1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* |
3 | * Hash: Hash algorithms under the crypto API |
4 | * |
5 | * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> |
6 | */ |
7 | |
8 | #ifndef _CRYPTO_HASH_H |
9 | #define _CRYPTO_HASH_H |
10 | |
11 | #include <linux/atomic.h> |
12 | #include <linux/crypto.h> |
13 | #include <linux/string.h> |
14 | |
15 | struct crypto_ahash; |
16 | |
17 | /** |
18 | * DOC: Message Digest Algorithm Definitions |
19 | * |
20 | * These data structures define modular message digest algorithm |
21 | * implementations, managed via crypto_register_ahash(), |
22 | * crypto_register_shash(), crypto_unregister_ahash() and |
23 | * crypto_unregister_shash(). |
24 | */ |
25 | |
26 | /* |
27 | * struct crypto_istat_hash - statistics for has algorithm |
28 | * @hash_cnt: number of hash requests |
29 | * @hash_tlen: total data size hashed |
30 | * @err_cnt: number of error for hash requests |
31 | */ |
32 | struct crypto_istat_hash { |
33 | atomic64_t hash_cnt; |
34 | atomic64_t hash_tlen; |
35 | atomic64_t err_cnt; |
36 | }; |
37 | |
38 | #ifdef CONFIG_CRYPTO_STATS |
39 | #define HASH_ALG_COMMON_STAT struct crypto_istat_hash stat; |
40 | #else |
41 | #define HASH_ALG_COMMON_STAT |
42 | #endif |
43 | |
44 | /* |
45 | * struct hash_alg_common - define properties of message digest |
46 | * @stat: Statistics for hash algorithm. |
47 | * @digestsize: Size of the result of the transformation. A buffer of this size |
48 | * must be available to the @final and @finup calls, so they can |
49 | * store the resulting hash into it. For various predefined sizes, |
50 | * search include/crypto/ using |
51 | * git grep _DIGEST_SIZE include/crypto. |
52 | * @statesize: Size of the block for partial state of the transformation. A |
53 | * buffer of this size must be passed to the @export function as it |
54 | * will save the partial state of the transformation into it. On the |
55 | * other side, the @import function will load the state from a |
56 | * buffer of this size as well. |
57 | * @base: Start of data structure of cipher algorithm. The common data |
58 | * structure of crypto_alg contains information common to all ciphers. |
59 | * The hash_alg_common data structure now adds the hash-specific |
60 | * information. |
61 | */ |
62 | #define HASH_ALG_COMMON { \ |
63 | HASH_ALG_COMMON_STAT \ |
64 | \ |
65 | unsigned int digestsize; \ |
66 | unsigned int statesize; \ |
67 | \ |
68 | struct crypto_alg base; \ |
69 | } |
70 | struct hash_alg_common HASH_ALG_COMMON; |
71 | |
72 | struct ahash_request { |
73 | struct crypto_async_request base; |
74 | |
75 | unsigned int nbytes; |
76 | struct scatterlist *src; |
77 | u8 *result; |
78 | |
79 | /* This field may only be used by the ahash API code. */ |
80 | void *priv; |
81 | |
82 | void *__ctx[] CRYPTO_MINALIGN_ATTR; |
83 | }; |
84 | |
85 | /** |
86 | * struct ahash_alg - asynchronous message digest definition |
87 | * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the |
88 | * state of the HASH transformation at the beginning. This shall fill in |
89 | * the internal structures used during the entire duration of the whole |
90 | * transformation. No data processing happens at this point. Driver code |
91 | * implementation must not use req->result. |
92 | * @update: **[mandatory]** Push a chunk of data into the driver for transformation. This |
93 | * function actually pushes blocks of data from upper layers into the |
94 | * driver, which then passes those to the hardware as seen fit. This |
95 | * function must not finalize the HASH transformation by calculating the |
96 | * final message digest as this only adds more data into the |
97 | * transformation. This function shall not modify the transformation |
98 | * context, as this function may be called in parallel with the same |
99 | * transformation object. Data processing can happen synchronously |
100 | * [SHASH] or asynchronously [AHASH] at this point. Driver must not use |
101 | * req->result. |
102 | * @final: **[mandatory]** Retrieve result from the driver. This function finalizes the |
103 | * transformation and retrieves the resulting hash from the driver and |
104 | * pushes it back to upper layers. No data processing happens at this |
105 | * point unless hardware requires it to finish the transformation |
106 | * (then the data buffered by the device driver is processed). |
107 | * @finup: **[optional]** Combination of @update and @final. This function is effectively a |
108 | * combination of @update and @final calls issued in sequence. As some |
109 | * hardware cannot do @update and @final separately, this callback was |
110 | * added to allow such hardware to be used at least by IPsec. Data |
111 | * processing can happen synchronously [SHASH] or asynchronously [AHASH] |
112 | * at this point. |
113 | * @digest: Combination of @init and @update and @final. This function |
114 | * effectively behaves as the entire chain of operations, @init, |
115 | * @update and @final issued in sequence. Just like @finup, this was |
116 | * added for hardware which cannot do even the @finup, but can only do |
117 | * the whole transformation in one run. Data processing can happen |
118 | * synchronously [SHASH] or asynchronously [AHASH] at this point. |
119 | * @setkey: Set optional key used by the hashing algorithm. Intended to push |
120 | * optional key used by the hashing algorithm from upper layers into |
121 | * the driver. This function can store the key in the transformation |
122 | * context or can outright program it into the hardware. In the former |
123 | * case, one must be careful to program the key into the hardware at |
124 | * appropriate time and one must be careful that .setkey() can be |
125 | * called multiple times during the existence of the transformation |
126 | * object. Not all hashing algorithms do implement this function as it |
127 | * is only needed for keyed message digests. SHAx/MDx/CRCx do NOT |
128 | * implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement |
129 | * this function. This function must be called before any other of the |
130 | * @init, @update, @final, @finup, @digest is called. No data |
131 | * processing happens at this point. |
132 | * @export: Export partial state of the transformation. This function dumps the |
133 | * entire state of the ongoing transformation into a provided block of |
134 | * data so it can be @import 'ed back later on. This is useful in case |
135 | * you want to save partial result of the transformation after |
136 | * processing certain amount of data and reload this partial result |
137 | * multiple times later on for multiple re-use. No data processing |
138 | * happens at this point. Driver must not use req->result. |
139 | * @import: Import partial state of the transformation. This function loads the |
140 | * entire state of the ongoing transformation from a provided block of |
141 | * data so the transformation can continue from this point onward. No |
142 | * data processing happens at this point. Driver must not use |
143 | * req->result. |
144 | * @init_tfm: Initialize the cryptographic transformation object. |
145 | * This function is called only once at the instantiation |
146 | * time, right after the transformation context was |
147 | * allocated. In case the cryptographic hardware has |
148 | * some special requirements which need to be handled |
149 | * by software, this function shall check for the precise |
150 | * requirement of the transformation and put any software |
151 | * fallbacks in place. |
152 | * @exit_tfm: Deinitialize the cryptographic transformation object. |
153 | * This is a counterpart to @init_tfm, used to remove |
154 | * various changes set in @init_tfm. |
155 | * @clone_tfm: Copy transform into new object, may allocate memory. |
156 | * @halg: see struct hash_alg_common |
157 | */ |
158 | struct ahash_alg { |
159 | int (*init)(struct ahash_request *req); |
160 | int (*update)(struct ahash_request *req); |
161 | int (*final)(struct ahash_request *req); |
162 | int (*finup)(struct ahash_request *req); |
163 | int (*digest)(struct ahash_request *req); |
164 | int (*export)(struct ahash_request *req, void *out); |
165 | int (*import)(struct ahash_request *req, const void *in); |
166 | int (*setkey)(struct crypto_ahash *tfm, const u8 *key, |
167 | unsigned int keylen); |
168 | int (*init_tfm)(struct crypto_ahash *tfm); |
169 | void (*exit_tfm)(struct crypto_ahash *tfm); |
170 | int (*clone_tfm)(struct crypto_ahash *dst, struct crypto_ahash *src); |
171 | |
172 | struct hash_alg_common halg; |
173 | }; |
174 | |
175 | struct shash_desc { |
176 | struct crypto_shash *tfm; |
177 | void *__ctx[] __aligned(ARCH_SLAB_MINALIGN); |
178 | }; |
179 | |
180 | #define HASH_MAX_DIGESTSIZE 64 |
181 | |
182 | /* |
183 | * Worst case is hmac(sha3-224-generic). Its context is a nested 'shash_desc' |
184 | * containing a 'struct sha3_state'. |
185 | */ |
186 | #define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360) |
187 | |
188 | #define SHASH_DESC_ON_STACK(shash, ctx) \ |
189 | char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \ |
190 | __aligned(__alignof__(struct shash_desc)); \ |
191 | struct shash_desc *shash = (struct shash_desc *)__##shash##_desc |
192 | |
193 | /** |
194 | * struct shash_alg - synchronous message digest definition |
195 | * @init: see struct ahash_alg |
196 | * @update: see struct ahash_alg |
197 | * @final: see struct ahash_alg |
198 | * @finup: see struct ahash_alg |
199 | * @digest: see struct ahash_alg |
200 | * @export: see struct ahash_alg |
201 | * @import: see struct ahash_alg |
202 | * @setkey: see struct ahash_alg |
203 | * @init_tfm: Initialize the cryptographic transformation object. |
204 | * This function is called only once at the instantiation |
205 | * time, right after the transformation context was |
206 | * allocated. In case the cryptographic hardware has |
207 | * some special requirements which need to be handled |
208 | * by software, this function shall check for the precise |
209 | * requirement of the transformation and put any software |
210 | * fallbacks in place. |
211 | * @exit_tfm: Deinitialize the cryptographic transformation object. |
212 | * This is a counterpart to @init_tfm, used to remove |
213 | * various changes set in @init_tfm. |
214 | * @clone_tfm: Copy transform into new object, may allocate memory. |
215 | * @digestsize: see struct ahash_alg |
216 | * @statesize: see struct ahash_alg |
217 | * @descsize: Size of the operational state for the message digest. This state |
218 | * size is the memory size that needs to be allocated for |
219 | * shash_desc.__ctx |
220 | * @stat: Statistics for hash algorithm. |
221 | * @base: internally used |
222 | * @halg: see struct hash_alg_common |
223 | * @HASH_ALG_COMMON: see struct hash_alg_common |
224 | */ |
225 | struct shash_alg { |
226 | int (*init)(struct shash_desc *desc); |
227 | int (*update)(struct shash_desc *desc, const u8 *data, |
228 | unsigned int len); |
229 | int (*final)(struct shash_desc *desc, u8 *out); |
230 | int (*finup)(struct shash_desc *desc, const u8 *data, |
231 | unsigned int len, u8 *out); |
232 | int (*digest)(struct shash_desc *desc, const u8 *data, |
233 | unsigned int len, u8 *out); |
234 | int (*export)(struct shash_desc *desc, void *out); |
235 | int (*import)(struct shash_desc *desc, const void *in); |
236 | int (*setkey)(struct crypto_shash *tfm, const u8 *key, |
237 | unsigned int keylen); |
238 | int (*init_tfm)(struct crypto_shash *tfm); |
239 | void (*exit_tfm)(struct crypto_shash *tfm); |
240 | int (*clone_tfm)(struct crypto_shash *dst, struct crypto_shash *src); |
241 | |
242 | unsigned int descsize; |
243 | |
244 | union { |
245 | struct HASH_ALG_COMMON; |
246 | struct hash_alg_common halg; |
247 | }; |
248 | }; |
249 | #undef HASH_ALG_COMMON |
250 | #undef HASH_ALG_COMMON_STAT |
251 | |
252 | struct crypto_ahash { |
253 | bool using_shash; /* Underlying algorithm is shash, not ahash */ |
254 | unsigned int statesize; |
255 | unsigned int reqsize; |
256 | struct crypto_tfm base; |
257 | }; |
258 | |
259 | struct crypto_shash { |
260 | unsigned int descsize; |
261 | struct crypto_tfm base; |
262 | }; |
263 | |
264 | /** |
265 | * DOC: Asynchronous Message Digest API |
266 | * |
267 | * The asynchronous message digest API is used with the ciphers of type |
268 | * CRYPTO_ALG_TYPE_AHASH (listed as type "ahash" in /proc/crypto) |
269 | * |
270 | * The asynchronous cipher operation discussion provided for the |
271 | * CRYPTO_ALG_TYPE_SKCIPHER API applies here as well. |
272 | */ |
273 | |
274 | static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm) |
275 | { |
276 | return container_of(tfm, struct crypto_ahash, base); |
277 | } |
278 | |
279 | /** |
280 | * crypto_alloc_ahash() - allocate ahash cipher handle |
281 | * @alg_name: is the cra_name / name or cra_driver_name / driver name of the |
282 | * ahash cipher |
283 | * @type: specifies the type of the cipher |
284 | * @mask: specifies the mask for the cipher |
285 | * |
286 | * Allocate a cipher handle for an ahash. The returned struct |
287 | * crypto_ahash is the cipher handle that is required for any subsequent |
288 | * API invocation for that ahash. |
289 | * |
290 | * Return: allocated cipher handle in case of success; IS_ERR() is true in case |
291 | * of an error, PTR_ERR() returns the error code. |
292 | */ |
293 | struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type, |
294 | u32 mask); |
295 | |
296 | struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *tfm); |
297 | |
298 | static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm) |
299 | { |
300 | return &tfm->base; |
301 | } |
302 | |
303 | /** |
304 | * crypto_free_ahash() - zeroize and free the ahash handle |
305 | * @tfm: cipher handle to be freed |
306 | * |
307 | * If @tfm is a NULL or error pointer, this function does nothing. |
308 | */ |
309 | static inline void crypto_free_ahash(struct crypto_ahash *tfm) |
310 | { |
311 | crypto_destroy_tfm(mem: tfm, tfm: crypto_ahash_tfm(tfm)); |
312 | } |
313 | |
314 | /** |
315 | * crypto_has_ahash() - Search for the availability of an ahash. |
316 | * @alg_name: is the cra_name / name or cra_driver_name / driver name of the |
317 | * ahash |
318 | * @type: specifies the type of the ahash |
319 | * @mask: specifies the mask for the ahash |
320 | * |
321 | * Return: true when the ahash is known to the kernel crypto API; false |
322 | * otherwise |
323 | */ |
324 | int crypto_has_ahash(const char *alg_name, u32 type, u32 mask); |
325 | |
326 | static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm) |
327 | { |
328 | return crypto_tfm_alg_name(tfm: crypto_ahash_tfm(tfm)); |
329 | } |
330 | |
331 | static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm) |
332 | { |
333 | return crypto_tfm_alg_driver_name(tfm: crypto_ahash_tfm(tfm)); |
334 | } |
335 | |
336 | /** |
337 | * crypto_ahash_blocksize() - obtain block size for cipher |
338 | * @tfm: cipher handle |
339 | * |
340 | * The block size for the message digest cipher referenced with the cipher |
341 | * handle is returned. |
342 | * |
343 | * Return: block size of cipher |
344 | */ |
345 | static inline unsigned int crypto_ahash_blocksize(struct crypto_ahash *tfm) |
346 | { |
347 | return crypto_tfm_alg_blocksize(tfm: crypto_ahash_tfm(tfm)); |
348 | } |
349 | |
350 | static inline struct hash_alg_common *__crypto_hash_alg_common( |
351 | struct crypto_alg *alg) |
352 | { |
353 | return container_of(alg, struct hash_alg_common, base); |
354 | } |
355 | |
356 | static inline struct hash_alg_common *crypto_hash_alg_common( |
357 | struct crypto_ahash *tfm) |
358 | { |
359 | return __crypto_hash_alg_common(alg: crypto_ahash_tfm(tfm)->__crt_alg); |
360 | } |
361 | |
362 | /** |
363 | * crypto_ahash_digestsize() - obtain message digest size |
364 | * @tfm: cipher handle |
365 | * |
366 | * The size for the message digest created by the message digest cipher |
367 | * referenced with the cipher handle is returned. |
368 | * |
369 | * |
370 | * Return: message digest size of cipher |
371 | */ |
372 | static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm) |
373 | { |
374 | return crypto_hash_alg_common(tfm)->digestsize; |
375 | } |
376 | |
377 | /** |
378 | * crypto_ahash_statesize() - obtain size of the ahash state |
379 | * @tfm: cipher handle |
380 | * |
381 | * Return the size of the ahash state. With the crypto_ahash_export() |
382 | * function, the caller can export the state into a buffer whose size is |
383 | * defined with this function. |
384 | * |
385 | * Return: size of the ahash state |
386 | */ |
387 | static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm) |
388 | { |
389 | return tfm->statesize; |
390 | } |
391 | |
392 | static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm) |
393 | { |
394 | return crypto_tfm_get_flags(tfm: crypto_ahash_tfm(tfm)); |
395 | } |
396 | |
397 | static inline void crypto_ahash_set_flags(struct crypto_ahash *tfm, u32 flags) |
398 | { |
399 | crypto_tfm_set_flags(tfm: crypto_ahash_tfm(tfm), flags); |
400 | } |
401 | |
402 | static inline void crypto_ahash_clear_flags(struct crypto_ahash *tfm, u32 flags) |
403 | { |
404 | crypto_tfm_clear_flags(tfm: crypto_ahash_tfm(tfm), flags); |
405 | } |
406 | |
407 | /** |
408 | * crypto_ahash_reqtfm() - obtain cipher handle from request |
409 | * @req: asynchronous request handle that contains the reference to the ahash |
410 | * cipher handle |
411 | * |
412 | * Return the ahash cipher handle that is registered with the asynchronous |
413 | * request handle ahash_request. |
414 | * |
415 | * Return: ahash cipher handle |
416 | */ |
417 | static inline struct crypto_ahash *crypto_ahash_reqtfm( |
418 | struct ahash_request *req) |
419 | { |
420 | return __crypto_ahash_cast(tfm: req->base.tfm); |
421 | } |
422 | |
423 | /** |
424 | * crypto_ahash_reqsize() - obtain size of the request data structure |
425 | * @tfm: cipher handle |
426 | * |
427 | * Return: size of the request data |
428 | */ |
429 | static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm) |
430 | { |
431 | return tfm->reqsize; |
432 | } |
433 | |
434 | static inline void *ahash_request_ctx(struct ahash_request *req) |
435 | { |
436 | return req->__ctx; |
437 | } |
438 | |
439 | /** |
440 | * crypto_ahash_setkey - set key for cipher handle |
441 | * @tfm: cipher handle |
442 | * @key: buffer holding the key |
443 | * @keylen: length of the key in bytes |
444 | * |
445 | * The caller provided key is set for the ahash cipher. The cipher |
446 | * handle must point to a keyed hash in order for this function to succeed. |
447 | * |
448 | * Return: 0 if the setting of the key was successful; < 0 if an error occurred |
449 | */ |
450 | int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, |
451 | unsigned int keylen); |
452 | |
453 | /** |
454 | * crypto_ahash_finup() - update and finalize message digest |
455 | * @req: reference to the ahash_request handle that holds all information |
456 | * needed to perform the cipher operation |
457 | * |
458 | * This function is a "short-hand" for the function calls of |
459 | * crypto_ahash_update and crypto_ahash_final. The parameters have the same |
460 | * meaning as discussed for those separate functions. |
461 | * |
462 | * Return: see crypto_ahash_final() |
463 | */ |
464 | int crypto_ahash_finup(struct ahash_request *req); |
465 | |
466 | /** |
467 | * crypto_ahash_final() - calculate message digest |
468 | * @req: reference to the ahash_request handle that holds all information |
469 | * needed to perform the cipher operation |
470 | * |
471 | * Finalize the message digest operation and create the message digest |
472 | * based on all data added to the cipher handle. The message digest is placed |
473 | * into the output buffer registered with the ahash_request handle. |
474 | * |
475 | * Return: |
476 | * 0 if the message digest was successfully calculated; |
477 | * -EINPROGRESS if data is fed into hardware (DMA) or queued for later; |
478 | * -EBUSY if queue is full and request should be resubmitted later; |
479 | * other < 0 if an error occurred |
480 | */ |
481 | int crypto_ahash_final(struct ahash_request *req); |
482 | |
483 | /** |
484 | * crypto_ahash_digest() - calculate message digest for a buffer |
485 | * @req: reference to the ahash_request handle that holds all information |
486 | * needed to perform the cipher operation |
487 | * |
488 | * This function is a "short-hand" for the function calls of crypto_ahash_init, |
489 | * crypto_ahash_update and crypto_ahash_final. The parameters have the same |
490 | * meaning as discussed for those separate three functions. |
491 | * |
492 | * Return: see crypto_ahash_final() |
493 | */ |
494 | int crypto_ahash_digest(struct ahash_request *req); |
495 | |
496 | /** |
497 | * crypto_ahash_export() - extract current message digest state |
498 | * @req: reference to the ahash_request handle whose state is exported |
499 | * @out: output buffer of sufficient size that can hold the hash state |
500 | * |
501 | * This function exports the hash state of the ahash_request handle into the |
502 | * caller-allocated output buffer out which must have sufficient size (e.g. by |
503 | * calling crypto_ahash_statesize()). |
504 | * |
505 | * Return: 0 if the export was successful; < 0 if an error occurred |
506 | */ |
507 | int crypto_ahash_export(struct ahash_request *req, void *out); |
508 | |
509 | /** |
510 | * crypto_ahash_import() - import message digest state |
511 | * @req: reference to ahash_request handle the state is imported into |
512 | * @in: buffer holding the state |
513 | * |
514 | * This function imports the hash state into the ahash_request handle from the |
515 | * input buffer. That buffer should have been generated with the |
516 | * crypto_ahash_export function. |
517 | * |
518 | * Return: 0 if the import was successful; < 0 if an error occurred |
519 | */ |
520 | int crypto_ahash_import(struct ahash_request *req, const void *in); |
521 | |
522 | /** |
523 | * crypto_ahash_init() - (re)initialize message digest handle |
524 | * @req: ahash_request handle that already is initialized with all necessary |
525 | * data using the ahash_request_* API functions |
526 | * |
527 | * The call (re-)initializes the message digest referenced by the ahash_request |
528 | * handle. Any potentially existing state created by previous operations is |
529 | * discarded. |
530 | * |
531 | * Return: see crypto_ahash_final() |
532 | */ |
533 | int crypto_ahash_init(struct ahash_request *req); |
534 | |
535 | /** |
536 | * crypto_ahash_update() - add data to message digest for processing |
537 | * @req: ahash_request handle that was previously initialized with the |
538 | * crypto_ahash_init call. |
539 | * |
540 | * Updates the message digest state of the &ahash_request handle. The input data |
541 | * is pointed to by the scatter/gather list registered in the &ahash_request |
542 | * handle |
543 | * |
544 | * Return: see crypto_ahash_final() |
545 | */ |
546 | int crypto_ahash_update(struct ahash_request *req); |
547 | |
548 | /** |
549 | * DOC: Asynchronous Hash Request Handle |
550 | * |
551 | * The &ahash_request data structure contains all pointers to data |
552 | * required for the asynchronous cipher operation. This includes the cipher |
553 | * handle (which can be used by multiple &ahash_request instances), pointer |
554 | * to plaintext and the message digest output buffer, asynchronous callback |
555 | * function, etc. It acts as a handle to the ahash_request_* API calls in a |
556 | * similar way as ahash handle to the crypto_ahash_* API calls. |
557 | */ |
558 | |
559 | /** |
560 | * ahash_request_set_tfm() - update cipher handle reference in request |
561 | * @req: request handle to be modified |
562 | * @tfm: cipher handle that shall be added to the request handle |
563 | * |
564 | * Allow the caller to replace the existing ahash handle in the request |
565 | * data structure with a different one. |
566 | */ |
567 | static inline void ahash_request_set_tfm(struct ahash_request *req, |
568 | struct crypto_ahash *tfm) |
569 | { |
570 | req->base.tfm = crypto_ahash_tfm(tfm); |
571 | } |
572 | |
573 | /** |
574 | * ahash_request_alloc() - allocate request data structure |
575 | * @tfm: cipher handle to be registered with the request |
576 | * @gfp: memory allocation flag that is handed to kmalloc by the API call. |
577 | * |
578 | * Allocate the request data structure that must be used with the ahash |
579 | * message digest API calls. During |
580 | * the allocation, the provided ahash handle |
581 | * is registered in the request data structure. |
582 | * |
583 | * Return: allocated request handle in case of success, or NULL if out of memory |
584 | */ |
585 | static inline struct ahash_request *ahash_request_alloc( |
586 | struct crypto_ahash *tfm, gfp_t gfp) |
587 | { |
588 | struct ahash_request *req; |
589 | |
590 | req = kmalloc(size: sizeof(struct ahash_request) + |
591 | crypto_ahash_reqsize(tfm), flags: gfp); |
592 | |
593 | if (likely(req)) |
594 | ahash_request_set_tfm(req, tfm); |
595 | |
596 | return req; |
597 | } |
598 | |
599 | /** |
600 | * ahash_request_free() - zeroize and free the request data structure |
601 | * @req: request data structure cipher handle to be freed |
602 | */ |
603 | static inline void ahash_request_free(struct ahash_request *req) |
604 | { |
605 | kfree_sensitive(objp: req); |
606 | } |
607 | |
608 | static inline void ahash_request_zero(struct ahash_request *req) |
609 | { |
610 | memzero_explicit(s: req, count: sizeof(*req) + |
611 | crypto_ahash_reqsize(tfm: crypto_ahash_reqtfm(req))); |
612 | } |
613 | |
614 | static inline struct ahash_request *ahash_request_cast( |
615 | struct crypto_async_request *req) |
616 | { |
617 | return container_of(req, struct ahash_request, base); |
618 | } |
619 | |
620 | /** |
621 | * ahash_request_set_callback() - set asynchronous callback function |
622 | * @req: request handle |
623 | * @flags: specify zero or an ORing of the flags |
624 | * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and |
625 | * increase the wait queue beyond the initial maximum size; |
626 | * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep |
627 | * @compl: callback function pointer to be registered with the request handle |
628 | * @data: The data pointer refers to memory that is not used by the kernel |
629 | * crypto API, but provided to the callback function for it to use. Here, |
630 | * the caller can provide a reference to memory the callback function can |
631 | * operate on. As the callback function is invoked asynchronously to the |
632 | * related functionality, it may need to access data structures of the |
633 | * related functionality which can be referenced using this pointer. The |
634 | * callback function can access the memory via the "data" field in the |
635 | * &crypto_async_request data structure provided to the callback function. |
636 | * |
637 | * This function allows setting the callback function that is triggered once |
638 | * the cipher operation completes. |
639 | * |
640 | * The callback function is registered with the &ahash_request handle and |
641 | * must comply with the following template:: |
642 | * |
643 | * void callback_function(struct crypto_async_request *req, int error) |
644 | */ |
645 | static inline void ahash_request_set_callback(struct ahash_request *req, |
646 | u32 flags, |
647 | crypto_completion_t compl, |
648 | void *data) |
649 | { |
650 | req->base.complete = compl; |
651 | req->base.data = data; |
652 | req->base.flags = flags; |
653 | } |
654 | |
655 | /** |
656 | * ahash_request_set_crypt() - set data buffers |
657 | * @req: ahash_request handle to be updated |
658 | * @src: source scatter/gather list |
659 | * @result: buffer that is filled with the message digest -- the caller must |
660 | * ensure that the buffer has sufficient space by, for example, calling |
661 | * crypto_ahash_digestsize() |
662 | * @nbytes: number of bytes to process from the source scatter/gather list |
663 | * |
664 | * By using this call, the caller references the source scatter/gather list. |
665 | * The source scatter/gather list points to the data the message digest is to |
666 | * be calculated for. |
667 | */ |
668 | static inline void ahash_request_set_crypt(struct ahash_request *req, |
669 | struct scatterlist *src, u8 *result, |
670 | unsigned int nbytes) |
671 | { |
672 | req->src = src; |
673 | req->nbytes = nbytes; |
674 | req->result = result; |
675 | } |
676 | |
677 | /** |
678 | * DOC: Synchronous Message Digest API |
679 | * |
680 | * The synchronous message digest API is used with the ciphers of type |
681 | * CRYPTO_ALG_TYPE_SHASH (listed as type "shash" in /proc/crypto) |
682 | * |
683 | * The message digest API is able to maintain state information for the |
684 | * caller. |
685 | * |
686 | * The synchronous message digest API can store user-related context in its |
687 | * shash_desc request data structure. |
688 | */ |
689 | |
690 | /** |
691 | * crypto_alloc_shash() - allocate message digest handle |
692 | * @alg_name: is the cra_name / name or cra_driver_name / driver name of the |
693 | * message digest cipher |
694 | * @type: specifies the type of the cipher |
695 | * @mask: specifies the mask for the cipher |
696 | * |
697 | * Allocate a cipher handle for a message digest. The returned &struct |
698 | * crypto_shash is the cipher handle that is required for any subsequent |
699 | * API invocation for that message digest. |
700 | * |
701 | * Return: allocated cipher handle in case of success; IS_ERR() is true in case |
702 | * of an error, PTR_ERR() returns the error code. |
703 | */ |
704 | struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type, |
705 | u32 mask); |
706 | |
707 | struct crypto_shash *crypto_clone_shash(struct crypto_shash *tfm); |
708 | |
709 | int crypto_has_shash(const char *alg_name, u32 type, u32 mask); |
710 | |
711 | static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm) |
712 | { |
713 | return &tfm->base; |
714 | } |
715 | |
716 | /** |
717 | * crypto_free_shash() - zeroize and free the message digest handle |
718 | * @tfm: cipher handle to be freed |
719 | * |
720 | * If @tfm is a NULL or error pointer, this function does nothing. |
721 | */ |
722 | static inline void crypto_free_shash(struct crypto_shash *tfm) |
723 | { |
724 | crypto_destroy_tfm(mem: tfm, tfm: crypto_shash_tfm(tfm)); |
725 | } |
726 | |
727 | static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm) |
728 | { |
729 | return crypto_tfm_alg_name(tfm: crypto_shash_tfm(tfm)); |
730 | } |
731 | |
732 | static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm) |
733 | { |
734 | return crypto_tfm_alg_driver_name(tfm: crypto_shash_tfm(tfm)); |
735 | } |
736 | |
737 | /** |
738 | * crypto_shash_blocksize() - obtain block size for cipher |
739 | * @tfm: cipher handle |
740 | * |
741 | * The block size for the message digest cipher referenced with the cipher |
742 | * handle is returned. |
743 | * |
744 | * Return: block size of cipher |
745 | */ |
746 | static inline unsigned int crypto_shash_blocksize(struct crypto_shash *tfm) |
747 | { |
748 | return crypto_tfm_alg_blocksize(tfm: crypto_shash_tfm(tfm)); |
749 | } |
750 | |
751 | static inline struct shash_alg *__crypto_shash_alg(struct crypto_alg *alg) |
752 | { |
753 | return container_of(alg, struct shash_alg, base); |
754 | } |
755 | |
756 | static inline struct shash_alg *crypto_shash_alg(struct crypto_shash *tfm) |
757 | { |
758 | return __crypto_shash_alg(alg: crypto_shash_tfm(tfm)->__crt_alg); |
759 | } |
760 | |
761 | /** |
762 | * crypto_shash_digestsize() - obtain message digest size |
763 | * @tfm: cipher handle |
764 | * |
765 | * The size for the message digest created by the message digest cipher |
766 | * referenced with the cipher handle is returned. |
767 | * |
768 | * Return: digest size of cipher |
769 | */ |
770 | static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm) |
771 | { |
772 | return crypto_shash_alg(tfm)->digestsize; |
773 | } |
774 | |
775 | static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm) |
776 | { |
777 | return crypto_shash_alg(tfm)->statesize; |
778 | } |
779 | |
780 | static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm) |
781 | { |
782 | return crypto_tfm_get_flags(tfm: crypto_shash_tfm(tfm)); |
783 | } |
784 | |
785 | static inline void crypto_shash_set_flags(struct crypto_shash *tfm, u32 flags) |
786 | { |
787 | crypto_tfm_set_flags(tfm: crypto_shash_tfm(tfm), flags); |
788 | } |
789 | |
790 | static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags) |
791 | { |
792 | crypto_tfm_clear_flags(tfm: crypto_shash_tfm(tfm), flags); |
793 | } |
794 | |
795 | /** |
796 | * crypto_shash_descsize() - obtain the operational state size |
797 | * @tfm: cipher handle |
798 | * |
799 | * The size of the operational state the cipher needs during operation is |
800 | * returned for the hash referenced with the cipher handle. This size is |
801 | * required to calculate the memory requirements to allow the caller allocating |
802 | * sufficient memory for operational state. |
803 | * |
804 | * The operational state is defined with struct shash_desc where the size of |
805 | * that data structure is to be calculated as |
806 | * sizeof(struct shash_desc) + crypto_shash_descsize(alg) |
807 | * |
808 | * Return: size of the operational state |
809 | */ |
810 | static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm) |
811 | { |
812 | return tfm->descsize; |
813 | } |
814 | |
815 | static inline void *shash_desc_ctx(struct shash_desc *desc) |
816 | { |
817 | return desc->__ctx; |
818 | } |
819 | |
820 | /** |
821 | * crypto_shash_setkey() - set key for message digest |
822 | * @tfm: cipher handle |
823 | * @key: buffer holding the key |
824 | * @keylen: length of the key in bytes |
825 | * |
826 | * The caller provided key is set for the keyed message digest cipher. The |
827 | * cipher handle must point to a keyed message digest cipher in order for this |
828 | * function to succeed. |
829 | * |
830 | * Context: Any context. |
831 | * Return: 0 if the setting of the key was successful; < 0 if an error occurred |
832 | */ |
833 | int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, |
834 | unsigned int keylen); |
835 | |
836 | /** |
837 | * crypto_shash_digest() - calculate message digest for buffer |
838 | * @desc: see crypto_shash_final() |
839 | * @data: see crypto_shash_update() |
840 | * @len: see crypto_shash_update() |
841 | * @out: see crypto_shash_final() |
842 | * |
843 | * This function is a "short-hand" for the function calls of crypto_shash_init, |
844 | * crypto_shash_update and crypto_shash_final. The parameters have the same |
845 | * meaning as discussed for those separate three functions. |
846 | * |
847 | * Context: Any context. |
848 | * Return: 0 if the message digest creation was successful; < 0 if an error |
849 | * occurred |
850 | */ |
851 | int crypto_shash_digest(struct shash_desc *desc, const u8 *data, |
852 | unsigned int len, u8 *out); |
853 | |
854 | /** |
855 | * crypto_shash_tfm_digest() - calculate message digest for buffer |
856 | * @tfm: hash transformation object |
857 | * @data: see crypto_shash_update() |
858 | * @len: see crypto_shash_update() |
859 | * @out: see crypto_shash_final() |
860 | * |
861 | * This is a simplified version of crypto_shash_digest() for users who don't |
862 | * want to allocate their own hash descriptor (shash_desc). Instead, |
863 | * crypto_shash_tfm_digest() takes a hash transformation object (crypto_shash) |
864 | * directly, and it allocates a hash descriptor on the stack internally. |
865 | * Note that this stack allocation may be fairly large. |
866 | * |
867 | * Context: Any context. |
868 | * Return: 0 on success; < 0 if an error occurred. |
869 | */ |
870 | int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data, |
871 | unsigned int len, u8 *out); |
872 | |
873 | /** |
874 | * crypto_shash_export() - extract operational state for message digest |
875 | * @desc: reference to the operational state handle whose state is exported |
876 | * @out: output buffer of sufficient size that can hold the hash state |
877 | * |
878 | * This function exports the hash state of the operational state handle into the |
879 | * caller-allocated output buffer out which must have sufficient size (e.g. by |
880 | * calling crypto_shash_descsize). |
881 | * |
882 | * Context: Any context. |
883 | * Return: 0 if the export creation was successful; < 0 if an error occurred |
884 | */ |
885 | int crypto_shash_export(struct shash_desc *desc, void *out); |
886 | |
887 | /** |
888 | * crypto_shash_import() - import operational state |
889 | * @desc: reference to the operational state handle the state imported into |
890 | * @in: buffer holding the state |
891 | * |
892 | * This function imports the hash state into the operational state handle from |
893 | * the input buffer. That buffer should have been generated with the |
894 | * crypto_ahash_export function. |
895 | * |
896 | * Context: Any context. |
897 | * Return: 0 if the import was successful; < 0 if an error occurred |
898 | */ |
899 | int crypto_shash_import(struct shash_desc *desc, const void *in); |
900 | |
901 | /** |
902 | * crypto_shash_init() - (re)initialize message digest |
903 | * @desc: operational state handle that is already filled |
904 | * |
905 | * The call (re-)initializes the message digest referenced by the |
906 | * operational state handle. Any potentially existing state created by |
907 | * previous operations is discarded. |
908 | * |
909 | * Context: Any context. |
910 | * Return: 0 if the message digest initialization was successful; < 0 if an |
911 | * error occurred |
912 | */ |
913 | static inline int crypto_shash_init(struct shash_desc *desc) |
914 | { |
915 | struct crypto_shash *tfm = desc->tfm; |
916 | |
917 | if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) |
918 | return -ENOKEY; |
919 | |
920 | return crypto_shash_alg(tfm)->init(desc); |
921 | } |
922 | |
923 | /** |
924 | * crypto_shash_update() - add data to message digest for processing |
925 | * @desc: operational state handle that is already initialized |
926 | * @data: input data to be added to the message digest |
927 | * @len: length of the input data |
928 | * |
929 | * Updates the message digest state of the operational state handle. |
930 | * |
931 | * Context: Any context. |
932 | * Return: 0 if the message digest update was successful; < 0 if an error |
933 | * occurred |
934 | */ |
935 | int crypto_shash_update(struct shash_desc *desc, const u8 *data, |
936 | unsigned int len); |
937 | |
938 | /** |
939 | * crypto_shash_final() - calculate message digest |
940 | * @desc: operational state handle that is already filled with data |
941 | * @out: output buffer filled with the message digest |
942 | * |
943 | * Finalize the message digest operation and create the message digest |
944 | * based on all data added to the cipher handle. The message digest is placed |
945 | * into the output buffer. The caller must ensure that the output buffer is |
946 | * large enough by using crypto_shash_digestsize. |
947 | * |
948 | * Context: Any context. |
949 | * Return: 0 if the message digest creation was successful; < 0 if an error |
950 | * occurred |
951 | */ |
952 | int crypto_shash_final(struct shash_desc *desc, u8 *out); |
953 | |
954 | /** |
955 | * crypto_shash_finup() - calculate message digest of buffer |
956 | * @desc: see crypto_shash_final() |
957 | * @data: see crypto_shash_update() |
958 | * @len: see crypto_shash_update() |
959 | * @out: see crypto_shash_final() |
960 | * |
961 | * This function is a "short-hand" for the function calls of |
962 | * crypto_shash_update and crypto_shash_final. The parameters have the same |
963 | * meaning as discussed for those separate functions. |
964 | * |
965 | * Context: Any context. |
966 | * Return: 0 if the message digest creation was successful; < 0 if an error |
967 | * occurred |
968 | */ |
969 | int crypto_shash_finup(struct shash_desc *desc, const u8 *data, |
970 | unsigned int len, u8 *out); |
971 | |
972 | static inline void shash_desc_zero(struct shash_desc *desc) |
973 | { |
974 | memzero_explicit(s: desc, |
975 | count: sizeof(*desc) + crypto_shash_descsize(tfm: desc->tfm)); |
976 | } |
977 | |
978 | #endif /* _CRYPTO_HASH_H */ |
979 | |