1/* 2 * Synchronous Cryptographic Hash operations. 3 * 4 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the Free 8 * Software Foundation; either version 2 of the License, or (at your option) 9 * any later version. 10 * 11 */ 12 13#include <crypto/scatterwalk.h> 14#include <crypto/internal/hash.h> 15#include <linux/err.h> 16#include <linux/kernel.h> 17#include <linux/module.h> 18#include <linux/slab.h> 19#include <linux/seq_file.h> 20#include <linux/cryptouser.h> 21#include <net/netlink.h> 22 23#include "internal.h" 24 25static const struct crypto_type crypto_shash_type; 26 27static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, 28 unsigned int keylen) 29{ 30 return -ENOSYS; 31} 32 33static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, 34 unsigned int keylen) 35{ 36 struct shash_alg *shash = crypto_shash_alg(tfm); 37 unsigned long alignmask = crypto_shash_alignmask(tfm); 38 unsigned long absize; 39 u8 *buffer, *alignbuffer; 40 int err; 41 42 absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); 43 buffer = kmalloc(absize, GFP_KERNEL); 44 if (!buffer) 45 return -ENOMEM; 46 47 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 48 memcpy(alignbuffer, key, keylen); 49 err = shash->setkey(tfm, alignbuffer, keylen); 50 kzfree(buffer); 51 return err; 52} 53 54int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, 55 unsigned int keylen) 56{ 57 struct shash_alg *shash = crypto_shash_alg(tfm); 58 unsigned long alignmask = crypto_shash_alignmask(tfm); 59 60 if ((unsigned long)key & alignmask) 61 return shash_setkey_unaligned(tfm, key, keylen); 62 63 return shash->setkey(tfm, key, keylen); 64} 65EXPORT_SYMBOL_GPL(crypto_shash_setkey); 66 67static inline unsigned int shash_align_buffer_size(unsigned len, 68 unsigned long mask) 69{ 70 typedef u8 __attribute__ ((aligned)) u8_aligned; 71 return len + (mask & ~(__alignof__(u8_aligned) - 1)); 72} 73 74static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, 75 unsigned int len) 76{ 77 struct crypto_shash *tfm = desc->tfm; 78 struct shash_alg *shash = crypto_shash_alg(tfm); 79 unsigned long alignmask = crypto_shash_alignmask(tfm); 80 unsigned int unaligned_len = alignmask + 1 - 81 ((unsigned long)data & alignmask); 82 u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)] 83 __attribute__ ((aligned)); 84 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); 85 int err; 86 87 if (unaligned_len > len) 88 unaligned_len = len; 89 90 memcpy(buf, data, unaligned_len); 91 err = shash->update(desc, buf, unaligned_len); 92 memset(buf, 0, unaligned_len); 93 94 return err ?: 95 shash->update(desc, data + unaligned_len, len - unaligned_len); 96} 97 98int crypto_shash_update(struct shash_desc *desc, const u8 *data, 99 unsigned int len) 100{ 101 struct crypto_shash *tfm = desc->tfm; 102 struct shash_alg *shash = crypto_shash_alg(tfm); 103 unsigned long alignmask = crypto_shash_alignmask(tfm); 104 105 if ((unsigned long)data & alignmask) 106 return shash_update_unaligned(desc, data, len); 107 108 return shash->update(desc, data, len); 109} 110EXPORT_SYMBOL_GPL(crypto_shash_update); 111 112static int shash_final_unaligned(struct shash_desc *desc, u8 *out) 113{ 114 struct crypto_shash *tfm = desc->tfm; 115 unsigned long alignmask = crypto_shash_alignmask(tfm); 116 struct shash_alg *shash = crypto_shash_alg(tfm); 117 unsigned int ds = crypto_shash_digestsize(tfm); 118 u8 ubuf[shash_align_buffer_size(ds, alignmask)] 119 __attribute__ ((aligned)); 120 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); 121 int err; 122 123 err = shash->final(desc, buf); 124 if (err) 125 goto out; 126 127 memcpy(out, buf, ds); 128 129out: 130 memset(buf, 0, ds); 131 return err; 132} 133 134int crypto_shash_final(struct shash_desc *desc, u8 *out) 135{ 136 struct crypto_shash *tfm = desc->tfm; 137 struct shash_alg *shash = crypto_shash_alg(tfm); 138 unsigned long alignmask = crypto_shash_alignmask(tfm); 139 140 if ((unsigned long)out & alignmask) 141 return shash_final_unaligned(desc, out); 142 143 return shash->final(desc, out); 144} 145EXPORT_SYMBOL_GPL(crypto_shash_final); 146 147static int shash_finup_unaligned(struct shash_desc *desc, const u8 *data, 148 unsigned int len, u8 *out) 149{ 150 return crypto_shash_update(desc, data, len) ?: 151 crypto_shash_final(desc, out); 152} 153 154int crypto_shash_finup(struct shash_desc *desc, const u8 *data, 155 unsigned int len, u8 *out) 156{ 157 struct crypto_shash *tfm = desc->tfm; 158 struct shash_alg *shash = crypto_shash_alg(tfm); 159 unsigned long alignmask = crypto_shash_alignmask(tfm); 160 161 if (((unsigned long)data | (unsigned long)out) & alignmask) 162 return shash_finup_unaligned(desc, data, len, out); 163 164 return shash->finup(desc, data, len, out); 165} 166EXPORT_SYMBOL_GPL(crypto_shash_finup); 167 168static int shash_digest_unaligned(struct shash_desc *desc, const u8 *data, 169 unsigned int len, u8 *out) 170{ 171 return crypto_shash_init(desc) ?: 172 crypto_shash_finup(desc, data, len, out); 173} 174 175int crypto_shash_digest(struct shash_desc *desc, const u8 *data, 176 unsigned int len, u8 *out) 177{ 178 struct crypto_shash *tfm = desc->tfm; 179 struct shash_alg *shash = crypto_shash_alg(tfm); 180 unsigned long alignmask = crypto_shash_alignmask(tfm); 181 182 if (((unsigned long)data | (unsigned long)out) & alignmask) 183 return shash_digest_unaligned(desc, data, len, out); 184 185 return shash->digest(desc, data, len, out); 186} 187EXPORT_SYMBOL_GPL(crypto_shash_digest); 188 189static int shash_default_export(struct shash_desc *desc, void *out) 190{ 191 memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm)); 192 return 0; 193} 194 195static int shash_default_import(struct shash_desc *desc, const void *in) 196{ 197 memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(desc->tfm)); 198 return 0; 199} 200 201static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key, 202 unsigned int keylen) 203{ 204 struct crypto_shash **ctx = crypto_ahash_ctx(tfm); 205 206 return crypto_shash_setkey(*ctx, key, keylen); 207} 208 209static int shash_async_init(struct ahash_request *req) 210{ 211 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 212 struct shash_desc *desc = ahash_request_ctx(req); 213 214 desc->tfm = *ctx; 215 desc->flags = req->base.flags; 216 217 return crypto_shash_init(desc); 218} 219 220int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc) 221{ 222 struct crypto_hash_walk walk; 223 int nbytes; 224 225 for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; 226 nbytes = crypto_hash_walk_done(&walk, nbytes)) 227 nbytes = crypto_shash_update(desc, walk.data, nbytes); 228 229 return nbytes; 230} 231EXPORT_SYMBOL_GPL(shash_ahash_update); 232 233static int shash_async_update(struct ahash_request *req) 234{ 235 return shash_ahash_update(req, ahash_request_ctx(req)); 236} 237 238static int shash_async_final(struct ahash_request *req) 239{ 240 return crypto_shash_final(ahash_request_ctx(req), req->result); 241} 242 243int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc) 244{ 245 struct crypto_hash_walk walk; 246 int nbytes; 247 248 nbytes = crypto_hash_walk_first(req, &walk); 249 if (!nbytes) 250 return crypto_shash_final(desc, req->result); 251 252 do { 253 nbytes = crypto_hash_walk_last(&walk) ? 254 crypto_shash_finup(desc, walk.data, nbytes, 255 req->result) : 256 crypto_shash_update(desc, walk.data, nbytes); 257 nbytes = crypto_hash_walk_done(&walk, nbytes); 258 } while (nbytes > 0); 259 260 return nbytes; 261} 262EXPORT_SYMBOL_GPL(shash_ahash_finup); 263 264static int shash_async_finup(struct ahash_request *req) 265{ 266 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 267 struct shash_desc *desc = ahash_request_ctx(req); 268 269 desc->tfm = *ctx; 270 desc->flags = req->base.flags; 271 272 return shash_ahash_finup(req, desc); 273} 274 275int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc) 276{ 277 struct scatterlist *sg = req->src; 278 unsigned int offset = sg->offset; 279 unsigned int nbytes = req->nbytes; 280 int err; 281 282 if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) { 283 void *data; 284 285 data = kmap_atomic(sg_page(sg)); 286 err = crypto_shash_digest(desc, data + offset, nbytes, 287 req->result); 288 kunmap_atomic(data); 289 crypto_yield(desc->flags); 290 } else 291 err = crypto_shash_init(desc) ?: 292 shash_ahash_finup(req, desc); 293 294 return err; 295} 296EXPORT_SYMBOL_GPL(shash_ahash_digest); 297 298static int shash_async_digest(struct ahash_request *req) 299{ 300 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 301 struct shash_desc *desc = ahash_request_ctx(req); 302 303 desc->tfm = *ctx; 304 desc->flags = req->base.flags; 305 306 return shash_ahash_digest(req, desc); 307} 308 309static int shash_async_export(struct ahash_request *req, void *out) 310{ 311 return crypto_shash_export(ahash_request_ctx(req), out); 312} 313 314static int shash_async_import(struct ahash_request *req, const void *in) 315{ 316 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 317 struct shash_desc *desc = ahash_request_ctx(req); 318 319 desc->tfm = *ctx; 320 desc->flags = req->base.flags; 321 322 return crypto_shash_import(desc, in); 323} 324 325static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm) 326{ 327 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 328 329 crypto_free_shash(*ctx); 330} 331 332int crypto_init_shash_ops_async(struct crypto_tfm *tfm) 333{ 334 struct crypto_alg *calg = tfm->__crt_alg; 335 struct shash_alg *alg = __crypto_shash_alg(calg); 336 struct crypto_ahash *crt = __crypto_ahash_cast(tfm); 337 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 338 struct crypto_shash *shash; 339 340 if (!crypto_mod_get(calg)) 341 return -EAGAIN; 342 343 shash = crypto_create_tfm(calg, &crypto_shash_type); 344 if (IS_ERR(shash)) { 345 crypto_mod_put(calg); 346 return PTR_ERR(shash); 347 } 348 349 *ctx = shash; 350 tfm->exit = crypto_exit_shash_ops_async; 351 352 crt->init = shash_async_init; 353 crt->update = shash_async_update; 354 crt->final = shash_async_final; 355 crt->finup = shash_async_finup; 356 crt->digest = shash_async_digest; 357 crt->setkey = shash_async_setkey; 358 359 crt->has_setkey = alg->setkey != shash_no_setkey; 360 361 if (alg->export) 362 crt->export = shash_async_export; 363 if (alg->import) 364 crt->import = shash_async_import; 365 366 crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash); 367 368 return 0; 369} 370 371static int shash_compat_setkey(struct crypto_hash *tfm, const u8 *key, 372 unsigned int keylen) 373{ 374 struct shash_desc **descp = crypto_hash_ctx(tfm); 375 struct shash_desc *desc = *descp; 376 377 return crypto_shash_setkey(desc->tfm, key, keylen); 378} 379 380static int shash_compat_init(struct hash_desc *hdesc) 381{ 382 struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm); 383 struct shash_desc *desc = *descp; 384 385 desc->flags = hdesc->flags; 386 387 return crypto_shash_init(desc); 388} 389 390static int shash_compat_update(struct hash_desc *hdesc, struct scatterlist *sg, 391 unsigned int len) 392{ 393 struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm); 394 struct shash_desc *desc = *descp; 395 struct crypto_hash_walk walk; 396 int nbytes; 397 398 for (nbytes = crypto_hash_walk_first_compat(hdesc, &walk, sg, len); 399 nbytes > 0; nbytes = crypto_hash_walk_done(&walk, nbytes)) 400 nbytes = crypto_shash_update(desc, walk.data, nbytes); 401 402 return nbytes; 403} 404 405static int shash_compat_final(struct hash_desc *hdesc, u8 *out) 406{ 407 struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm); 408 409 return crypto_shash_final(*descp, out); 410} 411 412static int shash_compat_digest(struct hash_desc *hdesc, struct scatterlist *sg, 413 unsigned int nbytes, u8 *out) 414{ 415 unsigned int offset = sg->offset; 416 int err; 417 418 if (nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset)) { 419 struct shash_desc **descp = crypto_hash_ctx(hdesc->tfm); 420 struct shash_desc *desc = *descp; 421 void *data; 422 423 desc->flags = hdesc->flags; 424 425 data = kmap_atomic(sg_page(sg)); 426 err = crypto_shash_digest(desc, data + offset, nbytes, out); 427 kunmap_atomic(data); 428 crypto_yield(desc->flags); 429 goto out; 430 } 431 432 err = shash_compat_init(hdesc); 433 if (err) 434 goto out; 435 436 err = shash_compat_update(hdesc, sg, nbytes); 437 if (err) 438 goto out; 439 440 err = shash_compat_final(hdesc, out); 441 442out: 443 return err; 444} 445 446static void crypto_exit_shash_ops_compat(struct crypto_tfm *tfm) 447{ 448 struct shash_desc **descp = crypto_tfm_ctx(tfm); 449 struct shash_desc *desc = *descp; 450 451 crypto_free_shash(desc->tfm); 452 kzfree(desc); 453} 454 455static int crypto_init_shash_ops_compat(struct crypto_tfm *tfm) 456{ 457 struct hash_tfm *crt = &tfm->crt_hash; 458 struct crypto_alg *calg = tfm->__crt_alg; 459 struct shash_alg *alg = __crypto_shash_alg(calg); 460 struct shash_desc **descp = crypto_tfm_ctx(tfm); 461 struct crypto_shash *shash; 462 struct shash_desc *desc; 463 464 if (!crypto_mod_get(calg)) 465 return -EAGAIN; 466 467 shash = crypto_create_tfm(calg, &crypto_shash_type); 468 if (IS_ERR(shash)) { 469 crypto_mod_put(calg); 470 return PTR_ERR(shash); 471 } 472 473 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(shash), 474 GFP_KERNEL); 475 if (!desc) { 476 crypto_free_shash(shash); 477 return -ENOMEM; 478 } 479 480 *descp = desc; 481 desc->tfm = shash; 482 tfm->exit = crypto_exit_shash_ops_compat; 483 484 crt->init = shash_compat_init; 485 crt->update = shash_compat_update; 486 crt->final = shash_compat_final; 487 crt->digest = shash_compat_digest; 488 crt->setkey = shash_compat_setkey; 489 490 crt->digestsize = alg->digestsize; 491 492 return 0; 493} 494 495static int crypto_init_shash_ops(struct crypto_tfm *tfm, u32 type, u32 mask) 496{ 497 switch (mask & CRYPTO_ALG_TYPE_MASK) { 498 case CRYPTO_ALG_TYPE_HASH_MASK: 499 return crypto_init_shash_ops_compat(tfm); 500 } 501 502 return -EINVAL; 503} 504 505static unsigned int crypto_shash_ctxsize(struct crypto_alg *alg, u32 type, 506 u32 mask) 507{ 508 switch (mask & CRYPTO_ALG_TYPE_MASK) { 509 case CRYPTO_ALG_TYPE_HASH_MASK: 510 return sizeof(struct shash_desc *); 511 } 512 513 return 0; 514} 515 516static int crypto_shash_init_tfm(struct crypto_tfm *tfm) 517{ 518 struct crypto_shash *hash = __crypto_shash_cast(tfm); 519 520 hash->descsize = crypto_shash_alg(hash)->descsize; 521 return 0; 522} 523 524static unsigned int crypto_shash_extsize(struct crypto_alg *alg) 525{ 526 return alg->cra_ctxsize; 527} 528 529#ifdef CONFIG_NET 530static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) 531{ 532 struct crypto_report_hash rhash; 533 struct shash_alg *salg = __crypto_shash_alg(alg); 534 535 strncpy(rhash.type, "shash", sizeof(rhash.type)); 536 537 rhash.blocksize = alg->cra_blocksize; 538 rhash.digestsize = salg->digestsize; 539 540 if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, 541 sizeof(struct crypto_report_hash), &rhash)) 542 goto nla_put_failure; 543 return 0; 544 545nla_put_failure: 546 return -EMSGSIZE; 547} 548#else 549static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) 550{ 551 return -ENOSYS; 552} 553#endif 554 555static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 556 __attribute__ ((unused)); 557static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 558{ 559 struct shash_alg *salg = __crypto_shash_alg(alg); 560 561 seq_printf(m, "type : shash\n"); 562 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 563 seq_printf(m, "digestsize : %u\n", salg->digestsize); 564} 565 566static const struct crypto_type crypto_shash_type = { 567 .ctxsize = crypto_shash_ctxsize, 568 .extsize = crypto_shash_extsize, 569 .init = crypto_init_shash_ops, 570 .init_tfm = crypto_shash_init_tfm, 571#ifdef CONFIG_PROC_FS 572 .show = crypto_shash_show, 573#endif 574 .report = crypto_shash_report, 575 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 576 .maskset = CRYPTO_ALG_TYPE_MASK, 577 .type = CRYPTO_ALG_TYPE_SHASH, 578 .tfmsize = offsetof(struct crypto_shash, base), 579}; 580 581struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type, 582 u32 mask) 583{ 584 return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask); 585} 586EXPORT_SYMBOL_GPL(crypto_alloc_shash); 587 588static int shash_prepare_alg(struct shash_alg *alg) 589{ 590 struct crypto_alg *base = &alg->base; 591 592 if (alg->digestsize > PAGE_SIZE / 8 || 593 alg->descsize > PAGE_SIZE / 8 || 594 alg->statesize > PAGE_SIZE / 8) 595 return -EINVAL; 596 597 base->cra_type = &crypto_shash_type; 598 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 599 base->cra_flags |= CRYPTO_ALG_TYPE_SHASH; 600 601 if (!alg->finup) 602 alg->finup = shash_finup_unaligned; 603 if (!alg->digest) 604 alg->digest = shash_digest_unaligned; 605 if (!alg->export) { 606 alg->export = shash_default_export; 607 alg->import = shash_default_import; 608 alg->statesize = alg->descsize; 609 } 610 if (!alg->setkey) 611 alg->setkey = shash_no_setkey; 612 613 return 0; 614} 615 616int crypto_register_shash(struct shash_alg *alg) 617{ 618 struct crypto_alg *base = &alg->base; 619 int err; 620 621 err = shash_prepare_alg(alg); 622 if (err) 623 return err; 624 625 return crypto_register_alg(base); 626} 627EXPORT_SYMBOL_GPL(crypto_register_shash); 628 629int crypto_unregister_shash(struct shash_alg *alg) 630{ 631 return crypto_unregister_alg(&alg->base); 632} 633EXPORT_SYMBOL_GPL(crypto_unregister_shash); 634 635int crypto_register_shashes(struct shash_alg *algs, int count) 636{ 637 int i, ret; 638 639 for (i = 0; i < count; i++) { 640 ret = crypto_register_shash(&algs[i]); 641 if (ret) 642 goto err; 643 } 644 645 return 0; 646 647err: 648 for (--i; i >= 0; --i) 649 crypto_unregister_shash(&algs[i]); 650 651 return ret; 652} 653EXPORT_SYMBOL_GPL(crypto_register_shashes); 654 655int crypto_unregister_shashes(struct shash_alg *algs, int count) 656{ 657 int i, ret; 658 659 for (i = count - 1; i >= 0; --i) { 660 ret = crypto_unregister_shash(&algs[i]); 661 if (ret) 662 pr_err("Failed to unregister %s %s: %d\n", 663 algs[i].base.cra_driver_name, 664 algs[i].base.cra_name, ret); 665 } 666 667 return 0; 668} 669EXPORT_SYMBOL_GPL(crypto_unregister_shashes); 670 671int shash_register_instance(struct crypto_template *tmpl, 672 struct shash_instance *inst) 673{ 674 int err; 675 676 err = shash_prepare_alg(&inst->alg); 677 if (err) 678 return err; 679 680 return crypto_register_instance(tmpl, shash_crypto_instance(inst)); 681} 682EXPORT_SYMBOL_GPL(shash_register_instance); 683 684void shash_free_instance(struct crypto_instance *inst) 685{ 686 crypto_drop_spawn(crypto_instance_ctx(inst)); 687 kfree(shash_instance(inst)); 688} 689EXPORT_SYMBOL_GPL(shash_free_instance); 690 691int crypto_init_shash_spawn(struct crypto_shash_spawn *spawn, 692 struct shash_alg *alg, 693 struct crypto_instance *inst) 694{ 695 return crypto_init_spawn2(&spawn->base, &alg->base, inst, 696 &crypto_shash_type); 697} 698EXPORT_SYMBOL_GPL(crypto_init_shash_spawn); 699 700struct shash_alg *shash_attr_alg(struct rtattr *rta, u32 type, u32 mask) 701{ 702 struct crypto_alg *alg; 703 704 alg = crypto_attr_alg2(rta, &crypto_shash_type, type, mask); 705 return IS_ERR(alg) ? ERR_CAST(alg) : 706 container_of(alg, struct shash_alg, base); 707} 708EXPORT_SYMBOL_GPL(shash_attr_alg); 709 710MODULE_LICENSE("GPL"); 711MODULE_DESCRIPTION("Synchronous cryptographic hash type"); 712