1
2
3
4
5
6
7
8#include <crypto/scatterwalk.h>
9#include <crypto/internal/hash.h>
10#include <linux/err.h>
11#include <linux/kernel.h>
12#include <linux/module.h>
13#include <linux/slab.h>
14#include <linux/seq_file.h>
15#include <linux/cryptouser.h>
16#include <net/netlink.h>
17#include <linux/compiler.h>
18
19#include "internal.h"
20
21static const struct crypto_type crypto_shash_type;
22
23static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
24 unsigned int keylen)
25{
26 return -ENOSYS;
27}
28
29
30
31
32
33
34
35
36bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
37{
38 return alg->setkey != shash_no_setkey;
39}
40EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey);
41
42static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
43 unsigned int keylen)
44{
45 struct shash_alg *shash = crypto_shash_alg(tfm);
46 unsigned long alignmask = crypto_shash_alignmask(tfm);
47 unsigned long absize;
48 u8 *buffer, *alignbuffer;
49 int err;
50
51 absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
52 buffer = kmalloc(absize, GFP_ATOMIC);
53 if (!buffer)
54 return -ENOMEM;
55
56 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
57 memcpy(alignbuffer, key, keylen);
58 err = shash->setkey(tfm, alignbuffer, keylen);
59 kfree_sensitive(buffer);
60 return err;
61}
62
63static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
64{
65 if (crypto_shash_alg_needs_key(alg))
66 crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
67}
68
69int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
70 unsigned int keylen)
71{
72 struct shash_alg *shash = crypto_shash_alg(tfm);
73 unsigned long alignmask = crypto_shash_alignmask(tfm);
74 int err;
75
76 if ((unsigned long)key & alignmask)
77 err = shash_setkey_unaligned(tfm, key, keylen);
78 else
79 err = shash->setkey(tfm, key, keylen);
80
81 if (unlikely(err)) {
82 shash_set_needkey(tfm, shash);
83 return err;
84 }
85
86 crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
87 return 0;
88}
89EXPORT_SYMBOL_GPL(crypto_shash_setkey);
90
91static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
92 unsigned int len)
93{
94 struct crypto_shash *tfm = desc->tfm;
95 struct shash_alg *shash = crypto_shash_alg(tfm);
96 unsigned long alignmask = crypto_shash_alignmask(tfm);
97 unsigned int unaligned_len = alignmask + 1 -
98 ((unsigned long)data & alignmask);
99
100
101
102
103 u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2];
104 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
105 int err;
106
107 if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf)))
108 return -EINVAL;
109
110 if (unaligned_len > len)
111 unaligned_len = len;
112
113 memcpy(buf, data, unaligned_len);
114 err = shash->update(desc, buf, unaligned_len);
115 memset(buf, 0, unaligned_len);
116
117 return err ?:
118 shash->update(desc, data + unaligned_len, len - unaligned_len);
119}
120
121int crypto_shash_update(struct shash_desc *desc, const u8 *data,
122 unsigned int len)
123{
124 struct crypto_shash *tfm = desc->tfm;
125 struct shash_alg *shash = crypto_shash_alg(tfm);
126 unsigned long alignmask = crypto_shash_alignmask(tfm);
127
128 if ((unsigned long)data & alignmask)
129 return shash_update_unaligned(desc, data, len);
130
131 return shash->update(desc, data, len);
132}
133EXPORT_SYMBOL_GPL(crypto_shash_update);
134
135static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
136{
137 struct crypto_shash *tfm = desc->tfm;
138 unsigned long alignmask = crypto_shash_alignmask(tfm);
139 struct shash_alg *shash = crypto_shash_alg(tfm);
140 unsigned int ds = crypto_shash_digestsize(tfm);
141
142
143
144
145 u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE];
146 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
147 int err;
148
149 if (WARN_ON(buf + ds > ubuf + sizeof(ubuf)))
150 return -EINVAL;
151
152 err = shash->final(desc, buf);
153 if (err)
154 goto out;
155
156 memcpy(out, buf, ds);
157
158out:
159 memset(buf, 0, ds);
160 return err;
161}
162
163int crypto_shash_final(struct shash_desc *desc, u8 *out)
164{
165 struct crypto_shash *tfm = desc->tfm;
166 struct shash_alg *shash = crypto_shash_alg(tfm);
167 unsigned long alignmask = crypto_shash_alignmask(tfm);
168
169 if ((unsigned long)out & alignmask)
170 return shash_final_unaligned(desc, out);
171
172 return shash->final(desc, out);
173}
174EXPORT_SYMBOL_GPL(crypto_shash_final);
175
176static int shash_finup_unaligned(struct shash_desc *desc, const u8 *data,
177 unsigned int len, u8 *out)
178{
179 return crypto_shash_update(desc, data, len) ?:
180 crypto_shash_final(desc, out);
181}
182
183int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
184 unsigned int len, u8 *out)
185{
186 struct crypto_shash *tfm = desc->tfm;
187 struct shash_alg *shash = crypto_shash_alg(tfm);
188 unsigned long alignmask = crypto_shash_alignmask(tfm);
189
190 if (((unsigned long)data | (unsigned long)out) & alignmask)
191 return shash_finup_unaligned(desc, data, len, out);
192
193 return shash->finup(desc, data, len, out);
194}
195EXPORT_SYMBOL_GPL(crypto_shash_finup);
196
197static int shash_digest_unaligned(struct shash_desc *desc, const u8 *data,
198 unsigned int len, u8 *out)
199{
200 return crypto_shash_init(desc) ?:
201 crypto_shash_finup(desc, data, len, out);
202}
203
204int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
205 unsigned int len, u8 *out)
206{
207 struct crypto_shash *tfm = desc->tfm;
208 struct shash_alg *shash = crypto_shash_alg(tfm);
209 unsigned long alignmask = crypto_shash_alignmask(tfm);
210
211 if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
212 return -ENOKEY;
213
214 if (((unsigned long)data | (unsigned long)out) & alignmask)
215 return shash_digest_unaligned(desc, data, len, out);
216
217 return shash->digest(desc, data, len, out);
218}
219EXPORT_SYMBOL_GPL(crypto_shash_digest);
220
221int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
222 unsigned int len, u8 *out)
223{
224 SHASH_DESC_ON_STACK(desc, tfm);
225 int err;
226
227 desc->tfm = tfm;
228
229 err = crypto_shash_digest(desc, data, len, out);
230
231 shash_desc_zero(desc);
232
233 return err;
234}
235EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest);
236
237static int shash_default_export(struct shash_desc *desc, void *out)
238{
239 memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm));
240 return 0;
241}
242
243static int shash_default_import(struct shash_desc *desc, const void *in)
244{
245 memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(desc->tfm));
246 return 0;
247}
248
249static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
250 unsigned int keylen)
251{
252 struct crypto_shash **ctx = crypto_ahash_ctx(tfm);
253
254 return crypto_shash_setkey(*ctx, key, keylen);
255}
256
257static int shash_async_init(struct ahash_request *req)
258{
259 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
260 struct shash_desc *desc = ahash_request_ctx(req);
261
262 desc->tfm = *ctx;
263
264 return crypto_shash_init(desc);
265}
266
267int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
268{
269 struct crypto_hash_walk walk;
270 int nbytes;
271
272 for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0;
273 nbytes = crypto_hash_walk_done(&walk, nbytes))
274 nbytes = crypto_shash_update(desc, walk.data, nbytes);
275
276 return nbytes;
277}
278EXPORT_SYMBOL_GPL(shash_ahash_update);
279
280static int shash_async_update(struct ahash_request *req)
281{
282 return shash_ahash_update(req, ahash_request_ctx(req));
283}
284
285static int shash_async_final(struct ahash_request *req)
286{
287 return crypto_shash_final(ahash_request_ctx(req), req->result);
288}
289
290int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
291{
292 struct crypto_hash_walk walk;
293 int nbytes;
294
295 nbytes = crypto_hash_walk_first(req, &walk);
296 if (!nbytes)
297 return crypto_shash_final(desc, req->result);
298
299 do {
300 nbytes = crypto_hash_walk_last(&walk) ?
301 crypto_shash_finup(desc, walk.data, nbytes,
302 req->result) :
303 crypto_shash_update(desc, walk.data, nbytes);
304 nbytes = crypto_hash_walk_done(&walk, nbytes);
305 } while (nbytes > 0);
306
307 return nbytes;
308}
309EXPORT_SYMBOL_GPL(shash_ahash_finup);
310
311static int shash_async_finup(struct ahash_request *req)
312{
313 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
314 struct shash_desc *desc = ahash_request_ctx(req);
315
316 desc->tfm = *ctx;
317
318 return shash_ahash_finup(req, desc);
319}
320
321int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
322{
323 unsigned int nbytes = req->nbytes;
324 struct scatterlist *sg;
325 unsigned int offset;
326 int err;
327
328 if (nbytes &&
329 (sg = req->src, offset = sg->offset,
330 nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) {
331 void *data;
332
333 data = kmap_atomic(sg_page(sg));
334 err = crypto_shash_digest(desc, data + offset, nbytes,
335 req->result);
336 kunmap_atomic(data);
337 } else
338 err = crypto_shash_init(desc) ?:
339 shash_ahash_finup(req, desc);
340
341 return err;
342}
343EXPORT_SYMBOL_GPL(shash_ahash_digest);
344
345static int shash_async_digest(struct ahash_request *req)
346{
347 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
348 struct shash_desc *desc = ahash_request_ctx(req);
349
350 desc->tfm = *ctx;
351
352 return shash_ahash_digest(req, desc);
353}
354
355static int shash_async_export(struct ahash_request *req, void *out)
356{
357 return crypto_shash_export(ahash_request_ctx(req), out);
358}
359
360static int shash_async_import(struct ahash_request *req, const void *in)
361{
362 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
363 struct shash_desc *desc = ahash_request_ctx(req);
364
365 desc->tfm = *ctx;
366
367 return crypto_shash_import(desc, in);
368}
369
370static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
371{
372 struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
373
374 crypto_free_shash(*ctx);
375}
376
377int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
378{
379 struct crypto_alg *calg = tfm->__crt_alg;
380 struct shash_alg *alg = __crypto_shash_alg(calg);
381 struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
382 struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
383 struct crypto_shash *shash;
384
385 if (!crypto_mod_get(calg))
386 return -EAGAIN;
387
388 shash = crypto_create_tfm(calg, &crypto_shash_type);
389 if (IS_ERR(shash)) {
390 crypto_mod_put(calg);
391 return PTR_ERR(shash);
392 }
393
394 *ctx = shash;
395 tfm->exit = crypto_exit_shash_ops_async;
396
397 crt->init = shash_async_init;
398 crt->update = shash_async_update;
399 crt->final = shash_async_final;
400 crt->finup = shash_async_finup;
401 crt->digest = shash_async_digest;
402 if (crypto_shash_alg_has_setkey(alg))
403 crt->setkey = shash_async_setkey;
404
405 crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
406 CRYPTO_TFM_NEED_KEY);
407
408 crt->export = shash_async_export;
409 crt->import = shash_async_import;
410
411 crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
412
413 return 0;
414}
415
416static void crypto_shash_exit_tfm(struct crypto_tfm *tfm)
417{
418 struct crypto_shash *hash = __crypto_shash_cast(tfm);
419 struct shash_alg *alg = crypto_shash_alg(hash);
420
421 alg->exit_tfm(hash);
422}
423
424static int crypto_shash_init_tfm(struct crypto_tfm *tfm)
425{
426 struct crypto_shash *hash = __crypto_shash_cast(tfm);
427 struct shash_alg *alg = crypto_shash_alg(hash);
428 int err;
429
430 hash->descsize = alg->descsize;
431
432 shash_set_needkey(hash, alg);
433
434 if (alg->exit_tfm)
435 tfm->exit = crypto_shash_exit_tfm;
436
437 if (!alg->init_tfm)
438 return 0;
439
440 err = alg->init_tfm(hash);
441 if (err)
442 return err;
443
444
445 if (WARN_ON_ONCE(hash->descsize > HASH_MAX_DESCSIZE)) {
446 if (alg->exit_tfm)
447 alg->exit_tfm(hash);
448 return -EINVAL;
449 }
450
451 return 0;
452}
453
454static void crypto_shash_free_instance(struct crypto_instance *inst)
455{
456 struct shash_instance *shash = shash_instance(inst);
457
458 shash->free(shash);
459}
460
461#ifdef CONFIG_NET
462static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
463{
464 struct crypto_report_hash rhash;
465 struct shash_alg *salg = __crypto_shash_alg(alg);
466
467 memset(&rhash, 0, sizeof(rhash));
468
469 strscpy(rhash.type, "shash", sizeof(rhash.type));
470
471 rhash.blocksize = alg->cra_blocksize;
472 rhash.digestsize = salg->digestsize;
473
474 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
475}
476#else
477static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
478{
479 return -ENOSYS;
480}
481#endif
482
483static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
484 __maybe_unused;
485static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
486{
487 struct shash_alg *salg = __crypto_shash_alg(alg);
488
489 seq_printf(m, "type : shash\n");
490 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
491 seq_printf(m, "digestsize : %u\n", salg->digestsize);
492}
493
494static const struct crypto_type crypto_shash_type = {
495 .extsize = crypto_alg_extsize,
496 .init_tfm = crypto_shash_init_tfm,
497 .free = crypto_shash_free_instance,
498#ifdef CONFIG_PROC_FS
499 .show = crypto_shash_show,
500#endif
501 .report = crypto_shash_report,
502 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
503 .maskset = CRYPTO_ALG_TYPE_MASK,
504 .type = CRYPTO_ALG_TYPE_SHASH,
505 .tfmsize = offsetof(struct crypto_shash, base),
506};
507
508int crypto_grab_shash(struct crypto_shash_spawn *spawn,
509 struct crypto_instance *inst,
510 const char *name, u32 type, u32 mask)
511{
512 spawn->base.frontend = &crypto_shash_type;
513 return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
514}
515EXPORT_SYMBOL_GPL(crypto_grab_shash);
516
517struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
518 u32 mask)
519{
520 return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask);
521}
522EXPORT_SYMBOL_GPL(crypto_alloc_shash);
523
524static int shash_prepare_alg(struct shash_alg *alg)
525{
526 struct crypto_alg *base = &alg->base;
527
528 if (alg->digestsize > HASH_MAX_DIGESTSIZE ||
529 alg->descsize > HASH_MAX_DESCSIZE ||
530 alg->statesize > HASH_MAX_STATESIZE)
531 return -EINVAL;
532
533 if ((alg->export && !alg->import) || (alg->import && !alg->export))
534 return -EINVAL;
535
536 base->cra_type = &crypto_shash_type;
537 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
538 base->cra_flags |= CRYPTO_ALG_TYPE_SHASH;
539
540 if (!alg->finup)
541 alg->finup = shash_finup_unaligned;
542 if (!alg->digest)
543 alg->digest = shash_digest_unaligned;
544 if (!alg->export) {
545 alg->export = shash_default_export;
546 alg->import = shash_default_import;
547 alg->statesize = alg->descsize;
548 }
549 if (!alg->setkey)
550 alg->setkey = shash_no_setkey;
551
552 return 0;
553}
554
555int crypto_register_shash(struct shash_alg *alg)
556{
557 struct crypto_alg *base = &alg->base;
558 int err;
559
560 err = shash_prepare_alg(alg);
561 if (err)
562 return err;
563
564 return crypto_register_alg(base);
565}
566EXPORT_SYMBOL_GPL(crypto_register_shash);
567
568void crypto_unregister_shash(struct shash_alg *alg)
569{
570 crypto_unregister_alg(&alg->base);
571}
572EXPORT_SYMBOL_GPL(crypto_unregister_shash);
573
574int crypto_register_shashes(struct shash_alg *algs, int count)
575{
576 int i, ret;
577
578 for (i = 0; i < count; i++) {
579 ret = crypto_register_shash(&algs[i]);
580 if (ret)
581 goto err;
582 }
583
584 return 0;
585
586err:
587 for (--i; i >= 0; --i)
588 crypto_unregister_shash(&algs[i]);
589
590 return ret;
591}
592EXPORT_SYMBOL_GPL(crypto_register_shashes);
593
594void crypto_unregister_shashes(struct shash_alg *algs, int count)
595{
596 int i;
597
598 for (i = count - 1; i >= 0; --i)
599 crypto_unregister_shash(&algs[i]);
600}
601EXPORT_SYMBOL_GPL(crypto_unregister_shashes);
602
603int shash_register_instance(struct crypto_template *tmpl,
604 struct shash_instance *inst)
605{
606 int err;
607
608 if (WARN_ON(!inst->free))
609 return -EINVAL;
610
611 err = shash_prepare_alg(&inst->alg);
612 if (err)
613 return err;
614
615 return crypto_register_instance(tmpl, shash_crypto_instance(inst));
616}
617EXPORT_SYMBOL_GPL(shash_register_instance);
618
619void shash_free_singlespawn_instance(struct shash_instance *inst)
620{
621 crypto_drop_spawn(shash_instance_ctx(inst));
622 kfree(inst);
623}
624EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance);
625
626MODULE_LICENSE("GPL");
627MODULE_DESCRIPTION("Synchronous cryptographic hash type");
628
