forked from Minki/linux
a24d22b225
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
110 lines
2.5 KiB
C
110 lines
2.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* sha1_base.h - core logic for SHA-1 implementations
|
|
*
|
|
* Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
|
|
*/
|
|
|
|
#ifndef _CRYPTO_SHA1_BASE_H
|
|
#define _CRYPTO_SHA1_BASE_H
|
|
|
|
#include <crypto/internal/hash.h>
|
|
#include <crypto/sha1.h>
|
|
#include <linux/crypto.h>
|
|
#include <linux/module.h>
|
|
#include <linux/string.h>
|
|
|
|
#include <asm/unaligned.h>
|
|
|
|
typedef void (sha1_block_fn)(struct sha1_state *sst, u8 const *src, int blocks);
|
|
|
|
static inline int sha1_base_init(struct shash_desc *desc)
|
|
{
|
|
struct sha1_state *sctx = shash_desc_ctx(desc);
|
|
|
|
sctx->state[0] = SHA1_H0;
|
|
sctx->state[1] = SHA1_H1;
|
|
sctx->state[2] = SHA1_H2;
|
|
sctx->state[3] = SHA1_H3;
|
|
sctx->state[4] = SHA1_H4;
|
|
sctx->count = 0;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha1_base_do_update(struct shash_desc *desc,
|
|
const u8 *data,
|
|
unsigned int len,
|
|
sha1_block_fn *block_fn)
|
|
{
|
|
struct sha1_state *sctx = shash_desc_ctx(desc);
|
|
unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
|
|
|
|
sctx->count += len;
|
|
|
|
if (unlikely((partial + len) >= SHA1_BLOCK_SIZE)) {
|
|
int blocks;
|
|
|
|
if (partial) {
|
|
int p = SHA1_BLOCK_SIZE - partial;
|
|
|
|
memcpy(sctx->buffer + partial, data, p);
|
|
data += p;
|
|
len -= p;
|
|
|
|
block_fn(sctx, sctx->buffer, 1);
|
|
}
|
|
|
|
blocks = len / SHA1_BLOCK_SIZE;
|
|
len %= SHA1_BLOCK_SIZE;
|
|
|
|
if (blocks) {
|
|
block_fn(sctx, data, blocks);
|
|
data += blocks * SHA1_BLOCK_SIZE;
|
|
}
|
|
partial = 0;
|
|
}
|
|
if (len)
|
|
memcpy(sctx->buffer + partial, data, len);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha1_base_do_finalize(struct shash_desc *desc,
|
|
sha1_block_fn *block_fn)
|
|
{
|
|
const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
|
|
struct sha1_state *sctx = shash_desc_ctx(desc);
|
|
__be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
|
|
unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
|
|
|
|
sctx->buffer[partial++] = 0x80;
|
|
if (partial > bit_offset) {
|
|
memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
|
|
partial = 0;
|
|
|
|
block_fn(sctx, sctx->buffer, 1);
|
|
}
|
|
|
|
memset(sctx->buffer + partial, 0x0, bit_offset - partial);
|
|
*bits = cpu_to_be64(sctx->count << 3);
|
|
block_fn(sctx, sctx->buffer, 1);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha1_base_finish(struct shash_desc *desc, u8 *out)
|
|
{
|
|
struct sha1_state *sctx = shash_desc_ctx(desc);
|
|
__be32 *digest = (__be32 *)out;
|
|
int i;
|
|
|
|
for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
|
|
put_unaligned_be32(sctx->state[i], digest++);
|
|
|
|
memzero_explicit(sctx, sizeof(*sctx));
|
|
return 0;
|
|
}
|
|
|
|
#endif /* _CRYPTO_SHA1_BASE_H */
|