Commit b10a74ab authored by Eric Biggers's avatar Eric Biggers
Browse files

crypto: sha1 - Use same state format as legacy drivers 



Same as sha256 and sha512: Use the state format that the generic partial
block handling code produces, as requested by Herbert, even though this
is applicable only to legacy drivers.

Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250712232329.818226-7-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
parent 8bc79ab6

crypto/sha1.c

+66 −0
Original line number Diff line number Diff line
@@ -12,6 +12,43 @@ 
#include <linux/kernel.h>

#include <linux/module.h>



/*

 * Export and import functions.  crypto_shash wants a particular format that

 * matches that used by some legacy drivers.  It currently is the same as the

 * library SHA context, except the value in bytecount must be block-aligned and

 * the remainder must be stored in an extra u8 appended to the struct.

 */



#define SHA1_SHASH_STATE_SIZE (sizeof(struct sha1_ctx) + 1)

static_assert(sizeof(struct sha1_ctx) == sizeof(struct sha1_state));

static_assert(offsetof(struct sha1_ctx, state) == offsetof(struct sha1_state, state));

static_assert(offsetof(struct sha1_ctx, bytecount) == offsetof(struct sha1_state, count));

static_assert(offsetof(struct sha1_ctx, buf) == offsetof(struct sha1_state, buffer));



static int __crypto_sha1_export(const struct sha1_ctx *ctx0, void *out)

{

	struct sha1_ctx ctx = *ctx0;

	unsigned int partial;

	u8 *p = out;



	partial = ctx.bytecount % SHA1_BLOCK_SIZE;

	ctx.bytecount -= partial;

	memcpy(p, &ctx, sizeof(ctx));

	p += sizeof(ctx);

	*p = partial;

	return 0;

}



static int __crypto_sha1_import(struct sha1_ctx *ctx, const void *in)

{

	const u8 *p = in;



	memcpy(ctx, p, sizeof(*ctx));

	p += sizeof(*ctx);

	ctx->bytecount += *p;

	return 0;

}



const u8 sha1_zero_message_hash[SHA1_DIGEST_SIZE] = {

	0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,

	0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
@@ -47,6 +84,16 @@ static int crypto_sha1_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_sha1_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha1_export(SHA1_CTX(desc), out);

}



static int crypto_sha1_import(struct shash_desc *desc, const void *in)

{

	return __crypto_sha1_import(SHA1_CTX(desc), in);

}



#define HMAC_SHA1_KEY(tfm) ((struct hmac_sha1_key *)crypto_shash_ctx(tfm))

#define HMAC_SHA1_CTX(desc) ((struct hmac_sha1_ctx *)shash_desc_ctx(desc))
@@ -83,6 +130,19 @@ static int crypto_hmac_sha1_digest(struct shash_desc *desc, 
	return 0;

}



static int crypto_hmac_sha1_export(struct shash_desc *desc, void *out)

{

	return __crypto_sha1_export(&HMAC_SHA1_CTX(desc)->sha_ctx, out);

}



static int crypto_hmac_sha1_import(struct shash_desc *desc, const void *in)

{

	struct hmac_sha1_ctx *ctx = HMAC_SHA1_CTX(desc);



	ctx->ostate = HMAC_SHA1_KEY(desc->tfm)->ostate;

	return __crypto_sha1_import(&ctx->sha_ctx, in);

}



static struct shash_alg algs[] = {

	{

		.base.cra_name		= "sha1",
@@ -95,7 +155,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_sha1_update,

		.final			= crypto_sha1_final,

		.digest			= crypto_sha1_digest,

		.export			= crypto_sha1_export,

		.import			= crypto_sha1_import,

		.descsize		= sizeof(struct sha1_ctx),

		.statesize		= SHA1_SHASH_STATE_SIZE,

	},

	{

		.base.cra_name		= "hmac(sha1)",
@@ -110,7 +173,10 @@ static struct shash_alg algs[] = { 
		.update			= crypto_hmac_sha1_update,

		.final			= crypto_hmac_sha1_final,

		.digest			= crypto_hmac_sha1_digest,

		.export			= crypto_hmac_sha1_export,

		.import			= crypto_hmac_sha1_import,

		.descsize		= sizeof(struct hmac_sha1_ctx),

		.statesize		= SHA1_SHASH_STATE_SIZE,

	},

};