hash.h 37 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055
  1. /* SPDX-License-Identifier: GPL-2.0-or-later */
  2. /*
  3. * Hash: Hash algorithms under the crypto API
  4. *
  5. * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
  6. */
  7. #ifndef _CRYPTO_HASH_H
  8. #define _CRYPTO_HASH_H
  9. #include <linux/crypto.h>
  10. #include <linux/scatterlist.h>
  11. #include <linux/slab.h>
  12. #include <linux/string.h>
  13. /* Set this bit for virtual address instead of SG list. */
  14. #define CRYPTO_AHASH_REQ_VIRT 0x00000001
  15. #define CRYPTO_AHASH_REQ_PRIVATE \
  16. CRYPTO_AHASH_REQ_VIRT
  17. struct crypto_ahash;
  18. /**
  19. * DOC: Message Digest Algorithm Definitions
  20. *
  21. * These data structures define modular message digest algorithm
  22. * implementations, managed via crypto_register_ahash(),
  23. * crypto_register_shash(), crypto_unregister_ahash() and
  24. * crypto_unregister_shash().
  25. */
  26. /*
  27. * struct hash_alg_common - define properties of message digest
  28. * @digestsize: Size of the result of the transformation. A buffer of this size
  29. * must be available to the @final and @finup calls, so they can
  30. * store the resulting hash into it. For various predefined sizes,
  31. * search include/crypto/ using
  32. * git grep _DIGEST_SIZE include/crypto.
  33. * @statesize: Size of the block for partial state of the transformation. A
  34. * buffer of this size must be passed to the @export function as it
  35. * will save the partial state of the transformation into it. On the
  36. * other side, the @import function will load the state from a
  37. * buffer of this size as well.
  38. * @base: Start of data structure of cipher algorithm. The common data
  39. * structure of crypto_alg contains information common to all ciphers.
  40. * The hash_alg_common data structure now adds the hash-specific
  41. * information.
  42. */
  43. #define HASH_ALG_COMMON { \
  44. unsigned int digestsize; \
  45. unsigned int statesize; \
  46. \
  47. struct crypto_alg base; \
  48. }
  49. struct hash_alg_common HASH_ALG_COMMON;
  50. struct ahash_request {
  51. struct crypto_async_request base;
  52. unsigned int nbytes;
  53. union {
  54. struct scatterlist *src;
  55. const u8 *svirt;
  56. };
  57. u8 *result;
  58. struct scatterlist sg_head[2];
  59. crypto_completion_t saved_complete;
  60. void *saved_data;
  61. void *__ctx[] CRYPTO_MINALIGN_ATTR;
  62. };
  63. /**
  64. * struct ahash_alg - asynchronous message digest definition
  65. * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the
  66. * state of the HASH transformation at the beginning. This shall fill in
  67. * the internal structures used during the entire duration of the whole
  68. * transformation. No data processing happens at this point. Driver code
  69. * implementation must not use req->result.
  70. * @update: **[mandatory]** Push a chunk of data into the driver for transformation. This
  71. * function actually pushes blocks of data from upper layers into the
  72. * driver, which then passes those to the hardware as seen fit. This
  73. * function must not finalize the HASH transformation by calculating the
  74. * final message digest as this only adds more data into the
  75. * transformation. This function shall not modify the transformation
  76. * context, as this function may be called in parallel with the same
  77. * transformation object. Data processing can happen synchronously
  78. * [SHASH] or asynchronously [AHASH] at this point. Driver must not use
  79. * req->result.
  80. * For block-only algorithms, @update must return the number
  81. * of bytes to store in the API partial block buffer.
  82. * @final: **[mandatory]** Retrieve result from the driver. This function finalizes the
  83. * transformation and retrieves the resulting hash from the driver and
  84. * pushes it back to upper layers. No data processing happens at this
  85. * point unless hardware requires it to finish the transformation
  86. * (then the data buffered by the device driver is processed).
  87. * @finup: **[optional]** Combination of @update and @final. This function is effectively a
  88. * combination of @update and @final calls issued in sequence. As some
  89. * hardware cannot do @update and @final separately, this callback was
  90. * added to allow such hardware to be used at least by IPsec. Data
  91. * processing can happen synchronously [SHASH] or asynchronously [AHASH]
  92. * at this point.
  93. * @digest: Combination of @init and @update and @final. This function
  94. * effectively behaves as the entire chain of operations, @init,
  95. * @update and @final issued in sequence. Just like @finup, this was
  96. * added for hardware which cannot do even the @finup, but can only do
  97. * the whole transformation in one run. Data processing can happen
  98. * synchronously [SHASH] or asynchronously [AHASH] at this point.
  99. * @setkey: Set optional key used by the hashing algorithm. Intended to push
  100. * optional key used by the hashing algorithm from upper layers into
  101. * the driver. This function can store the key in the transformation
  102. * context or can outright program it into the hardware. In the former
  103. * case, one must be careful to program the key into the hardware at
  104. * appropriate time and one must be careful that .setkey() can be
  105. * called multiple times during the existence of the transformation
  106. * object. Not all hashing algorithms do implement this function as it
  107. * is only needed for keyed message digests. SHAx/MDx/CRCx do NOT
  108. * implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement
  109. * this function. This function must be called before any other of the
  110. * @init, @update, @final, @finup, @digest is called. No data
  111. * processing happens at this point.
  112. * @export: Export partial state of the transformation. This function dumps the
  113. * entire state of the ongoing transformation into a provided block of
  114. * data so it can be @import 'ed back later on. This is useful in case
  115. * you want to save partial result of the transformation after
  116. * processing certain amount of data and reload this partial result
  117. * multiple times later on for multiple re-use. No data processing
  118. * happens at this point. Driver must not use req->result.
  119. * @import: Import partial state of the transformation. This function loads the
  120. * entire state of the ongoing transformation from a provided block of
  121. * data so the transformation can continue from this point onward. No
  122. * data processing happens at this point. Driver must not use
  123. * req->result.
  124. * @export_core: Export partial state without partial block. Only defined
  125. * for algorithms that are not block-only.
  126. * @import_core: Import partial state without partial block. Only defined
  127. * for algorithms that are not block-only.
  128. * @init_tfm: Initialize the cryptographic transformation object.
  129. * This function is called only once at the instantiation
  130. * time, right after the transformation context was
  131. * allocated. In case the cryptographic hardware has
  132. * some special requirements which need to be handled
  133. * by software, this function shall check for the precise
  134. * requirement of the transformation and put any software
  135. * fallbacks in place.
  136. * @exit_tfm: Deinitialize the cryptographic transformation object.
  137. * This is a counterpart to @init_tfm, used to remove
  138. * various changes set in @init_tfm.
  139. * @clone_tfm: Copy transform into new object, may allocate memory.
  140. * @halg: see struct hash_alg_common
  141. */
  142. struct ahash_alg {
  143. int (*init)(struct ahash_request *req);
  144. int (*update)(struct ahash_request *req);
  145. int (*final)(struct ahash_request *req);
  146. int (*finup)(struct ahash_request *req);
  147. int (*digest)(struct ahash_request *req);
  148. int (*export)(struct ahash_request *req, void *out);
  149. int (*import)(struct ahash_request *req, const void *in);
  150. int (*export_core)(struct ahash_request *req, void *out);
  151. int (*import_core)(struct ahash_request *req, const void *in);
  152. int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
  153. unsigned int keylen);
  154. int (*init_tfm)(struct crypto_ahash *tfm);
  155. void (*exit_tfm)(struct crypto_ahash *tfm);
  156. int (*clone_tfm)(struct crypto_ahash *dst, struct crypto_ahash *src);
  157. struct hash_alg_common halg;
  158. };
  159. struct shash_desc {
  160. struct crypto_shash *tfm;
  161. void *__ctx[] __aligned(ARCH_SLAB_MINALIGN);
  162. };
  163. #define HASH_MAX_DIGESTSIZE 64
  164. /*
  165. * The size of a core hash state and a partial block. The final byte
  166. * is the length of the partial block.
  167. */
  168. #define HASH_STATE_AND_BLOCK(state, block) ((state) + (block) + 1)
  169. /* Worst case is sha3-224. */
  170. #define HASH_MAX_STATESIZE HASH_STATE_AND_BLOCK(200, 144)
  171. /* This needs to match arch/s390/crypto/sha.h. */
  172. #define S390_SHA_CTX_SIZE 216
  173. /*
  174. * Worst case is hmac(sha3-224-s390). Its context is a nested 'shash_desc'
  175. * containing a 'struct s390_sha_ctx'.
  176. */
  177. #define SHA3_224_S390_DESCSIZE HASH_STATE_AND_BLOCK(S390_SHA_CTX_SIZE, 144)
  178. #define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + \
  179. SHA3_224_S390_DESCSIZE)
  180. #define MAX_SYNC_HASH_REQSIZE (sizeof(struct ahash_request) + \
  181. HASH_MAX_DESCSIZE)
  182. #define SHASH_DESC_ON_STACK(shash, ctx) \
  183. char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \
  184. __aligned(__alignof__(struct shash_desc)); \
  185. struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
  186. #define HASH_REQUEST_ON_STACK(name, _tfm) \
  187. char __##name##_req[sizeof(struct ahash_request) + \
  188. MAX_SYNC_HASH_REQSIZE] CRYPTO_MINALIGN_ATTR; \
  189. struct ahash_request *name = \
  190. ahash_request_on_stack_init(__##name##_req, (_tfm))
  191. #define HASH_REQUEST_CLONE(name, gfp) \
  192. hash_request_clone(name, sizeof(__##name##_req), gfp)
  193. #define CRYPTO_HASH_STATESIZE(coresize, blocksize) (coresize + blocksize + 1)
  194. /**
  195. * struct shash_alg - synchronous message digest definition
  196. * @init: see struct ahash_alg
  197. * @update: see struct ahash_alg
  198. * @final: see struct ahash_alg
  199. * @finup: see struct ahash_alg
  200. * @digest: see struct ahash_alg
  201. * @export: see struct ahash_alg
  202. * @import: see struct ahash_alg
  203. * @export_core: see struct ahash_alg
  204. * @import_core: see struct ahash_alg
  205. * @setkey: see struct ahash_alg
  206. * @init_tfm: Initialize the cryptographic transformation object.
  207. * This function is called only once at the instantiation
  208. * time, right after the transformation context was
  209. * allocated. In case the cryptographic hardware has
  210. * some special requirements which need to be handled
  211. * by software, this function shall check for the precise
  212. * requirement of the transformation and put any software
  213. * fallbacks in place.
  214. * @exit_tfm: Deinitialize the cryptographic transformation object.
  215. * This is a counterpart to @init_tfm, used to remove
  216. * various changes set in @init_tfm.
  217. * @clone_tfm: Copy transform into new object, may allocate memory.
  218. * @descsize: Size of the operational state for the message digest. This state
  219. * size is the memory size that needs to be allocated for
  220. * shash_desc.__ctx
  221. * @halg: see struct hash_alg_common
  222. * @HASH_ALG_COMMON: see struct hash_alg_common
  223. */
  224. struct shash_alg {
  225. int (*init)(struct shash_desc *desc);
  226. int (*update)(struct shash_desc *desc, const u8 *data,
  227. unsigned int len);
  228. int (*final)(struct shash_desc *desc, u8 *out);
  229. int (*finup)(struct shash_desc *desc, const u8 *data,
  230. unsigned int len, u8 *out);
  231. int (*digest)(struct shash_desc *desc, const u8 *data,
  232. unsigned int len, u8 *out);
  233. int (*export)(struct shash_desc *desc, void *out);
  234. int (*import)(struct shash_desc *desc, const void *in);
  235. int (*export_core)(struct shash_desc *desc, void *out);
  236. int (*import_core)(struct shash_desc *desc, const void *in);
  237. int (*setkey)(struct crypto_shash *tfm, const u8 *key,
  238. unsigned int keylen);
  239. int (*init_tfm)(struct crypto_shash *tfm);
  240. void (*exit_tfm)(struct crypto_shash *tfm);
  241. int (*clone_tfm)(struct crypto_shash *dst, struct crypto_shash *src);
  242. unsigned int descsize;
  243. union {
  244. struct HASH_ALG_COMMON;
  245. struct hash_alg_common halg;
  246. };
  247. };
  248. #undef HASH_ALG_COMMON
  249. struct crypto_ahash {
  250. bool using_shash; /* Underlying algorithm is shash, not ahash */
  251. unsigned int statesize;
  252. unsigned int reqsize;
  253. struct crypto_tfm base;
  254. };
  255. struct crypto_shash {
  256. struct crypto_tfm base;
  257. };
  258. /**
  259. * DOC: Asynchronous Message Digest API
  260. *
  261. * The asynchronous message digest API is used with the ciphers of type
  262. * CRYPTO_ALG_TYPE_AHASH (listed as type "ahash" in /proc/crypto)
  263. *
  264. * The asynchronous cipher operation discussion provided for the
  265. * CRYPTO_ALG_TYPE_SKCIPHER API applies here as well.
  266. */
  267. static inline bool ahash_req_on_stack(struct ahash_request *req)
  268. {
  269. return crypto_req_on_stack(&req->base);
  270. }
  271. static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
  272. {
  273. return container_of(tfm, struct crypto_ahash, base);
  274. }
  275. /**
  276. * crypto_alloc_ahash() - allocate ahash cipher handle
  277. * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
  278. * ahash cipher
  279. * @type: specifies the type of the cipher
  280. * @mask: specifies the mask for the cipher
  281. *
  282. * Allocate a cipher handle for an ahash. The returned struct
  283. * crypto_ahash is the cipher handle that is required for any subsequent
  284. * API invocation for that ahash.
  285. *
  286. * Return: allocated cipher handle in case of success; IS_ERR() is true in case
  287. * of an error, PTR_ERR() returns the error code.
  288. */
  289. struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
  290. u32 mask);
  291. struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *tfm);
  292. static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
  293. {
  294. return &tfm->base;
  295. }
  296. /**
  297. * crypto_free_ahash() - zeroize and free the ahash handle
  298. * @tfm: cipher handle to be freed
  299. *
  300. * If @tfm is a NULL or error pointer, this function does nothing.
  301. */
  302. static inline void crypto_free_ahash(struct crypto_ahash *tfm)
  303. {
  304. crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
  305. }
  306. /**
  307. * crypto_has_ahash() - Search for the availability of an ahash.
  308. * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
  309. * ahash
  310. * @type: specifies the type of the ahash
  311. * @mask: specifies the mask for the ahash
  312. *
  313. * Return: true when the ahash is known to the kernel crypto API; false
  314. * otherwise
  315. */
  316. int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
  317. static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
  318. {
  319. return crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
  320. }
  321. static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm)
  322. {
  323. return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
  324. }
  325. /**
  326. * crypto_ahash_blocksize() - obtain block size for cipher
  327. * @tfm: cipher handle
  328. *
  329. * The block size for the message digest cipher referenced with the cipher
  330. * handle is returned.
  331. *
  332. * Return: block size of cipher
  333. */
  334. static inline unsigned int crypto_ahash_blocksize(struct crypto_ahash *tfm)
  335. {
  336. return crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
  337. }
  338. static inline struct hash_alg_common *__crypto_hash_alg_common(
  339. struct crypto_alg *alg)
  340. {
  341. return container_of(alg, struct hash_alg_common, base);
  342. }
  343. static inline struct hash_alg_common *crypto_hash_alg_common(
  344. struct crypto_ahash *tfm)
  345. {
  346. return __crypto_hash_alg_common(crypto_ahash_tfm(tfm)->__crt_alg);
  347. }
  348. /**
  349. * crypto_ahash_digestsize() - obtain message digest size
  350. * @tfm: cipher handle
  351. *
  352. * The size for the message digest created by the message digest cipher
  353. * referenced with the cipher handle is returned.
  354. *
  355. *
  356. * Return: message digest size of cipher
  357. */
  358. static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
  359. {
  360. return crypto_hash_alg_common(tfm)->digestsize;
  361. }
  362. /**
  363. * crypto_ahash_statesize() - obtain size of the ahash state
  364. * @tfm: cipher handle
  365. *
  366. * Return the size of the ahash state. With the crypto_ahash_export()
  367. * function, the caller can export the state into a buffer whose size is
  368. * defined with this function.
  369. *
  370. * Return: size of the ahash state
  371. */
  372. static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
  373. {
  374. return tfm->statesize;
  375. }
  376. static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm)
  377. {
  378. return crypto_tfm_get_flags(crypto_ahash_tfm(tfm));
  379. }
  380. static inline void crypto_ahash_set_flags(struct crypto_ahash *tfm, u32 flags)
  381. {
  382. crypto_tfm_set_flags(crypto_ahash_tfm(tfm), flags);
  383. }
  384. static inline void crypto_ahash_clear_flags(struct crypto_ahash *tfm, u32 flags)
  385. {
  386. crypto_tfm_clear_flags(crypto_ahash_tfm(tfm), flags);
  387. }
  388. /**
  389. * crypto_ahash_reqtfm() - obtain cipher handle from request
  390. * @req: asynchronous request handle that contains the reference to the ahash
  391. * cipher handle
  392. *
  393. * Return the ahash cipher handle that is registered with the asynchronous
  394. * request handle ahash_request.
  395. *
  396. * Return: ahash cipher handle
  397. */
  398. static inline struct crypto_ahash *crypto_ahash_reqtfm(
  399. struct ahash_request *req)
  400. {
  401. return __crypto_ahash_cast(req->base.tfm);
  402. }
  403. /**
  404. * crypto_ahash_reqsize() - obtain size of the request data structure
  405. * @tfm: cipher handle
  406. *
  407. * Return: size of the request data
  408. */
  409. static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm)
  410. {
  411. return tfm->reqsize;
  412. }
  413. static inline void *ahash_request_ctx(struct ahash_request *req)
  414. {
  415. return req->__ctx;
  416. }
  417. /**
  418. * crypto_ahash_setkey - set key for cipher handle
  419. * @tfm: cipher handle
  420. * @key: buffer holding the key
  421. * @keylen: length of the key in bytes
  422. *
  423. * The caller provided key is set for the ahash cipher. The cipher
  424. * handle must point to a keyed hash in order for this function to succeed.
  425. *
  426. * Return: 0 if the setting of the key was successful; < 0 if an error occurred
  427. */
  428. int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
  429. unsigned int keylen);
  430. /**
  431. * crypto_ahash_finup() - update and finalize message digest
  432. * @req: reference to the ahash_request handle that holds all information
  433. * needed to perform the cipher operation
  434. *
  435. * This function is a "short-hand" for the function calls of
  436. * crypto_ahash_update and crypto_ahash_final. The parameters have the same
  437. * meaning as discussed for those separate functions.
  438. *
  439. * Return: see crypto_ahash_final()
  440. */
  441. int crypto_ahash_finup(struct ahash_request *req);
  442. /**
  443. * crypto_ahash_final() - calculate message digest
  444. * @req: reference to the ahash_request handle that holds all information
  445. * needed to perform the cipher operation
  446. *
  447. * Finalize the message digest operation and create the message digest
  448. * based on all data added to the cipher handle. The message digest is placed
  449. * into the output buffer registered with the ahash_request handle.
  450. *
  451. * Return:
  452. * 0 if the message digest was successfully calculated;
  453. * -EINPROGRESS if data is fed into hardware (DMA) or queued for later;
  454. * -EBUSY if queue is full and request should be resubmitted later;
  455. * other < 0 if an error occurred
  456. */
  457. static inline int crypto_ahash_final(struct ahash_request *req)
  458. {
  459. req->nbytes = 0;
  460. return crypto_ahash_finup(req);
  461. }
  462. /**
  463. * crypto_ahash_digest() - calculate message digest for a buffer
  464. * @req: reference to the ahash_request handle that holds all information
  465. * needed to perform the cipher operation
  466. *
  467. * This function is a "short-hand" for the function calls of crypto_ahash_init,
  468. * crypto_ahash_update and crypto_ahash_final. The parameters have the same
  469. * meaning as discussed for those separate three functions.
  470. *
  471. * Return: see crypto_ahash_final()
  472. */
  473. int crypto_ahash_digest(struct ahash_request *req);
  474. /**
  475. * crypto_ahash_export() - extract current message digest state
  476. * @req: reference to the ahash_request handle whose state is exported
  477. * @out: output buffer of sufficient size that can hold the hash state
  478. *
  479. * This function exports the hash state of the ahash_request handle into the
  480. * caller-allocated output buffer out which must have sufficient size (e.g. by
  481. * calling crypto_ahash_statesize()).
  482. *
  483. * Return: 0 if the export was successful; < 0 if an error occurred
  484. */
  485. int crypto_ahash_export(struct ahash_request *req, void *out);
  486. /**
  487. * crypto_ahash_import() - import message digest state
  488. * @req: reference to ahash_request handle the state is imported into
  489. * @in: buffer holding the state
  490. *
  491. * This function imports the hash state into the ahash_request handle from the
  492. * input buffer. That buffer should have been generated with the
  493. * crypto_ahash_export function.
  494. *
  495. * Return: 0 if the import was successful; < 0 if an error occurred
  496. */
  497. int crypto_ahash_import(struct ahash_request *req, const void *in);
  498. /**
  499. * crypto_ahash_init() - (re)initialize message digest handle
  500. * @req: ahash_request handle that already is initialized with all necessary
  501. * data using the ahash_request_* API functions
  502. *
  503. * The call (re-)initializes the message digest referenced by the ahash_request
  504. * handle. Any potentially existing state created by previous operations is
  505. * discarded.
  506. *
  507. * Return: see crypto_ahash_final()
  508. */
  509. int crypto_ahash_init(struct ahash_request *req);
  510. /**
  511. * crypto_ahash_update() - add data to message digest for processing
  512. * @req: ahash_request handle that was previously initialized with the
  513. * crypto_ahash_init call.
  514. *
  515. * Updates the message digest state of the &ahash_request handle. The input data
  516. * is pointed to by the scatter/gather list registered in the &ahash_request
  517. * handle
  518. *
  519. * Return: see crypto_ahash_final()
  520. */
  521. int crypto_ahash_update(struct ahash_request *req);
  522. /**
  523. * DOC: Asynchronous Hash Request Handle
  524. *
  525. * The &ahash_request data structure contains all pointers to data
  526. * required for the asynchronous cipher operation. This includes the cipher
  527. * handle (which can be used by multiple &ahash_request instances), pointer
  528. * to plaintext and the message digest output buffer, asynchronous callback
  529. * function, etc. It acts as a handle to the ahash_request_* API calls in a
  530. * similar way as ahash handle to the crypto_ahash_* API calls.
  531. */
  532. /**
  533. * ahash_request_set_tfm() - update cipher handle reference in request
  534. * @req: request handle to be modified
  535. * @tfm: cipher handle that shall be added to the request handle
  536. *
  537. * Allow the caller to replace the existing ahash handle in the request
  538. * data structure with a different one.
  539. */
  540. static inline void ahash_request_set_tfm(struct ahash_request *req,
  541. struct crypto_ahash *tfm)
  542. {
  543. crypto_request_set_tfm(&req->base, crypto_ahash_tfm(tfm));
  544. }
  545. /**
  546. * ahash_request_alloc() - allocate request data structure
  547. * @tfm: cipher handle to be registered with the request
  548. * @gfp: memory allocation flag that is handed to kmalloc by the API call.
  549. *
  550. * Allocate the request data structure that must be used with the ahash
  551. * message digest API calls. During
  552. * the allocation, the provided ahash handle
  553. * is registered in the request data structure.
  554. *
  555. * Return: allocated request handle in case of success, or NULL if out of memory
  556. */
  557. static inline struct ahash_request *ahash_request_alloc_noprof(
  558. struct crypto_ahash *tfm, gfp_t gfp)
  559. {
  560. struct ahash_request *req;
  561. req = kmalloc_noprof(sizeof(struct ahash_request) +
  562. crypto_ahash_reqsize(tfm), gfp);
  563. if (likely(req))
  564. ahash_request_set_tfm(req, tfm);
  565. return req;
  566. }
  567. #define ahash_request_alloc(...) alloc_hooks(ahash_request_alloc_noprof(__VA_ARGS__))
  568. /**
  569. * ahash_request_free() - zeroize and free the request data structure
  570. * @req: request data structure cipher handle to be freed
  571. */
  572. void ahash_request_free(struct ahash_request *req);
  573. static inline void ahash_request_zero(struct ahash_request *req)
  574. {
  575. memzero_explicit(req, sizeof(*req) +
  576. crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
  577. }
  578. static inline struct ahash_request *ahash_request_cast(
  579. struct crypto_async_request *req)
  580. {
  581. return container_of(req, struct ahash_request, base);
  582. }
  583. /**
  584. * ahash_request_set_callback() - set asynchronous callback function
  585. * @req: request handle
  586. * @flags: specify zero or an ORing of the flags
  587. * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
  588. * increase the wait queue beyond the initial maximum size;
  589. * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
  590. * @compl: callback function pointer to be registered with the request handle
  591. * @data: The data pointer refers to memory that is not used by the kernel
  592. * crypto API, but provided to the callback function for it to use. Here,
  593. * the caller can provide a reference to memory the callback function can
  594. * operate on. As the callback function is invoked asynchronously to the
  595. * related functionality, it may need to access data structures of the
  596. * related functionality which can be referenced using this pointer. The
  597. * callback function can access the memory via the "data" field in the
  598. * &crypto_async_request data structure provided to the callback function.
  599. *
  600. * This function allows setting the callback function that is triggered once
  601. * the cipher operation completes.
  602. *
  603. * The callback function is registered with the &ahash_request handle and
  604. * must comply with the following template::
  605. *
  606. * void callback_function(struct crypto_async_request *req, int error)
  607. */
  608. static inline void ahash_request_set_callback(struct ahash_request *req,
  609. u32 flags,
  610. crypto_completion_t compl,
  611. void *data)
  612. {
  613. flags &= ~CRYPTO_AHASH_REQ_PRIVATE;
  614. flags |= req->base.flags & CRYPTO_AHASH_REQ_PRIVATE;
  615. crypto_request_set_callback(&req->base, flags, compl, data);
  616. }
  617. /**
  618. * ahash_request_set_crypt() - set data buffers
  619. * @req: ahash_request handle to be updated
  620. * @src: source scatter/gather list
  621. * @result: buffer that is filled with the message digest -- the caller must
  622. * ensure that the buffer has sufficient space by, for example, calling
  623. * crypto_ahash_digestsize()
  624. * @nbytes: number of bytes to process from the source scatter/gather list
  625. *
  626. * By using this call, the caller references the source scatter/gather list.
  627. * The source scatter/gather list points to the data the message digest is to
  628. * be calculated for.
  629. */
  630. static inline void ahash_request_set_crypt(struct ahash_request *req,
  631. struct scatterlist *src, u8 *result,
  632. unsigned int nbytes)
  633. {
  634. req->src = src;
  635. req->nbytes = nbytes;
  636. req->result = result;
  637. req->base.flags &= ~CRYPTO_AHASH_REQ_VIRT;
  638. }
  639. /**
  640. * ahash_request_set_virt() - set virtual address data buffers
  641. * @req: ahash_request handle to be updated
  642. * @src: source virtual address
  643. * @result: buffer that is filled with the message digest -- the caller must
  644. * ensure that the buffer has sufficient space by, for example, calling
  645. * crypto_ahash_digestsize()
  646. * @nbytes: number of bytes to process from the source virtual address
  647. *
  648. * By using this call, the caller references the source virtual address.
  649. * The source virtual address points to the data the message digest is to
  650. * be calculated for.
  651. */
  652. static inline void ahash_request_set_virt(struct ahash_request *req,
  653. const u8 *src, u8 *result,
  654. unsigned int nbytes)
  655. {
  656. req->svirt = src;
  657. req->nbytes = nbytes;
  658. req->result = result;
  659. req->base.flags |= CRYPTO_AHASH_REQ_VIRT;
  660. }
  661. /**
  662. * DOC: Synchronous Message Digest API
  663. *
  664. * The synchronous message digest API is used with the ciphers of type
  665. * CRYPTO_ALG_TYPE_SHASH (listed as type "shash" in /proc/crypto)
  666. *
  667. * The message digest API is able to maintain state information for the
  668. * caller.
  669. *
  670. * The synchronous message digest API can store user-related context in its
  671. * shash_desc request data structure.
  672. */
  673. /**
  674. * crypto_alloc_shash() - allocate message digest handle
  675. * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
  676. * message digest cipher
  677. * @type: specifies the type of the cipher
  678. * @mask: specifies the mask for the cipher
  679. *
  680. * Allocate a cipher handle for a message digest. The returned &struct
  681. * crypto_shash is the cipher handle that is required for any subsequent
  682. * API invocation for that message digest.
  683. *
  684. * Return: allocated cipher handle in case of success; IS_ERR() is true in case
  685. * of an error, PTR_ERR() returns the error code.
  686. */
  687. struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
  688. u32 mask);
  689. struct crypto_shash *crypto_clone_shash(struct crypto_shash *tfm);
  690. int crypto_has_shash(const char *alg_name, u32 type, u32 mask);
  691. static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
  692. {
  693. return &tfm->base;
  694. }
  695. /**
  696. * crypto_free_shash() - zeroize and free the message digest handle
  697. * @tfm: cipher handle to be freed
  698. *
  699. * If @tfm is a NULL or error pointer, this function does nothing.
  700. */
  701. static inline void crypto_free_shash(struct crypto_shash *tfm)
  702. {
  703. crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm));
  704. }
  705. static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm)
  706. {
  707. return crypto_tfm_alg_name(crypto_shash_tfm(tfm));
  708. }
  709. static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm)
  710. {
  711. return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
  712. }
  713. /**
  714. * crypto_shash_blocksize() - obtain block size for cipher
  715. * @tfm: cipher handle
  716. *
  717. * The block size for the message digest cipher referenced with the cipher
  718. * handle is returned.
  719. *
  720. * Return: block size of cipher
  721. */
  722. static inline unsigned int crypto_shash_blocksize(struct crypto_shash *tfm)
  723. {
  724. return crypto_tfm_alg_blocksize(crypto_shash_tfm(tfm));
  725. }
  726. static inline struct shash_alg *__crypto_shash_alg(struct crypto_alg *alg)
  727. {
  728. return container_of(alg, struct shash_alg, base);
  729. }
  730. static inline struct shash_alg *crypto_shash_alg(struct crypto_shash *tfm)
  731. {
  732. return __crypto_shash_alg(crypto_shash_tfm(tfm)->__crt_alg);
  733. }
  734. /**
  735. * crypto_shash_digestsize() - obtain message digest size
  736. * @tfm: cipher handle
  737. *
  738. * The size for the message digest created by the message digest cipher
  739. * referenced with the cipher handle is returned.
  740. *
  741. * Return: digest size of cipher
  742. */
  743. static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm)
  744. {
  745. return crypto_shash_alg(tfm)->digestsize;
  746. }
  747. static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm)
  748. {
  749. return crypto_shash_alg(tfm)->statesize;
  750. }
  751. static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm)
  752. {
  753. return crypto_tfm_get_flags(crypto_shash_tfm(tfm));
  754. }
  755. static inline void crypto_shash_set_flags(struct crypto_shash *tfm, u32 flags)
  756. {
  757. crypto_tfm_set_flags(crypto_shash_tfm(tfm), flags);
  758. }
  759. static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags)
  760. {
  761. crypto_tfm_clear_flags(crypto_shash_tfm(tfm), flags);
  762. }
  763. /**
  764. * crypto_shash_descsize() - obtain the operational state size
  765. * @tfm: cipher handle
  766. *
  767. * The size of the operational state the cipher needs during operation is
  768. * returned for the hash referenced with the cipher handle. This size is
  769. * required to calculate the memory requirements to allow the caller allocating
  770. * sufficient memory for operational state.
  771. *
  772. * The operational state is defined with struct shash_desc where the size of
  773. * that data structure is to be calculated as
  774. * sizeof(struct shash_desc) + crypto_shash_descsize(alg)
  775. *
  776. * Return: size of the operational state
  777. */
  778. static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
  779. {
  780. return crypto_shash_alg(tfm)->descsize;
  781. }
  782. static inline void *shash_desc_ctx(struct shash_desc *desc)
  783. {
  784. return desc->__ctx;
  785. }
  786. /**
  787. * crypto_shash_setkey() - set key for message digest
  788. * @tfm: cipher handle
  789. * @key: buffer holding the key
  790. * @keylen: length of the key in bytes
  791. *
  792. * The caller provided key is set for the keyed message digest cipher. The
  793. * cipher handle must point to a keyed message digest cipher in order for this
  794. * function to succeed.
  795. *
  796. * Context: Softirq or process context.
  797. * Return: 0 if the setting of the key was successful; < 0 if an error occurred
  798. */
  799. int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
  800. unsigned int keylen);
  801. /**
  802. * crypto_shash_digest() - calculate message digest for buffer
  803. * @desc: see crypto_shash_final()
  804. * @data: see crypto_shash_update()
  805. * @len: see crypto_shash_update()
  806. * @out: see crypto_shash_final()
  807. *
  808. * This function is a "short-hand" for the function calls of crypto_shash_init,
  809. * crypto_shash_update and crypto_shash_final. The parameters have the same
  810. * meaning as discussed for those separate three functions.
  811. *
  812. * Context: Softirq or process context.
  813. * Return: 0 if the message digest creation was successful; < 0 if an error
  814. * occurred
  815. */
  816. int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
  817. unsigned int len, u8 *out);
  818. /**
  819. * crypto_shash_tfm_digest() - calculate message digest for buffer
  820. * @tfm: hash transformation object
  821. * @data: see crypto_shash_update()
  822. * @len: see crypto_shash_update()
  823. * @out: see crypto_shash_final()
  824. *
  825. * This is a simplified version of crypto_shash_digest() for users who don't
  826. * want to allocate their own hash descriptor (shash_desc). Instead,
  827. * crypto_shash_tfm_digest() takes a hash transformation object (crypto_shash)
  828. * directly, and it allocates a hash descriptor on the stack internally.
  829. * Note that this stack allocation may be fairly large.
  830. *
  831. * Context: Softirq or process context.
  832. * Return: 0 on success; < 0 if an error occurred.
  833. */
  834. int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
  835. unsigned int len, u8 *out);
  836. int crypto_hash_digest(struct crypto_ahash *tfm, const u8 *data,
  837. unsigned int len, u8 *out);
  838. /**
  839. * crypto_shash_export() - extract operational state for message digest
  840. * @desc: reference to the operational state handle whose state is exported
  841. * @out: output buffer of sufficient size that can hold the hash state
  842. *
  843. * This function exports the hash state of the operational state handle into the
  844. * caller-allocated output buffer out which must have sufficient size (e.g. by
  845. * calling crypto_shash_descsize).
  846. *
  847. * Context: Softirq or process context.
  848. * Return: 0 if the export creation was successful; < 0 if an error occurred
  849. */
  850. int crypto_shash_export(struct shash_desc *desc, void *out);
  851. /**
  852. * crypto_shash_import() - import operational state
  853. * @desc: reference to the operational state handle the state imported into
  854. * @in: buffer holding the state
  855. *
  856. * This function imports the hash state into the operational state handle from
  857. * the input buffer. That buffer should have been generated with the
  858. * crypto_ahash_export function.
  859. *
  860. * Context: Softirq or process context.
  861. * Return: 0 if the import was successful; < 0 if an error occurred
  862. */
  863. int crypto_shash_import(struct shash_desc *desc, const void *in);
  864. /**
  865. * crypto_shash_init() - (re)initialize message digest
  866. * @desc: operational state handle that is already filled
  867. *
  868. * The call (re-)initializes the message digest referenced by the
  869. * operational state handle. Any potentially existing state created by
  870. * previous operations is discarded.
  871. *
  872. * Context: Softirq or process context.
  873. * Return: 0 if the message digest initialization was successful; < 0 if an
  874. * error occurred
  875. */
  876. int crypto_shash_init(struct shash_desc *desc);
  877. /**
  878. * crypto_shash_finup() - calculate message digest of buffer
  879. * @desc: see crypto_shash_final()
  880. * @data: see crypto_shash_update()
  881. * @len: see crypto_shash_update()
  882. * @out: see crypto_shash_final()
  883. *
  884. * This function is a "short-hand" for the function calls of
  885. * crypto_shash_update and crypto_shash_final. The parameters have the same
  886. * meaning as discussed for those separate functions.
  887. *
  888. * Context: Softirq or process context.
  889. * Return: 0 if the message digest creation was successful; < 0 if an error
  890. * occurred
  891. */
  892. int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
  893. unsigned int len, u8 *out);
  894. /**
  895. * crypto_shash_update() - add data to message digest for processing
  896. * @desc: operational state handle that is already initialized
  897. * @data: input data to be added to the message digest
  898. * @len: length of the input data
  899. *
  900. * Updates the message digest state of the operational state handle.
  901. *
  902. * Context: Softirq or process context.
  903. * Return: 0 if the message digest update was successful; < 0 if an error
  904. * occurred
  905. */
  906. static inline int crypto_shash_update(struct shash_desc *desc, const u8 *data,
  907. unsigned int len)
  908. {
  909. return crypto_shash_finup(desc, data, len, NULL);
  910. }
  911. /**
  912. * crypto_shash_final() - calculate message digest
  913. * @desc: operational state handle that is already filled with data
  914. * @out: output buffer filled with the message digest
  915. *
  916. * Finalize the message digest operation and create the message digest
  917. * based on all data added to the cipher handle. The message digest is placed
  918. * into the output buffer. The caller must ensure that the output buffer is
  919. * large enough by using crypto_shash_digestsize.
  920. *
  921. * Context: Softirq or process context.
  922. * Return: 0 if the message digest creation was successful; < 0 if an error
  923. * occurred
  924. */
  925. static inline int crypto_shash_final(struct shash_desc *desc, u8 *out)
  926. {
  927. return crypto_shash_finup(desc, NULL, 0, out);
  928. }
  929. static inline void shash_desc_zero(struct shash_desc *desc)
  930. {
  931. memzero_explicit(desc,
  932. sizeof(*desc) + crypto_shash_descsize(desc->tfm));
  933. }
  934. static inline bool ahash_is_async(struct crypto_ahash *tfm)
  935. {
  936. return crypto_tfm_is_async(&tfm->base);
  937. }
  938. static inline struct ahash_request *ahash_request_on_stack_init(
  939. char *buf, struct crypto_ahash *tfm)
  940. {
  941. struct ahash_request *req = (void *)buf;
  942. crypto_stack_request_init(&req->base, crypto_ahash_tfm(tfm));
  943. return req;
  944. }
  945. static inline struct ahash_request *ahash_request_clone(
  946. struct ahash_request *req, size_t total, gfp_t gfp)
  947. {
  948. return container_of(crypto_request_clone(&req->base, total, gfp),
  949. struct ahash_request, base);
  950. }
  951. #endif /* _CRYPTO_HASH_H */