1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Synchronous Cryptographic Hash operations. 4 * 5 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8 #include <crypto/scatterwalk.h> 9 #include <linux/cryptouser.h> 10 #include <linux/err.h> 11 #include <linux/kernel.h> 12 #include <linux/module.h> 13 #include <linux/seq_file.h> 14 #include <linux/string.h> 15 #include <net/netlink.h> 16 17 #include "hash.h" 18 19 static const struct crypto_type crypto_shash_type; 20 21 static inline struct crypto_istat_hash *shash_get_stat(struct shash_alg *alg) 22 { 23 return hash_get_stat(&alg->halg); 24 } 25 26 static inline int crypto_shash_errstat(struct shash_alg *alg, int err) 27 { 28 return crypto_hash_errstat(&alg->halg, err); 29 } 30 31 int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, 32 unsigned int keylen) 33 { 34 return -ENOSYS; 35 } 36 EXPORT_SYMBOL_GPL(shash_no_setkey); 37 38 static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) 39 { 40 if (crypto_shash_alg_needs_key(alg)) 41 crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); 42 } 43 44 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, 45 unsigned int keylen) 46 { 47 struct shash_alg *shash = crypto_shash_alg(tfm); 48 int err; 49 50 err = shash->setkey(tfm, key, keylen); 51 if (unlikely(err)) { 52 shash_set_needkey(tfm, shash); 53 return err; 54 } 55 56 crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 57 return 0; 58 } 59 EXPORT_SYMBOL_GPL(crypto_shash_setkey); 60 61 int crypto_shash_update(struct shash_desc *desc, const u8 *data, 62 unsigned int len) 63 { 64 struct shash_alg *shash = crypto_shash_alg(desc->tfm); 65 int err; 66 67 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 68 atomic64_add(len, &shash_get_stat(shash)->hash_tlen); 69 70 err = shash->update(desc, data, len); 71 72 return crypto_shash_errstat(shash, err); 73 } 74 EXPORT_SYMBOL_GPL(crypto_shash_update); 75 76 int crypto_shash_final(struct shash_desc *desc, u8 *out) 77 { 78 struct shash_alg *shash = crypto_shash_alg(desc->tfm); 79 int err; 80 81 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 82 atomic64_inc(&shash_get_stat(shash)->hash_cnt); 83 84 err = shash->final(desc, out); 85 86 return crypto_shash_errstat(shash, err); 87 } 88 EXPORT_SYMBOL_GPL(crypto_shash_final); 89 90 static int shash_default_finup(struct shash_desc *desc, const u8 *data, 91 unsigned int len, u8 *out) 92 { 93 struct shash_alg *shash = crypto_shash_alg(desc->tfm); 94 95 return shash->update(desc, data, len) ?: 96 shash->final(desc, out); 97 } 98 99 int crypto_shash_finup(struct shash_desc *desc, const u8 *data, 100 unsigned int len, u8 *out) 101 { 102 struct crypto_shash *tfm = desc->tfm; 103 struct shash_alg *shash = crypto_shash_alg(tfm); 104 int err; 105 106 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 107 struct crypto_istat_hash *istat = shash_get_stat(shash); 108 109 atomic64_inc(&istat->hash_cnt); 110 atomic64_add(len, &istat->hash_tlen); 111 } 112 113 err = shash->finup(desc, data, len, out); 114 115 return crypto_shash_errstat(shash, err); 116 } 117 EXPORT_SYMBOL_GPL(crypto_shash_finup); 118 119 static int shash_default_digest(struct shash_desc *desc, const u8 *data, 120 unsigned int len, u8 *out) 121 { 122 struct shash_alg *shash = crypto_shash_alg(desc->tfm); 123 124 return shash->init(desc) ?: 125 shash->finup(desc, data, len, out); 126 } 127 128 int crypto_shash_digest(struct shash_desc *desc, const u8 *data, 129 unsigned int len, u8 *out) 130 { 131 struct crypto_shash *tfm = desc->tfm; 132 struct shash_alg *shash = crypto_shash_alg(tfm); 133 int err; 134 135 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 136 struct crypto_istat_hash *istat = shash_get_stat(shash); 137 138 atomic64_inc(&istat->hash_cnt); 139 atomic64_add(len, &istat->hash_tlen); 140 } 141 142 if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 143 err = -ENOKEY; 144 else 145 err = shash->digest(desc, data, len, out); 146 147 return crypto_shash_errstat(shash, err); 148 } 149 EXPORT_SYMBOL_GPL(crypto_shash_digest); 150 151 int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data, 152 unsigned int len, u8 *out) 153 { 154 SHASH_DESC_ON_STACK(desc, tfm); 155 int err; 156 157 desc->tfm = tfm; 158 159 err = crypto_shash_digest(desc, data, len, out); 160 161 shash_desc_zero(desc); 162 163 return err; 164 } 165 EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest); 166 167 int crypto_shash_export(struct shash_desc *desc, void *out) 168 { 169 struct crypto_shash *tfm = desc->tfm; 170 struct shash_alg *shash = crypto_shash_alg(tfm); 171 172 if (shash->export) 173 return shash->export(desc, out); 174 175 memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(tfm)); 176 return 0; 177 } 178 EXPORT_SYMBOL_GPL(crypto_shash_export); 179 180 int crypto_shash_import(struct shash_desc *desc, const void *in) 181 { 182 struct crypto_shash *tfm = desc->tfm; 183 struct shash_alg *shash = crypto_shash_alg(tfm); 184 185 if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 186 return -ENOKEY; 187 188 if (shash->import) 189 return shash->import(desc, in); 190 191 memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(tfm)); 192 return 0; 193 } 194 EXPORT_SYMBOL_GPL(crypto_shash_import); 195 196 static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key, 197 unsigned int keylen) 198 { 199 struct crypto_shash **ctx = crypto_ahash_ctx(tfm); 200 201 return crypto_shash_setkey(*ctx, key, keylen); 202 } 203 204 static int shash_async_init(struct ahash_request *req) 205 { 206 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 207 struct shash_desc *desc = ahash_request_ctx(req); 208 209 desc->tfm = *ctx; 210 211 return crypto_shash_init(desc); 212 } 213 214 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc) 215 { 216 struct crypto_hash_walk walk; 217 int nbytes; 218 219 for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; 220 nbytes = crypto_hash_walk_done(&walk, nbytes)) 221 nbytes = crypto_shash_update(desc, walk.data, nbytes); 222 223 return nbytes; 224 } 225 EXPORT_SYMBOL_GPL(shash_ahash_update); 226 227 static int shash_async_update(struct ahash_request *req) 228 { 229 return shash_ahash_update(req, ahash_request_ctx(req)); 230 } 231 232 static int shash_async_final(struct ahash_request *req) 233 { 234 return crypto_shash_final(ahash_request_ctx(req), req->result); 235 } 236 237 int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc) 238 { 239 struct crypto_hash_walk walk; 240 int nbytes; 241 242 nbytes = crypto_hash_walk_first(req, &walk); 243 if (!nbytes) 244 return crypto_shash_final(desc, req->result); 245 246 do { 247 nbytes = crypto_hash_walk_last(&walk) ? 248 crypto_shash_finup(desc, walk.data, nbytes, 249 req->result) : 250 crypto_shash_update(desc, walk.data, nbytes); 251 nbytes = crypto_hash_walk_done(&walk, nbytes); 252 } while (nbytes > 0); 253 254 return nbytes; 255 } 256 EXPORT_SYMBOL_GPL(shash_ahash_finup); 257 258 static int shash_async_finup(struct ahash_request *req) 259 { 260 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 261 struct shash_desc *desc = ahash_request_ctx(req); 262 263 desc->tfm = *ctx; 264 265 return shash_ahash_finup(req, desc); 266 } 267 268 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc) 269 { 270 unsigned int nbytes = req->nbytes; 271 struct scatterlist *sg; 272 unsigned int offset; 273 int err; 274 275 if (nbytes && 276 (sg = req->src, offset = sg->offset, 277 nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) { 278 void *data; 279 280 data = kmap_local_page(sg_page(sg)); 281 err = crypto_shash_digest(desc, data + offset, nbytes, 282 req->result); 283 kunmap_local(data); 284 } else 285 err = crypto_shash_init(desc) ?: 286 shash_ahash_finup(req, desc); 287 288 return err; 289 } 290 EXPORT_SYMBOL_GPL(shash_ahash_digest); 291 292 static int shash_async_digest(struct ahash_request *req) 293 { 294 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 295 struct shash_desc *desc = ahash_request_ctx(req); 296 297 desc->tfm = *ctx; 298 299 return shash_ahash_digest(req, desc); 300 } 301 302 static int shash_async_export(struct ahash_request *req, void *out) 303 { 304 return crypto_shash_export(ahash_request_ctx(req), out); 305 } 306 307 static int shash_async_import(struct ahash_request *req, const void *in) 308 { 309 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 310 struct shash_desc *desc = ahash_request_ctx(req); 311 312 desc->tfm = *ctx; 313 314 return crypto_shash_import(desc, in); 315 } 316 317 static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm) 318 { 319 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 320 321 crypto_free_shash(*ctx); 322 } 323 324 int crypto_init_shash_ops_async(struct crypto_tfm *tfm) 325 { 326 struct crypto_alg *calg = tfm->__crt_alg; 327 struct shash_alg *alg = __crypto_shash_alg(calg); 328 struct crypto_ahash *crt = __crypto_ahash_cast(tfm); 329 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 330 struct crypto_shash *shash; 331 332 if (!crypto_mod_get(calg)) 333 return -EAGAIN; 334 335 shash = crypto_create_tfm(calg, &crypto_shash_type); 336 if (IS_ERR(shash)) { 337 crypto_mod_put(calg); 338 return PTR_ERR(shash); 339 } 340 341 *ctx = shash; 342 tfm->exit = crypto_exit_shash_ops_async; 343 344 crt->init = shash_async_init; 345 crt->update = shash_async_update; 346 crt->final = shash_async_final; 347 crt->finup = shash_async_finup; 348 crt->digest = shash_async_digest; 349 if (crypto_shash_alg_has_setkey(alg)) 350 crt->setkey = shash_async_setkey; 351 352 crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & 353 CRYPTO_TFM_NEED_KEY); 354 355 crt->export = shash_async_export; 356 crt->import = shash_async_import; 357 358 crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash); 359 360 return 0; 361 } 362 363 struct crypto_ahash *crypto_clone_shash_ops_async(struct crypto_ahash *nhash, 364 struct crypto_ahash *hash) 365 { 366 struct crypto_shash **nctx = crypto_ahash_ctx(nhash); 367 struct crypto_shash **ctx = crypto_ahash_ctx(hash); 368 struct crypto_shash *shash; 369 370 shash = crypto_clone_shash(*ctx); 371 if (IS_ERR(shash)) { 372 crypto_free_ahash(nhash); 373 return ERR_CAST(shash); 374 } 375 376 *nctx = shash; 377 378 return nhash; 379 } 380 381 static void crypto_shash_exit_tfm(struct crypto_tfm *tfm) 382 { 383 struct crypto_shash *hash = __crypto_shash_cast(tfm); 384 struct shash_alg *alg = crypto_shash_alg(hash); 385 386 alg->exit_tfm(hash); 387 } 388 389 static int crypto_shash_init_tfm(struct crypto_tfm *tfm) 390 { 391 struct crypto_shash *hash = __crypto_shash_cast(tfm); 392 struct shash_alg *alg = crypto_shash_alg(hash); 393 int err; 394 395 hash->descsize = alg->descsize; 396 397 shash_set_needkey(hash, alg); 398 399 if (alg->exit_tfm) 400 tfm->exit = crypto_shash_exit_tfm; 401 402 if (!alg->init_tfm) 403 return 0; 404 405 err = alg->init_tfm(hash); 406 if (err) 407 return err; 408 409 /* ->init_tfm() may have increased the descsize. */ 410 if (WARN_ON_ONCE(hash->descsize > HASH_MAX_DESCSIZE)) { 411 if (alg->exit_tfm) 412 alg->exit_tfm(hash); 413 return -EINVAL; 414 } 415 416 return 0; 417 } 418 419 static void crypto_shash_free_instance(struct crypto_instance *inst) 420 { 421 struct shash_instance *shash = shash_instance(inst); 422 423 shash->free(shash); 424 } 425 426 static int __maybe_unused crypto_shash_report( 427 struct sk_buff *skb, struct crypto_alg *alg) 428 { 429 struct crypto_report_hash rhash; 430 struct shash_alg *salg = __crypto_shash_alg(alg); 431 432 memset(&rhash, 0, sizeof(rhash)); 433 434 strscpy(rhash.type, "shash", sizeof(rhash.type)); 435 436 rhash.blocksize = alg->cra_blocksize; 437 rhash.digestsize = salg->digestsize; 438 439 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash); 440 } 441 442 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 443 __maybe_unused; 444 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 445 { 446 struct shash_alg *salg = __crypto_shash_alg(alg); 447 448 seq_printf(m, "type : shash\n"); 449 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 450 seq_printf(m, "digestsize : %u\n", salg->digestsize); 451 } 452 453 static int __maybe_unused crypto_shash_report_stat( 454 struct sk_buff *skb, struct crypto_alg *alg) 455 { 456 return crypto_hash_report_stat(skb, alg, "shash"); 457 } 458 459 static const struct crypto_type crypto_shash_type = { 460 .extsize = crypto_alg_extsize, 461 .init_tfm = crypto_shash_init_tfm, 462 .free = crypto_shash_free_instance, 463 #ifdef CONFIG_PROC_FS 464 .show = crypto_shash_show, 465 #endif 466 #if IS_ENABLED(CONFIG_CRYPTO_USER) 467 .report = crypto_shash_report, 468 #endif 469 #ifdef CONFIG_CRYPTO_STATS 470 .report_stat = crypto_shash_report_stat, 471 #endif 472 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 473 .maskset = CRYPTO_ALG_TYPE_MASK, 474 .type = CRYPTO_ALG_TYPE_SHASH, 475 .tfmsize = offsetof(struct crypto_shash, base), 476 }; 477 478 int crypto_grab_shash(struct crypto_shash_spawn *spawn, 479 struct crypto_instance *inst, 480 const char *name, u32 type, u32 mask) 481 { 482 spawn->base.frontend = &crypto_shash_type; 483 return crypto_grab_spawn(&spawn->base, inst, name, type, mask); 484 } 485 EXPORT_SYMBOL_GPL(crypto_grab_shash); 486 487 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type, 488 u32 mask) 489 { 490 return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask); 491 } 492 EXPORT_SYMBOL_GPL(crypto_alloc_shash); 493 494 int crypto_has_shash(const char *alg_name, u32 type, u32 mask) 495 { 496 return crypto_type_has_alg(alg_name, &crypto_shash_type, type, mask); 497 } 498 EXPORT_SYMBOL_GPL(crypto_has_shash); 499 500 struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash) 501 { 502 struct crypto_tfm *tfm = crypto_shash_tfm(hash); 503 struct shash_alg *alg = crypto_shash_alg(hash); 504 struct crypto_shash *nhash; 505 int err; 506 507 if (!crypto_shash_alg_has_setkey(alg)) { 508 tfm = crypto_tfm_get(tfm); 509 if (IS_ERR(tfm)) 510 return ERR_CAST(tfm); 511 512 return hash; 513 } 514 515 if (!alg->clone_tfm && (alg->init_tfm || alg->base.cra_init)) 516 return ERR_PTR(-ENOSYS); 517 518 nhash = crypto_clone_tfm(&crypto_shash_type, tfm); 519 if (IS_ERR(nhash)) 520 return nhash; 521 522 nhash->descsize = hash->descsize; 523 524 if (alg->clone_tfm) { 525 err = alg->clone_tfm(nhash, hash); 526 if (err) { 527 crypto_free_shash(nhash); 528 return ERR_PTR(err); 529 } 530 } 531 532 return nhash; 533 } 534 EXPORT_SYMBOL_GPL(crypto_clone_shash); 535 536 int hash_prepare_alg(struct hash_alg_common *alg) 537 { 538 struct crypto_istat_hash *istat = hash_get_stat(alg); 539 struct crypto_alg *base = &alg->base; 540 541 if (alg->digestsize > HASH_MAX_DIGESTSIZE) 542 return -EINVAL; 543 544 /* alignmask is not useful for hashes, so it is not supported. */ 545 if (base->cra_alignmask) 546 return -EINVAL; 547 548 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 549 550 if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 551 memset(istat, 0, sizeof(*istat)); 552 553 return 0; 554 } 555 556 static int shash_prepare_alg(struct shash_alg *alg) 557 { 558 struct crypto_alg *base = &alg->halg.base; 559 int err; 560 561 if (alg->descsize > HASH_MAX_DESCSIZE) 562 return -EINVAL; 563 564 if ((alg->export && !alg->import) || (alg->import && !alg->export)) 565 return -EINVAL; 566 567 err = hash_prepare_alg(&alg->halg); 568 if (err) 569 return err; 570 571 base->cra_type = &crypto_shash_type; 572 base->cra_flags |= CRYPTO_ALG_TYPE_SHASH; 573 574 /* 575 * Handle missing optional functions. For each one we can either 576 * install a default here, or we can leave the pointer as NULL and check 577 * the pointer for NULL in crypto_shash_*(), avoiding an indirect call 578 * when the default behavior is desired. For ->finup and ->digest we 579 * install defaults, since for optimal performance algorithms should 580 * implement these anyway. On the other hand, for ->import and 581 * ->export the common case and best performance comes from the simple 582 * memcpy of the shash_desc_ctx, so when those pointers are NULL we 583 * leave them NULL and provide the memcpy with no indirect call. 584 */ 585 if (!alg->finup) 586 alg->finup = shash_default_finup; 587 if (!alg->digest) 588 alg->digest = shash_default_digest; 589 if (!alg->export) 590 alg->halg.statesize = alg->descsize; 591 if (!alg->setkey) 592 alg->setkey = shash_no_setkey; 593 594 return 0; 595 } 596 597 int crypto_register_shash(struct shash_alg *alg) 598 { 599 struct crypto_alg *base = &alg->base; 600 int err; 601 602 err = shash_prepare_alg(alg); 603 if (err) 604 return err; 605 606 return crypto_register_alg(base); 607 } 608 EXPORT_SYMBOL_GPL(crypto_register_shash); 609 610 void crypto_unregister_shash(struct shash_alg *alg) 611 { 612 crypto_unregister_alg(&alg->base); 613 } 614 EXPORT_SYMBOL_GPL(crypto_unregister_shash); 615 616 int crypto_register_shashes(struct shash_alg *algs, int count) 617 { 618 int i, ret; 619 620 for (i = 0; i < count; i++) { 621 ret = crypto_register_shash(&algs[i]); 622 if (ret) 623 goto err; 624 } 625 626 return 0; 627 628 err: 629 for (--i; i >= 0; --i) 630 crypto_unregister_shash(&algs[i]); 631 632 return ret; 633 } 634 EXPORT_SYMBOL_GPL(crypto_register_shashes); 635 636 void crypto_unregister_shashes(struct shash_alg *algs, int count) 637 { 638 int i; 639 640 for (i = count - 1; i >= 0; --i) 641 crypto_unregister_shash(&algs[i]); 642 } 643 EXPORT_SYMBOL_GPL(crypto_unregister_shashes); 644 645 int shash_register_instance(struct crypto_template *tmpl, 646 struct shash_instance *inst) 647 { 648 int err; 649 650 if (WARN_ON(!inst->free)) 651 return -EINVAL; 652 653 err = shash_prepare_alg(&inst->alg); 654 if (err) 655 return err; 656 657 return crypto_register_instance(tmpl, shash_crypto_instance(inst)); 658 } 659 EXPORT_SYMBOL_GPL(shash_register_instance); 660 661 void shash_free_singlespawn_instance(struct shash_instance *inst) 662 { 663 crypto_drop_spawn(shash_instance_ctx(inst)); 664 kfree(inst); 665 } 666 EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance); 667 668 MODULE_LICENSE("GPL"); 669 MODULE_DESCRIPTION("Synchronous cryptographic hash type"); 670