18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * sha512_base.h - core logic for SHA-512 implementations
48c2ecf20Sopenharmony_ci *
58c2ecf20Sopenharmony_ci * Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
68c2ecf20Sopenharmony_ci */
78c2ecf20Sopenharmony_ci
88c2ecf20Sopenharmony_ci#ifndef _CRYPTO_SHA512_BASE_H
98c2ecf20Sopenharmony_ci#define _CRYPTO_SHA512_BASE_H
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ci#include <crypto/internal/hash.h>
128c2ecf20Sopenharmony_ci#include <crypto/sha.h>
138c2ecf20Sopenharmony_ci#include <linux/crypto.h>
148c2ecf20Sopenharmony_ci#include <linux/module.h>
158c2ecf20Sopenharmony_ci
168c2ecf20Sopenharmony_ci#include <asm/unaligned.h>
178c2ecf20Sopenharmony_ci
188c2ecf20Sopenharmony_citypedef void (sha512_block_fn)(struct sha512_state *sst, u8 const *src,
198c2ecf20Sopenharmony_ci			       int blocks);
208c2ecf20Sopenharmony_ci
218c2ecf20Sopenharmony_cistatic inline int sha384_base_init(struct shash_desc *desc)
228c2ecf20Sopenharmony_ci{
238c2ecf20Sopenharmony_ci	struct sha512_state *sctx = shash_desc_ctx(desc);
248c2ecf20Sopenharmony_ci
258c2ecf20Sopenharmony_ci	sctx->state[0] = SHA384_H0;
268c2ecf20Sopenharmony_ci	sctx->state[1] = SHA384_H1;
278c2ecf20Sopenharmony_ci	sctx->state[2] = SHA384_H2;
288c2ecf20Sopenharmony_ci	sctx->state[3] = SHA384_H3;
298c2ecf20Sopenharmony_ci	sctx->state[4] = SHA384_H4;
308c2ecf20Sopenharmony_ci	sctx->state[5] = SHA384_H5;
318c2ecf20Sopenharmony_ci	sctx->state[6] = SHA384_H6;
328c2ecf20Sopenharmony_ci	sctx->state[7] = SHA384_H7;
338c2ecf20Sopenharmony_ci	sctx->count[0] = sctx->count[1] = 0;
348c2ecf20Sopenharmony_ci
358c2ecf20Sopenharmony_ci	return 0;
368c2ecf20Sopenharmony_ci}
378c2ecf20Sopenharmony_ci
388c2ecf20Sopenharmony_cistatic inline int sha512_base_init(struct shash_desc *desc)
398c2ecf20Sopenharmony_ci{
408c2ecf20Sopenharmony_ci	struct sha512_state *sctx = shash_desc_ctx(desc);
418c2ecf20Sopenharmony_ci
428c2ecf20Sopenharmony_ci	sctx->state[0] = SHA512_H0;
438c2ecf20Sopenharmony_ci	sctx->state[1] = SHA512_H1;
448c2ecf20Sopenharmony_ci	sctx->state[2] = SHA512_H2;
458c2ecf20Sopenharmony_ci	sctx->state[3] = SHA512_H3;
468c2ecf20Sopenharmony_ci	sctx->state[4] = SHA512_H4;
478c2ecf20Sopenharmony_ci	sctx->state[5] = SHA512_H5;
488c2ecf20Sopenharmony_ci	sctx->state[6] = SHA512_H6;
498c2ecf20Sopenharmony_ci	sctx->state[7] = SHA512_H7;
508c2ecf20Sopenharmony_ci	sctx->count[0] = sctx->count[1] = 0;
518c2ecf20Sopenharmony_ci
528c2ecf20Sopenharmony_ci	return 0;
538c2ecf20Sopenharmony_ci}
548c2ecf20Sopenharmony_ci
558c2ecf20Sopenharmony_cistatic inline int sha512_base_do_update(struct shash_desc *desc,
568c2ecf20Sopenharmony_ci					const u8 *data,
578c2ecf20Sopenharmony_ci					unsigned int len,
588c2ecf20Sopenharmony_ci					sha512_block_fn *block_fn)
598c2ecf20Sopenharmony_ci{
608c2ecf20Sopenharmony_ci	struct sha512_state *sctx = shash_desc_ctx(desc);
618c2ecf20Sopenharmony_ci	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
628c2ecf20Sopenharmony_ci
638c2ecf20Sopenharmony_ci	sctx->count[0] += len;
648c2ecf20Sopenharmony_ci	if (sctx->count[0] < len)
658c2ecf20Sopenharmony_ci		sctx->count[1]++;
668c2ecf20Sopenharmony_ci
678c2ecf20Sopenharmony_ci	if (unlikely((partial + len) >= SHA512_BLOCK_SIZE)) {
688c2ecf20Sopenharmony_ci		int blocks;
698c2ecf20Sopenharmony_ci
708c2ecf20Sopenharmony_ci		if (partial) {
718c2ecf20Sopenharmony_ci			int p = SHA512_BLOCK_SIZE - partial;
728c2ecf20Sopenharmony_ci
738c2ecf20Sopenharmony_ci			memcpy(sctx->buf + partial, data, p);
748c2ecf20Sopenharmony_ci			data += p;
758c2ecf20Sopenharmony_ci			len -= p;
768c2ecf20Sopenharmony_ci
778c2ecf20Sopenharmony_ci			block_fn(sctx, sctx->buf, 1);
788c2ecf20Sopenharmony_ci		}
798c2ecf20Sopenharmony_ci
808c2ecf20Sopenharmony_ci		blocks = len / SHA512_BLOCK_SIZE;
818c2ecf20Sopenharmony_ci		len %= SHA512_BLOCK_SIZE;
828c2ecf20Sopenharmony_ci
838c2ecf20Sopenharmony_ci		if (blocks) {
848c2ecf20Sopenharmony_ci			block_fn(sctx, data, blocks);
858c2ecf20Sopenharmony_ci			data += blocks * SHA512_BLOCK_SIZE;
868c2ecf20Sopenharmony_ci		}
878c2ecf20Sopenharmony_ci		partial = 0;
888c2ecf20Sopenharmony_ci	}
898c2ecf20Sopenharmony_ci	if (len)
908c2ecf20Sopenharmony_ci		memcpy(sctx->buf + partial, data, len);
918c2ecf20Sopenharmony_ci
928c2ecf20Sopenharmony_ci	return 0;
938c2ecf20Sopenharmony_ci}
948c2ecf20Sopenharmony_ci
958c2ecf20Sopenharmony_cistatic inline int sha512_base_do_finalize(struct shash_desc *desc,
968c2ecf20Sopenharmony_ci					  sha512_block_fn *block_fn)
978c2ecf20Sopenharmony_ci{
988c2ecf20Sopenharmony_ci	const int bit_offset = SHA512_BLOCK_SIZE - sizeof(__be64[2]);
998c2ecf20Sopenharmony_ci	struct sha512_state *sctx = shash_desc_ctx(desc);
1008c2ecf20Sopenharmony_ci	__be64 *bits = (__be64 *)(sctx->buf + bit_offset);
1018c2ecf20Sopenharmony_ci	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
1028c2ecf20Sopenharmony_ci
1038c2ecf20Sopenharmony_ci	sctx->buf[partial++] = 0x80;
1048c2ecf20Sopenharmony_ci	if (partial > bit_offset) {
1058c2ecf20Sopenharmony_ci		memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
1068c2ecf20Sopenharmony_ci		partial = 0;
1078c2ecf20Sopenharmony_ci
1088c2ecf20Sopenharmony_ci		block_fn(sctx, sctx->buf, 1);
1098c2ecf20Sopenharmony_ci	}
1108c2ecf20Sopenharmony_ci
1118c2ecf20Sopenharmony_ci	memset(sctx->buf + partial, 0x0, bit_offset - partial);
1128c2ecf20Sopenharmony_ci	bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
1138c2ecf20Sopenharmony_ci	bits[1] = cpu_to_be64(sctx->count[0] << 3);
1148c2ecf20Sopenharmony_ci	block_fn(sctx, sctx->buf, 1);
1158c2ecf20Sopenharmony_ci
1168c2ecf20Sopenharmony_ci	return 0;
1178c2ecf20Sopenharmony_ci}
1188c2ecf20Sopenharmony_ci
1198c2ecf20Sopenharmony_cistatic inline int sha512_base_finish(struct shash_desc *desc, u8 *out)
1208c2ecf20Sopenharmony_ci{
1218c2ecf20Sopenharmony_ci	unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
1228c2ecf20Sopenharmony_ci	struct sha512_state *sctx = shash_desc_ctx(desc);
1238c2ecf20Sopenharmony_ci	__be64 *digest = (__be64 *)out;
1248c2ecf20Sopenharmony_ci	int i;
1258c2ecf20Sopenharmony_ci
1268c2ecf20Sopenharmony_ci	for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64))
1278c2ecf20Sopenharmony_ci		put_unaligned_be64(sctx->state[i], digest++);
1288c2ecf20Sopenharmony_ci
1298c2ecf20Sopenharmony_ci	*sctx = (struct sha512_state){};
1308c2ecf20Sopenharmony_ci	return 0;
1318c2ecf20Sopenharmony_ci}
1328c2ecf20Sopenharmony_ci
1338c2ecf20Sopenharmony_ci#endif /* _CRYPTO_SHA512_BASE_H */
134