/* SPDX-License-Identifier: GPL-2.0 */ /* * Common values for SHA-2 algorithms */ #ifndef _CRYPTO_SHA2_H #define _CRYPTO_SHA2_H #include #define SHA224_DIGEST_SIZE 28 #define SHA224_BLOCK_SIZE 64 #define SHA256_DIGEST_SIZE 32 #define SHA256_BLOCK_SIZE 64 #define SHA256_STATE_WORDS 8 #define SHA384_DIGEST_SIZE 48 #define SHA384_BLOCK_SIZE 128 #define SHA512_DIGEST_SIZE 64 #define SHA512_BLOCK_SIZE 128 #define SHA512_STATE_SIZE 80 #define SHA224_H0 0xc1059ed8UL #define SHA224_H1 0x367cd507UL #define SHA224_H2 0x3070dd17UL #define SHA224_H3 0xf70e5939UL #define SHA224_H4 0xffc00b31UL #define SHA224_H5 0x68581511UL #define SHA224_H6 0x64f98fa7UL #define SHA224_H7 0xbefa4fa4UL #define SHA256_H0 0x6a09e667UL #define SHA256_H1 0xbb67ae85UL #define SHA256_H2 0x3c6ef372UL #define SHA256_H3 0xa54ff53aUL #define SHA256_H4 0x510e527fUL #define SHA256_H5 0x9b05688cUL #define SHA256_H6 0x1f83d9abUL #define SHA256_H7 0x5be0cd19UL #define SHA384_H0 0xcbbb9d5dc1059ed8ULL #define SHA384_H1 0x629a292a367cd507ULL #define SHA384_H2 0x9159015a3070dd17ULL #define SHA384_H3 0x152fecd8f70e5939ULL #define SHA384_H4 0x67332667ffc00b31ULL #define SHA384_H5 0x8eb44a8768581511ULL #define SHA384_H6 0xdb0c2e0d64f98fa7ULL #define SHA384_H7 0x47b5481dbefa4fa4ULL #define SHA512_H0 0x6a09e667f3bcc908ULL #define SHA512_H1 0xbb67ae8584caa73bULL #define SHA512_H2 0x3c6ef372fe94f82bULL #define SHA512_H3 0xa54ff53a5f1d36f1ULL #define SHA512_H4 0x510e527fade682d1ULL #define SHA512_H5 0x9b05688c2b3e6c1fULL #define SHA512_H6 0x1f83d9abfb41bd6bULL #define SHA512_H7 0x5be0cd19137e2179ULL extern const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE]; extern const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE]; extern const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE]; extern const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE]; struct crypto_sha256_state { u32 state[SHA256_STATE_WORDS]; u64 count; }; static inline void sha224_block_init(struct crypto_sha256_state *sctx) { sctx->state[0] = SHA224_H0; sctx->state[1] = SHA224_H1; sctx->state[2] = SHA224_H2; sctx->state[3] = SHA224_H3; sctx->state[4] = SHA224_H4; sctx->state[5] = SHA224_H5; sctx->state[6] = SHA224_H6; sctx->state[7] = SHA224_H7; sctx->count = 0; } static inline void sha256_block_init(struct crypto_sha256_state *sctx) { sctx->state[0] = SHA256_H0; sctx->state[1] = SHA256_H1; sctx->state[2] = SHA256_H2; sctx->state[3] = SHA256_H3; sctx->state[4] = SHA256_H4; sctx->state[5] = SHA256_H5; sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; } struct sha256_state { union { struct crypto_sha256_state ctx; struct { u32 state[SHA256_STATE_WORDS]; u64 count; }; }; u8 buf[SHA256_BLOCK_SIZE]; }; struct sha512_state { u64 state[SHA512_DIGEST_SIZE / 8]; u64 count[2]; u8 buf[SHA512_BLOCK_SIZE]; }; /* State for the SHA-256 (and SHA-224) compression function */ struct sha256_block_state { u32 h[SHA256_STATE_WORDS]; }; /* * Context structure, shared by SHA-224 and SHA-256. The sha224_ctx and * sha256_ctx structs wrap this one so that the API has proper typing and * doesn't allow mixing the SHA-224 and SHA-256 functions arbitrarily. */ struct __sha256_ctx { struct sha256_block_state state; u64 bytecount; u8 buf[SHA256_BLOCK_SIZE] __aligned(__alignof__(__be64)); }; void __sha256_update(struct __sha256_ctx *ctx, const u8 *data, size_t len); /* * HMAC key and message context structs, shared by HMAC-SHA224 and HMAC-SHA256. * The hmac_sha224_* and hmac_sha256_* structs wrap this one so that the API has * proper typing and doesn't allow mixing the functions arbitrarily. */ struct __hmac_sha256_key { struct sha256_block_state istate; struct sha256_block_state ostate; }; struct __hmac_sha256_ctx { struct __sha256_ctx sha_ctx; struct sha256_block_state ostate; }; void __hmac_sha256_init(struct __hmac_sha256_ctx *ctx, const struct __hmac_sha256_key *key); /** * struct sha224_ctx - Context for hashing a message with SHA-224 * @ctx: private */ struct sha224_ctx { struct __sha256_ctx ctx; }; /** * sha224_init() - Initialize a SHA-224 context for a new message * @ctx: the context to initialize * * If you don't need incremental computation, consider sha224() instead. * * Context: Any context. */ void sha224_init(struct sha224_ctx *ctx); /** * sha224_update() - Update a SHA-224 context with message data * @ctx: the context to update; must have been initialized * @data: the message data * @len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void sha224_update(struct sha224_ctx *ctx, const u8 *data, size_t len) { __sha256_update(&ctx->ctx, data, len); } /** * sha224_final() - Finish computing a SHA-224 message digest * @ctx: the context to finalize; must have been initialized * @out: (output) the resulting SHA-224 message digest * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void sha224_final(struct sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); /** * sha224() - Compute SHA-224 message digest in one shot * @data: the message data * @len: the data length in bytes * @out: (output) the resulting SHA-224 message digest * * Context: Any context. */ void sha224(const u8 *data, size_t len, u8 out[SHA224_DIGEST_SIZE]); /** * struct hmac_sha224_key - Prepared key for HMAC-SHA224 * @key: private */ struct hmac_sha224_key { struct __hmac_sha256_key key; }; /** * struct hmac_sha224_ctx - Context for computing HMAC-SHA224 of a message * @ctx: private */ struct hmac_sha224_ctx { struct __hmac_sha256_ctx ctx; }; /** * hmac_sha224_preparekey() - Prepare a key for HMAC-SHA224 * @key: (output) the key structure to initialize * @raw_key: the raw HMAC-SHA224 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * Note: the caller is responsible for zeroizing both the struct hmac_sha224_key * and the raw key once they are no longer needed. * * Context: Any context. */ void hmac_sha224_preparekey(struct hmac_sha224_key *key, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha224_init() - Initialize an HMAC-SHA224 context for a new message * @ctx: (output) the HMAC context to initialize * @key: the prepared HMAC key * * If you don't need incremental computation, consider hmac_sha224() instead. * * Context: Any context. */ static inline void hmac_sha224_init(struct hmac_sha224_ctx *ctx, const struct hmac_sha224_key *key) { __hmac_sha256_init(&ctx->ctx, &key->key); } /** * hmac_sha224_init_usingrawkey() - Initialize an HMAC-SHA224 context for a new * message, using a raw key * @ctx: (output) the HMAC context to initialize * @raw_key: the raw HMAC-SHA224 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * If you don't need incremental computation, consider hmac_sha224_usingrawkey() * instead. * * Context: Any context. */ void hmac_sha224_init_usingrawkey(struct hmac_sha224_ctx *ctx, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha224_update() - Update an HMAC-SHA224 context with message data * @ctx: the HMAC context to update; must have been initialized * @data: the message data * @data_len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void hmac_sha224_update(struct hmac_sha224_ctx *ctx, const u8 *data, size_t data_len) { __sha256_update(&ctx->ctx.sha_ctx, data, data_len); } /** * hmac_sha224_final() - Finish computing an HMAC-SHA224 value * @ctx: the HMAC context to finalize; must have been initialized * @out: (output) the resulting HMAC-SHA224 value * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void hmac_sha224_final(struct hmac_sha224_ctx *ctx, u8 out[SHA224_DIGEST_SIZE]); /** * hmac_sha224() - Compute HMAC-SHA224 in one shot, using a prepared key * @key: the prepared HMAC key * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA224 value * * If you're using the key only once, consider using hmac_sha224_usingrawkey(). * * Context: Any context. */ void hmac_sha224(const struct hmac_sha224_key *key, const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); /** * hmac_sha224_usingrawkey() - Compute HMAC-SHA224 in one shot, using a raw key * @raw_key: the raw HMAC-SHA224 key * @raw_key_len: the key length in bytes. All key lengths are supported. * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA224 value * * If you're using the key multiple times, prefer to use * hmac_sha224_preparekey() followed by multiple calls to hmac_sha224() instead. * * Context: Any context. */ void hmac_sha224_usingrawkey(const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA224_DIGEST_SIZE]); /** * struct sha256_ctx - Context for hashing a message with SHA-256 * @ctx: private */ struct sha256_ctx { struct __sha256_ctx ctx; }; /** * sha256_init() - Initialize a SHA-256 context for a new message * @ctx: the context to initialize * * If you don't need incremental computation, consider sha256() instead. * * Context: Any context. */ void sha256_init(struct sha256_ctx *ctx); /** * sha256_update() - Update a SHA-256 context with message data * @ctx: the context to update; must have been initialized * @data: the message data * @len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void sha256_update(struct sha256_ctx *ctx, const u8 *data, size_t len) { __sha256_update(&ctx->ctx, data, len); } /** * sha256_final() - Finish computing a SHA-256 message digest * @ctx: the context to finalize; must have been initialized * @out: (output) the resulting SHA-256 message digest * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void sha256_final(struct sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); /** * sha256() - Compute SHA-256 message digest in one shot * @data: the message data * @len: the data length in bytes * @out: (output) the resulting SHA-256 message digest * * Context: Any context. */ void sha256(const u8 *data, size_t len, u8 out[SHA256_DIGEST_SIZE]); /** * struct hmac_sha256_key - Prepared key for HMAC-SHA256 * @key: private */ struct hmac_sha256_key { struct __hmac_sha256_key key; }; /** * struct hmac_sha256_ctx - Context for computing HMAC-SHA256 of a message * @ctx: private */ struct hmac_sha256_ctx { struct __hmac_sha256_ctx ctx; }; /** * hmac_sha256_preparekey() - Prepare a key for HMAC-SHA256 * @key: (output) the key structure to initialize * @raw_key: the raw HMAC-SHA256 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * Note: the caller is responsible for zeroizing both the struct hmac_sha256_key * and the raw key once they are no longer needed. * * Context: Any context. */ void hmac_sha256_preparekey(struct hmac_sha256_key *key, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha256_init() - Initialize an HMAC-SHA256 context for a new message * @ctx: (output) the HMAC context to initialize * @key: the prepared HMAC key * * If you don't need incremental computation, consider hmac_sha256() instead. * * Context: Any context. */ static inline void hmac_sha256_init(struct hmac_sha256_ctx *ctx, const struct hmac_sha256_key *key) { __hmac_sha256_init(&ctx->ctx, &key->key); } /** * hmac_sha256_init_usingrawkey() - Initialize an HMAC-SHA256 context for a new * message, using a raw key * @ctx: (output) the HMAC context to initialize * @raw_key: the raw HMAC-SHA256 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * If you don't need incremental computation, consider hmac_sha256_usingrawkey() * instead. * * Context: Any context. */ void hmac_sha256_init_usingrawkey(struct hmac_sha256_ctx *ctx, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha256_update() - Update an HMAC-SHA256 context with message data * @ctx: the HMAC context to update; must have been initialized * @data: the message data * @data_len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void hmac_sha256_update(struct hmac_sha256_ctx *ctx, const u8 *data, size_t data_len) { __sha256_update(&ctx->ctx.sha_ctx, data, data_len); } /** * hmac_sha256_final() - Finish computing an HMAC-SHA256 value * @ctx: the HMAC context to finalize; must have been initialized * @out: (output) the resulting HMAC-SHA256 value * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void hmac_sha256_final(struct hmac_sha256_ctx *ctx, u8 out[SHA256_DIGEST_SIZE]); /** * hmac_sha256() - Compute HMAC-SHA256 in one shot, using a prepared key * @key: the prepared HMAC key * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA256 value * * If you're using the key only once, consider using hmac_sha256_usingrawkey(). * * Context: Any context. */ void hmac_sha256(const struct hmac_sha256_key *key, const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); /** * hmac_sha256_usingrawkey() - Compute HMAC-SHA256 in one shot, using a raw key * @raw_key: the raw HMAC-SHA256 key * @raw_key_len: the key length in bytes. All key lengths are supported. * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA256 value * * If you're using the key multiple times, prefer to use * hmac_sha256_preparekey() followed by multiple calls to hmac_sha256() instead. * * Context: Any context. */ void hmac_sha256_usingrawkey(const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA256_DIGEST_SIZE]); /* State for the SHA-512 (and SHA-384) compression function */ struct sha512_block_state { u64 h[8]; }; /* * Context structure, shared by SHA-384 and SHA-512. The sha384_ctx and * sha512_ctx structs wrap this one so that the API has proper typing and * doesn't allow mixing the SHA-384 and SHA-512 functions arbitrarily. */ struct __sha512_ctx { struct sha512_block_state state; u64 bytecount_lo; u64 bytecount_hi; u8 buf[SHA512_BLOCK_SIZE] __aligned(__alignof__(__be64)); }; void __sha512_update(struct __sha512_ctx *ctx, const u8 *data, size_t len); /* * HMAC key and message context structs, shared by HMAC-SHA384 and HMAC-SHA512. * The hmac_sha384_* and hmac_sha512_* structs wrap this one so that the API has * proper typing and doesn't allow mixing the functions arbitrarily. */ struct __hmac_sha512_key { struct sha512_block_state istate; struct sha512_block_state ostate; }; struct __hmac_sha512_ctx { struct __sha512_ctx sha_ctx; struct sha512_block_state ostate; }; void __hmac_sha512_init(struct __hmac_sha512_ctx *ctx, const struct __hmac_sha512_key *key); /** * struct sha384_ctx - Context for hashing a message with SHA-384 * @ctx: private */ struct sha384_ctx { struct __sha512_ctx ctx; }; /** * sha384_init() - Initialize a SHA-384 context for a new message * @ctx: the context to initialize * * If you don't need incremental computation, consider sha384() instead. * * Context: Any context. */ void sha384_init(struct sha384_ctx *ctx); /** * sha384_update() - Update a SHA-384 context with message data * @ctx: the context to update; must have been initialized * @data: the message data * @len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void sha384_update(struct sha384_ctx *ctx, const u8 *data, size_t len) { __sha512_update(&ctx->ctx, data, len); } /** * sha384_final() - Finish computing a SHA-384 message digest * @ctx: the context to finalize; must have been initialized * @out: (output) the resulting SHA-384 message digest * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void sha384_final(struct sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); /** * sha384() - Compute SHA-384 message digest in one shot * @data: the message data * @len: the data length in bytes * @out: (output) the resulting SHA-384 message digest * * Context: Any context. */ void sha384(const u8 *data, size_t len, u8 out[SHA384_DIGEST_SIZE]); /** * struct hmac_sha384_key - Prepared key for HMAC-SHA384 * @key: private */ struct hmac_sha384_key { struct __hmac_sha512_key key; }; /** * struct hmac_sha384_ctx - Context for computing HMAC-SHA384 of a message * @ctx: private */ struct hmac_sha384_ctx { struct __hmac_sha512_ctx ctx; }; /** * hmac_sha384_preparekey() - Prepare a key for HMAC-SHA384 * @key: (output) the key structure to initialize * @raw_key: the raw HMAC-SHA384 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * Note: the caller is responsible for zeroizing both the struct hmac_sha384_key * and the raw key once they are no longer needed. * * Context: Any context. */ void hmac_sha384_preparekey(struct hmac_sha384_key *key, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha384_init() - Initialize an HMAC-SHA384 context for a new message * @ctx: (output) the HMAC context to initialize * @key: the prepared HMAC key * * If you don't need incremental computation, consider hmac_sha384() instead. * * Context: Any context. */ static inline void hmac_sha384_init(struct hmac_sha384_ctx *ctx, const struct hmac_sha384_key *key) { __hmac_sha512_init(&ctx->ctx, &key->key); } /** * hmac_sha384_init_usingrawkey() - Initialize an HMAC-SHA384 context for a new * message, using a raw key * @ctx: (output) the HMAC context to initialize * @raw_key: the raw HMAC-SHA384 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * If you don't need incremental computation, consider hmac_sha384_usingrawkey() * instead. * * Context: Any context. */ void hmac_sha384_init_usingrawkey(struct hmac_sha384_ctx *ctx, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha384_update() - Update an HMAC-SHA384 context with message data * @ctx: the HMAC context to update; must have been initialized * @data: the message data * @data_len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void hmac_sha384_update(struct hmac_sha384_ctx *ctx, const u8 *data, size_t data_len) { __sha512_update(&ctx->ctx.sha_ctx, data, data_len); } /** * hmac_sha384_final() - Finish computing an HMAC-SHA384 value * @ctx: the HMAC context to finalize; must have been initialized * @out: (output) the resulting HMAC-SHA384 value * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void hmac_sha384_final(struct hmac_sha384_ctx *ctx, u8 out[SHA384_DIGEST_SIZE]); /** * hmac_sha384() - Compute HMAC-SHA384 in one shot, using a prepared key * @key: the prepared HMAC key * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA384 value * * If you're using the key only once, consider using hmac_sha384_usingrawkey(). * * Context: Any context. */ void hmac_sha384(const struct hmac_sha384_key *key, const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); /** * hmac_sha384_usingrawkey() - Compute HMAC-SHA384 in one shot, using a raw key * @raw_key: the raw HMAC-SHA384 key * @raw_key_len: the key length in bytes. All key lengths are supported. * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA384 value * * If you're using the key multiple times, prefer to use * hmac_sha384_preparekey() followed by multiple calls to hmac_sha384() instead. * * Context: Any context. */ void hmac_sha384_usingrawkey(const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA384_DIGEST_SIZE]); /** * struct sha512_ctx - Context for hashing a message with SHA-512 * @ctx: private */ struct sha512_ctx { struct __sha512_ctx ctx; }; /** * sha512_init() - Initialize a SHA-512 context for a new message * @ctx: the context to initialize * * If you don't need incremental computation, consider sha512() instead. * * Context: Any context. */ void sha512_init(struct sha512_ctx *ctx); /** * sha512_update() - Update a SHA-512 context with message data * @ctx: the context to update; must have been initialized * @data: the message data * @len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void sha512_update(struct sha512_ctx *ctx, const u8 *data, size_t len) { __sha512_update(&ctx->ctx, data, len); } /** * sha512_final() - Finish computing a SHA-512 message digest * @ctx: the context to finalize; must have been initialized * @out: (output) the resulting SHA-512 message digest * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void sha512_final(struct sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); /** * sha512() - Compute SHA-512 message digest in one shot * @data: the message data * @len: the data length in bytes * @out: (output) the resulting SHA-512 message digest * * Context: Any context. */ void sha512(const u8 *data, size_t len, u8 out[SHA512_DIGEST_SIZE]); /** * struct hmac_sha512_key - Prepared key for HMAC-SHA512 * @key: private */ struct hmac_sha512_key { struct __hmac_sha512_key key; }; /** * struct hmac_sha512_ctx - Context for computing HMAC-SHA512 of a message * @ctx: private */ struct hmac_sha512_ctx { struct __hmac_sha512_ctx ctx; }; /** * hmac_sha512_preparekey() - Prepare a key for HMAC-SHA512 * @key: (output) the key structure to initialize * @raw_key: the raw HMAC-SHA512 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * Note: the caller is responsible for zeroizing both the struct hmac_sha512_key * and the raw key once they are no longer needed. * * Context: Any context. */ void hmac_sha512_preparekey(struct hmac_sha512_key *key, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha512_init() - Initialize an HMAC-SHA512 context for a new message * @ctx: (output) the HMAC context to initialize * @key: the prepared HMAC key * * If you don't need incremental computation, consider hmac_sha512() instead. * * Context: Any context. */ static inline void hmac_sha512_init(struct hmac_sha512_ctx *ctx, const struct hmac_sha512_key *key) { __hmac_sha512_init(&ctx->ctx, &key->key); } /** * hmac_sha512_init_usingrawkey() - Initialize an HMAC-SHA512 context for a new * message, using a raw key * @ctx: (output) the HMAC context to initialize * @raw_key: the raw HMAC-SHA512 key * @raw_key_len: the key length in bytes. All key lengths are supported. * * If you don't need incremental computation, consider hmac_sha512_usingrawkey() * instead. * * Context: Any context. */ void hmac_sha512_init_usingrawkey(struct hmac_sha512_ctx *ctx, const u8 *raw_key, size_t raw_key_len); /** * hmac_sha512_update() - Update an HMAC-SHA512 context with message data * @ctx: the HMAC context to update; must have been initialized * @data: the message data * @data_len: the data length in bytes * * This can be called any number of times. * * Context: Any context. */ static inline void hmac_sha512_update(struct hmac_sha512_ctx *ctx, const u8 *data, size_t data_len) { __sha512_update(&ctx->ctx.sha_ctx, data, data_len); } /** * hmac_sha512_final() - Finish computing an HMAC-SHA512 value * @ctx: the HMAC context to finalize; must have been initialized * @out: (output) the resulting HMAC-SHA512 value * * After finishing, this zeroizes @ctx. So the caller does not need to do it. * * Context: Any context. */ void hmac_sha512_final(struct hmac_sha512_ctx *ctx, u8 out[SHA512_DIGEST_SIZE]); /** * hmac_sha512() - Compute HMAC-SHA512 in one shot, using a prepared key * @key: the prepared HMAC key * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA512 value * * If you're using the key only once, consider using hmac_sha512_usingrawkey(). * * Context: Any context. */ void hmac_sha512(const struct hmac_sha512_key *key, const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); /** * hmac_sha512_usingrawkey() - Compute HMAC-SHA512 in one shot, using a raw key * @raw_key: the raw HMAC-SHA512 key * @raw_key_len: the key length in bytes. All key lengths are supported. * @data: the message data * @data_len: the data length in bytes * @out: (output) the resulting HMAC-SHA512 value * * If you're using the key multiple times, prefer to use * hmac_sha512_preparekey() followed by multiple calls to hmac_sha512() instead. * * Context: Any context. */ void hmac_sha512_usingrawkey(const u8 *raw_key, size_t raw_key_len, const u8 *data, size_t data_len, u8 out[SHA512_DIGEST_SIZE]); #endif /* _CRYPTO_SHA2_H */