Loading...
1/*
2 * Asynchronous Cryptographic Hash operations.
3 *
4 * This is the asynchronous version of hash.c with notification of
5 * completion via a callback.
6 *
7 * Copyright (c) 2008 Loc Ho <lho@amcc.com>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 */
15
16#include <crypto/internal/hash.h>
17#include <crypto/scatterwalk.h>
18#include <linux/err.h>
19#include <linux/kernel.h>
20#include <linux/module.h>
21#include <linux/sched.h>
22#include <linux/slab.h>
23#include <linux/seq_file.h>
24#include <linux/cryptouser.h>
25#include <net/netlink.h>
26
27#include "internal.h"
28
29struct ahash_request_priv {
30 crypto_completion_t complete;
31 void *data;
32 u8 *result;
33 void *ubuf[] CRYPTO_MINALIGN_ATTR;
34};
35
36static inline struct ahash_alg *crypto_ahash_alg(struct crypto_ahash *hash)
37{
38 return container_of(crypto_hash_alg_common(hash), struct ahash_alg,
39 halg);
40}
41
42static int hash_walk_next(struct crypto_hash_walk *walk)
43{
44 unsigned int alignmask = walk->alignmask;
45 unsigned int offset = walk->offset;
46 unsigned int nbytes = min(walk->entrylen,
47 ((unsigned int)(PAGE_SIZE)) - offset);
48
49 walk->data = kmap_atomic(walk->pg);
50 walk->data += offset;
51
52 if (offset & alignmask) {
53 unsigned int unaligned = alignmask + 1 - (offset & alignmask);
54 if (nbytes > unaligned)
55 nbytes = unaligned;
56 }
57
58 walk->entrylen -= nbytes;
59 return nbytes;
60}
61
62static int hash_walk_new_entry(struct crypto_hash_walk *walk)
63{
64 struct scatterlist *sg;
65
66 sg = walk->sg;
67 walk->pg = sg_page(sg);
68 walk->offset = sg->offset;
69 walk->entrylen = sg->length;
70
71 if (walk->entrylen > walk->total)
72 walk->entrylen = walk->total;
73 walk->total -= walk->entrylen;
74
75 return hash_walk_next(walk);
76}
77
78int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
79{
80 unsigned int alignmask = walk->alignmask;
81 unsigned int nbytes = walk->entrylen;
82
83 walk->data -= walk->offset;
84
85 if (nbytes && walk->offset & alignmask && !err) {
86 walk->offset = ALIGN(walk->offset, alignmask + 1);
87 walk->data += walk->offset;
88
89 nbytes = min(nbytes,
90 ((unsigned int)(PAGE_SIZE)) - walk->offset);
91 walk->entrylen -= nbytes;
92
93 return nbytes;
94 }
95
96 kunmap_atomic(walk->data);
97 crypto_yield(walk->flags);
98
99 if (err)
100 return err;
101
102 if (nbytes) {
103 walk->offset = 0;
104 walk->pg++;
105 return hash_walk_next(walk);
106 }
107
108 if (!walk->total)
109 return 0;
110
111 walk->sg = scatterwalk_sg_next(walk->sg);
112
113 return hash_walk_new_entry(walk);
114}
115EXPORT_SYMBOL_GPL(crypto_hash_walk_done);
116
117int crypto_hash_walk_first(struct ahash_request *req,
118 struct crypto_hash_walk *walk)
119{
120 walk->total = req->nbytes;
121
122 if (!walk->total)
123 return 0;
124
125 walk->alignmask = crypto_ahash_alignmask(crypto_ahash_reqtfm(req));
126 walk->sg = req->src;
127 walk->flags = req->base.flags;
128
129 return hash_walk_new_entry(walk);
130}
131EXPORT_SYMBOL_GPL(crypto_hash_walk_first);
132
133int crypto_hash_walk_first_compat(struct hash_desc *hdesc,
134 struct crypto_hash_walk *walk,
135 struct scatterlist *sg, unsigned int len)
136{
137 walk->total = len;
138
139 if (!walk->total)
140 return 0;
141
142 walk->alignmask = crypto_hash_alignmask(hdesc->tfm);
143 walk->sg = sg;
144 walk->flags = hdesc->flags;
145
146 return hash_walk_new_entry(walk);
147}
148
149static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
150 unsigned int keylen)
151{
152 unsigned long alignmask = crypto_ahash_alignmask(tfm);
153 int ret;
154 u8 *buffer, *alignbuffer;
155 unsigned long absize;
156
157 absize = keylen + alignmask;
158 buffer = kmalloc(absize, GFP_KERNEL);
159 if (!buffer)
160 return -ENOMEM;
161
162 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
163 memcpy(alignbuffer, key, keylen);
164 ret = tfm->setkey(tfm, alignbuffer, keylen);
165 kzfree(buffer);
166 return ret;
167}
168
169int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
170 unsigned int keylen)
171{
172 unsigned long alignmask = crypto_ahash_alignmask(tfm);
173
174 if ((unsigned long)key & alignmask)
175 return ahash_setkey_unaligned(tfm, key, keylen);
176
177 return tfm->setkey(tfm, key, keylen);
178}
179EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
180
181static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
182 unsigned int keylen)
183{
184 return -ENOSYS;
185}
186
187static inline unsigned int ahash_align_buffer_size(unsigned len,
188 unsigned long mask)
189{
190 return len + (mask & ~(crypto_tfm_ctx_alignment() - 1));
191}
192
193static int ahash_save_req(struct ahash_request *req, crypto_completion_t cplt)
194{
195 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
196 unsigned long alignmask = crypto_ahash_alignmask(tfm);
197 unsigned int ds = crypto_ahash_digestsize(tfm);
198 struct ahash_request_priv *priv;
199
200 priv = kmalloc(sizeof(*priv) + ahash_align_buffer_size(ds, alignmask),
201 (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
202 GFP_KERNEL : GFP_ATOMIC);
203 if (!priv)
204 return -ENOMEM;
205
206 /*
207 * WARNING: Voodoo programming below!
208 *
209 * The code below is obscure and hard to understand, thus explanation
210 * is necessary. See include/crypto/hash.h and include/linux/crypto.h
211 * to understand the layout of structures used here!
212 *
213 * The code here will replace portions of the ORIGINAL request with
214 * pointers to new code and buffers so the hashing operation can store
215 * the result in aligned buffer. We will call the modified request
216 * an ADJUSTED request.
217 *
218 * The newly mangled request will look as such:
219 *
220 * req {
221 * .result = ADJUSTED[new aligned buffer]
222 * .base.complete = ADJUSTED[pointer to completion function]
223 * .base.data = ADJUSTED[*req (pointer to self)]
224 * .priv = ADJUSTED[new priv] {
225 * .result = ORIGINAL(result)
226 * .complete = ORIGINAL(base.complete)
227 * .data = ORIGINAL(base.data)
228 * }
229 */
230
231 priv->result = req->result;
232 priv->complete = req->base.complete;
233 priv->data = req->base.data;
234 /*
235 * WARNING: We do not backup req->priv here! The req->priv
236 * is for internal use of the Crypto API and the
237 * user must _NOT_ _EVER_ depend on it's content!
238 */
239
240 req->result = PTR_ALIGN((u8 *)priv->ubuf, alignmask + 1);
241 req->base.complete = cplt;
242 req->base.data = req;
243 req->priv = priv;
244
245 return 0;
246}
247
248static void ahash_restore_req(struct ahash_request *req)
249{
250 struct ahash_request_priv *priv = req->priv;
251
252 /* Restore the original crypto request. */
253 req->result = priv->result;
254 req->base.complete = priv->complete;
255 req->base.data = priv->data;
256 req->priv = NULL;
257
258 /* Free the req->priv.priv from the ADJUSTED request. */
259 kzfree(priv);
260}
261
262static void ahash_op_unaligned_finish(struct ahash_request *req, int err)
263{
264 struct ahash_request_priv *priv = req->priv;
265
266 if (err == -EINPROGRESS)
267 return;
268
269 if (!err)
270 memcpy(priv->result, req->result,
271 crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
272
273 ahash_restore_req(req);
274}
275
276static void ahash_op_unaligned_done(struct crypto_async_request *req, int err)
277{
278 struct ahash_request *areq = req->data;
279
280 /*
281 * Restore the original request, see ahash_op_unaligned() for what
282 * goes where.
283 *
284 * The "struct ahash_request *req" here is in fact the "req.base"
285 * from the ADJUSTED request from ahash_op_unaligned(), thus as it
286 * is a pointer to self, it is also the ADJUSTED "req" .
287 */
288
289 /* First copy req->result into req->priv.result */
290 ahash_op_unaligned_finish(areq, err);
291
292 /* Complete the ORIGINAL request. */
293 areq->base.complete(&areq->base, err);
294}
295
296static int ahash_op_unaligned(struct ahash_request *req,
297 int (*op)(struct ahash_request *))
298{
299 int err;
300
301 err = ahash_save_req(req, ahash_op_unaligned_done);
302 if (err)
303 return err;
304
305 err = op(req);
306 ahash_op_unaligned_finish(req, err);
307
308 return err;
309}
310
311static int crypto_ahash_op(struct ahash_request *req,
312 int (*op)(struct ahash_request *))
313{
314 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
315 unsigned long alignmask = crypto_ahash_alignmask(tfm);
316
317 if ((unsigned long)req->result & alignmask)
318 return ahash_op_unaligned(req, op);
319
320 return op(req);
321}
322
323int crypto_ahash_final(struct ahash_request *req)
324{
325 return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
326}
327EXPORT_SYMBOL_GPL(crypto_ahash_final);
328
329int crypto_ahash_finup(struct ahash_request *req)
330{
331 return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
332}
333EXPORT_SYMBOL_GPL(crypto_ahash_finup);
334
335int crypto_ahash_digest(struct ahash_request *req)
336{
337 return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->digest);
338}
339EXPORT_SYMBOL_GPL(crypto_ahash_digest);
340
341static void ahash_def_finup_finish2(struct ahash_request *req, int err)
342{
343 struct ahash_request_priv *priv = req->priv;
344
345 if (err == -EINPROGRESS)
346 return;
347
348 if (!err)
349 memcpy(priv->result, req->result,
350 crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
351
352 ahash_restore_req(req);
353}
354
355static void ahash_def_finup_done2(struct crypto_async_request *req, int err)
356{
357 struct ahash_request *areq = req->data;
358
359 ahash_def_finup_finish2(areq, err);
360
361 areq->base.complete(&areq->base, err);
362}
363
364static int ahash_def_finup_finish1(struct ahash_request *req, int err)
365{
366 if (err)
367 goto out;
368
369 req->base.complete = ahash_def_finup_done2;
370 req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
371 err = crypto_ahash_reqtfm(req)->final(req);
372
373out:
374 ahash_def_finup_finish2(req, err);
375 return err;
376}
377
378static void ahash_def_finup_done1(struct crypto_async_request *req, int err)
379{
380 struct ahash_request *areq = req->data;
381
382 err = ahash_def_finup_finish1(areq, err);
383
384 areq->base.complete(&areq->base, err);
385}
386
387static int ahash_def_finup(struct ahash_request *req)
388{
389 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
390 int err;
391
392 err = ahash_save_req(req, ahash_def_finup_done1);
393 if (err)
394 return err;
395
396 err = tfm->update(req);
397 return ahash_def_finup_finish1(req, err);
398}
399
400static int ahash_no_export(struct ahash_request *req, void *out)
401{
402 return -ENOSYS;
403}
404
405static int ahash_no_import(struct ahash_request *req, const void *in)
406{
407 return -ENOSYS;
408}
409
410static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
411{
412 struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
413 struct ahash_alg *alg = crypto_ahash_alg(hash);
414
415 hash->setkey = ahash_nosetkey;
416 hash->export = ahash_no_export;
417 hash->import = ahash_no_import;
418
419 if (tfm->__crt_alg->cra_type != &crypto_ahash_type)
420 return crypto_init_shash_ops_async(tfm);
421
422 hash->init = alg->init;
423 hash->update = alg->update;
424 hash->final = alg->final;
425 hash->finup = alg->finup ?: ahash_def_finup;
426 hash->digest = alg->digest;
427
428 if (alg->setkey)
429 hash->setkey = alg->setkey;
430 if (alg->export)
431 hash->export = alg->export;
432 if (alg->import)
433 hash->import = alg->import;
434
435 return 0;
436}
437
438static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
439{
440 if (alg->cra_type == &crypto_ahash_type)
441 return alg->cra_ctxsize;
442
443 return sizeof(struct crypto_shash *);
444}
445
446#ifdef CONFIG_NET
447static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
448{
449 struct crypto_report_hash rhash;
450
451 strncpy(rhash.type, "ahash", sizeof(rhash.type));
452
453 rhash.blocksize = alg->cra_blocksize;
454 rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
455
456 if (nla_put(skb, CRYPTOCFGA_REPORT_HASH,
457 sizeof(struct crypto_report_hash), &rhash))
458 goto nla_put_failure;
459 return 0;
460
461nla_put_failure:
462 return -EMSGSIZE;
463}
464#else
465static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
466{
467 return -ENOSYS;
468}
469#endif
470
471static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
472 __attribute__ ((unused));
473static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
474{
475 seq_printf(m, "type : ahash\n");
476 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
477 "yes" : "no");
478 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
479 seq_printf(m, "digestsize : %u\n",
480 __crypto_hash_alg_common(alg)->digestsize);
481}
482
483const struct crypto_type crypto_ahash_type = {
484 .extsize = crypto_ahash_extsize,
485 .init_tfm = crypto_ahash_init_tfm,
486#ifdef CONFIG_PROC_FS
487 .show = crypto_ahash_show,
488#endif
489 .report = crypto_ahash_report,
490 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
491 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
492 .type = CRYPTO_ALG_TYPE_AHASH,
493 .tfmsize = offsetof(struct crypto_ahash, base),
494};
495EXPORT_SYMBOL_GPL(crypto_ahash_type);
496
497struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
498 u32 mask)
499{
500 return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
501}
502EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
503
504static int ahash_prepare_alg(struct ahash_alg *alg)
505{
506 struct crypto_alg *base = &alg->halg.base;
507
508 if (alg->halg.digestsize > PAGE_SIZE / 8 ||
509 alg->halg.statesize > PAGE_SIZE / 8)
510 return -EINVAL;
511
512 base->cra_type = &crypto_ahash_type;
513 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
514 base->cra_flags |= CRYPTO_ALG_TYPE_AHASH;
515
516 return 0;
517}
518
519int crypto_register_ahash(struct ahash_alg *alg)
520{
521 struct crypto_alg *base = &alg->halg.base;
522 int err;
523
524 err = ahash_prepare_alg(alg);
525 if (err)
526 return err;
527
528 return crypto_register_alg(base);
529}
530EXPORT_SYMBOL_GPL(crypto_register_ahash);
531
532int crypto_unregister_ahash(struct ahash_alg *alg)
533{
534 return crypto_unregister_alg(&alg->halg.base);
535}
536EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
537
538int ahash_register_instance(struct crypto_template *tmpl,
539 struct ahash_instance *inst)
540{
541 int err;
542
543 err = ahash_prepare_alg(&inst->alg);
544 if (err)
545 return err;
546
547 return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
548}
549EXPORT_SYMBOL_GPL(ahash_register_instance);
550
551void ahash_free_instance(struct crypto_instance *inst)
552{
553 crypto_drop_spawn(crypto_instance_ctx(inst));
554 kfree(ahash_instance(inst));
555}
556EXPORT_SYMBOL_GPL(ahash_free_instance);
557
558int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
559 struct hash_alg_common *alg,
560 struct crypto_instance *inst)
561{
562 return crypto_init_spawn2(&spawn->base, &alg->base, inst,
563 &crypto_ahash_type);
564}
565EXPORT_SYMBOL_GPL(crypto_init_ahash_spawn);
566
567struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, u32 type, u32 mask)
568{
569 struct crypto_alg *alg;
570
571 alg = crypto_attr_alg2(rta, &crypto_ahash_type, type, mask);
572 return IS_ERR(alg) ? ERR_CAST(alg) : __crypto_hash_alg_common(alg);
573}
574EXPORT_SYMBOL_GPL(ahash_attr_alg);
575
576MODULE_LICENSE("GPL");
577MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Asynchronous Cryptographic Hash operations.
4 *
5 * This is the implementation of the ahash (asynchronous hash) API. It differs
6 * from shash (synchronous hash) in that ahash supports asynchronous operations,
7 * and it hashes data from scatterlists instead of virtually addressed buffers.
8 *
9 * The ahash API provides access to both ahash and shash algorithms. The shash
10 * API only provides access to shash algorithms.
11 *
12 * Copyright (c) 2008 Loc Ho <lho@amcc.com>
13 */
14
15#include <crypto/scatterwalk.h>
16#include <linux/cryptouser.h>
17#include <linux/err.h>
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <linux/sched.h>
21#include <linux/slab.h>
22#include <linux/seq_file.h>
23#include <linux/string.h>
24#include <net/netlink.h>
25
26#include "hash.h"
27
28#define CRYPTO_ALG_TYPE_AHASH_MASK 0x0000000e
29
30static inline struct crypto_istat_hash *ahash_get_stat(struct ahash_alg *alg)
31{
32 return hash_get_stat(&alg->halg);
33}
34
35static inline int crypto_ahash_errstat(struct ahash_alg *alg, int err)
36{
37 if (!IS_ENABLED(CONFIG_CRYPTO_STATS))
38 return err;
39
40 if (err && err != -EINPROGRESS && err != -EBUSY)
41 atomic64_inc(&ahash_get_stat(alg)->err_cnt);
42
43 return err;
44}
45
46/*
47 * For an ahash tfm that is using an shash algorithm (instead of an ahash
48 * algorithm), this returns the underlying shash tfm.
49 */
50static inline struct crypto_shash *ahash_to_shash(struct crypto_ahash *tfm)
51{
52 return *(struct crypto_shash **)crypto_ahash_ctx(tfm);
53}
54
55static inline struct shash_desc *prepare_shash_desc(struct ahash_request *req,
56 struct crypto_ahash *tfm)
57{
58 struct shash_desc *desc = ahash_request_ctx(req);
59
60 desc->tfm = ahash_to_shash(tfm);
61 return desc;
62}
63
64int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
65{
66 struct crypto_hash_walk walk;
67 int nbytes;
68
69 for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0;
70 nbytes = crypto_hash_walk_done(&walk, nbytes))
71 nbytes = crypto_shash_update(desc, walk.data, nbytes);
72
73 return nbytes;
74}
75EXPORT_SYMBOL_GPL(shash_ahash_update);
76
77int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
78{
79 struct crypto_hash_walk walk;
80 int nbytes;
81
82 nbytes = crypto_hash_walk_first(req, &walk);
83 if (!nbytes)
84 return crypto_shash_final(desc, req->result);
85
86 do {
87 nbytes = crypto_hash_walk_last(&walk) ?
88 crypto_shash_finup(desc, walk.data, nbytes,
89 req->result) :
90 crypto_shash_update(desc, walk.data, nbytes);
91 nbytes = crypto_hash_walk_done(&walk, nbytes);
92 } while (nbytes > 0);
93
94 return nbytes;
95}
96EXPORT_SYMBOL_GPL(shash_ahash_finup);
97
98int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
99{
100 unsigned int nbytes = req->nbytes;
101 struct scatterlist *sg;
102 unsigned int offset;
103 int err;
104
105 if (nbytes &&
106 (sg = req->src, offset = sg->offset,
107 nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) {
108 void *data;
109
110 data = kmap_local_page(sg_page(sg));
111 err = crypto_shash_digest(desc, data + offset, nbytes,
112 req->result);
113 kunmap_local(data);
114 } else
115 err = crypto_shash_init(desc) ?:
116 shash_ahash_finup(req, desc);
117
118 return err;
119}
120EXPORT_SYMBOL_GPL(shash_ahash_digest);
121
122static void crypto_exit_ahash_using_shash(struct crypto_tfm *tfm)
123{
124 struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
125
126 crypto_free_shash(*ctx);
127}
128
129static int crypto_init_ahash_using_shash(struct crypto_tfm *tfm)
130{
131 struct crypto_alg *calg = tfm->__crt_alg;
132 struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
133 struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
134 struct crypto_shash *shash;
135
136 if (!crypto_mod_get(calg))
137 return -EAGAIN;
138
139 shash = crypto_create_tfm(calg, &crypto_shash_type);
140 if (IS_ERR(shash)) {
141 crypto_mod_put(calg);
142 return PTR_ERR(shash);
143 }
144
145 crt->using_shash = true;
146 *ctx = shash;
147 tfm->exit = crypto_exit_ahash_using_shash;
148
149 crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
150 CRYPTO_TFM_NEED_KEY);
151 crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
152
153 return 0;
154}
155
156static int hash_walk_next(struct crypto_hash_walk *walk)
157{
158 unsigned int offset = walk->offset;
159 unsigned int nbytes = min(walk->entrylen,
160 ((unsigned int)(PAGE_SIZE)) - offset);
161
162 walk->data = kmap_local_page(walk->pg);
163 walk->data += offset;
164 walk->entrylen -= nbytes;
165 return nbytes;
166}
167
168static int hash_walk_new_entry(struct crypto_hash_walk *walk)
169{
170 struct scatterlist *sg;
171
172 sg = walk->sg;
173 walk->offset = sg->offset;
174 walk->pg = sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
175 walk->offset = offset_in_page(walk->offset);
176 walk->entrylen = sg->length;
177
178 if (walk->entrylen > walk->total)
179 walk->entrylen = walk->total;
180 walk->total -= walk->entrylen;
181
182 return hash_walk_next(walk);
183}
184
185int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
186{
187 walk->data -= walk->offset;
188
189 kunmap_local(walk->data);
190 crypto_yield(walk->flags);
191
192 if (err)
193 return err;
194
195 if (walk->entrylen) {
196 walk->offset = 0;
197 walk->pg++;
198 return hash_walk_next(walk);
199 }
200
201 if (!walk->total)
202 return 0;
203
204 walk->sg = sg_next(walk->sg);
205
206 return hash_walk_new_entry(walk);
207}
208EXPORT_SYMBOL_GPL(crypto_hash_walk_done);
209
210int crypto_hash_walk_first(struct ahash_request *req,
211 struct crypto_hash_walk *walk)
212{
213 walk->total = req->nbytes;
214
215 if (!walk->total) {
216 walk->entrylen = 0;
217 return 0;
218 }
219
220 walk->sg = req->src;
221 walk->flags = req->base.flags;
222
223 return hash_walk_new_entry(walk);
224}
225EXPORT_SYMBOL_GPL(crypto_hash_walk_first);
226
227static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
228 unsigned int keylen)
229{
230 return -ENOSYS;
231}
232
233static void ahash_set_needkey(struct crypto_ahash *tfm, struct ahash_alg *alg)
234{
235 if (alg->setkey != ahash_nosetkey &&
236 !(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
237 crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
238}
239
240int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
241 unsigned int keylen)
242{
243 if (likely(tfm->using_shash)) {
244 struct crypto_shash *shash = ahash_to_shash(tfm);
245 int err;
246
247 err = crypto_shash_setkey(shash, key, keylen);
248 if (unlikely(err)) {
249 crypto_ahash_set_flags(tfm,
250 crypto_shash_get_flags(shash) &
251 CRYPTO_TFM_NEED_KEY);
252 return err;
253 }
254 } else {
255 struct ahash_alg *alg = crypto_ahash_alg(tfm);
256 int err;
257
258 err = alg->setkey(tfm, key, keylen);
259 if (unlikely(err)) {
260 ahash_set_needkey(tfm, alg);
261 return err;
262 }
263 }
264 crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
265 return 0;
266}
267EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
268
269int crypto_ahash_init(struct ahash_request *req)
270{
271 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
272
273 if (likely(tfm->using_shash))
274 return crypto_shash_init(prepare_shash_desc(req, tfm));
275 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
276 return -ENOKEY;
277 return crypto_ahash_alg(tfm)->init(req);
278}
279EXPORT_SYMBOL_GPL(crypto_ahash_init);
280
281static int ahash_save_req(struct ahash_request *req, crypto_completion_t cplt,
282 bool has_state)
283{
284 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
285 unsigned int ds = crypto_ahash_digestsize(tfm);
286 struct ahash_request *subreq;
287 unsigned int subreq_size;
288 unsigned int reqsize;
289 u8 *result;
290 gfp_t gfp;
291 u32 flags;
292
293 subreq_size = sizeof(*subreq);
294 reqsize = crypto_ahash_reqsize(tfm);
295 reqsize = ALIGN(reqsize, crypto_tfm_ctx_alignment());
296 subreq_size += reqsize;
297 subreq_size += ds;
298
299 flags = ahash_request_flags(req);
300 gfp = (flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL : GFP_ATOMIC;
301 subreq = kmalloc(subreq_size, gfp);
302 if (!subreq)
303 return -ENOMEM;
304
305 ahash_request_set_tfm(subreq, tfm);
306 ahash_request_set_callback(subreq, flags, cplt, req);
307
308 result = (u8 *)(subreq + 1) + reqsize;
309
310 ahash_request_set_crypt(subreq, req->src, result, req->nbytes);
311
312 if (has_state) {
313 void *state;
314
315 state = kmalloc(crypto_ahash_statesize(tfm), gfp);
316 if (!state) {
317 kfree(subreq);
318 return -ENOMEM;
319 }
320
321 crypto_ahash_export(req, state);
322 crypto_ahash_import(subreq, state);
323 kfree_sensitive(state);
324 }
325
326 req->priv = subreq;
327
328 return 0;
329}
330
331static void ahash_restore_req(struct ahash_request *req, int err)
332{
333 struct ahash_request *subreq = req->priv;
334
335 if (!err)
336 memcpy(req->result, subreq->result,
337 crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
338
339 req->priv = NULL;
340
341 kfree_sensitive(subreq);
342}
343
344int crypto_ahash_update(struct ahash_request *req)
345{
346 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
347 struct ahash_alg *alg;
348
349 if (likely(tfm->using_shash))
350 return shash_ahash_update(req, ahash_request_ctx(req));
351
352 alg = crypto_ahash_alg(tfm);
353 if (IS_ENABLED(CONFIG_CRYPTO_STATS))
354 atomic64_add(req->nbytes, &ahash_get_stat(alg)->hash_tlen);
355 return crypto_ahash_errstat(alg, alg->update(req));
356}
357EXPORT_SYMBOL_GPL(crypto_ahash_update);
358
359int crypto_ahash_final(struct ahash_request *req)
360{
361 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
362 struct ahash_alg *alg;
363
364 if (likely(tfm->using_shash))
365 return crypto_shash_final(ahash_request_ctx(req), req->result);
366
367 alg = crypto_ahash_alg(tfm);
368 if (IS_ENABLED(CONFIG_CRYPTO_STATS))
369 atomic64_inc(&ahash_get_stat(alg)->hash_cnt);
370 return crypto_ahash_errstat(alg, alg->final(req));
371}
372EXPORT_SYMBOL_GPL(crypto_ahash_final);
373
374int crypto_ahash_finup(struct ahash_request *req)
375{
376 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
377 struct ahash_alg *alg;
378
379 if (likely(tfm->using_shash))
380 return shash_ahash_finup(req, ahash_request_ctx(req));
381
382 alg = crypto_ahash_alg(tfm);
383 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) {
384 struct crypto_istat_hash *istat = ahash_get_stat(alg);
385
386 atomic64_inc(&istat->hash_cnt);
387 atomic64_add(req->nbytes, &istat->hash_tlen);
388 }
389 return crypto_ahash_errstat(alg, alg->finup(req));
390}
391EXPORT_SYMBOL_GPL(crypto_ahash_finup);
392
393int crypto_ahash_digest(struct ahash_request *req)
394{
395 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
396 struct ahash_alg *alg;
397 int err;
398
399 if (likely(tfm->using_shash))
400 return shash_ahash_digest(req, prepare_shash_desc(req, tfm));
401
402 alg = crypto_ahash_alg(tfm);
403 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) {
404 struct crypto_istat_hash *istat = ahash_get_stat(alg);
405
406 atomic64_inc(&istat->hash_cnt);
407 atomic64_add(req->nbytes, &istat->hash_tlen);
408 }
409
410 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
411 err = -ENOKEY;
412 else
413 err = alg->digest(req);
414
415 return crypto_ahash_errstat(alg, err);
416}
417EXPORT_SYMBOL_GPL(crypto_ahash_digest);
418
419static void ahash_def_finup_done2(void *data, int err)
420{
421 struct ahash_request *areq = data;
422
423 if (err == -EINPROGRESS)
424 return;
425
426 ahash_restore_req(areq, err);
427
428 ahash_request_complete(areq, err);
429}
430
431static int ahash_def_finup_finish1(struct ahash_request *req, int err)
432{
433 struct ahash_request *subreq = req->priv;
434
435 if (err)
436 goto out;
437
438 subreq->base.complete = ahash_def_finup_done2;
439
440 err = crypto_ahash_alg(crypto_ahash_reqtfm(req))->final(subreq);
441 if (err == -EINPROGRESS || err == -EBUSY)
442 return err;
443
444out:
445 ahash_restore_req(req, err);
446 return err;
447}
448
449static void ahash_def_finup_done1(void *data, int err)
450{
451 struct ahash_request *areq = data;
452 struct ahash_request *subreq;
453
454 if (err == -EINPROGRESS)
455 goto out;
456
457 subreq = areq->priv;
458 subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
459
460 err = ahash_def_finup_finish1(areq, err);
461 if (err == -EINPROGRESS || err == -EBUSY)
462 return;
463
464out:
465 ahash_request_complete(areq, err);
466}
467
468static int ahash_def_finup(struct ahash_request *req)
469{
470 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
471 int err;
472
473 err = ahash_save_req(req, ahash_def_finup_done1, true);
474 if (err)
475 return err;
476
477 err = crypto_ahash_alg(tfm)->update(req->priv);
478 if (err == -EINPROGRESS || err == -EBUSY)
479 return err;
480
481 return ahash_def_finup_finish1(req, err);
482}
483
484int crypto_ahash_export(struct ahash_request *req, void *out)
485{
486 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
487
488 if (likely(tfm->using_shash))
489 return crypto_shash_export(ahash_request_ctx(req), out);
490 return crypto_ahash_alg(tfm)->export(req, out);
491}
492EXPORT_SYMBOL_GPL(crypto_ahash_export);
493
494int crypto_ahash_import(struct ahash_request *req, const void *in)
495{
496 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
497
498 if (likely(tfm->using_shash))
499 return crypto_shash_import(prepare_shash_desc(req, tfm), in);
500 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
501 return -ENOKEY;
502 return crypto_ahash_alg(tfm)->import(req, in);
503}
504EXPORT_SYMBOL_GPL(crypto_ahash_import);
505
506static void crypto_ahash_exit_tfm(struct crypto_tfm *tfm)
507{
508 struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
509 struct ahash_alg *alg = crypto_ahash_alg(hash);
510
511 alg->exit_tfm(hash);
512}
513
514static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
515{
516 struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
517 struct ahash_alg *alg = crypto_ahash_alg(hash);
518
519 crypto_ahash_set_statesize(hash, alg->halg.statesize);
520
521 if (tfm->__crt_alg->cra_type == &crypto_shash_type)
522 return crypto_init_ahash_using_shash(tfm);
523
524 ahash_set_needkey(hash, alg);
525
526 if (alg->exit_tfm)
527 tfm->exit = crypto_ahash_exit_tfm;
528
529 return alg->init_tfm ? alg->init_tfm(hash) : 0;
530}
531
532static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
533{
534 if (alg->cra_type == &crypto_shash_type)
535 return sizeof(struct crypto_shash *);
536
537 return crypto_alg_extsize(alg);
538}
539
540static void crypto_ahash_free_instance(struct crypto_instance *inst)
541{
542 struct ahash_instance *ahash = ahash_instance(inst);
543
544 ahash->free(ahash);
545}
546
547static int __maybe_unused crypto_ahash_report(
548 struct sk_buff *skb, struct crypto_alg *alg)
549{
550 struct crypto_report_hash rhash;
551
552 memset(&rhash, 0, sizeof(rhash));
553
554 strscpy(rhash.type, "ahash", sizeof(rhash.type));
555
556 rhash.blocksize = alg->cra_blocksize;
557 rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
558
559 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
560}
561
562static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
563 __maybe_unused;
564static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
565{
566 seq_printf(m, "type : ahash\n");
567 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
568 "yes" : "no");
569 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
570 seq_printf(m, "digestsize : %u\n",
571 __crypto_hash_alg_common(alg)->digestsize);
572}
573
574static int __maybe_unused crypto_ahash_report_stat(
575 struct sk_buff *skb, struct crypto_alg *alg)
576{
577 return crypto_hash_report_stat(skb, alg, "ahash");
578}
579
580static const struct crypto_type crypto_ahash_type = {
581 .extsize = crypto_ahash_extsize,
582 .init_tfm = crypto_ahash_init_tfm,
583 .free = crypto_ahash_free_instance,
584#ifdef CONFIG_PROC_FS
585 .show = crypto_ahash_show,
586#endif
587#if IS_ENABLED(CONFIG_CRYPTO_USER)
588 .report = crypto_ahash_report,
589#endif
590#ifdef CONFIG_CRYPTO_STATS
591 .report_stat = crypto_ahash_report_stat,
592#endif
593 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
594 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
595 .type = CRYPTO_ALG_TYPE_AHASH,
596 .tfmsize = offsetof(struct crypto_ahash, base),
597};
598
599int crypto_grab_ahash(struct crypto_ahash_spawn *spawn,
600 struct crypto_instance *inst,
601 const char *name, u32 type, u32 mask)
602{
603 spawn->base.frontend = &crypto_ahash_type;
604 return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
605}
606EXPORT_SYMBOL_GPL(crypto_grab_ahash);
607
608struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
609 u32 mask)
610{
611 return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
612}
613EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
614
615int crypto_has_ahash(const char *alg_name, u32 type, u32 mask)
616{
617 return crypto_type_has_alg(alg_name, &crypto_ahash_type, type, mask);
618}
619EXPORT_SYMBOL_GPL(crypto_has_ahash);
620
621struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
622{
623 struct hash_alg_common *halg = crypto_hash_alg_common(hash);
624 struct crypto_tfm *tfm = crypto_ahash_tfm(hash);
625 struct crypto_ahash *nhash;
626 struct ahash_alg *alg;
627 int err;
628
629 if (!crypto_hash_alg_has_setkey(halg)) {
630 tfm = crypto_tfm_get(tfm);
631 if (IS_ERR(tfm))
632 return ERR_CAST(tfm);
633
634 return hash;
635 }
636
637 nhash = crypto_clone_tfm(&crypto_ahash_type, tfm);
638
639 if (IS_ERR(nhash))
640 return nhash;
641
642 nhash->reqsize = hash->reqsize;
643 nhash->statesize = hash->statesize;
644
645 if (likely(hash->using_shash)) {
646 struct crypto_shash **nctx = crypto_ahash_ctx(nhash);
647 struct crypto_shash *shash;
648
649 shash = crypto_clone_shash(ahash_to_shash(hash));
650 if (IS_ERR(shash)) {
651 err = PTR_ERR(shash);
652 goto out_free_nhash;
653 }
654 nhash->using_shash = true;
655 *nctx = shash;
656 return nhash;
657 }
658
659 err = -ENOSYS;
660 alg = crypto_ahash_alg(hash);
661 if (!alg->clone_tfm)
662 goto out_free_nhash;
663
664 err = alg->clone_tfm(nhash, hash);
665 if (err)
666 goto out_free_nhash;
667
668 return nhash;
669
670out_free_nhash:
671 crypto_free_ahash(nhash);
672 return ERR_PTR(err);
673}
674EXPORT_SYMBOL_GPL(crypto_clone_ahash);
675
676static int ahash_prepare_alg(struct ahash_alg *alg)
677{
678 struct crypto_alg *base = &alg->halg.base;
679 int err;
680
681 if (alg->halg.statesize == 0)
682 return -EINVAL;
683
684 err = hash_prepare_alg(&alg->halg);
685 if (err)
686 return err;
687
688 base->cra_type = &crypto_ahash_type;
689 base->cra_flags |= CRYPTO_ALG_TYPE_AHASH;
690
691 if (!alg->finup)
692 alg->finup = ahash_def_finup;
693 if (!alg->setkey)
694 alg->setkey = ahash_nosetkey;
695
696 return 0;
697}
698
699int crypto_register_ahash(struct ahash_alg *alg)
700{
701 struct crypto_alg *base = &alg->halg.base;
702 int err;
703
704 err = ahash_prepare_alg(alg);
705 if (err)
706 return err;
707
708 return crypto_register_alg(base);
709}
710EXPORT_SYMBOL_GPL(crypto_register_ahash);
711
712void crypto_unregister_ahash(struct ahash_alg *alg)
713{
714 crypto_unregister_alg(&alg->halg.base);
715}
716EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
717
718int crypto_register_ahashes(struct ahash_alg *algs, int count)
719{
720 int i, ret;
721
722 for (i = 0; i < count; i++) {
723 ret = crypto_register_ahash(&algs[i]);
724 if (ret)
725 goto err;
726 }
727
728 return 0;
729
730err:
731 for (--i; i >= 0; --i)
732 crypto_unregister_ahash(&algs[i]);
733
734 return ret;
735}
736EXPORT_SYMBOL_GPL(crypto_register_ahashes);
737
738void crypto_unregister_ahashes(struct ahash_alg *algs, int count)
739{
740 int i;
741
742 for (i = count - 1; i >= 0; --i)
743 crypto_unregister_ahash(&algs[i]);
744}
745EXPORT_SYMBOL_GPL(crypto_unregister_ahashes);
746
747int ahash_register_instance(struct crypto_template *tmpl,
748 struct ahash_instance *inst)
749{
750 int err;
751
752 if (WARN_ON(!inst->free))
753 return -EINVAL;
754
755 err = ahash_prepare_alg(&inst->alg);
756 if (err)
757 return err;
758
759 return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
760}
761EXPORT_SYMBOL_GPL(ahash_register_instance);
762
763bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
764{
765 struct crypto_alg *alg = &halg->base;
766
767 if (alg->cra_type == &crypto_shash_type)
768 return crypto_shash_alg_has_setkey(__crypto_shash_alg(alg));
769
770 return __crypto_ahash_alg(alg)->setkey != ahash_nosetkey;
771}
772EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
773
774MODULE_LICENSE("GPL");
775MODULE_DESCRIPTION("Asynchronous cryptographic hash type");