crypto/sha256.c at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / crypto / sha256.c
at master 12 kB view raw
  1// SPDX-License-Identifier: GPL-2.0-or-later
  2/*
  3 * Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256
  4 *
  5 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
  6 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
  7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
  8 * SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com>
  9 * Copyright 2025 Google LLC
 10 */
 11#include <crypto/internal/hash.h>
 12#include <crypto/sha2.h>
 13#include <linux/kernel.h>
 14#include <linux/module.h>
 15
 16/*
 17 * Export and import functions.  crypto_shash wants a particular format that
 18 * matches that used by some legacy drivers.  It currently is the same as the
 19 * library SHA context, except the value in bytecount must be block-aligned and
 20 * the remainder must be stored in an extra u8 appended to the struct.
 21 */
 22
 23#define SHA256_SHASH_STATE_SIZE 105
 24static_assert(offsetof(struct __sha256_ctx, state) == 0);
 25static_assert(offsetof(struct __sha256_ctx, bytecount) == 32);
 26static_assert(offsetof(struct __sha256_ctx, buf) == 40);
 27static_assert(sizeof(struct __sha256_ctx) + 1 == SHA256_SHASH_STATE_SIZE);
 28
 29static int __crypto_sha256_export(const struct __sha256_ctx *ctx0, void *out)
 30{
 31	struct __sha256_ctx ctx = *ctx0;
 32	unsigned int partial;
 33	u8 *p = out;
 34
 35	partial = ctx.bytecount % SHA256_BLOCK_SIZE;
 36	ctx.bytecount -= partial;
 37	memcpy(p, &ctx, sizeof(ctx));
 38	p += sizeof(ctx);
 39	*p = partial;
 40	return 0;
 41}
 42
 43static int __crypto_sha256_import(struct __sha256_ctx *ctx, const void *in)
 44{
 45	const u8 *p = in;
 46
 47	memcpy(ctx, p, sizeof(*ctx));
 48	p += sizeof(*ctx);
 49	ctx->bytecount += *p;
 50	return 0;
 51}
 52
 53static int __crypto_sha256_export_core(const struct __sha256_ctx *ctx,
 54				       void *out)
 55{
 56	memcpy(out, ctx, offsetof(struct __sha256_ctx, buf));
 57	return 0;
 58}
 59
 60static int __crypto_sha256_import_core(struct __sha256_ctx *ctx, const void *in)
 61{
 62	memcpy(ctx, in, offsetof(struct __sha256_ctx, buf));
 63	return 0;
 64}
 65
 66/* SHA-224 */
 67
 68const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = {
 69	0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47,
 70	0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2,
 71	0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4,
 72	0x2f
 73};
 74EXPORT_SYMBOL_GPL(sha224_zero_message_hash);
 75
 76#define SHA224_CTX(desc) ((struct sha224_ctx *)shash_desc_ctx(desc))
 77
 78static int crypto_sha224_init(struct shash_desc *desc)
 79{
 80	sha224_init(SHA224_CTX(desc));
 81	return 0;
 82}
 83
 84static int crypto_sha224_update(struct shash_desc *desc,
 85				const u8 *data, unsigned int len)
 86{
 87	sha224_update(SHA224_CTX(desc), data, len);
 88	return 0;
 89}
 90
 91static int crypto_sha224_final(struct shash_desc *desc, u8 *out)
 92{
 93	sha224_final(SHA224_CTX(desc), out);
 94	return 0;
 95}
 96
 97static int crypto_sha224_digest(struct shash_desc *desc,
 98				const u8 *data, unsigned int len, u8 *out)
 99{
100	sha224(data, len, out);
101	return 0;
102}
103
104static int crypto_sha224_export(struct shash_desc *desc, void *out)
105{
106	return __crypto_sha256_export(&SHA224_CTX(desc)->ctx, out);
107}
108
109static int crypto_sha224_import(struct shash_desc *desc, const void *in)
110{
111	return __crypto_sha256_import(&SHA224_CTX(desc)->ctx, in);
112}
113
114static int crypto_sha224_export_core(struct shash_desc *desc, void *out)
115{
116	return __crypto_sha256_export_core(&SHA224_CTX(desc)->ctx, out);
117}
118
119static int crypto_sha224_import_core(struct shash_desc *desc, const void *in)
120{
121	return __crypto_sha256_import_core(&SHA224_CTX(desc)->ctx, in);
122}
123
124/* SHA-256 */
125
126const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = {
127	0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
128	0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
129	0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
130	0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
131};
132EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
133
134#define SHA256_CTX(desc) ((struct sha256_ctx *)shash_desc_ctx(desc))
135
136static int crypto_sha256_init(struct shash_desc *desc)
137{
138	sha256_init(SHA256_CTX(desc));
139	return 0;
140}
141
142static int crypto_sha256_update(struct shash_desc *desc,
143				const u8 *data, unsigned int len)
144{
145	sha256_update(SHA256_CTX(desc), data, len);
146	return 0;
147}
148
149static int crypto_sha256_final(struct shash_desc *desc, u8 *out)
150{
151	sha256_final(SHA256_CTX(desc), out);
152	return 0;
153}
154
155static int crypto_sha256_digest(struct shash_desc *desc,
156				const u8 *data, unsigned int len, u8 *out)
157{
158	sha256(data, len, out);
159	return 0;
160}
161
162static int crypto_sha256_export(struct shash_desc *desc, void *out)
163{
164	return __crypto_sha256_export(&SHA256_CTX(desc)->ctx, out);
165}
166
167static int crypto_sha256_import(struct shash_desc *desc, const void *in)
168{
169	return __crypto_sha256_import(&SHA256_CTX(desc)->ctx, in);
170}
171
172static int crypto_sha256_export_core(struct shash_desc *desc, void *out)
173{
174	return __crypto_sha256_export_core(&SHA256_CTX(desc)->ctx, out);
175}
176
177static int crypto_sha256_import_core(struct shash_desc *desc, const void *in)
178{
179	return __crypto_sha256_import_core(&SHA256_CTX(desc)->ctx, in);
180}
181
182/* HMAC-SHA224 */
183
184#define HMAC_SHA224_KEY(tfm) ((struct hmac_sha224_key *)crypto_shash_ctx(tfm))
185#define HMAC_SHA224_CTX(desc) ((struct hmac_sha224_ctx *)shash_desc_ctx(desc))
186
187static int crypto_hmac_sha224_setkey(struct crypto_shash *tfm,
188				     const u8 *raw_key, unsigned int keylen)
189{
190	hmac_sha224_preparekey(HMAC_SHA224_KEY(tfm), raw_key, keylen);
191	return 0;
192}
193
194static int crypto_hmac_sha224_init(struct shash_desc *desc)
195{
196	hmac_sha224_init(HMAC_SHA224_CTX(desc), HMAC_SHA224_KEY(desc->tfm));
197	return 0;
198}
199
200static int crypto_hmac_sha224_update(struct shash_desc *desc,
201				     const u8 *data, unsigned int len)
202{
203	hmac_sha224_update(HMAC_SHA224_CTX(desc), data, len);
204	return 0;
205}
206
207static int crypto_hmac_sha224_final(struct shash_desc *desc, u8 *out)
208{
209	hmac_sha224_final(HMAC_SHA224_CTX(desc), out);
210	return 0;
211}
212
213static int crypto_hmac_sha224_digest(struct shash_desc *desc,
214				     const u8 *data, unsigned int len,
215				     u8 *out)
216{
217	hmac_sha224(HMAC_SHA224_KEY(desc->tfm), data, len, out);
218	return 0;
219}
220
221static int crypto_hmac_sha224_export(struct shash_desc *desc, void *out)
222{
223	return __crypto_sha256_export(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx, out);
224}
225
226static int crypto_hmac_sha224_import(struct shash_desc *desc, const void *in)
227{
228	struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc);
229
230	ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate;
231	return __crypto_sha256_import(&ctx->ctx.sha_ctx, in);
232}
233
234static int crypto_hmac_sha224_export_core(struct shash_desc *desc, void *out)
235{
236	return __crypto_sha256_export_core(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx,
237					   out);
238}
239
240static int crypto_hmac_sha224_import_core(struct shash_desc *desc,
241					  const void *in)
242{
243	struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc);
244
245	ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate;
246	return __crypto_sha256_import_core(&ctx->ctx.sha_ctx, in);
247}
248
249/* HMAC-SHA256 */
250
251#define HMAC_SHA256_KEY(tfm) ((struct hmac_sha256_key *)crypto_shash_ctx(tfm))
252#define HMAC_SHA256_CTX(desc) ((struct hmac_sha256_ctx *)shash_desc_ctx(desc))
253
254static int crypto_hmac_sha256_setkey(struct crypto_shash *tfm,
255				     const u8 *raw_key, unsigned int keylen)
256{
257	hmac_sha256_preparekey(HMAC_SHA256_KEY(tfm), raw_key, keylen);
258	return 0;
259}
260
261static int crypto_hmac_sha256_init(struct shash_desc *desc)
262{
263	hmac_sha256_init(HMAC_SHA256_CTX(desc), HMAC_SHA256_KEY(desc->tfm));
264	return 0;
265}
266
267static int crypto_hmac_sha256_update(struct shash_desc *desc,
268				     const u8 *data, unsigned int len)
269{
270	hmac_sha256_update(HMAC_SHA256_CTX(desc), data, len);
271	return 0;
272}
273
274static int crypto_hmac_sha256_final(struct shash_desc *desc, u8 *out)
275{
276	hmac_sha256_final(HMAC_SHA256_CTX(desc), out);
277	return 0;
278}
279
280static int crypto_hmac_sha256_digest(struct shash_desc *desc,
281				     const u8 *data, unsigned int len,
282				     u8 *out)
283{
284	hmac_sha256(HMAC_SHA256_KEY(desc->tfm), data, len, out);
285	return 0;
286}
287
288static int crypto_hmac_sha256_export(struct shash_desc *desc, void *out)
289{
290	return __crypto_sha256_export(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx, out);
291}
292
293static int crypto_hmac_sha256_import(struct shash_desc *desc, const void *in)
294{
295	struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc);
296
297	ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate;
298	return __crypto_sha256_import(&ctx->ctx.sha_ctx, in);
299}
300
301static int crypto_hmac_sha256_export_core(struct shash_desc *desc, void *out)
302{
303	return __crypto_sha256_export_core(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx,
304					   out);
305}
306
307static int crypto_hmac_sha256_import_core(struct shash_desc *desc,
308					  const void *in)
309{
310	struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc);
311
312	ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate;
313	return __crypto_sha256_import_core(&ctx->ctx.sha_ctx, in);
314}
315
316/* Algorithm definitions */
317
318static struct shash_alg algs[] = {
319	{
320		.base.cra_name		= "sha224",
321		.base.cra_driver_name	= "sha224-lib",
322		.base.cra_priority	= 300,
323		.base.cra_blocksize	= SHA224_BLOCK_SIZE,
324		.base.cra_module	= THIS_MODULE,
325		.digestsize		= SHA224_DIGEST_SIZE,
326		.init			= crypto_sha224_init,
327		.update			= crypto_sha224_update,
328		.final			= crypto_sha224_final,
329		.digest			= crypto_sha224_digest,
330		.export			= crypto_sha224_export,
331		.import			= crypto_sha224_import,
332		.export_core		= crypto_sha224_export_core,
333		.import_core		= crypto_sha224_import_core,
334		.descsize		= sizeof(struct sha224_ctx),
335		.statesize		= SHA256_SHASH_STATE_SIZE,
336	},
337	{
338		.base.cra_name		= "sha256",
339		.base.cra_driver_name	= "sha256-lib",
340		.base.cra_priority	= 300,
341		.base.cra_blocksize	= SHA256_BLOCK_SIZE,
342		.base.cra_module	= THIS_MODULE,
343		.digestsize		= SHA256_DIGEST_SIZE,
344		.init			= crypto_sha256_init,
345		.update			= crypto_sha256_update,
346		.final			= crypto_sha256_final,
347		.digest			= crypto_sha256_digest,
348		.export			= crypto_sha256_export,
349		.import			= crypto_sha256_import,
350		.export_core		= crypto_sha256_export_core,
351		.import_core		= crypto_sha256_import_core,
352		.descsize		= sizeof(struct sha256_ctx),
353		.statesize		= SHA256_SHASH_STATE_SIZE,
354	},
355	{
356		.base.cra_name		= "hmac(sha224)",
357		.base.cra_driver_name	= "hmac-sha224-lib",
358		.base.cra_priority	= 300,
359		.base.cra_blocksize	= SHA224_BLOCK_SIZE,
360		.base.cra_ctxsize	= sizeof(struct hmac_sha224_key),
361		.base.cra_module	= THIS_MODULE,
362		.digestsize		= SHA224_DIGEST_SIZE,
363		.setkey			= crypto_hmac_sha224_setkey,
364		.init			= crypto_hmac_sha224_init,
365		.update			= crypto_hmac_sha224_update,
366		.final			= crypto_hmac_sha224_final,
367		.digest			= crypto_hmac_sha224_digest,
368		.export			= crypto_hmac_sha224_export,
369		.import			= crypto_hmac_sha224_import,
370		.export_core		= crypto_hmac_sha224_export_core,
371		.import_core		= crypto_hmac_sha224_import_core,
372		.descsize		= sizeof(struct hmac_sha224_ctx),
373		.statesize		= SHA256_SHASH_STATE_SIZE,
374	},
375	{
376		.base.cra_name		= "hmac(sha256)",
377		.base.cra_driver_name	= "hmac-sha256-lib",
378		.base.cra_priority	= 300,
379		.base.cra_blocksize	= SHA256_BLOCK_SIZE,
380		.base.cra_ctxsize	= sizeof(struct hmac_sha256_key),
381		.base.cra_module	= THIS_MODULE,
382		.digestsize		= SHA256_DIGEST_SIZE,
383		.setkey			= crypto_hmac_sha256_setkey,
384		.init			= crypto_hmac_sha256_init,
385		.update			= crypto_hmac_sha256_update,
386		.final			= crypto_hmac_sha256_final,
387		.digest			= crypto_hmac_sha256_digest,
388		.export			= crypto_hmac_sha256_export,
389		.import			= crypto_hmac_sha256_import,
390		.export_core		= crypto_hmac_sha256_export_core,
391		.import_core		= crypto_hmac_sha256_import_core,
392		.descsize		= sizeof(struct hmac_sha256_ctx),
393		.statesize		= SHA256_SHASH_STATE_SIZE,
394	},
395};
396
397static int __init crypto_sha256_mod_init(void)
398{
399	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
400}
401module_init(crypto_sha256_mod_init);
402
403static void __exit crypto_sha256_mod_exit(void)
404{
405	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
406}
407module_exit(crypto_sha256_mod_exit);
408
409MODULE_LICENSE("GPL");
410MODULE_DESCRIPTION("Crypto API support for SHA-224, SHA-256, HMAC-SHA224, and HMAC-SHA256");
411
412MODULE_ALIAS_CRYPTO("sha224");
413MODULE_ALIAS_CRYPTO("sha224-lib");
414MODULE_ALIAS_CRYPTO("sha256");
415MODULE_ALIAS_CRYPTO("sha256-lib");
416MODULE_ALIAS_CRYPTO("hmac(sha224)");
417MODULE_ALIAS_CRYPTO("hmac-sha224-lib");
418MODULE_ALIAS_CRYPTO("hmac(sha256)");
419MODULE_ALIAS_CRYPTO("hmac-sha256-lib");