xref: /kernel/linux/linux-5.10/include/crypto/sha.h (revision 8c2ecf20) 
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Common values for SHA algorithms
4 */
5
6#ifndef _CRYPTO_SHA_H
7#define _CRYPTO_SHA_H
8
9#include <linux/types.h>
10
11#define SHA1_DIGEST_SIZE        20
12#define SHA1_BLOCK_SIZE         64
13
14#define SHA224_DIGEST_SIZE	28
15#define SHA224_BLOCK_SIZE	64
16
17#define SHA256_DIGEST_SIZE      32
18#define SHA256_BLOCK_SIZE       64
19
20#define SHA384_DIGEST_SIZE      48
21#define SHA384_BLOCK_SIZE       128
22
23#define SHA512_DIGEST_SIZE      64
24#define SHA512_BLOCK_SIZE       128
25
26#define SHA1_H0		0x67452301UL
27#define SHA1_H1		0xefcdab89UL
28#define SHA1_H2		0x98badcfeUL
29#define SHA1_H3		0x10325476UL
30#define SHA1_H4		0xc3d2e1f0UL
31
32#define SHA224_H0	0xc1059ed8UL
33#define SHA224_H1	0x367cd507UL
34#define SHA224_H2	0x3070dd17UL
35#define SHA224_H3	0xf70e5939UL
36#define SHA224_H4	0xffc00b31UL
37#define SHA224_H5	0x68581511UL
38#define SHA224_H6	0x64f98fa7UL
39#define SHA224_H7	0xbefa4fa4UL
40
41#define SHA256_H0	0x6a09e667UL
42#define SHA256_H1	0xbb67ae85UL
43#define SHA256_H2	0x3c6ef372UL
44#define SHA256_H3	0xa54ff53aUL
45#define SHA256_H4	0x510e527fUL
46#define SHA256_H5	0x9b05688cUL
47#define SHA256_H6	0x1f83d9abUL
48#define SHA256_H7	0x5be0cd19UL
49
50#define SHA384_H0	0xcbbb9d5dc1059ed8ULL
51#define SHA384_H1	0x629a292a367cd507ULL
52#define SHA384_H2	0x9159015a3070dd17ULL
53#define SHA384_H3	0x152fecd8f70e5939ULL
54#define SHA384_H4	0x67332667ffc00b31ULL
55#define SHA384_H5	0x8eb44a8768581511ULL
56#define SHA384_H6	0xdb0c2e0d64f98fa7ULL
57#define SHA384_H7	0x47b5481dbefa4fa4ULL
58
59#define SHA512_H0	0x6a09e667f3bcc908ULL
60#define SHA512_H1	0xbb67ae8584caa73bULL
61#define SHA512_H2	0x3c6ef372fe94f82bULL
62#define SHA512_H3	0xa54ff53a5f1d36f1ULL
63#define SHA512_H4	0x510e527fade682d1ULL
64#define SHA512_H5	0x9b05688c2b3e6c1fULL
65#define SHA512_H6	0x1f83d9abfb41bd6bULL
66#define SHA512_H7	0x5be0cd19137e2179ULL
67
68extern const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE];
69
70extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE];
71
72extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE];
73
74extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE];
75
76extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE];
77
78struct sha1_state {
79	u32 state[SHA1_DIGEST_SIZE / 4];
80	u64 count;
81	u8 buffer[SHA1_BLOCK_SIZE];
82};
83
84struct sha256_state {
85	u32 state[SHA256_DIGEST_SIZE / 4];
86	u64 count;
87	u8 buf[SHA256_BLOCK_SIZE];
88};
89
90struct sha512_state {
91	u64 state[SHA512_DIGEST_SIZE / 8];
92	u64 count[2];
93	u8 buf[SHA512_BLOCK_SIZE];
94};
95
96struct shash_desc;
97
98extern int crypto_sha1_update(struct shash_desc *desc, const u8 *data,
99			      unsigned int len);
100
101extern int crypto_sha1_finup(struct shash_desc *desc, const u8 *data,
102			     unsigned int len, u8 *hash);
103
104extern int crypto_sha256_update(struct shash_desc *desc, const u8 *data,
105			      unsigned int len);
106
107extern int crypto_sha256_finup(struct shash_desc *desc, const u8 *data,
108			       unsigned int len, u8 *hash);
109
110extern int crypto_sha512_update(struct shash_desc *desc, const u8 *data,
111			      unsigned int len);
112
113extern int crypto_sha512_finup(struct shash_desc *desc, const u8 *data,
114			       unsigned int len, u8 *hash);
115
116/*
117 * An implementation of SHA-1's compression function.  Don't use in new code!
118 * You shouldn't be using SHA-1, and even if you *have* to use SHA-1, this isn't
119 * the correct way to hash something with SHA-1 (use crypto_shash instead).
120 */
121#define SHA1_DIGEST_WORDS	(SHA1_DIGEST_SIZE / 4)
122#define SHA1_WORKSPACE_WORDS	16
123void sha1_init(__u32 *buf);
124void sha1_transform(__u32 *digest, const char *data, __u32 *W);
125
126/*
127 * Stand-alone implementation of the SHA256 algorithm. It is designed to
128 * have as little dependencies as possible so it can be used in the
129 * kexec_file purgatory. In other cases you should generally use the
130 * hash APIs from include/crypto/hash.h. Especially when hashing large
131 * amounts of data as those APIs may be hw-accelerated.
132 *
133 * For details see lib/crypto/sha256.c
134 */
135
136static inline void sha256_init(struct sha256_state *sctx)
137{
138	sctx->state[0] = SHA256_H0;
139	sctx->state[1] = SHA256_H1;
140	sctx->state[2] = SHA256_H2;
141	sctx->state[3] = SHA256_H3;
142	sctx->state[4] = SHA256_H4;
143	sctx->state[5] = SHA256_H5;
144	sctx->state[6] = SHA256_H6;
145	sctx->state[7] = SHA256_H7;
146	sctx->count = 0;
147}
148void sha256_update(struct sha256_state *sctx, const u8 *data, unsigned int len);
149void sha256_final(struct sha256_state *sctx, u8 *out);
150void sha256(const u8 *data, unsigned int len, u8 *out);
151
152static inline void sha224_init(struct sha256_state *sctx)
153{
154	sctx->state[0] = SHA224_H0;
155	sctx->state[1] = SHA224_H1;
156	sctx->state[2] = SHA224_H2;
157	sctx->state[3] = SHA224_H3;
158	sctx->state[4] = SHA224_H4;
159	sctx->state[5] = SHA224_H5;
160	sctx->state[6] = SHA224_H6;
161	sctx->state[7] = SHA224_H7;
162	sctx->count = 0;
163}
164void sha224_update(struct sha256_state *sctx, const u8 *data, unsigned int len);
165void sha224_final(struct sha256_state *sctx, u8 *out);
166
167#endif
168