1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * sha512_base.h - core logic for SHA-512 implementations
4 *
5 * Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
6 */
7
8#ifndef _CRYPTO_SHA512_BASE_H
9#define _CRYPTO_SHA512_BASE_H
10
11#include <crypto/internal/hash.h>
12#include <crypto/sha2.h>
13#include <linux/crypto.h>
14#include <linux/module.h>
15#include <linux/string.h>
16
17#include <asm/unaligned.h>
18
19typedef void (sha512_block_fn)(struct sha512_state *sst, u8 const *src,
20 int blocks);
21
22static inline int sha384_base_init(struct shash_desc *desc)
23{
24 struct sha512_state *sctx = shash_desc_ctx(desc);
25
26 sctx->state[0] = SHA384_H0;
27 sctx->state[1] = SHA384_H1;
28 sctx->state[2] = SHA384_H2;
29 sctx->state[3] = SHA384_H3;
30 sctx->state[4] = SHA384_H4;
31 sctx->state[5] = SHA384_H5;
32 sctx->state[6] = SHA384_H6;
33 sctx->state[7] = SHA384_H7;
34 sctx->count[0] = sctx->count[1] = 0;
35
36 return 0;
37}
38
39static inline int sha512_base_init(struct shash_desc *desc)
40{
41 struct sha512_state *sctx = shash_desc_ctx(desc);
42
43 sctx->state[0] = SHA512_H0;
44 sctx->state[1] = SHA512_H1;
45 sctx->state[2] = SHA512_H2;
46 sctx->state[3] = SHA512_H3;
47 sctx->state[4] = SHA512_H4;
48 sctx->state[5] = SHA512_H5;
49 sctx->state[6] = SHA512_H6;
50 sctx->state[7] = SHA512_H7;
51 sctx->count[0] = sctx->count[1] = 0;
52
53 return 0;
54}
55
56static inline int sha512_base_do_update(struct shash_desc *desc,
57 const u8 *data,
58 unsigned int len,
59 sha512_block_fn *block_fn)
60{
61 struct sha512_state *sctx = shash_desc_ctx(desc);
62 unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
63
64 sctx->count[0] += len;
65 if (sctx->count[0] < len)
66 sctx->count[1]++;
67
68 if (unlikely((partial + len) >= SHA512_BLOCK_SIZE)) {
69 int blocks;
70
71 if (partial) {
72 int p = SHA512_BLOCK_SIZE - partial;
73
74 memcpy(sctx->buf + partial, data, p);
75 data += p;
76 len -= p;
77
78 block_fn(sctx, sctx->buf, 1);
79 }
80
81 blocks = len / SHA512_BLOCK_SIZE;
82 len %= SHA512_BLOCK_SIZE;
83
84 if (blocks) {
85 block_fn(sctx, data, blocks);
86 data += blocks * SHA512_BLOCK_SIZE;
87 }
88 partial = 0;
89 }
90 if (len)
91 memcpy(sctx->buf + partial, data, len);
92
93 return 0;
94}
95
96static inline int sha512_base_do_finalize(struct shash_desc *desc,
97 sha512_block_fn *block_fn)
98{
99 const int bit_offset = SHA512_BLOCK_SIZE - sizeof(__be64[2]);
100 struct sha512_state *sctx = shash_desc_ctx(desc);
101 __be64 *bits = (__be64 *)(sctx->buf + bit_offset);
102 unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
103
104 sctx->buf[partial++] = 0x80;
105 if (partial > bit_offset) {
106 memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
107 partial = 0;
108
109 block_fn(sctx, sctx->buf, 1);
110 }
111
112 memset(sctx->buf + partial, 0x0, bit_offset - partial);
113 bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
114 bits[1] = cpu_to_be64(sctx->count[0] << 3);
115 block_fn(sctx, sctx->buf, 1);
116
117 return 0;
118}
119
120static inline int sha512_base_finish(struct shash_desc *desc, u8 *out)
121{
122 unsigned int digest_size = crypto_shash_digestsize(tfm: desc->tfm);
123 struct sha512_state *sctx = shash_desc_ctx(desc);
124 __be64 *digest = (__be64 *)out;
125 int i;
126
127 for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64))
128 put_unaligned_be64(val: sctx->state[i], p: digest++);
129
130 memzero_explicit(s: sctx, count: sizeof(*sctx));
131 return 0;
132}
133
134#endif /* _CRYPTO_SHA512_BASE_H */
135

source code of linux/include/crypto/sha512_base.h