2_H
  7. #include <linux/types.h>
  8. #define SHA224_DIGEST_SIZE 28
  9. #define SHA224_BLOCK_SIZE 64
  10. #define SHA256_DIGEST_SIZE 32
  11. #define SHA256_BLOCK_SIZE 64
  12. #define SHA256_STATE_WORDS 8
  13. #define SHA384_DIGEST_SIZE 48
  14. #define SHA384_BLOCK_SIZE 128
  15. #define SHA512_DIGEST_SIZE 64
  16. #define SHA512_BLOCK_SIZE 128
  17. #define SHA512_STATE_SIZE 80
  18. #define SHA224_H0 0xc1059ed8UL
  19. #define SHA224_H1 0x367cd507UL
  20. #define SHA224_H2 0x3070dd17UL
  21. #define SHA224_H3 0xf70e5939UL
  22. #define SHA224_H4 0xffc00b31UL
  23. #define SHA224_H5 0x68581511UL
  24. #define SHA224_H6 0x64f98fa7UL
  25. #define SHA224_H7 0xbefa4fa4UL
  26. #define SHA256_H0 0x6a09e667UL
  27. #define SHA256_H1 0xbb67ae85UL
  28. #define SHA256_H2 0x3c6ef372UL
  29. #define SHA256_H3 0xa54ff53aUL
  30. #define SHA256_H4 0x510e527fUL
  31. #define SHA256_H5 0x9b05688cUL
  32. #define SHA256_H6 0x1f83d9abUL
  33. #define SHA256_H7 0x5be0cd19UL
  34. #define SHA384_H0 0xcbbb9d5dc1059ed8ULL
  35. #define SHA384_H1 0x629a292a367cd507ULL
  36. #define SHA384_H2 0x9159015a3070dd17ULL
  37. #define SHA384_H3 0x152fecd8f70e5939ULL
  38. #define SHA384_H4 0x67332667ffc00b31ULL
  39. #define SHA384_H5 0x8eb44a8768581511ULL
  40. #define SHA384_H6 0xdb0c2e0d64f98fa7ULL
  41. #define SHA384_H7 0x47b5481dbefa4fa4ULL
  42. #define SHA512_H0 0x6a09e667f3bcc908ULL
  43. #define SHA512_H1 0xbb67ae8584caa73bULL
  44. #define SHA512_H2 0x3c6ef372fe94f82bULL
  45. #define SHA512_H3 0xa54ff53a5f1d36f1ULL
  46. #define SHA512_H4 0x510e527fade682d1ULL
  47. #define SHA512_H5 0x9b05688c2b3e6c1fULL
  48. #define SHA512_H6 0x1f83d9abfb41bd6bULL
  49. #define SHA512_H7 0x5be0cd19137e2179ULL
  50. extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
  51. extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
  52. extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE];
  53. extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE];
  54. struct crypto_sha256_state {
  55. u32 state[SHA256_STATE_WORDS];
  56. u64 count;
  57. };
  58. static inline void sha224_block_init(struct crypto_sha256_state *sctx)
  59. {
  60. sctx->state[0] = SHA224_H0;
  61. sctx->state[1] = SHA224_H1;
  62. sctx->state[2] = SHA224_H2;
  63. sctx->state[3] = SHA224_H3;
  64. sctx->state[4] = SHA224_H4;
  65. sctx->state[5] = SHA224_H5;
  66. sctx->state[6] = SHA224_H6;
  67. sctx->state[7] = SHA224_H7;
  68. sctx->count = 0;
  69. }
  70. static inline void sha256_block_init(struct crypto_sha256_state *sctx)
  71. {
  72. sctx->state[0] = SHA256_H0;
  73. sctx->state[1] = SHA256_H1;
  74. sctx->state[2] = SHA256_H2;
  75. sctx->state[3] = SHA256_H3;
  76. sctx->state[4] = SHA256_H4;
  77. sctx->state[5] = SHA256_H5;
  78. sctx->state[6] = SHA256_H6;
  79. sctx->state[7] = SHA256_H7;
  80. sctx->count = 0;
  81. }
  82. struct sha256_state {
  83. union {
  84. struct crypto_sha256_state ctx;
  85. struct {
  86. u32 state[SHA256_STATE_WORDS];
  87. u64 count;
  88. };
  89. };
  90. u8 buf[SHA256_BLOCK_SIZE];
  91. };
  92. struct sha512_state {
  93. u64 state[SHA512_DIGEST_SIZE / 8];
  94. u64 count[2];
  95. u8 buf[SHA512_BLOCK_SIZE];
  96. };
  97. /* State for the SHA-256 (and SHA-224) compression function */
  98. struct sha256_block_state {
  99. u32 h[SHA256_STATE_WORDS];
  100. };
  101. /*
  102. * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and
  103. * sha256_ctx structs wrap this one so that the API has proper typing and
  104. * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily.
  105. */
  106. struct __sha256_ctx {
  107. struct sha256_block_state state;
  108. u64 bytecount;
  109. u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64));
  110. };
  111. void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len);
  112. /*
  113. * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256.
  114. * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has
  115. * proper typing and doesn't allow mixing the functions arbitrarily.
  116. */
  117. struct __hmac_sha256_key {
  118. struct sha256_block_state istate;
  119. struct sha256_block_state ostate;
  120. };
  121. struct __hmac_sha256_ctx {
  122. struct __sha256_ctx sha_ctx;
  123. struct sha256_block_state ostate;
  124. };
  125. void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx,
  126. const struct __hmac_sha256_key *key);
  127. /**
  128. * struct sha224_ctx - Context for hashing a message with SHA-224
  129. * @ctx: private
  130. */
  131. struct sha224_ctx {
  132. struct __sha256_ctx ctx;
  133. };
  134. /**
  135. * sha224_init() - Initialize a SHA-224 context for a new message
  136. * @ctx: the context to initialize
  137. *
  138. * If you don't need incremental computation, consider sha224() instead.
  139. *
  140. * Context: Any context.
  141. */
  142. void sha224_init(struct sha224_ctx *ctx);
  143. /**
  144. * sha224_update() - Update a SHA-224 context with message data
  145. * @ctx: the context to update; must have been initialized
  146. * @data: the message data
  147. * @len: the data length in bytes
  148. *
  149. * This can be called any number of times.
  150. *
  151. * Context: Any context.
  152. */
  153. static inline void sha224_update(struct sha224_ctx *ctx,
  154. const u8 *data, size_t len)
  155. {
  156. __sha256_update(&ctx->ctx, data, len);
  157. }
  158. /**
  159. * sha224_final() - Finish computing a SHA-224 message digest
  160. * @ctx: the context to finalize; must have been initialized
  161. * @out: (output) the resulting SHA-224 message digest
  162. *
  163. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  164. *
  165. * Context: Any context.
  166. */
  167. void sha224_final(struct sha224_ctx *ctx, u8 out[at_least SHA224_DIGEST_SIZE]);
  168. /**
  169. * sha224() - Compute SHA-224 message digest in one shot
  170. * @data: the message data
  171. * @len: the data length in bytes
  172. * @out: (output) the resulting SHA-224 message digest
  173. *
  174. * Context: Any context.
  175. */
  176. void sha224(const u8 *data, size_t len, u8 out[at_least SHA224_DIGEST_SIZE]);
  177. /**
  178. * struct hmac_sha224_key - Prepared key for HMAC-SHA224
  179. * @key: private
  180. */
  181. struct hmac_sha224_key {
  182. struct __hmac_sha256_key key;
  183. };
  184. /**
  185. * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message
  186. * @ctx: private
  187. */
  188. struct hmac_sha224_ctx {
  189. struct __hmac_sha256_ctx ctx;
  190. };
  191. /**
  192. * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224
  193. * @key: (output) the key structure to initialize
  194. * @raw_key: the raw HMAC-SHA224 key
  195. * @raw_key_len: the key length in bytes. All key lengths are supported.
  196. *
  197. * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key
  198. * and the raw key once they are no longer needed.
  199. *
  200. * Context: Any context.
  201. */
  202. void hmac_sha224_preparekey(struct hmac_sha224_key *key,
  203. const u8 *raw_key, size_t raw_key_len);
  204. /**
  205. * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message
  206. * @ctx: (output) the HMAC context to initialize
  207. * @key: the prepared HMAC key
  208. *
  209. * If you don't need incremental computation, consider hmac_sha224() instead.
  210. *
  211. * Context: Any context.
  212. */
  213. static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx,
  214. const struct hmac_sha224_key *key)
  215. {
  216. __hmac_sha256_init(&ctx->ctx, &key->key);
  217. }
  218. /**
  219. * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new
  220. * message, using a raw key
  221. * @ctx: (output) the HMAC context to initialize
  222. * @raw_key: the raw HMAC-SHA224 key
  223. * @raw_key_len: the key length in bytes. All key lengths are supported.
  224. *
  225. * If you don't need incremental computation, consider hmac_sha224_usingrawkey()
  226. * instead.
  227. *
  228. * Context: Any context.
  229. */
  230. void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx,
  231. const u8 *raw_key, size_t raw_key_len);
  232. /**
  233. * hmac_sha224_update() - Update an HMAC-SHA224 context with message data
  234. * @ctx: the HMAC context to update; must have been initialized
  235. * @data: the message data
  236. * @data_len: the data length in bytes
  237. *
  238. * This can be called any number of times.
  239. *
  240. * Context: Any context.
  241. */
  242. static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx,
  243. const u8 *data, size_t data_len)
  244. {
  245. __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
  246. }
  247. /**
  248. * hmac_sha224_final() - Finish computing an HMAC-SHA224 value
  249. * @ctx: the HMAC context to finalize; must have been initialized
  250. * @out: (output) the resulting HMAC-SHA224 value
  251. *
  252. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  253. *
  254. * Context: Any context.
  255. */
  256. void hmac_sha224_final(struct hmac_sha224_ctx *ctx,
  257. u8 out[at_least SHA224_DIGEST_SIZE]);
  258. /**
  259. * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key
  260. * @key: the prepared HMAC key
  261. * @data: the message data
  262. * @data_len: the data length in bytes
  263. * @out: (output) the resulting HMAC-SHA224 value
  264. *
  265. * If you're using the key only once, consider using hmac_sha224_usingrawkey().
  266. *
  267. * Context: Any context.
  268. */
  269. void hmac_sha224(const struct hmac_sha224_key *key,
  270. const u8 *data, size_t data_len,
  271. u8 out[at_least SHA224_DIGEST_SIZE]);
  272. /**
  273. * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key
  274. * @raw_key: the raw HMAC-SHA224 key
  275. * @raw_key_len: the key length in bytes. All key lengths are supported.
  276. * @data: the message data
  277. * @data_len: the data length in bytes
  278. * @out: (output) the resulting HMAC-SHA224 value
  279. *
  280. * If you're using the key multiple times, prefer to use
  281. * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead.
  282. *
  283. * Context: Any context.
  284. */
  285. void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len,
  286. const u8 *data, size_t data_len,
  287. u8 out[at_least SHA224_DIGEST_SIZE]);
  288. /**
  289. * struct sha256_ctx - Context for hashing a message with SHA-256
  290. * @ctx: private
  291. */
  292. struct sha256_ctx {
  293. struct __sha256_ctx ctx;
  294. };
  295. /**
  296. * sha256_init() - Initialize a SHA-256 context for a new message
  297. * @ctx: the context to initialize
  298. *
  299. * If you don't need incremental computation, consider sha256() instead.
  300. *
  301. * Context: Any context.
  302. */
  303. void sha256_init(struct sha256_ctx *ctx);
  304. /**
  305. * sha256_update() - Update a SHA-256 context with message data
  306. * @ctx: the context to update; must have been initialized
  307. * @data: the message data
  308. * @len: the data length in bytes
  309. *
  310. * This can be called any number of times.
  311. *
  312. * Context: Any context.
  313. */
  314. static inline void sha256_update(struct sha256_ctx *ctx,
  315. const u8 *data, size_t len)
  316. {
  317. __sha256_update(&ctx->ctx, data, len);
  318. }
  319. /**
  320. * sha256_final() - Finish computing a SHA-256 message digest
  321. * @ctx: the context to finalize; must have been initialized
  322. * @out: (output) the resulting SHA-256 message digest
  323. *
  324. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  325. *
  326. * Context: Any context.
  327. */
  328. void sha256_final(struct sha256_ctx *ctx, u8 out[at_least SHA256_DIGEST_SIZE]);
  329. /**
  330. * sha256() - Compute SHA-256 message digest in one shot
  331. * @data: the message data
  332. * @len: the data length in bytes
  333. * @out: (output) the resulting SHA-256 message digest
  334. *
  335. * Context: Any context.
  336. */
  337. void sha256(const u8 *data, size_t len, u8 out[at_least SHA256_DIGEST_SIZE]);
  338. /**
  339. * sha256_finup_2x() - Compute two SHA-256 digests from a common initial
  340. * context. On some CPUs, this is faster than sequentially
  341. * computing each digest.
  342. * @ctx: an optional initial context, which may have already processed data. If
  343. * NULL, a default initial context is used (equivalent to sha256_init()).
  344. * @data1: data for the first message
  345. * @data2: data for the second message
  346. * @len: the length of each of @data1 and @data2, in bytes
  347. * @out1: (output) the first SHA-256 message digest
  348. * @out2: (output) the second SHA-256 message digest
  349. *
  350. * Context: Any context.
  351. */
  352. void sha256_finup_2x(const struct sha256_ctx *ctx, const u8 *data1,
  353. const u8 *data2, size_t len,
  354. u8 out1[at_least SHA256_DIGEST_SIZE],
  355. u8 out2[at_least SHA256_DIGEST_SIZE]);
  356. /**
  357. * sha256_finup_2x_is_optimized() - Check if sha256_finup_2x() is using a real
  358. * interleaved implementation, as opposed to a
  359. * sequential fallback
  360. * @return: true if optimized
  361. *
  362. * Context: Any context.
  363. */
  364. bool sha256_finup_2x_is_optimized(void);
  365. /**
  366. * struct hmac_sha256_key - Prepared key for HMAC-SHA256
  367. * @key: private
  368. */
  369. struct hmac_sha256_key {
  370. struct __hmac_sha256_key key;
  371. };
  372. /**
  373. * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message
  374. * @ctx: private
  375. */
  376. struct hmac_sha256_ctx {
  377. struct __hmac_sha256_ctx ctx;
  378. };
  379. /**
  380. * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256
  381. * @key: (output) the key structure to initialize
  382. * @raw_key: the raw HMAC-SHA256 key
  383. * @raw_key_len: the key length in bytes. All key lengths are supported.
  384. *
  385. * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key
  386. * and the raw key once they are no longer needed.
  387. *
  388. * Context: Any context.
  389. */
  390. void hmac_sha256_preparekey(struct hmac_sha256_key *key,
  391. const u8 *raw_key, size_t raw_key_len);
  392. /**
  393. * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message
  394. * @ctx: (output) the HMAC context to initialize
  395. * @key: the prepared HMAC key
  396. *
  397. * If you don't need incremental computation, consider hmac_sha256() instead.
  398. *
  399. * Context: Any context.
  400. */
  401. static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx,
  402. const struct hmac_sha256_key *key)
  403. {
  404. __hmac_sha256_init(&ctx->ctx, &key->key);
  405. }
  406. /**
  407. * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new
  408. * message, using a raw key
  409. * @ctx: (output) the HMAC context to initialize
  410. * @raw_key: the raw HMAC-SHA256 key
  411. * @raw_key_len: the key length in bytes. All key lengths are supported.
  412. *
  413. * If you don't need incremental computation, consider hmac_sha256_usingrawkey()
  414. * instead.
  415. *
  416. * Context: Any context.
  417. */
  418. void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx,
  419. const u8 *raw_key, size_t raw_key_len);
  420. /**
  421. * hmac_sha256_update() - Update an HMAC-SHA256 context with message data
  422. * @ctx: the HMAC context to update; must have been initialized
  423. * @data: the message data
  424. * @data_len: the data length in bytes
  425. *
  426. * This can be called any number of times.
  427. *
  428. * Context: Any context.
  429. */
  430. static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx,
  431. const u8 *data, size_t data_len)
  432. {
  433. __sha256_update(&ctx->ctx.sha_ctx, data, data_len);
  434. }
  435. /**
  436. * hmac_sha256_final() - Finish computing an HMAC-SHA256 value
  437. * @ctx: the HMAC context to finalize; must have been initialized
  438. * @out: (output) the resulting HMAC-SHA256 value
  439. *
  440. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  441. *
  442. * Context: Any context.
  443. */
  444. void hmac_sha256_final(struct hmac_sha256_ctx *ctx,
  445. u8 out[at_least SHA256_DIGEST_SIZE]);
  446. /**
  447. * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key
  448. * @key: the prepared HMAC key
  449. * @data: the message data
  450. * @data_len: the data length in bytes
  451. * @out: (output) the resulting HMAC-SHA256 value
  452. *
  453. * If you're using the key only once, consider using hmac_sha256_usingrawkey().
  454. *
  455. * Context: Any context.
  456. */
  457. void hmac_sha256(const struct hmac_sha256_key *key,
  458. const u8 *data, size_t data_len,
  459. u8 out[at_least SHA256_DIGEST_SIZE]);
  460. /**
  461. * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key
  462. * @raw_key: the raw HMAC-SHA256 key
  463. * @raw_key_len: the key length in bytes. All key lengths are supported.
  464. * @data: the message data
  465. * @data_len: the data length in bytes
  466. * @out: (output) the resulting HMAC-SHA256 value
  467. *
  468. * If you're using the key multiple times, prefer to use
  469. * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead.
  470. *
  471. * Context: Any context.
  472. */
  473. void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len,
  474. const u8 *data, size_t data_len,
  475. u8 out[at_least SHA256_DIGEST_SIZE]);
  476. /* State for the SHA-512 (and SHA-384) compression function */
  477. struct sha512_block_state {
  478. u64 h[8];
  479. };
  480. /*
  481. * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and
  482. * sha512_ctx structs wrap this one so that the API has proper typing and
  483. * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily.
  484. */
  485. struct __sha512_ctx {
  486. struct sha512_block_state state;
  487. u64 bytecount_lo;
  488. u64 bytecount_hi;
  489. u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64));
  490. };
  491. void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len);
  492. /*
  493. * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512.
  494. * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has
  495. * proper typing and doesn't allow mixing the functions arbitrarily.
  496. */
  497. struct __hmac_sha512_key {
  498. struct sha512_block_state istate;
  499. struct sha512_block_state ostate;
  500. };
  501. struct __hmac_sha512_ctx {
  502. struct __sha512_ctx sha_ctx;
  503. struct sha512_block_state ostate;
  504. };
  505. void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx,
  506. const struct __hmac_sha512_key *key);
  507. /**
  508. * struct sha384_ctx - Context for hashing a message with SHA-384
  509. * @ctx: private
  510. */
  511. struct sha384_ctx {
  512. struct __sha512_ctx ctx;
  513. };
  514. /**
  515. * sha384_init() - Initialize a SHA-384 context for a new message
  516. * @ctx: the context to initialize
  517. *
  518. * If you don't need incremental computation, consider sha384() instead.
  519. *
  520. * Context: Any context.
  521. */
  522. void sha384_init(struct sha384_ctx *ctx);
  523. /**
  524. * sha384_update() - Update a SHA-384 context with message data
  525. * @ctx: the context to update; must have been initialized
  526. * @data: the message data
  527. * @len: the data length in bytes
  528. *
  529. * This can be called any number of times.
  530. *
  531. * Context: Any context.
  532. */
  533. static inline void sha384_update(struct sha384_ctx *ctx,
  534. const u8 *data, size_t len)
  535. {
  536. __sha512_update(&ctx->ctx, data, len);
  537. }
  538. /**
  539. * sha384_final() - Finish computing a SHA-384 message digest
  540. * @ctx: the context to finalize; must have been initialized
  541. * @out: (output) the resulting SHA-384 message digest
  542. *
  543. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  544. *
  545. * Context: Any context.
  546. */
  547. void sha384_final(struct sha384_ctx *ctx, u8 out[at_least SHA384_DIGEST_SIZE]);
  548. /**
  549. * sha384() - Compute SHA-384 message digest in one shot
  550. * @data: the message data
  551. * @len: the data length in bytes
  552. * @out: (output) the resulting SHA-384 message digest
  553. *
  554. * Context: Any context.
  555. */
  556. void sha384(const u8 *data, size_t len, u8 out[at_least SHA384_DIGEST_SIZE]);
  557. /**
  558. * struct hmac_sha384_key - Prepared key for HMAC-SHA384
  559. * @key: private
  560. */
  561. struct hmac_sha384_key {
  562. struct __hmac_sha512_key key;
  563. };
  564. /**
  565. * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message
  566. * @ctx: private
  567. */
  568. struct hmac_sha384_ctx {
  569. struct __hmac_sha512_ctx ctx;
  570. };
  571. /**
  572. * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384
  573. * @key: (output) the key structure to initialize
  574. * @raw_key: the raw HMAC-SHA384 key
  575. * @raw_key_len: the key length in bytes. All key lengths are supported.
  576. *
  577. * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key
  578. * and the raw key once they are no longer needed.
  579. *
  580. * Context: Any context.
  581. */
  582. void hmac_sha384_preparekey(struct hmac_sha384_key *key,
  583. const u8 *raw_key, size_t raw_key_len);
  584. /**
  585. * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message
  586. * @ctx: (output) the HMAC context to initialize
  587. * @key: the prepared HMAC key
  588. *
  589. * If you don't need incremental computation, consider hmac_sha384() instead.
  590. *
  591. * Context: Any context.
  592. */
  593. static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx,
  594. const struct hmac_sha384_key *key)
  595. {
  596. __hmac_sha512_init(&ctx->ctx, &key->key);
  597. }
  598. /**
  599. * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new
  600. * message, using a raw key
  601. * @ctx: (output) the HMAC context to initialize
  602. * @raw_key: the raw HMAC-SHA384 key
  603. * @raw_key_len: the key length in bytes. All key lengths are supported.
  604. *
  605. * If you don't need incremental computation, consider hmac_sha384_usingrawkey()
  606. * instead.
  607. *
  608. * Context: Any context.
  609. */
  610. void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx,
  611. const u8 *raw_key, size_t raw_key_len);
  612. /**
  613. * hmac_sha384_update() - Update an HMAC-SHA384 context with message data
  614. * @ctx: the HMAC context to update; must have been initialized
  615. * @data: the message data
  616. * @data_len: the data length in bytes
  617. *
  618. * This can be called any number of times.
  619. *
  620. * Context: Any context.
  621. */
  622. static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx,
  623. const u8 *data, size_t data_len)
  624. {
  625. __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
  626. }
  627. /**
  628. * hmac_sha384_final() - Finish computing an HMAC-SHA384 value
  629. * @ctx: the HMAC context to finalize; must have been initialized
  630. * @out: (output) the resulting HMAC-SHA384 value
  631. *
  632. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  633. *
  634. * Context: Any context.
  635. */
  636. void hmac_sha384_final(struct hmac_sha384_ctx *ctx,
  637. u8 out[at_least SHA384_DIGEST_SIZE]);
  638. /**
  639. * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key
  640. * @key: the prepared HMAC key
  641. * @data: the message data
  642. * @data_len: the data length in bytes
  643. * @out: (output) the resulting HMAC-SHA384 value
  644. *
  645. * If you're using the key only once, consider using hmac_sha384_usingrawkey().
  646. *
  647. * Context: Any context.
  648. */
  649. void hmac_sha384(const struct hmac_sha384_key *key,
  650. const u8 *data, size_t data_len,
  651. u8 out[at_least SHA384_DIGEST_SIZE]);
  652. /**
  653. * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key
  654. * @raw_key: the raw HMAC-SHA384 key
  655. * @raw_key_len: the key length in bytes. All key lengths are supported.
  656. * @data: the message data
  657. * @data_len: the data length in bytes
  658. * @out: (output) the resulting HMAC-SHA384 value
  659. *
  660. * If you're using the key multiple times, prefer to use
  661. * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead.
  662. *
  663. * Context: Any context.
  664. */
  665. void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len,
  666. const u8 *data, size_t data_len,
  667. u8 out[at_least SHA384_DIGEST_SIZE]);
  668. /**
  669. * struct sha512_ctx - Context for hashing a message with SHA-512
  670. * @ctx: private
  671. */
  672. struct sha512_ctx {
  673. struct __sha512_ctx ctx;
  674. };
  675. /**
  676. * sha512_init() - Initialize a SHA-512 context for a new message
  677. * @ctx: the context to initialize
  678. *
  679. * If you don't need incremental computation, consider sha512() instead.
  680. *
  681. * Context: Any context.
  682. */
  683. void sha512_init(struct sha512_ctx *ctx);
  684. /**
  685. * sha512_update() - Update a SHA-512 context with message data
  686. * @ctx: the context to update; must have been initialized
  687. * @data: the message data
  688. * @len: the data length in bytes
  689. *
  690. * This can be called any number of times.
  691. *
  692. * Context: Any context.
  693. */
  694. static inline void sha512_update(struct sha512_ctx *ctx,
  695. const u8 *data, size_t len)
  696. {
  697. __sha512_update(&ctx->ctx, data, len);
  698. }
  699. /**
  700. * sha512_final() - Finish computing a SHA-512 message digest
  701. * @ctx: the context to finalize; must have been initialized
  702. * @out: (output) the resulting SHA-512 message digest
  703. *
  704. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  705. *
  706. * Context: Any context.
  707. */
  708. void sha512_final(struct sha512_ctx *ctx, u8 out[at_least SHA512_DIGEST_SIZE]);
  709. /**
  710. * sha512() - Compute SHA-512 message digest in one shot
  711. * @data: the message data
  712. * @len: the data length in bytes
  713. * @out: (output) the resulting SHA-512 message digest
  714. *
  715. * Context: Any context.
  716. */
  717. void sha512(const u8 *data, size_t len, u8 out[at_least SHA512_DIGEST_SIZE]);
  718. /**
  719. * struct hmac_sha512_key - Prepared key for HMAC-SHA512
  720. * @key: private
  721. */
  722. struct hmac_sha512_key {
  723. struct __hmac_sha512_key key;
  724. };
  725. /**
  726. * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message
  727. * @ctx: private
  728. */
  729. struct hmac_sha512_ctx {
  730. struct __hmac_sha512_ctx ctx;
  731. };
  732. /**
  733. * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512
  734. * @key: (output) the key structure to initialize
  735. * @raw_key: the raw HMAC-SHA512 key
  736. * @raw_key_len: the key length in bytes. All key lengths are supported.
  737. *
  738. * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key
  739. * and the raw key once they are no longer needed.
  740. *
  741. * Context: Any context.
  742. */
  743. void hmac_sha512_preparekey(struct hmac_sha512_key *key,
  744. const u8 *raw_key, size_t raw_key_len);
  745. /**
  746. * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message
  747. * @ctx: (output) the HMAC context to initialize
  748. * @key: the prepared HMAC key
  749. *
  750. * If you don't need incremental computation, consider hmac_sha512() instead.
  751. *
  752. * Context: Any context.
  753. */
  754. static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx,
  755. const struct hmac_sha512_key *key)
  756. {
  757. __hmac_sha512_init(&ctx->ctx, &key->key);
  758. }
  759. /**
  760. * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new
  761. * message, using a raw key
  762. * @ctx: (output) the HMAC context to initialize
  763. * @raw_key: the raw HMAC-SHA512 key
  764. * @raw_key_len: the key length in bytes. All key lengths are supported.
  765. *
  766. * If you don't need incremental computation, consider hmac_sha512_usingrawkey()
  767. * instead.
  768. *
  769. * Context: Any context.
  770. */
  771. void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx,
  772. const u8 *raw_key, size_t raw_key_len);
  773. /**
  774. * hmac_sha512_update() - Update an HMAC-SHA512 context with message data
  775. * @ctx: the HMAC context to update; must have been initialized
  776. * @data: the message data
  777. * @data_len: the data length in bytes
  778. *
  779. * This can be called any number of times.
  780. *
  781. * Context: Any context.
  782. */
  783. static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx,
  784. const u8 *data, size_t data_len)
  785. {
  786. __sha512_update(&ctx->ctx.sha_ctx, data, data_len);
  787. }
  788. /**
  789. * hmac_sha512_final() - Finish computing an HMAC-SHA512 value
  790. * @ctx: the HMAC context to finalize; must have been initialized
  791. * @out: (output) the resulting HMAC-SHA512 value
  792. *
  793. * After finishing, this zeroizes @ctx. So the caller does not need to do it.
  794. *
  795. * Context: Any context.
  796. */
  797. void hmac_sha512_final(struct hmac_sha512_ctx *ctx,
  798. u8 out[at_least SHA512_DIGEST_SIZE]);
  799. /**
  800. * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key
  801. * @key: the prepared HMAC key
  802. * @data: the message data
  803. * @data_len: the data length in bytes
  804. * @out: (output) the resulting HMAC-SHA512 value
  805. *
  806. * If you're using the key only once, consider using hmac_sha512_usingrawkey().
  807. *
  808. * Context: Any context.
  809. */
  810. void hmac_sha512(const struct hmac_sha512_key *key,
  811. const u8 *data, size_t data_len,
  812. u8 out[at_least SHA512_DIGEST_SIZE]);
  813. /**
  814. * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key
  815. * @raw_key: the raw HMAC-SHA512 key
  816. * @raw_key_len: the key length in bytes. All key lengths are supported.
  817. * @data: the message data
  818. * @data_len: the data length in bytes
  819. * @out: (output) the resulting HMAC-SHA512 value
  820. *
  821. * If you're using the key multiple times, prefer to use
  822. * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead.
  823. *
  824. * Context: Any context.
  825. */
  826. void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len,
  827. const u8 *data, size_t data_len,
  828. u8 out[at_least SHA512_DIGEST_SIZE]);
  829. #endif /* _CRYPTO_SHA2_H */