Commit 4bc7f7b6 authored by Eric Biggers's avatar Eric Biggers
Browse files

crypto: sha512 - Use same state format as legacy drivers 



Make the export and import functions for the sha384, sha512,
hmac(sha384), and hmac(sha512) shash algorithms use the same format as
the padlock-sha and nx-sha512 drivers, as required by Herbert.

Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250630160320.2888-7-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
parent 469acaa1

crypto/sha512.c

+96 −0
Original line number Diff line number Diff line
@@ -12,6 +12,44 @@ 
#include <linux/kernel.h>

#include <linux/module.h>



/*

 * Export and import functions.  crypto_shash wants a particular format that

 * matches that used by some legacy drivers.  It currently is the same as the

 * library SHA context, except the value in bytecount_lo must be block-aligned

 * and the remainder must be stored in an extra u8 appended to the struct.

 */



#define SHA512_SHASH_STATE_SIZE 209

static_assert(offsetof(struct __sha512_ctx, state) == 0);

static_assert(offsetof(struct __sha512_ctx, bytecount_lo) == 64);

static_assert(offsetof(struct __sha512_ctx, bytecount_hi) == 72);

static_assert(offsetof(struct __sha512_ctx, buf) == 80);

static_assert(sizeof(struct __sha512_ctx) + 1 == SHA512_SHASH_STATE_SIZE);



static int __crypto_sha512_export(const struct __sha512_ctx *ctx0, void *out)

{

	struct __sha512_ctx ctx = *ctx0;

	unsigned int partial;

	u8 *p = out;



	partial = ctx.bytecount_lo % SHA512_BLOCK_SIZE;

	ctx.bytecount_lo -= partial;

	memcpy(p, &ctx, sizeof(ctx));

	p += sizeof(ctx);

	*p = partial;

	return 0;

}



static int __crypto_sha512_import(struct __sha512_ctx *ctx, const void *in)

{

	const u8 *p = in;



	memcpy(ctx, p, sizeof(*ctx));

	p += sizeof(*ctx);

	ctx->bytecount_lo += *p;

	return 0;

}



/* SHA-384 */



const u8 sha384_zero_message_hash[SHA384_DIGEST_SIZE] = {
@@ -52,6 +90,16 @@ static int crypto_sha384_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_sha384_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha512_export(&SHA384_CTX(desc)->ctx, out);

}



static int crypto_sha384_import(struct shash_desc *desc, const void *in)

{

	return __crypto_sha512_import(&SHA384_CTX(desc)->ctx, in);

}



/* SHA-512 */



const u8 sha512_zero_message_hash[SHA512_DIGEST_SIZE] = {
@@ -94,6 +142,16 @@ static int crypto_sha512_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_sha512_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha512_export(&SHA512_CTX(desc)->ctx, out);

}



static int crypto_sha512_import(struct shash_desc *desc, const void *in)

{

	return __crypto_sha512_import(&SHA512_CTX(desc)->ctx, in);

}



/* HMAC-SHA384 */



#define HMAC_SHA384_KEY(tfm) ((struct hmac_sha384_key *)crypto_shash_ctx(tfm))
@@ -133,6 +191,19 @@ static int crypto_hmac_sha384_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_hmac_sha384_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha512_export(&HMAC_SHA384_CTX(desc)->ctx.sha_ctx, out);

}



static int crypto_hmac_sha384_import(struct shash_desc *desc, const void *in)

{

	struct hmac_sha384_ctx *ctx = HMAC_SHA384_CTX(desc);



	ctx->ctx.ostate = HMAC_SHA384_KEY(desc->tfm)->key.ostate;

	return __crypto_sha512_import(&ctx->ctx.sha_ctx, in);

}



/* HMAC-SHA512 */



#define HMAC_SHA512_KEY(tfm) ((struct hmac_sha512_key *)crypto_shash_ctx(tfm))
@@ -172,6 +243,19 @@ static int crypto_hmac_sha512_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_hmac_sha512_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha512_export(&HMAC_SHA512_CTX(desc)->ctx.sha_ctx, out);

}



static int crypto_hmac_sha512_import(struct shash_desc *desc, const void *in)

{

	struct hmac_sha512_ctx *ctx = HMAC_SHA512_CTX(desc);



	ctx->ctx.ostate = HMAC_SHA512_KEY(desc->tfm)->key.ostate;

	return __crypto_sha512_import(&ctx->ctx.sha_ctx, in);

}



/* Algorithm definitions */



static struct shash_alg algs[] = {
@@ -186,7 +270,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_sha384_update,

		.final			= crypto_sha384_final,

		.digest			= crypto_sha384_digest,

		.export			= crypto_sha384_export,

		.import			= crypto_sha384_import,

		.descsize		= sizeof(struct sha384_ctx),

		.statesize		= SHA512_SHASH_STATE_SIZE,

	},

	{

		.base.cra_name		= "sha512",
@@ -199,7 +286,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_sha512_update,

		.final			= crypto_sha512_final,

		.digest			= crypto_sha512_digest,

		.export			= crypto_sha512_export,

		.import			= crypto_sha512_import,

		.descsize		= sizeof(struct sha512_ctx),

		.statesize		= SHA512_SHASH_STATE_SIZE,

	},

	{

		.base.cra_name		= "hmac(sha384)",
@@ -214,7 +304,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_hmac_sha384_update,

		.final			= crypto_hmac_sha384_final,

		.digest			= crypto_hmac_sha384_digest,

		.export			= crypto_hmac_sha384_export,

		.import			= crypto_hmac_sha384_import,

		.descsize		= sizeof(struct hmac_sha384_ctx),

		.statesize		= SHA512_SHASH_STATE_SIZE,

	},

	{

		.base.cra_name		= "hmac(sha512)",
@@ -229,7 +322,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_hmac_sha512_update,

		.final			= crypto_hmac_sha512_final,

		.digest			= crypto_hmac_sha512_digest,

		.export			= crypto_hmac_sha512_export,

		.import			= crypto_hmac_sha512_import,

		.descsize		= sizeof(struct hmac_sha512_ctx),

		.statesize		= SHA512_SHASH_STATE_SIZE,

	},

};