1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * sha512_base.h - core logic for SHA-512 implementations |
4 | * |
5 | * Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org> |
6 | */ |
7 | |
8 | #ifndef _CRYPTO_SHA512_BASE_H |
9 | #define _CRYPTO_SHA512_BASE_H |
10 | |
11 | #include <crypto/internal/hash.h> |
12 | #include <crypto/sha2.h> |
13 | #include <linux/crypto.h> |
14 | #include <linux/module.h> |
15 | #include <linux/string.h> |
16 | |
17 | #include <asm/unaligned.h> |
18 | |
19 | typedef void (sha512_block_fn)(struct sha512_state *sst, u8 const *src, |
20 | int blocks); |
21 | |
22 | static inline int sha384_base_init(struct shash_desc *desc) |
23 | { |
24 | struct sha512_state *sctx = shash_desc_ctx(desc); |
25 | |
26 | sctx->state[0] = SHA384_H0; |
27 | sctx->state[1] = SHA384_H1; |
28 | sctx->state[2] = SHA384_H2; |
29 | sctx->state[3] = SHA384_H3; |
30 | sctx->state[4] = SHA384_H4; |
31 | sctx->state[5] = SHA384_H5; |
32 | sctx->state[6] = SHA384_H6; |
33 | sctx->state[7] = SHA384_H7; |
34 | sctx->count[0] = sctx->count[1] = 0; |
35 | |
36 | return 0; |
37 | } |
38 | |
39 | static inline int sha512_base_init(struct shash_desc *desc) |
40 | { |
41 | struct sha512_state *sctx = shash_desc_ctx(desc); |
42 | |
43 | sctx->state[0] = SHA512_H0; |
44 | sctx->state[1] = SHA512_H1; |
45 | sctx->state[2] = SHA512_H2; |
46 | sctx->state[3] = SHA512_H3; |
47 | sctx->state[4] = SHA512_H4; |
48 | sctx->state[5] = SHA512_H5; |
49 | sctx->state[6] = SHA512_H6; |
50 | sctx->state[7] = SHA512_H7; |
51 | sctx->count[0] = sctx->count[1] = 0; |
52 | |
53 | return 0; |
54 | } |
55 | |
56 | static inline int sha512_base_do_update(struct shash_desc *desc, |
57 | const u8 *data, |
58 | unsigned int len, |
59 | sha512_block_fn *block_fn) |
60 | { |
61 | struct sha512_state *sctx = shash_desc_ctx(desc); |
62 | unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; |
63 | |
64 | sctx->count[0] += len; |
65 | if (sctx->count[0] < len) |
66 | sctx->count[1]++; |
67 | |
68 | if (unlikely((partial + len) >= SHA512_BLOCK_SIZE)) { |
69 | int blocks; |
70 | |
71 | if (partial) { |
72 | int p = SHA512_BLOCK_SIZE - partial; |
73 | |
74 | memcpy(sctx->buf + partial, data, p); |
75 | data += p; |
76 | len -= p; |
77 | |
78 | block_fn(sctx, sctx->buf, 1); |
79 | } |
80 | |
81 | blocks = len / SHA512_BLOCK_SIZE; |
82 | len %= SHA512_BLOCK_SIZE; |
83 | |
84 | if (blocks) { |
85 | block_fn(sctx, data, blocks); |
86 | data += blocks * SHA512_BLOCK_SIZE; |
87 | } |
88 | partial = 0; |
89 | } |
90 | if (len) |
91 | memcpy(sctx->buf + partial, data, len); |
92 | |
93 | return 0; |
94 | } |
95 | |
96 | static inline int sha512_base_do_finalize(struct shash_desc *desc, |
97 | sha512_block_fn *block_fn) |
98 | { |
99 | const int bit_offset = SHA512_BLOCK_SIZE - sizeof(__be64[2]); |
100 | struct sha512_state *sctx = shash_desc_ctx(desc); |
101 | __be64 *bits = (__be64 *)(sctx->buf + bit_offset); |
102 | unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; |
103 | |
104 | sctx->buf[partial++] = 0x80; |
105 | if (partial > bit_offset) { |
106 | memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial); |
107 | partial = 0; |
108 | |
109 | block_fn(sctx, sctx->buf, 1); |
110 | } |
111 | |
112 | memset(sctx->buf + partial, 0x0, bit_offset - partial); |
113 | bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61); |
114 | bits[1] = cpu_to_be64(sctx->count[0] << 3); |
115 | block_fn(sctx, sctx->buf, 1); |
116 | |
117 | return 0; |
118 | } |
119 | |
120 | static inline int sha512_base_finish(struct shash_desc *desc, u8 *out) |
121 | { |
122 | unsigned int digest_size = crypto_shash_digestsize(tfm: desc->tfm); |
123 | struct sha512_state *sctx = shash_desc_ctx(desc); |
124 | __be64 *digest = (__be64 *)out; |
125 | int i; |
126 | |
127 | for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64)) |
128 | put_unaligned_be64(val: sctx->state[i], p: digest++); |
129 | |
130 | memzero_explicit(s: sctx, count: sizeof(*sctx)); |
131 | return 0; |
132 | } |
133 | |
134 | #endif /* _CRYPTO_SHA512_BASE_H */ |
135 | |