crypto/sha512.c at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / crypto / sha512.c
at master 12 kB view raw
  1// SPDX-License-Identifier: GPL-2.0-or-later
  2/*
  3 * Crypto API support for SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512
  4 *
  5 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
  6 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
  7 * Copyright (c) 2003 Kyle McMartin <kyle@debian.org>
  8 * Copyright 2025 Google LLC
  9 */
 10#include <crypto/internal/hash.h>
 11#include <crypto/sha2.h>
 12#include <linux/kernel.h>
 13#include <linux/module.h>
 14
 15/*
 16 * Export and import functions.  crypto_shash wants a particular format that
 17 * matches that used by some legacy drivers.  It currently is the same as the
 18 * library SHA context, except the value in bytecount_lo must be block-aligned
 19 * and the remainder must be stored in an extra u8 appended to the struct.
 20 */
 21
 22#define SHA512_SHASH_STATE_SIZE 209
 23static_assert(offsetof(struct __sha512_ctx, state) == 0);
 24static_assert(offsetof(struct __sha512_ctx, bytecount_lo) == 64);
 25static_assert(offsetof(struct __sha512_ctx, bytecount_hi) == 72);
 26static_assert(offsetof(struct __sha512_ctx, buf) == 80);
 27static_assert(sizeof(struct __sha512_ctx) + 1 == SHA512_SHASH_STATE_SIZE);
 28
 29static int __crypto_sha512_export(const struct __sha512_ctx *ctx0, void *out)
 30{
 31	struct __sha512_ctx ctx = *ctx0;
 32	unsigned int partial;
 33	u8 *p = out;
 34
 35	partial = ctx.bytecount_lo % SHA512_BLOCK_SIZE;
 36	ctx.bytecount_lo -= partial;
 37	memcpy(p, &ctx, sizeof(ctx));
 38	p += sizeof(ctx);
 39	*p = partial;
 40	return 0;
 41}
 42
 43static int __crypto_sha512_import(struct __sha512_ctx *ctx, const void *in)
 44{
 45	const u8 *p = in;
 46
 47	memcpy(ctx, p, sizeof(*ctx));
 48	p += sizeof(*ctx);
 49	ctx->bytecount_lo += *p;
 50	return 0;
 51}
 52
 53static int __crypto_sha512_export_core(const struct __sha512_ctx *ctx,
 54				       void *out)
 55{
 56	memcpy(out, ctx, offsetof(struct __sha512_ctx, buf));
 57	return 0;
 58}
 59
 60static int __crypto_sha512_import_core(struct __sha512_ctx *ctx, const void *in)
 61{
 62	memcpy(ctx, in, offsetof(struct __sha512_ctx, buf));
 63	return 0;
 64}
 65
 66/* SHA-384 */
 67
 68const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE] = {
 69	0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38,
 70	0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,
 71	0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43,
 72	0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,
 73	0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb,
 74	0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b
 75};
 76EXPORT_SYMBOL_GPL(sha384_zero_message_hash);
 77
 78#define SHA384_CTX(desc) ((struct sha384_ctx *)shash_desc_ctx(desc))
 79
 80static int crypto_sha384_init(struct shash_desc *desc)
 81{
 82	sha384_init(SHA384_CTX(desc));
 83	return 0;
 84}
 85
 86static int crypto_sha384_update(struct shash_desc *desc,
 87				const u8 *data, unsigned int len)
 88{
 89	sha384_update(SHA384_CTX(desc), data, len);
 90	return 0;
 91}
 92
 93static int crypto_sha384_final(struct shash_desc *desc, u8 *out)
 94{
 95	sha384_final(SHA384_CTX(desc), out);
 96	return 0;
 97}
 98
 99static int crypto_sha384_digest(struct shash_desc *desc,
100				const u8 *data, unsigned int len, u8 *out)
101{
102	sha384(data, len, out);
103	return 0;
104}
105
106static int crypto_sha384_export(struct shash_desc *desc, void *out)
107{
108	return __crypto_sha512_export(&SHA384_CTX(desc)->ctx, out);
109}
110
111static int crypto_sha384_import(struct shash_desc *desc, const void *in)
112{
113	return __crypto_sha512_import(&SHA384_CTX(desc)->ctx, in);
114}
115
116static int crypto_sha384_export_core(struct shash_desc *desc, void *out)
117{
118	return __crypto_sha512_export_core(&SHA384_CTX(desc)->ctx, out);
119}
120
121static int crypto_sha384_import_core(struct shash_desc *desc, const void *in)
122{
123	return __crypto_sha512_import_core(&SHA384_CTX(desc)->ctx, in);
124}
125
126/* SHA-512 */
127
128const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE] = {
129	0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd,
130	0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,
131	0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc,
132	0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,
133	0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0,
134	0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,
135	0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81,
136	0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e
137};
138EXPORT_SYMBOL_GPL(sha512_zero_message_hash);
139
140#define SHA512_CTX(desc) ((struct sha512_ctx *)shash_desc_ctx(desc))
141
142static int crypto_sha512_init(struct shash_desc *desc)
143{
144	sha512_init(SHA512_CTX(desc));
145	return 0;
146}
147
148static int crypto_sha512_update(struct shash_desc *desc,
149				const u8 *data, unsigned int len)
150{
151	sha512_update(SHA512_CTX(desc), data, len);
152	return 0;
153}
154
155static int crypto_sha512_final(struct shash_desc *desc, u8 *out)
156{
157	sha512_final(SHA512_CTX(desc), out);
158	return 0;
159}
160
161static int crypto_sha512_digest(struct shash_desc *desc,
162				const u8 *data, unsigned int len, u8 *out)
163{
164	sha512(data, len, out);
165	return 0;
166}
167
168static int crypto_sha512_export(struct shash_desc *desc, void *out)
169{
170	return __crypto_sha512_export(&SHA512_CTX(desc)->ctx, out);
171}
172
173static int crypto_sha512_import(struct shash_desc *desc, const void *in)
174{
175	return __crypto_sha512_import(&SHA512_CTX(desc)->ctx, in);
176}
177
178static int crypto_sha512_export_core(struct shash_desc *desc, void *out)
179{
180	return __crypto_sha512_export_core(&SHA512_CTX(desc)->ctx, out);
181}
182
183static int crypto_sha512_import_core(struct shash_desc *desc, const void *in)
184{
185	return __crypto_sha512_import_core(&SHA512_CTX(desc)->ctx, in);
186}
187
188/* HMAC-SHA384 */
189
190#define HMAC_SHA384_KEY(tfm) ((struct hmac_sha384_key *)crypto_shash_ctx(tfm))
191#define HMAC_SHA384_CTX(desc) ((struct hmac_sha384_ctx *)shash_desc_ctx(desc))
192
193static int crypto_hmac_sha384_setkey(struct crypto_shash *tfm,
194				     const u8 *raw_key, unsigned int keylen)
195{
196	hmac_sha384_preparekey(HMAC_SHA384_KEY(tfm), raw_key, keylen);
197	return 0;
198}
199
200static int crypto_hmac_sha384_init(struct shash_desc *desc)
201{
202	hmac_sha384_init(HMAC_SHA384_CTX(desc), HMAC_SHA384_KEY(desc->tfm));
203	return 0;
204}
205
206static int crypto_hmac_sha384_update(struct shash_desc *desc,
207				     const u8 *data, unsigned int len)
208{
209	hmac_sha384_update(HMAC_SHA384_CTX(desc), data, len);
210	return 0;
211}
212
213static int crypto_hmac_sha384_final(struct shash_desc *desc, u8 *out)
214{
215	hmac_sha384_final(HMAC_SHA384_CTX(desc), out);
216	return 0;
217}
218
219static int crypto_hmac_sha384_digest(struct shash_desc *desc,
220				     const u8 *data, unsigned int len,
221				     u8 *out)
222{
223	hmac_sha384(HMAC_SHA384_KEY(desc->tfm), data, len, out);
224	return 0;
225}
226
227static int crypto_hmac_sha384_export(struct shash_desc *desc, void *out)
228{
229	return __crypto_sha512_export(&HMAC_SHA384_CTX(desc)->ctx.sha_ctx, out);
230}
231
232static int crypto_hmac_sha384_import(struct shash_desc *desc, const void *in)
233{
234	struct hmac_sha384_ctx *ctx = HMAC_SHA384_CTX(desc);
235
236	ctx->ctx.ostate = HMAC_SHA384_KEY(desc->tfm)->key.ostate;
237	return __crypto_sha512_import(&ctx->ctx.sha_ctx, in);
238}
239
240static int crypto_hmac_sha384_export_core(struct shash_desc *desc, void *out)
241{
242	return __crypto_sha512_export_core(&HMAC_SHA384_CTX(desc)->ctx.sha_ctx,
243					   out);
244}
245
246static int crypto_hmac_sha384_import_core(struct shash_desc *desc,
247					  const void *in)
248{
249	struct hmac_sha384_ctx *ctx = HMAC_SHA384_CTX(desc);
250
251	ctx->ctx.ostate = HMAC_SHA384_KEY(desc->tfm)->key.ostate;
252	return __crypto_sha512_import_core(&ctx->ctx.sha_ctx, in);
253}
254
255/* HMAC-SHA512 */
256
257#define HMAC_SHA512_KEY(tfm) ((struct hmac_sha512_key *)crypto_shash_ctx(tfm))
258#define HMAC_SHA512_CTX(desc) ((struct hmac_sha512_ctx *)shash_desc_ctx(desc))
259
260static int crypto_hmac_sha512_setkey(struct crypto_shash *tfm,
261				     const u8 *raw_key, unsigned int keylen)
262{
263	hmac_sha512_preparekey(HMAC_SHA512_KEY(tfm), raw_key, keylen);
264	return 0;
265}
266
267static int crypto_hmac_sha512_init(struct shash_desc *desc)
268{
269	hmac_sha512_init(HMAC_SHA512_CTX(desc), HMAC_SHA512_KEY(desc->tfm));
270	return 0;
271}
272
273static int crypto_hmac_sha512_update(struct shash_desc *desc,
274				     const u8 *data, unsigned int len)
275{
276	hmac_sha512_update(HMAC_SHA512_CTX(desc), data, len);
277	return 0;
278}
279
280static int crypto_hmac_sha512_final(struct shash_desc *desc, u8 *out)
281{
282	hmac_sha512_final(HMAC_SHA512_CTX(desc), out);
283	return 0;
284}
285
286static int crypto_hmac_sha512_digest(struct shash_desc *desc,
287				     const u8 *data, unsigned int len,
288				     u8 *out)
289{
290	hmac_sha512(HMAC_SHA512_KEY(desc->tfm), data, len, out);
291	return 0;
292}
293
294static int crypto_hmac_sha512_export(struct shash_desc *desc, void *out)
295{
296	return __crypto_sha512_export(&HMAC_SHA512_CTX(desc)->ctx.sha_ctx, out);
297}
298
299static int crypto_hmac_sha512_import(struct shash_desc *desc, const void *in)
300{
301	struct hmac_sha512_ctx *ctx = HMAC_SHA512_CTX(desc);
302
303	ctx->ctx.ostate = HMAC_SHA512_KEY(desc->tfm)->key.ostate;
304	return __crypto_sha512_import(&ctx->ctx.sha_ctx, in);
305}
306
307static int crypto_hmac_sha512_export_core(struct shash_desc *desc, void *out)
308{
309	return __crypto_sha512_export_core(&HMAC_SHA512_CTX(desc)->ctx.sha_ctx,
310					   out);
311}
312
313static int crypto_hmac_sha512_import_core(struct shash_desc *desc,
314					  const void *in)
315{
316	struct hmac_sha512_ctx *ctx = HMAC_SHA512_CTX(desc);
317
318	ctx->ctx.ostate = HMAC_SHA512_KEY(desc->tfm)->key.ostate;
319	return __crypto_sha512_import_core(&ctx->ctx.sha_ctx, in);
320}
321
322/* Algorithm definitions */
323
324static struct shash_alg algs[] = {
325	{
326		.base.cra_name		= "sha384",
327		.base.cra_driver_name	= "sha384-lib",
328		.base.cra_priority	= 300,
329		.base.cra_blocksize	= SHA384_BLOCK_SIZE,
330		.base.cra_module	= THIS_MODULE,
331		.digestsize		= SHA384_DIGEST_SIZE,
332		.init			= crypto_sha384_init,
333		.update			= crypto_sha384_update,
334		.final			= crypto_sha384_final,
335		.digest			= crypto_sha384_digest,
336		.export			= crypto_sha384_export,
337		.import			= crypto_sha384_import,
338		.export_core		= crypto_sha384_export_core,
339		.import_core		= crypto_sha384_import_core,
340		.descsize		= sizeof(struct sha384_ctx),
341		.statesize		= SHA512_SHASH_STATE_SIZE,
342	},
343	{
344		.base.cra_name		= "sha512",
345		.base.cra_driver_name	= "sha512-lib",
346		.base.cra_priority	= 300,
347		.base.cra_blocksize	= SHA512_BLOCK_SIZE,
348		.base.cra_module	= THIS_MODULE,
349		.digestsize		= SHA512_DIGEST_SIZE,
350		.init			= crypto_sha512_init,
351		.update			= crypto_sha512_update,
352		.final			= crypto_sha512_final,
353		.digest			= crypto_sha512_digest,
354		.export			= crypto_sha512_export,
355		.import			= crypto_sha512_import,
356		.export_core		= crypto_sha512_export_core,
357		.import_core		= crypto_sha512_import_core,
358		.descsize		= sizeof(struct sha512_ctx),
359		.statesize		= SHA512_SHASH_STATE_SIZE,
360	},
361	{
362		.base.cra_name		= "hmac(sha384)",
363		.base.cra_driver_name	= "hmac-sha384-lib",
364		.base.cra_priority	= 300,
365		.base.cra_blocksize	= SHA384_BLOCK_SIZE,
366		.base.cra_ctxsize	= sizeof(struct hmac_sha384_key),
367		.base.cra_module	= THIS_MODULE,
368		.digestsize		= SHA384_DIGEST_SIZE,
369		.setkey			= crypto_hmac_sha384_setkey,
370		.init			= crypto_hmac_sha384_init,
371		.update			= crypto_hmac_sha384_update,
372		.final			= crypto_hmac_sha384_final,
373		.digest			= crypto_hmac_sha384_digest,
374		.export			= crypto_hmac_sha384_export,
375		.import			= crypto_hmac_sha384_import,
376		.export_core		= crypto_hmac_sha384_export_core,
377		.import_core		= crypto_hmac_sha384_import_core,
378		.descsize		= sizeof(struct hmac_sha384_ctx),
379		.statesize		= SHA512_SHASH_STATE_SIZE,
380	},
381	{
382		.base.cra_name		= "hmac(sha512)",
383		.base.cra_driver_name	= "hmac-sha512-lib",
384		.base.cra_priority	= 300,
385		.base.cra_blocksize	= SHA512_BLOCK_SIZE,
386		.base.cra_ctxsize	= sizeof(struct hmac_sha512_key),
387		.base.cra_module	= THIS_MODULE,
388		.digestsize		= SHA512_DIGEST_SIZE,
389		.setkey			= crypto_hmac_sha512_setkey,
390		.init			= crypto_hmac_sha512_init,
391		.update			= crypto_hmac_sha512_update,
392		.final			= crypto_hmac_sha512_final,
393		.digest			= crypto_hmac_sha512_digest,
394		.export			= crypto_hmac_sha512_export,
395		.import			= crypto_hmac_sha512_import,
396		.export_core		= crypto_hmac_sha512_export_core,
397		.import_core		= crypto_hmac_sha512_import_core,
398		.descsize		= sizeof(struct hmac_sha512_ctx),
399		.statesize		= SHA512_SHASH_STATE_SIZE,
400	},
401};
402
403static int __init crypto_sha512_mod_init(void)
404{
405	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
406}
407module_init(crypto_sha512_mod_init);
408
409static void __exit crypto_sha512_mod_exit(void)
410{
411	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
412}
413module_exit(crypto_sha512_mod_exit);
414
415MODULE_LICENSE("GPL");
416MODULE_DESCRIPTION("Crypto API support for SHA-384, SHA-512, HMAC-SHA384, and HMAC-SHA512");
417
418MODULE_ALIAS_CRYPTO("sha384");
419MODULE_ALIAS_CRYPTO("sha384-lib");
420MODULE_ALIAS_CRYPTO("sha512");
421MODULE_ALIAS_CRYPTO("sha512-lib");
422MODULE_ALIAS_CRYPTO("hmac(sha384)");
423MODULE_ALIAS_CRYPTO("hmac-sha384-lib");
424MODULE_ALIAS_CRYPTO("hmac(sha512)");
425MODULE_ALIAS_CRYPTO("hmac-sha512-lib");