linux-stable/include/crypto/sha1_base.h
Eric Biggers a24d22b225 crypto: sha - split sha.h into sha1.h and sha2.h
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.

This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure.  So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.

Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.

This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1.  It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-11-20 14:45:33 +11:00

109 lines
2.5 KiB
C

/* SPDX-License-Identifier: GPL-2.0-only */
/*
* sha1_base.h - core logic for SHA-1 implementations
*
* Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
*/
#ifndef _CRYPTO_SHA1_BASE_H
#define _CRYPTO_SHA1_BASE_H
#include <crypto/internal/hash.h>
#include <crypto/sha1.h>
#include <linux/crypto.h>
#include <linux/module.h>
#include <linux/string.h>
#include <asm/unaligned.h>
typedef void (sha1_block_fn)(struct sha1_state *sst, u8 const *src, int blocks);
static inline int sha1_base_init(struct shash_desc *desc)
{
struct sha1_state *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA1_H0;
sctx->state[1] = SHA1_H1;
sctx->state[2] = SHA1_H2;
sctx->state[3] = SHA1_H3;
sctx->state[4] = SHA1_H4;
sctx->count = 0;
return 0;
}
static inline int sha1_base_do_update(struct shash_desc *desc,
const u8 *data,
unsigned int len,
sha1_block_fn *block_fn)
{
struct sha1_state *sctx = shash_desc_ctx(desc);
unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
sctx->count += len;
if (unlikely((partial + len) >= SHA1_BLOCK_SIZE)) {
int blocks;
if (partial) {
int p = SHA1_BLOCK_SIZE - partial;
memcpy(sctx->buffer + partial, data, p);
data += p;
len -= p;
block_fn(sctx, sctx->buffer, 1);
}
blocks = len / SHA1_BLOCK_SIZE;
len %= SHA1_BLOCK_SIZE;
if (blocks) {
block_fn(sctx, data, blocks);
data += blocks * SHA1_BLOCK_SIZE;
}
partial = 0;
}
if (len)
memcpy(sctx->buffer + partial, data, len);
return 0;
}
static inline int sha1_base_do_finalize(struct shash_desc *desc,
sha1_block_fn *block_fn)
{
const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
struct sha1_state *sctx = shash_desc_ctx(desc);
__be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
sctx->buffer[partial++] = 0x80;
if (partial > bit_offset) {
memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
partial = 0;
block_fn(sctx, sctx->buffer, 1);
}
memset(sctx->buffer + partial, 0x0, bit_offset - partial);
*bits = cpu_to_be64(sctx->count << 3);
block_fn(sctx, sctx->buffer, 1);
return 0;
}
static inline int sha1_base_finish(struct shash_desc *desc, u8 *out)
{
struct sha1_state *sctx = shash_desc_ctx(desc);
__be32 *digest = (__be32 *)out;
int i;
for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
put_unaligned_be32(sctx->state[i], digest++);
memzero_explicit(sctx, sizeof(*sctx));
return 0;
}
#endif /* _CRYPTO_SHA1_BASE_H */