xref: /linux/crypto/shash.c (revision f3956ebb3bf06ab2266ad5ee2214aed46405810c)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Synchronous Cryptographic Hash operations.
4  *
5  * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
6  */
7 
8 #include <crypto/scatterwalk.h>
9 #include <crypto/internal/hash.h>
10 #include <linux/err.h>
11 #include <linux/kernel.h>
12 #include <linux/module.h>
13 #include <linux/slab.h>
14 #include <linux/seq_file.h>
15 #include <linux/cryptouser.h>
16 #include <net/netlink.h>
17 #include <linux/compiler.h>
18 
19 #include "internal.h"
20 
21 static const struct crypto_type crypto_shash_type;
22 
23 static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key,
24 			   unsigned int keylen)
25 {
26 	return -ENOSYS;
27 }
28 
29 /*
30  * Check whether an shash algorithm has a setkey function.
31  *
32  * For CFI compatibility, this must not be an inline function.  This is because
33  * when CFI is enabled, modules won't get the same address for shash_no_setkey
34  * (if it were exported, which inlining would require) as the core kernel will.
35  */
36 bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
37 {
38 	return alg->setkey != shash_no_setkey;
39 }
40 EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey);
41 
42 static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
43 				  unsigned int keylen)
44 {
45 	struct shash_alg *shash = crypto_shash_alg(tfm);
46 	unsigned long alignmask = crypto_shash_alignmask(tfm);
47 	unsigned long absize;
48 	u8 *buffer, *alignbuffer;
49 	int err;
50 
51 	absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
52 	buffer = kmalloc(absize, GFP_ATOMIC);
53 	if (!buffer)
54 		return -ENOMEM;
55 
56 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
57 	memcpy(alignbuffer, key, keylen);
58 	err = shash->setkey(tfm, alignbuffer, keylen);
59 	kfree_sensitive(buffer);
60 	return err;
61 }
62 
63 static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
64 {
65 	if (crypto_shash_alg_needs_key(alg))
66 		crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
67 }
68 
69 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
70 			unsigned int keylen)
71 {
72 	struct shash_alg *shash = crypto_shash_alg(tfm);
73 	unsigned long alignmask = crypto_shash_alignmask(tfm);
74 	int err;
75 
76 	if ((unsigned long)key & alignmask)
77 		err = shash_setkey_unaligned(tfm, key, keylen);
78 	else
79 		err = shash->setkey(tfm, key, keylen);
80 
81 	if (unlikely(err)) {
82 		shash_set_needkey(tfm, shash);
83 		return err;
84 	}
85 
86 	crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
87 	return 0;
88 }
89 EXPORT_SYMBOL_GPL(crypto_shash_setkey);
90 
91 static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
92 				  unsigned int len)
93 {
94 	struct crypto_shash *tfm = desc->tfm;
95 	struct shash_alg *shash = crypto_shash_alg(tfm);
96 	unsigned long alignmask = crypto_shash_alignmask(tfm);
97 	unsigned int unaligned_len = alignmask + 1 -
98 				     ((unsigned long)data & alignmask);
99 	/*
100 	 * We cannot count on __aligned() working for large values:
101 	 * https://patchwork.kernel.org/patch/9507697/
102 	 */
103 	u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2];
104 	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
105 	int err;
106 
107 	if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf)))
108 		return -EINVAL;
109 
110 	if (unaligned_len > len)
111 		unaligned_len = len;
112 
113 	memcpy(buf, data, unaligned_len);
114 	err = shash->update(desc, buf, unaligned_len);
115 	memset(buf, 0, unaligned_len);
116 
117 	return err ?:
118 	       shash->update(desc, data + unaligned_len, len - unaligned_len);
119 }
120 
121 int crypto_shash_update(struct shash_desc *desc, const u8 *data,
122 			unsigned int len)
123 {
124 	struct crypto_shash *tfm = desc->tfm;
125 	struct shash_alg *shash = crypto_shash_alg(tfm);
126 	unsigned long alignmask = crypto_shash_alignmask(tfm);
127 
128 	if ((unsigned long)data & alignmask)
129 		return shash_update_unaligned(desc, data, len);
130 
131 	return shash->update(desc, data, len);
132 }
133 EXPORT_SYMBOL_GPL(crypto_shash_update);
134 
135 static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
136 {
137 	struct crypto_shash *tfm = desc->tfm;
138 	unsigned long alignmask = crypto_shash_alignmask(tfm);
139 	struct shash_alg *shash = crypto_shash_alg(tfm);
140 	unsigned int ds = crypto_shash_digestsize(tfm);
141 	/*
142 	 * We cannot count on __aligned() working for large values:
143 	 * https://patchwork.kernel.org/patch/9507697/
144 	 */
145 	u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE];
146 	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
147 	int err;
148 
149 	if (WARN_ON(buf + ds > ubuf + sizeof(ubuf)))
150 		return -EINVAL;
151 
152 	err = shash->final(desc, buf);
153 	if (err)
154 		goto out;
155 
156 	memcpy(out, buf, ds);
157 
158 out:
159 	memset(buf, 0, ds);
160 	return err;
161 }
162 
163 int crypto_shash_final(struct shash_desc *desc, u8 *out)
164 {
165 	struct crypto_shash *tfm = desc->tfm;
166 	struct shash_alg *shash = crypto_shash_alg(tfm);
167 	unsigned long alignmask = crypto_shash_alignmask(tfm);
168 
169 	if ((unsigned long)out & alignmask)
170 		return shash_final_unaligned(desc, out);
171 
172 	return shash->final(desc, out);
173 }
174 EXPORT_SYMBOL_GPL(crypto_shash_final);
175 
176 static int shash_finup_unaligned(struct shash_desc *desc, const u8 *data,
177 				 unsigned int len, u8 *out)
178 {
179 	return crypto_shash_update(desc, data, len) ?:
180 	       crypto_shash_final(desc, out);
181 }
182 
183 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
184 		       unsigned int len, u8 *out)
185 {
186 	struct crypto_shash *tfm = desc->tfm;
187 	struct shash_alg *shash = crypto_shash_alg(tfm);
188 	unsigned long alignmask = crypto_shash_alignmask(tfm);
189 
190 	if (((unsigned long)data | (unsigned long)out) & alignmask)
191 		return shash_finup_unaligned(desc, data, len, out);
192 
193 	return shash->finup(desc, data, len, out);
194 }
195 EXPORT_SYMBOL_GPL(crypto_shash_finup);
196 
197 static int shash_digest_unaligned(struct shash_desc *desc, const u8 *data,
198 				  unsigned int len, u8 *out)
199 {
200 	return crypto_shash_init(desc) ?:
201 	       crypto_shash_finup(desc, data, len, out);
202 }
203 
204 int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
205 			unsigned int len, u8 *out)
206 {
207 	struct crypto_shash *tfm = desc->tfm;
208 	struct shash_alg *shash = crypto_shash_alg(tfm);
209 	unsigned long alignmask = crypto_shash_alignmask(tfm);
210 
211 	if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
212 		return -ENOKEY;
213 
214 	if (((unsigned long)data | (unsigned long)out) & alignmask)
215 		return shash_digest_unaligned(desc, data, len, out);
216 
217 	return shash->digest(desc, data, len, out);
218 }
219 EXPORT_SYMBOL_GPL(crypto_shash_digest);
220 
221 int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data,
222 			    unsigned int len, u8 *out)
223 {
224 	SHASH_DESC_ON_STACK(desc, tfm);
225 	int err;
226 
227 	desc->tfm = tfm;
228 
229 	err = crypto_shash_digest(desc, data, len, out);
230 
231 	shash_desc_zero(desc);
232 
233 	return err;
234 }
235 EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest);
236 
237 static int shash_default_export(struct shash_desc *desc, void *out)
238 {
239 	memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm));
240 	return 0;
241 }
242 
243 static int shash_default_import(struct shash_desc *desc, const void *in)
244 {
245 	memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(desc->tfm));
246 	return 0;
247 }
248 
249 static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
250 			      unsigned int keylen)
251 {
252 	struct crypto_shash **ctx = crypto_ahash_ctx(tfm);
253 
254 	return crypto_shash_setkey(*ctx, key, keylen);
255 }
256 
257 static int shash_async_init(struct ahash_request *req)
258 {
259 	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
260 	struct shash_desc *desc = ahash_request_ctx(req);
261 
262 	desc->tfm = *ctx;
263 
264 	return crypto_shash_init(desc);
265 }
266 
267 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc)
268 {
269 	struct crypto_hash_walk walk;
270 	int nbytes;
271 
272 	for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0;
273 	     nbytes = crypto_hash_walk_done(&walk, nbytes))
274 		nbytes = crypto_shash_update(desc, walk.data, nbytes);
275 
276 	return nbytes;
277 }
278 EXPORT_SYMBOL_GPL(shash_ahash_update);
279 
280 static int shash_async_update(struct ahash_request *req)
281 {
282 	return shash_ahash_update(req, ahash_request_ctx(req));
283 }
284 
285 static int shash_async_final(struct ahash_request *req)
286 {
287 	return crypto_shash_final(ahash_request_ctx(req), req->result);
288 }
289 
290 int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc)
291 {
292 	struct crypto_hash_walk walk;
293 	int nbytes;
294 
295 	nbytes = crypto_hash_walk_first(req, &walk);
296 	if (!nbytes)
297 		return crypto_shash_final(desc, req->result);
298 
299 	do {
300 		nbytes = crypto_hash_walk_last(&walk) ?
301 			 crypto_shash_finup(desc, walk.data, nbytes,
302 					    req->result) :
303 			 crypto_shash_update(desc, walk.data, nbytes);
304 		nbytes = crypto_hash_walk_done(&walk, nbytes);
305 	} while (nbytes > 0);
306 
307 	return nbytes;
308 }
309 EXPORT_SYMBOL_GPL(shash_ahash_finup);
310 
311 static int shash_async_finup(struct ahash_request *req)
312 {
313 	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
314 	struct shash_desc *desc = ahash_request_ctx(req);
315 
316 	desc->tfm = *ctx;
317 
318 	return shash_ahash_finup(req, desc);
319 }
320 
321 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc)
322 {
323 	unsigned int nbytes = req->nbytes;
324 	struct scatterlist *sg;
325 	unsigned int offset;
326 	int err;
327 
328 	if (nbytes &&
329 	    (sg = req->src, offset = sg->offset,
330 	     nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) {
331 		void *data;
332 
333 		data = kmap_atomic(sg_page(sg));
334 		err = crypto_shash_digest(desc, data + offset, nbytes,
335 					  req->result);
336 		kunmap_atomic(data);
337 	} else
338 		err = crypto_shash_init(desc) ?:
339 		      shash_ahash_finup(req, desc);
340 
341 	return err;
342 }
343 EXPORT_SYMBOL_GPL(shash_ahash_digest);
344 
345 static int shash_async_digest(struct ahash_request *req)
346 {
347 	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
348 	struct shash_desc *desc = ahash_request_ctx(req);
349 
350 	desc->tfm = *ctx;
351 
352 	return shash_ahash_digest(req, desc);
353 }
354 
355 static int shash_async_export(struct ahash_request *req, void *out)
356 {
357 	return crypto_shash_export(ahash_request_ctx(req), out);
358 }
359 
360 static int shash_async_import(struct ahash_request *req, const void *in)
361 {
362 	struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
363 	struct shash_desc *desc = ahash_request_ctx(req);
364 
365 	desc->tfm = *ctx;
366 
367 	return crypto_shash_import(desc, in);
368 }
369 
370 static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm)
371 {
372 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
373 
374 	crypto_free_shash(*ctx);
375 }
376 
377 int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
378 {
379 	struct crypto_alg *calg = tfm->__crt_alg;
380 	struct shash_alg *alg = __crypto_shash_alg(calg);
381 	struct crypto_ahash *crt = __crypto_ahash_cast(tfm);
382 	struct crypto_shash **ctx = crypto_tfm_ctx(tfm);
383 	struct crypto_shash *shash;
384 
385 	if (!crypto_mod_get(calg))
386 		return -EAGAIN;
387 
388 	shash = crypto_create_tfm(calg, &crypto_shash_type);
389 	if (IS_ERR(shash)) {
390 		crypto_mod_put(calg);
391 		return PTR_ERR(shash);
392 	}
393 
394 	*ctx = shash;
395 	tfm->exit = crypto_exit_shash_ops_async;
396 
397 	crt->init = shash_async_init;
398 	crt->update = shash_async_update;
399 	crt->final = shash_async_final;
400 	crt->finup = shash_async_finup;
401 	crt->digest = shash_async_digest;
402 	if (crypto_shash_alg_has_setkey(alg))
403 		crt->setkey = shash_async_setkey;
404 
405 	crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
406 				    CRYPTO_TFM_NEED_KEY);
407 
408 	crt->export = shash_async_export;
409 	crt->import = shash_async_import;
410 
411 	crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
412 
413 	return 0;
414 }
415 
416 static void crypto_shash_exit_tfm(struct crypto_tfm *tfm)
417 {
418 	struct crypto_shash *hash = __crypto_shash_cast(tfm);
419 	struct shash_alg *alg = crypto_shash_alg(hash);
420 
421 	alg->exit_tfm(hash);
422 }
423 
424 static int crypto_shash_init_tfm(struct crypto_tfm *tfm)
425 {
426 	struct crypto_shash *hash = __crypto_shash_cast(tfm);
427 	struct shash_alg *alg = crypto_shash_alg(hash);
428 	int err;
429 
430 	hash->descsize = alg->descsize;
431 
432 	shash_set_needkey(hash, alg);
433 
434 	if (alg->exit_tfm)
435 		tfm->exit = crypto_shash_exit_tfm;
436 
437 	if (!alg->init_tfm)
438 		return 0;
439 
440 	err = alg->init_tfm(hash);
441 	if (err)
442 		return err;
443 
444 	/* ->init_tfm() may have increased the descsize. */
445 	if (WARN_ON_ONCE(hash->descsize > HASH_MAX_DESCSIZE)) {
446 		if (alg->exit_tfm)
447 			alg->exit_tfm(hash);
448 		return -EINVAL;
449 	}
450 
451 	return 0;
452 }
453 
454 static void crypto_shash_free_instance(struct crypto_instance *inst)
455 {
456 	struct shash_instance *shash = shash_instance(inst);
457 
458 	shash->free(shash);
459 }
460 
461 #ifdef CONFIG_NET
462 static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
463 {
464 	struct crypto_report_hash rhash;
465 	struct shash_alg *salg = __crypto_shash_alg(alg);
466 
467 	memset(&rhash, 0, sizeof(rhash));
468 
469 	strscpy(rhash.type, "shash", sizeof(rhash.type));
470 
471 	rhash.blocksize = alg->cra_blocksize;
472 	rhash.digestsize = salg->digestsize;
473 
474 	return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
475 }
476 #else
477 static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
478 {
479 	return -ENOSYS;
480 }
481 #endif
482 
483 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
484 	__maybe_unused;
485 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg)
486 {
487 	struct shash_alg *salg = __crypto_shash_alg(alg);
488 
489 	seq_printf(m, "type         : shash\n");
490 	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
491 	seq_printf(m, "digestsize   : %u\n", salg->digestsize);
492 }
493 
494 static const struct crypto_type crypto_shash_type = {
495 	.extsize = crypto_alg_extsize,
496 	.init_tfm = crypto_shash_init_tfm,
497 	.free = crypto_shash_free_instance,
498 #ifdef CONFIG_PROC_FS
499 	.show = crypto_shash_show,
500 #endif
501 	.report = crypto_shash_report,
502 	.maskclear = ~CRYPTO_ALG_TYPE_MASK,
503 	.maskset = CRYPTO_ALG_TYPE_MASK,
504 	.type = CRYPTO_ALG_TYPE_SHASH,
505 	.tfmsize = offsetof(struct crypto_shash, base),
506 };
507 
508 int crypto_grab_shash(struct crypto_shash_spawn *spawn,
509 		      struct crypto_instance *inst,
510 		      const char *name, u32 type, u32 mask)
511 {
512 	spawn->base.frontend = &crypto_shash_type;
513 	return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
514 }
515 EXPORT_SYMBOL_GPL(crypto_grab_shash);
516 
517 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
518 					u32 mask)
519 {
520 	return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask);
521 }
522 EXPORT_SYMBOL_GPL(crypto_alloc_shash);
523 
524 static int shash_prepare_alg(struct shash_alg *alg)
525 {
526 	struct crypto_alg *base = &alg->base;
527 
528 	if (alg->digestsize > HASH_MAX_DIGESTSIZE ||
529 	    alg->descsize > HASH_MAX_DESCSIZE ||
530 	    alg->statesize > HASH_MAX_STATESIZE)
531 		return -EINVAL;
532 
533 	if ((alg->export && !alg->import) || (alg->import && !alg->export))
534 		return -EINVAL;
535 
536 	base->cra_type = &crypto_shash_type;
537 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
538 	base->cra_flags |= CRYPTO_ALG_TYPE_SHASH;
539 
540 	if (!alg->finup)
541 		alg->finup = shash_finup_unaligned;
542 	if (!alg->digest)
543 		alg->digest = shash_digest_unaligned;
544 	if (!alg->export) {
545 		alg->export = shash_default_export;
546 		alg->import = shash_default_import;
547 		alg->statesize = alg->descsize;
548 	}
549 	if (!alg->setkey)
550 		alg->setkey = shash_no_setkey;
551 
552 	return 0;
553 }
554 
555 int crypto_register_shash(struct shash_alg *alg)
556 {
557 	struct crypto_alg *base = &alg->base;
558 	int err;
559 
560 	err = shash_prepare_alg(alg);
561 	if (err)
562 		return err;
563 
564 	return crypto_register_alg(base);
565 }
566 EXPORT_SYMBOL_GPL(crypto_register_shash);
567 
568 void crypto_unregister_shash(struct shash_alg *alg)
569 {
570 	crypto_unregister_alg(&alg->base);
571 }
572 EXPORT_SYMBOL_GPL(crypto_unregister_shash);
573 
574 int crypto_register_shashes(struct shash_alg *algs, int count)
575 {
576 	int i, ret;
577 
578 	for (i = 0; i < count; i++) {
579 		ret = crypto_register_shash(&algs[i]);
580 		if (ret)
581 			goto err;
582 	}
583 
584 	return 0;
585 
586 err:
587 	for (--i; i >= 0; --i)
588 		crypto_unregister_shash(&algs[i]);
589 
590 	return ret;
591 }
592 EXPORT_SYMBOL_GPL(crypto_register_shashes);
593 
594 void crypto_unregister_shashes(struct shash_alg *algs, int count)
595 {
596 	int i;
597 
598 	for (i = count - 1; i >= 0; --i)
599 		crypto_unregister_shash(&algs[i]);
600 }
601 EXPORT_SYMBOL_GPL(crypto_unregister_shashes);
602 
603 int shash_register_instance(struct crypto_template *tmpl,
604 			    struct shash_instance *inst)
605 {
606 	int err;
607 
608 	if (WARN_ON(!inst->free))
609 		return -EINVAL;
610 
611 	err = shash_prepare_alg(&inst->alg);
612 	if (err)
613 		return err;
614 
615 	return crypto_register_instance(tmpl, shash_crypto_instance(inst));
616 }
617 EXPORT_SYMBOL_GPL(shash_register_instance);
618 
619 void shash_free_singlespawn_instance(struct shash_instance *inst)
620 {
621 	crypto_drop_spawn(shash_instance_ctx(inst));
622 	kfree(inst);
623 }
624 EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance);
625 
626 MODULE_LICENSE("GPL");
627 MODULE_DESCRIPTION("Synchronous cryptographic hash type");
628