ahash.c 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Asynchronous Cryptographic Hash operations.
  4. *
  5. * This is the implementation of the ahash (asynchronous hash) API. It differs
  6. * from shash (synchronous hash) in that ahash supports asynchronous operations,
  7. * and it hashes data from scatterlists instead of virtually addressed buffers.
  8. *
  9. * The ahash API provides access to both ahash and shash algorithms. The shash
  10. * API only provides access to shash algorithms.
  11. *
  12. * Copyright (c) 2008 Loc Ho <lho@amcc.com>
  13. */
  14. #include <crypto/scatterwalk.h>
  15. #include <linux/cryptouser.h>
  16. #include <linux/err.h>
  17. #include <linux/kernel.h>
  18. #include <linux/mm.h>
  19. #include <linux/module.h>
  20. #include <linux/scatterlist.h>
  21. #include <linux/slab.h>
  22. #include <linux/seq_file.h>
  23. #include <linux/string.h>
  24. #include <linux/string_choices.h>
  25. #include <net/netlink.h>
  26. #include "hash.h"
  27. #define CRYPTO_ALG_TYPE_AHASH_MASK 0x0000000e
  28. static int ahash_def_finup(struct ahash_request *req);
  29. static inline bool crypto_ahash_block_only(struct crypto_ahash *tfm)
  30. {
  31. return crypto_ahash_alg(tfm)->halg.base.cra_flags &
  32. CRYPTO_AHASH_ALG_BLOCK_ONLY;
  33. }
  34. static inline bool crypto_ahash_final_nonzero(struct crypto_ahash *tfm)
  35. {
  36. return crypto_ahash_alg(tfm)->halg.base.cra_flags &
  37. CRYPTO_AHASH_ALG_FINAL_NONZERO;
  38. }
  39. static inline bool crypto_ahash_need_fallback(struct crypto_ahash *tfm)
  40. {
  41. return crypto_ahash_alg(tfm)->halg.base.cra_flags &
  42. CRYPTO_ALG_NEED_FALLBACK;
  43. }
  44. static inline void ahash_op_done(void *data, int err,
  45. int (*finish)(struct ahash_request *, int))
  46. {
  47. struct ahash_request *areq = data;
  48. crypto_completion_t compl;
  49. compl = areq->saved_complete;
  50. data = areq->saved_data;
  51. if (err == -EINPROGRESS)
  52. goto out;
  53. areq->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
  54. err = finish(areq, err);
  55. if (err == -EINPROGRESS || err == -EBUSY)
  56. return;
  57. out:
  58. compl(data, err);
  59. }
  60. static int hash_walk_next(struct crypto_hash_walk *walk)
  61. {
  62. unsigned int offset = walk->offset;
  63. unsigned int nbytes = min(walk->entrylen,
  64. ((unsigned int)(PAGE_SIZE)) - offset);
  65. walk->data = kmap_local_page(walk->pg);
  66. walk->data += offset;
  67. walk->entrylen -= nbytes;
  68. return nbytes;
  69. }
  70. static int hash_walk_new_entry(struct crypto_hash_walk *walk)
  71. {
  72. struct scatterlist *sg;
  73. sg = walk->sg;
  74. walk->offset = sg->offset;
  75. walk->pg = sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
  76. walk->offset = offset_in_page(walk->offset);
  77. walk->entrylen = sg->length;
  78. if (walk->entrylen > walk->total)
  79. walk->entrylen = walk->total;
  80. walk->total -= walk->entrylen;
  81. return hash_walk_next(walk);
  82. }
  83. int crypto_hash_walk_first(struct ahash_request *req,
  84. struct crypto_hash_walk *walk)
  85. {
  86. walk->total = req->nbytes;
  87. walk->entrylen = 0;
  88. if (!walk->total)
  89. return 0;
  90. walk->flags = req->base.flags;
  91. if (ahash_request_isvirt(req)) {
  92. walk->data = req->svirt;
  93. walk->total = 0;
  94. return req->nbytes;
  95. }
  96. walk->sg = req->src;
  97. return hash_walk_new_entry(walk);
  98. }
  99. EXPORT_SYMBOL_GPL(crypto_hash_walk_first);
  100. int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
  101. {
  102. if ((walk->flags & CRYPTO_AHASH_REQ_VIRT))
  103. return err;
  104. walk->data -= walk->offset;
  105. kunmap_local(walk->data);
  106. crypto_yield(walk->flags);
  107. if (err)
  108. return err;
  109. if (walk->entrylen) {
  110. walk->offset = 0;
  111. walk->pg++;
  112. return hash_walk_next(walk);
  113. }
  114. if (!walk->total)
  115. return 0;
  116. walk->sg = sg_next(walk->sg);
  117. return hash_walk_new_entry(walk);
  118. }
  119. EXPORT_SYMBOL_GPL(crypto_hash_walk_done);
  120. /*
  121. * For an ahash tfm that is using an shash algorithm (instead of an ahash
  122. * algorithm), this returns the underlying shash tfm.
  123. */
  124. static inline struct crypto_shash *ahash_to_shash(struct crypto_ahash *tfm)
  125. {
  126. return *(struct crypto_shash **)crypto_ahash_ctx(tfm);
  127. }
  128. static inline struct shash_desc *prepare_shash_desc(struct ahash_request *req,
  129. struct crypto_ahash *tfm)
  130. {
  131. struct shash_desc *desc = ahash_request_ctx(req);
  132. desc->tfm = ahash_to_shash(tfm);
  133. return desc;
  134. }
  135. int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
  136. {
  137. struct crypto_hash_walk walk;
  138. int nbytes;
  139. for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0;
  140. nbytes = crypto_hash_walk_done(&walk, nbytes))
  141. nbytes = crypto_shash_update(desc, walk.data, nbytes);
  142. return nbytes;
  143. }
  144. EXPORT_SYMBOL_GPL(shash_ahash_update);
  145. int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
  146. {
  147. struct crypto_hash_walk walk;
  148. int nbytes;
  149. nbytes = crypto_hash_walk_first(req, &walk);
  150. if (!nbytes)
  151. return crypto_shash_final(desc, req->result);
  152. do {
  153. nbytes = crypto_hash_walk_last(&walk) ?
  154. crypto_shash_finup(desc, walk.data, nbytes,
  155. req->result) :
  156. crypto_shash_update(desc, walk.data, nbytes);
  157. nbytes = crypto_hash_walk_done(&walk, nbytes);
  158. } while (nbytes > 0);
  159. return nbytes;
  160. }
  161. EXPORT_SYMBOL_GPL(shash_ahash_finup);
  162. int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
  163. {
  164. unsigned int nbytes = req->nbytes;
  165. struct scatterlist *sg;
  166. unsigned int offset;
  167. struct page *page;
  168. const u8 *data;
  169. int err;
  170. data = req->svirt;
  171. if (!nbytes || ahash_request_isvirt(req))
  172. return crypto_shash_digest(desc, data, nbytes, req->result);
  173. sg = req->src;
  174. if (nbytes > sg->length)
  175. return crypto_shash_init(desc) ?:
  176. shash_ahash_finup(req, desc);
  177. page = sg_page(sg);
  178. offset = sg->offset;
  179. data = lowmem_page_address(page) + offset;
  180. if (!IS_ENABLED(CONFIG_HIGHMEM))
  181. return crypto_shash_digest(desc, data, nbytes, req->result);
  182. page += offset >> PAGE_SHIFT;
  183. offset = offset_in_page(offset);
  184. if (nbytes > (unsigned int)PAGE_SIZE - offset)
  185. return crypto_shash_init(desc) ?:
  186. shash_ahash_finup(req, desc);
  187. data = kmap_local_page(page);
  188. err = crypto_shash_digest(desc, data + offset, nbytes,
  189. req->result);
  190. kunmap_local(data);
  191. return err;
  192. }
  193. EXPORT_SYMBOL_GPL(shash_ahash_digest);
  194. static void crypto_exit_ahash_using_shash(struct crypto_tfm *tfm)
  195. {
  196. struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
  197. crypto_free_shash(*ctx);
  198. }
  199. static int crypto_init_ahash_using_shash(struct crypto_tfm *tfm)
  200. {
  201. struct crypto_alg *calg = tfm->__crt_alg;
  202. struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
  203. struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
  204. struct crypto_shash *shash;
  205. if (!crypto_mod_get(calg))
  206. return -EAGAIN;
  207. shash = crypto_create_tfm(calg, &crypto_shash_type);
  208. if (IS_ERR(shash)) {
  209. crypto_mod_put(calg);
  210. return PTR_ERR(shash);
  211. }
  212. crt->using_shash = true;
  213. *ctx = shash;
  214. tfm->exit = crypto_exit_ahash_using_shash;
  215. crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
  216. CRYPTO_TFM_NEED_KEY);
  217. return 0;
  218. }
  219. static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
  220. unsigned int keylen)
  221. {
  222. return -ENOSYS;
  223. }
  224. static void ahash_set_needkey(struct crypto_ahash *tfm, struct ahash_alg *alg)
  225. {
  226. if (alg->setkey != ahash_nosetkey &&
  227. !(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
  228. crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
  229. }
  230. int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
  231. unsigned int keylen)
  232. {
  233. if (likely(tfm->using_shash)) {
  234. struct crypto_shash *shash = ahash_to_shash(tfm);
  235. int err;
  236. err = crypto_shash_setkey(shash, key, keylen);
  237. if (unlikely(err)) {
  238. crypto_ahash_set_flags(tfm,
  239. crypto_shash_get_flags(shash) &
  240. CRYPTO_TFM_NEED_KEY);
  241. return err;
  242. }
  243. } else {
  244. struct ahash_alg *alg = crypto_ahash_alg(tfm);
  245. int err;
  246. err = alg->setkey(tfm, key, keylen);
  247. if (!err && crypto_ahash_need_fallback(tfm))
  248. err = crypto_ahash_setkey(crypto_ahash_fb(tfm),
  249. key, keylen);
  250. if (unlikely(err)) {
  251. ahash_set_needkey(tfm, alg);
  252. return err;
  253. }
  254. }
  255. crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
  256. return 0;
  257. }
  258. EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
  259. static int ahash_do_req_chain(struct ahash_request *req,
  260. int (*const *op)(struct ahash_request *req))
  261. {
  262. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  263. int err;
  264. if (crypto_ahash_req_virt(tfm) || !ahash_request_isvirt(req))
  265. return (*op)(req);
  266. if (crypto_ahash_statesize(tfm) > HASH_MAX_STATESIZE)
  267. return -ENOSYS;
  268. if (!crypto_ahash_need_fallback(tfm))
  269. return -ENOSYS;
  270. if (crypto_hash_no_export_core(tfm))
  271. return -ENOSYS;
  272. {
  273. u8 state[HASH_MAX_STATESIZE];
  274. if (op == &crypto_ahash_alg(tfm)->digest) {
  275. ahash_request_set_tfm(req, crypto_ahash_fb(tfm));
  276. err = crypto_ahash_digest(req);
  277. goto out_no_state;
  278. }
  279. err = crypto_ahash_export(req, state);
  280. ahash_request_set_tfm(req, crypto_ahash_fb(tfm));
  281. err = err ?: crypto_ahash_import(req, state);
  282. if (op == &crypto_ahash_alg(tfm)->finup) {
  283. err = err ?: crypto_ahash_finup(req);
  284. goto out_no_state;
  285. }
  286. err = err ?:
  287. crypto_ahash_update(req) ?:
  288. crypto_ahash_export(req, state);
  289. ahash_request_set_tfm(req, tfm);
  290. return err ?: crypto_ahash_import(req, state);
  291. out_no_state:
  292. ahash_request_set_tfm(req, tfm);
  293. return err;
  294. }
  295. }
  296. int crypto_ahash_init(struct ahash_request *req)
  297. {
  298. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  299. if (likely(tfm->using_shash))
  300. return crypto_shash_init(prepare_shash_desc(req, tfm));
  301. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  302. return -ENOKEY;
  303. if (ahash_req_on_stack(req) && ahash_is_async(tfm))
  304. return -EAGAIN;
  305. if (crypto_ahash_block_only(tfm)) {
  306. u8 *buf = ahash_request_ctx(req);
  307. buf += crypto_ahash_reqsize(tfm) - 1;
  308. *buf = 0;
  309. }
  310. return crypto_ahash_alg(tfm)->init(req);
  311. }
  312. EXPORT_SYMBOL_GPL(crypto_ahash_init);
  313. static void ahash_save_req(struct ahash_request *req, crypto_completion_t cplt)
  314. {
  315. req->saved_complete = req->base.complete;
  316. req->saved_data = req->base.data;
  317. req->base.complete = cplt;
  318. req->base.data = req;
  319. }
  320. static void ahash_restore_req(struct ahash_request *req)
  321. {
  322. req->base.complete = req->saved_complete;
  323. req->base.data = req->saved_data;
  324. }
  325. static int ahash_update_finish(struct ahash_request *req, int err)
  326. {
  327. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  328. bool nonzero = crypto_ahash_final_nonzero(tfm);
  329. int bs = crypto_ahash_blocksize(tfm);
  330. u8 *blenp = ahash_request_ctx(req);
  331. int blen;
  332. u8 *buf;
  333. blenp += crypto_ahash_reqsize(tfm) - 1;
  334. blen = *blenp;
  335. buf = blenp - bs;
  336. if (blen) {
  337. req->src = req->sg_head + 1;
  338. if (sg_is_chain(req->src))
  339. req->src = sg_chain_ptr(req->src);
  340. }
  341. req->nbytes += nonzero - blen;
  342. blen = 0;
  343. if (err >= 0) {
  344. blen = err + nonzero;
  345. err = 0;
  346. }
  347. if (ahash_request_isvirt(req))
  348. memcpy(buf, req->svirt + req->nbytes - blen, blen);
  349. else
  350. memcpy_from_sglist(buf, req->src, req->nbytes - blen, blen);
  351. *blenp = blen;
  352. ahash_restore_req(req);
  353. return err;
  354. }
  355. static void ahash_update_done(void *data, int err)
  356. {
  357. ahash_op_done(data, err, ahash_update_finish);
  358. }
  359. int crypto_ahash_update(struct ahash_request *req)
  360. {
  361. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  362. bool nonzero = crypto_ahash_final_nonzero(tfm);
  363. int bs = crypto_ahash_blocksize(tfm);
  364. u8 *blenp = ahash_request_ctx(req);
  365. int blen, err;
  366. u8 *buf;
  367. if (likely(tfm->using_shash))
  368. return shash_ahash_update(req, ahash_request_ctx(req));
  369. if (ahash_req_on_stack(req) && ahash_is_async(tfm))
  370. return -EAGAIN;
  371. if (!crypto_ahash_block_only(tfm))
  372. return ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->update);
  373. blenp += crypto_ahash_reqsize(tfm) - 1;
  374. blen = *blenp;
  375. buf = blenp - bs;
  376. if (blen + req->nbytes < bs + nonzero) {
  377. if (ahash_request_isvirt(req))
  378. memcpy(buf + blen, req->svirt, req->nbytes);
  379. else
  380. memcpy_from_sglist(buf + blen, req->src, 0,
  381. req->nbytes);
  382. *blenp += req->nbytes;
  383. return 0;
  384. }
  385. if (blen) {
  386. memset(req->sg_head, 0, sizeof(req->sg_head[0]));
  387. sg_set_buf(req->sg_head, buf, blen);
  388. if (req->src != req->sg_head + 1)
  389. sg_chain(req->sg_head, 2, req->src);
  390. req->src = req->sg_head;
  391. req->nbytes += blen;
  392. }
  393. req->nbytes -= nonzero;
  394. ahash_save_req(req, ahash_update_done);
  395. err = ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->update);
  396. if (err == -EINPROGRESS || err == -EBUSY)
  397. return err;
  398. return ahash_update_finish(req, err);
  399. }
  400. EXPORT_SYMBOL_GPL(crypto_ahash_update);
  401. static int ahash_finup_finish(struct ahash_request *req, int err)
  402. {
  403. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  404. u8 *blenp = ahash_request_ctx(req);
  405. int blen;
  406. blenp += crypto_ahash_reqsize(tfm) - 1;
  407. blen = *blenp;
  408. if (blen) {
  409. if (sg_is_last(req->src))
  410. req->src = NULL;
  411. else {
  412. req->src = req->sg_head + 1;
  413. if (sg_is_chain(req->src))
  414. req->src = sg_chain_ptr(req->src);
  415. }
  416. req->nbytes -= blen;
  417. }
  418. ahash_restore_req(req);
  419. return err;
  420. }
  421. static void ahash_finup_done(void *data, int err)
  422. {
  423. ahash_op_done(data, err, ahash_finup_finish);
  424. }
  425. int crypto_ahash_finup(struct ahash_request *req)
  426. {
  427. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  428. int bs = crypto_ahash_blocksize(tfm);
  429. u8 *blenp = ahash_request_ctx(req);
  430. int blen, err;
  431. u8 *buf;
  432. if (likely(tfm->using_shash))
  433. return shash_ahash_finup(req, ahash_request_ctx(req));
  434. if (ahash_req_on_stack(req) && ahash_is_async(tfm))
  435. return -EAGAIN;
  436. if (!crypto_ahash_alg(tfm)->finup)
  437. return ahash_def_finup(req);
  438. if (!crypto_ahash_block_only(tfm))
  439. return ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->finup);
  440. blenp += crypto_ahash_reqsize(tfm) - 1;
  441. blen = *blenp;
  442. buf = blenp - bs;
  443. if (blen) {
  444. memset(req->sg_head, 0, sizeof(req->sg_head[0]));
  445. sg_set_buf(req->sg_head, buf, blen);
  446. if (!req->src)
  447. sg_mark_end(req->sg_head);
  448. else if (req->src != req->sg_head + 1)
  449. sg_chain(req->sg_head, 2, req->src);
  450. req->src = req->sg_head;
  451. req->nbytes += blen;
  452. }
  453. ahash_save_req(req, ahash_finup_done);
  454. err = ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->finup);
  455. if (err == -EINPROGRESS || err == -EBUSY)
  456. return err;
  457. return ahash_finup_finish(req, err);
  458. }
  459. EXPORT_SYMBOL_GPL(crypto_ahash_finup);
  460. int crypto_ahash_digest(struct ahash_request *req)
  461. {
  462. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  463. if (likely(tfm->using_shash))
  464. return shash_ahash_digest(req, prepare_shash_desc(req, tfm));
  465. if (ahash_req_on_stack(req) && ahash_is_async(tfm))
  466. return -EAGAIN;
  467. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  468. return -ENOKEY;
  469. return ahash_do_req_chain(req, &crypto_ahash_alg(tfm)->digest);
  470. }
  471. EXPORT_SYMBOL_GPL(crypto_ahash_digest);
  472. static void ahash_def_finup_done2(void *data, int err)
  473. {
  474. struct ahash_request *areq = data;
  475. if (err == -EINPROGRESS)
  476. return;
  477. ahash_restore_req(areq);
  478. ahash_request_complete(areq, err);
  479. }
  480. static int ahash_def_finup_finish1(struct ahash_request *req, int err)
  481. {
  482. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  483. if (err)
  484. goto out;
  485. req->base.complete = ahash_def_finup_done2;
  486. err = crypto_ahash_alg(tfm)->final(req);
  487. if (err == -EINPROGRESS || err == -EBUSY)
  488. return err;
  489. out:
  490. ahash_restore_req(req);
  491. return err;
  492. }
  493. static void ahash_def_finup_done1(void *data, int err)
  494. {
  495. ahash_op_done(data, err, ahash_def_finup_finish1);
  496. }
  497. static int ahash_def_finup(struct ahash_request *req)
  498. {
  499. int err;
  500. ahash_save_req(req, ahash_def_finup_done1);
  501. err = crypto_ahash_update(req);
  502. if (err == -EINPROGRESS || err == -EBUSY)
  503. return err;
  504. return ahash_def_finup_finish1(req, err);
  505. }
  506. int crypto_ahash_export_core(struct ahash_request *req, void *out)
  507. {
  508. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  509. if (likely(tfm->using_shash))
  510. return crypto_shash_export_core(ahash_request_ctx(req), out);
  511. return crypto_ahash_alg(tfm)->export_core(req, out);
  512. }
  513. EXPORT_SYMBOL_GPL(crypto_ahash_export_core);
  514. int crypto_ahash_export(struct ahash_request *req, void *out)
  515. {
  516. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  517. if (likely(tfm->using_shash))
  518. return crypto_shash_export(ahash_request_ctx(req), out);
  519. if (crypto_ahash_block_only(tfm)) {
  520. unsigned int plen = crypto_ahash_blocksize(tfm) + 1;
  521. unsigned int reqsize = crypto_ahash_reqsize(tfm);
  522. unsigned int ss = crypto_ahash_statesize(tfm);
  523. u8 *buf = ahash_request_ctx(req);
  524. memcpy(out + ss - plen, buf + reqsize - plen, plen);
  525. }
  526. return crypto_ahash_alg(tfm)->export(req, out);
  527. }
  528. EXPORT_SYMBOL_GPL(crypto_ahash_export);
  529. int crypto_ahash_import_core(struct ahash_request *req, const void *in)
  530. {
  531. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  532. if (likely(tfm->using_shash))
  533. return crypto_shash_import_core(prepare_shash_desc(req, tfm),
  534. in);
  535. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  536. return -ENOKEY;
  537. if (crypto_ahash_block_only(tfm)) {
  538. unsigned int reqsize = crypto_ahash_reqsize(tfm);
  539. u8 *buf = ahash_request_ctx(req);
  540. buf[reqsize - 1] = 0;
  541. }
  542. return crypto_ahash_alg(tfm)->import_core(req, in);
  543. }
  544. EXPORT_SYMBOL_GPL(crypto_ahash_import_core);
  545. int crypto_ahash_import(struct ahash_request *req, const void *in)
  546. {
  547. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  548. if (likely(tfm->using_shash))
  549. return crypto_shash_import(prepare_shash_desc(req, tfm), in);
  550. if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
  551. return -ENOKEY;
  552. if (crypto_ahash_block_only(tfm)) {
  553. unsigned int plen = crypto_ahash_blocksize(tfm) + 1;
  554. unsigned int reqsize = crypto_ahash_reqsize(tfm);
  555. unsigned int ss = crypto_ahash_statesize(tfm);
  556. u8 *buf = ahash_request_ctx(req);
  557. memcpy(buf + reqsize - plen, in + ss - plen, plen);
  558. if (buf[reqsize - 1] >= plen)
  559. return -EOVERFLOW;
  560. }
  561. return crypto_ahash_alg(tfm)->import(req, in);
  562. }
  563. EXPORT_SYMBOL_GPL(crypto_ahash_import);
  564. static void crypto_ahash_exit_tfm(struct crypto_tfm *tfm)
  565. {
  566. struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
  567. struct ahash_alg *alg = crypto_ahash_alg(hash);
  568. if (alg->exit_tfm)
  569. alg->exit_tfm(hash);
  570. else if (tfm->__crt_alg->cra_exit)
  571. tfm->__crt_alg->cra_exit(tfm);
  572. if (crypto_ahash_need_fallback(hash))
  573. crypto_free_ahash(crypto_ahash_fb(hash));
  574. }
  575. static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
  576. {
  577. struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
  578. struct ahash_alg *alg = crypto_ahash_alg(hash);
  579. struct crypto_ahash *fb = NULL;
  580. int err;
  581. crypto_ahash_set_statesize(hash, alg->halg.statesize);
  582. crypto_ahash_set_reqsize(hash, crypto_tfm_alg_reqsize(tfm));
  583. if (tfm->__crt_alg->cra_type == &crypto_shash_type)
  584. return crypto_init_ahash_using_shash(tfm);
  585. if (crypto_ahash_need_fallback(hash)) {
  586. fb = crypto_alloc_ahash(crypto_ahash_alg_name(hash),
  587. CRYPTO_ALG_REQ_VIRT,
  588. CRYPTO_ALG_ASYNC |
  589. CRYPTO_ALG_REQ_VIRT |
  590. CRYPTO_AHASH_ALG_NO_EXPORT_CORE);
  591. if (IS_ERR(fb))
  592. return PTR_ERR(fb);
  593. tfm->fb = crypto_ahash_tfm(fb);
  594. }
  595. ahash_set_needkey(hash, alg);
  596. tfm->exit = crypto_ahash_exit_tfm;
  597. if (alg->init_tfm)
  598. err = alg->init_tfm(hash);
  599. else if (tfm->__crt_alg->cra_init)
  600. err = tfm->__crt_alg->cra_init(tfm);
  601. else
  602. return 0;
  603. if (err)
  604. goto out_free_sync_hash;
  605. if (!ahash_is_async(hash) && crypto_ahash_reqsize(hash) >
  606. MAX_SYNC_HASH_REQSIZE)
  607. goto out_exit_tfm;
  608. BUILD_BUG_ON(HASH_MAX_DESCSIZE > MAX_SYNC_HASH_REQSIZE);
  609. if (crypto_ahash_reqsize(hash) < HASH_MAX_DESCSIZE)
  610. crypto_ahash_set_reqsize(hash, HASH_MAX_DESCSIZE);
  611. return 0;
  612. out_exit_tfm:
  613. if (alg->exit_tfm)
  614. alg->exit_tfm(hash);
  615. else if (tfm->__crt_alg->cra_exit)
  616. tfm->__crt_alg->cra_exit(tfm);
  617. err = -EINVAL;
  618. out_free_sync_hash:
  619. crypto_free_ahash(fb);
  620. return err;
  621. }
  622. static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
  623. {
  624. if (alg->cra_type == &crypto_shash_type)
  625. return sizeof(struct crypto_shash *);
  626. return crypto_alg_extsize(alg);
  627. }
  628. static void crypto_ahash_free_instance(struct crypto_instance *inst)
  629. {
  630. struct ahash_instance *ahash = ahash_instance(inst);
  631. ahash->free(ahash);
  632. }
  633. static int __maybe_unused crypto_ahash_report(
  634. struct sk_buff *skb, struct crypto_alg *alg)
  635. {
  636. struct crypto_report_hash rhash;
  637. memset(&rhash, 0, sizeof(rhash));
  638. strscpy(rhash.type, "ahash", sizeof(rhash.type));
  639. rhash.blocksize = alg->cra_blocksize;
  640. rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
  641. return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
  642. }
  643. static void __maybe_unused crypto_ahash_show(struct seq_file *m,
  644. struct crypto_alg *alg)
  645. {
  646. seq_printf(m, "type : ahash\n");
  647. seq_printf(m, "async : %s\n",
  648. str_yes_no(alg->cra_flags & CRYPTO_ALG_ASYNC));
  649. seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
  650. seq_printf(m, "digestsize : %u\n",
  651. __crypto_hash_alg_common(alg)->digestsize);
  652. }
  653. static const struct crypto_type crypto_ahash_type = {
  654. .extsize = crypto_ahash_extsize,
  655. .init_tfm = crypto_ahash_init_tfm,
  656. .free = crypto_ahash_free_instance,
  657. #ifdef CONFIG_PROC_FS
  658. .show = crypto_ahash_show,
  659. #endif
  660. #if IS_ENABLED(CONFIG_CRYPTO_USER)
  661. .report = crypto_ahash_report,
  662. #endif
  663. .maskclear = ~CRYPTO_ALG_TYPE_MASK,
  664. .maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
  665. .type = CRYPTO_ALG_TYPE_AHASH,
  666. .tfmsize = offsetof(struct crypto_ahash, base),
  667. .algsize = offsetof(struct ahash_alg, halg.base),
  668. };
  669. int crypto_grab_ahash(struct crypto_ahash_spawn *spawn,
  670. struct crypto_instance *inst,
  671. const char *name, u32 type, u32 mask)
  672. {
  673. spawn->base.frontend = &crypto_ahash_type;
  674. return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
  675. }
  676. EXPORT_SYMBOL_GPL(crypto_grab_ahash);
  677. struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
  678. u32 mask)
  679. {
  680. return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
  681. }
  682. EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
  683. int crypto_has_ahash(const char *alg_name, u32 type, u32 mask)
  684. {
  685. return crypto_type_has_alg(alg_name, &crypto_ahash_type, type, mask);
  686. }
  687. EXPORT_SYMBOL_GPL(crypto_has_ahash);
  688. bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
  689. {
  690. struct crypto_alg *alg = &halg->base;
  691. if (alg->cra_type == &crypto_shash_type)
  692. return crypto_shash_alg_has_setkey(__crypto_shash_alg(alg));
  693. return __crypto_ahash_alg(alg)->setkey != ahash_nosetkey;
  694. }
  695. EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
  696. struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
  697. {
  698. struct hash_alg_common *halg = crypto_hash_alg_common(hash);
  699. struct crypto_tfm *tfm = crypto_ahash_tfm(hash);
  700. struct crypto_ahash *fb = NULL;
  701. struct crypto_ahash *nhash;
  702. struct ahash_alg *alg;
  703. int err;
  704. if (!crypto_hash_alg_has_setkey(halg)) {
  705. tfm = crypto_tfm_get(tfm);
  706. if (IS_ERR(tfm))
  707. return ERR_CAST(tfm);
  708. return hash;
  709. }
  710. nhash = crypto_clone_tfm(&crypto_ahash_type, tfm);
  711. if (IS_ERR(nhash))
  712. return nhash;
  713. nhash->reqsize = hash->reqsize;
  714. nhash->statesize = hash->statesize;
  715. if (likely(hash->using_shash)) {
  716. struct crypto_shash **nctx = crypto_ahash_ctx(nhash);
  717. struct crypto_shash *shash;
  718. shash = crypto_clone_shash(ahash_to_shash(hash));
  719. if (IS_ERR(shash)) {
  720. err = PTR_ERR(shash);
  721. goto out_free_nhash;
  722. }
  723. crypto_ahash_tfm(nhash)->exit = crypto_exit_ahash_using_shash;
  724. nhash->using_shash = true;
  725. *nctx = shash;
  726. return nhash;
  727. }
  728. if (crypto_ahash_need_fallback(hash)) {
  729. fb = crypto_clone_ahash(crypto_ahash_fb(hash));
  730. err = PTR_ERR(fb);
  731. if (IS_ERR(fb))
  732. goto out_free_nhash;
  733. crypto_ahash_tfm(nhash)->fb = crypto_ahash_tfm(fb);
  734. }
  735. err = -ENOSYS;
  736. alg = crypto_ahash_alg(hash);
  737. if (!alg->clone_tfm)
  738. goto out_free_fb;
  739. err = alg->clone_tfm(nhash, hash);
  740. if (err)
  741. goto out_free_fb;
  742. crypto_ahash_tfm(nhash)->exit = crypto_ahash_exit_tfm;
  743. return nhash;
  744. out_free_fb:
  745. crypto_free_ahash(fb);
  746. out_free_nhash:
  747. crypto_free_ahash(nhash);
  748. return ERR_PTR(err);
  749. }
  750. EXPORT_SYMBOL_GPL(crypto_clone_ahash);
  751. static int ahash_default_export_core(struct ahash_request *req, void *out)
  752. {
  753. return -ENOSYS;
  754. }
  755. static int ahash_default_import_core(struct ahash_request *req, const void *in)
  756. {
  757. return -ENOSYS;
  758. }
  759. static int ahash_prepare_alg(struct ahash_alg *alg)
  760. {
  761. struct crypto_alg *base = &alg->halg.base;
  762. int err;
  763. if (alg->halg.statesize == 0)
  764. return -EINVAL;
  765. if (base->cra_reqsize && base->cra_reqsize < alg->halg.statesize)
  766. return -EINVAL;
  767. if (!(base->cra_flags & CRYPTO_ALG_ASYNC) &&
  768. base->cra_reqsize > MAX_SYNC_HASH_REQSIZE)
  769. return -EINVAL;
  770. if (base->cra_flags & CRYPTO_ALG_NEED_FALLBACK &&
  771. base->cra_flags & CRYPTO_ALG_NO_FALLBACK)
  772. return -EINVAL;
  773. err = hash_prepare_alg(&alg->halg);
  774. if (err)
  775. return err;
  776. base->cra_type = &crypto_ahash_type;
  777. base->cra_flags |= CRYPTO_ALG_TYPE_AHASH;
  778. if ((base->cra_flags ^ CRYPTO_ALG_REQ_VIRT) &
  779. (CRYPTO_ALG_ASYNC | CRYPTO_ALG_REQ_VIRT) &&
  780. !(base->cra_flags & CRYPTO_ALG_NO_FALLBACK))
  781. base->cra_flags |= CRYPTO_ALG_NEED_FALLBACK;
  782. if (!alg->setkey)
  783. alg->setkey = ahash_nosetkey;
  784. if (base->cra_flags & CRYPTO_AHASH_ALG_BLOCK_ONLY) {
  785. BUILD_BUG_ON(MAX_ALGAPI_BLOCKSIZE >= 256);
  786. if (!alg->finup)
  787. return -EINVAL;
  788. base->cra_reqsize += base->cra_blocksize + 1;
  789. alg->halg.statesize += base->cra_blocksize + 1;
  790. alg->export_core = alg->export;
  791. alg->import_core = alg->import;
  792. } else if (!alg->export_core || !alg->import_core) {
  793. alg->export_core = ahash_default_export_core;
  794. alg->import_core = ahash_default_import_core;
  795. base->cra_flags |= CRYPTO_AHASH_ALG_NO_EXPORT_CORE;
  796. }
  797. return 0;
  798. }
  799. int crypto_register_ahash(struct ahash_alg *alg)
  800. {
  801. struct crypto_alg *base = &alg->halg.base;
  802. int err;
  803. err = ahash_prepare_alg(alg);
  804. if (err)
  805. return err;
  806. return crypto_register_alg(base);
  807. }
  808. EXPORT_SYMBOL_GPL(crypto_register_ahash);
  809. void crypto_unregister_ahash(struct ahash_alg *alg)
  810. {
  811. crypto_unregister_alg(&alg->halg.base);
  812. }
  813. EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
  814. int crypto_register_ahashes(struct ahash_alg *algs, int count)
  815. {
  816. int i, ret;
  817. for (i = 0; i < count; i++) {
  818. ret = crypto_register_ahash(&algs[i]);
  819. if (ret) {
  820. crypto_unregister_ahashes(algs, i);
  821. return ret;
  822. }
  823. }
  824. return 0;
  825. }
  826. EXPORT_SYMBOL_GPL(crypto_register_ahashes);
  827. void crypto_unregister_ahashes(struct ahash_alg *algs, int count)
  828. {
  829. int i;
  830. for (i = count - 1; i >= 0; --i)
  831. crypto_unregister_ahash(&algs[i]);
  832. }
  833. EXPORT_SYMBOL_GPL(crypto_unregister_ahashes);
  834. int ahash_register_instance(struct crypto_template *tmpl,
  835. struct ahash_instance *inst)
  836. {
  837. int err;
  838. if (WARN_ON(!inst->free))
  839. return -EINVAL;
  840. err = ahash_prepare_alg(&inst->alg);
  841. if (err)
  842. return err;
  843. return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
  844. }
  845. EXPORT_SYMBOL_GPL(ahash_register_instance);
  846. void ahash_request_free(struct ahash_request *req)
  847. {
  848. if (unlikely(!req))
  849. return;
  850. if (!ahash_req_on_stack(req)) {
  851. kfree(req);
  852. return;
  853. }
  854. ahash_request_zero(req);
  855. }
  856. EXPORT_SYMBOL_GPL(ahash_request_free);
  857. int crypto_hash_digest(struct crypto_ahash *tfm, const u8 *data,
  858. unsigned int len, u8 *out)
  859. {
  860. HASH_REQUEST_ON_STACK(req, crypto_ahash_fb(tfm));
  861. int err;
  862. ahash_request_set_callback(req, 0, NULL, NULL);
  863. ahash_request_set_virt(req, data, out, len);
  864. err = crypto_ahash_digest(req);
  865. ahash_request_zero(req);
  866. return err;
  867. }
  868. EXPORT_SYMBOL_GPL(crypto_hash_digest);
  869. void ahash_free_singlespawn_instance(struct ahash_instance *inst)
  870. {
  871. crypto_drop_spawn(ahash_instance_ctx(inst));
  872. kfree(inst);
  873. }
  874. EXPORT_SYMBOL_GPL(ahash_free_singlespawn_instance);
  875. MODULE_LICENSE("GPL");
  876. MODULE_DESCRIPTION("Asynchronous cryptographic hash type");