xref: /openbmc/linux/crypto/ahash.c (revision cac5818c25d0423bda73e2b6997404ed0a7ed9e3) 
1004a403cSLoc Ho /*
2004a403cSLoc Ho  * Asynchronous Cryptographic Hash operations.
3004a403cSLoc Ho  *
4004a403cSLoc Ho  * This is the asynchronous version of hash.c with notification of
5004a403cSLoc Ho  * completion via a callback.
6004a403cSLoc Ho  *
7004a403cSLoc Ho  * Copyright (c) 2008 Loc Ho <lho@amcc.com>
8004a403cSLoc Ho  *
9004a403cSLoc Ho  * This program is free software; you can redistribute it and/or modify it
10004a403cSLoc Ho  * under the terms of the GNU General Public License as published by the Free
11004a403cSLoc Ho  * Software Foundation; either version 2 of the License, or (at your option)
12004a403cSLoc Ho  * any later version.
13004a403cSLoc Ho  *
14004a403cSLoc Ho  */
15004a403cSLoc Ho 
1620036252SHerbert Xu #include <crypto/internal/hash.h>
1720036252SHerbert Xu #include <crypto/scatterwalk.h>
1875ecb231SHerbert Xu #include <linux/bug.h>
19004a403cSLoc Ho #include <linux/err.h>
20004a403cSLoc Ho #include <linux/kernel.h>
21004a403cSLoc Ho #include <linux/module.h>
22004a403cSLoc Ho #include <linux/sched.h>
23004a403cSLoc Ho #include <linux/slab.h>
24004a403cSLoc Ho #include <linux/seq_file.h>
256238cbaeSSteffen Klassert #include <linux/cryptouser.h>
26d8c34b94SGideon Israel Dsouza #include <linux/compiler.h>
276238cbaeSSteffen Klassert #include <net/netlink.h>
28004a403cSLoc Ho 
29004a403cSLoc Ho #include "internal.h"
30004a403cSLoc Ho 
3166f6ce5eSHerbert Xu struct ahash_request_priv {
3266f6ce5eSHerbert Xu 	crypto_completion_t complete;
3366f6ce5eSHerbert Xu 	void *data;
3466f6ce5eSHerbert Xu 	u8 *result;
35ef0579b6SHerbert Xu 	u32 flags;
3666f6ce5eSHerbert Xu 	void *ubuf[] CRYPTO_MINALIGN_ATTR;
3766f6ce5eSHerbert Xu };
3866f6ce5eSHerbert Xu 
3988056ec3SHerbert Xu static inline struct ahash_alg *crypto_ahash_alg(struct crypto_ahash *hash)
4088056ec3SHerbert Xu {
4188056ec3SHerbert Xu 	return container_of(crypto_hash_alg_common(hash), struct ahash_alg,
4288056ec3SHerbert Xu 			    halg);
4388056ec3SHerbert Xu }
4488056ec3SHerbert Xu 
4520036252SHerbert Xu static int hash_walk_next(struct crypto_hash_walk *walk)
4620036252SHerbert Xu {
4720036252SHerbert Xu 	unsigned int alignmask = walk->alignmask;
4820036252SHerbert Xu 	unsigned int offset = walk->offset;
4920036252SHerbert Xu 	unsigned int nbytes = min(walk->entrylen,
5020036252SHerbert Xu 				  ((unsigned int)(PAGE_SIZE)) - offset);
5120036252SHerbert Xu 
5275ecb231SHerbert Xu 	if (walk->flags & CRYPTO_ALG_ASYNC)
5375ecb231SHerbert Xu 		walk->data = kmap(walk->pg);
5475ecb231SHerbert Xu 	else
55f0dfc0b0SCong Wang 		walk->data = kmap_atomic(walk->pg);
5620036252SHerbert Xu 	walk->data += offset;
5720036252SHerbert Xu 
5823a75eeeSSzilveszter Ördög 	if (offset & alignmask) {
5923a75eeeSSzilveszter Ördög 		unsigned int unaligned = alignmask + 1 - (offset & alignmask);
60b516d514SJoshua I. James 
6123a75eeeSSzilveszter Ördög 		if (nbytes > unaligned)
6223a75eeeSSzilveszter Ördög 			nbytes = unaligned;
6323a75eeeSSzilveszter Ördög 	}
6420036252SHerbert Xu 
6520036252SHerbert Xu 	walk->entrylen -= nbytes;
6620036252SHerbert Xu 	return nbytes;
6720036252SHerbert Xu }
6820036252SHerbert Xu 
6920036252SHerbert Xu static int hash_walk_new_entry(struct crypto_hash_walk *walk)
7020036252SHerbert Xu {
7120036252SHerbert Xu 	struct scatterlist *sg;
7220036252SHerbert Xu 
7320036252SHerbert Xu 	sg = walk->sg;
7420036252SHerbert Xu 	walk->offset = sg->offset;
7513f4bb78SHerbert Xu 	walk->pg = sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
7613f4bb78SHerbert Xu 	walk->offset = offset_in_page(walk->offset);
7720036252SHerbert Xu 	walk->entrylen = sg->length;
7820036252SHerbert Xu 
7920036252SHerbert Xu 	if (walk->entrylen > walk->total)
8020036252SHerbert Xu 		walk->entrylen = walk->total;
8120036252SHerbert Xu 	walk->total -= walk->entrylen;
8220036252SHerbert Xu 
8320036252SHerbert Xu 	return hash_walk_next(walk);
8420036252SHerbert Xu }
8520036252SHerbert Xu 
8620036252SHerbert Xu int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
8720036252SHerbert Xu {
8820036252SHerbert Xu 	unsigned int alignmask = walk->alignmask;
8920036252SHerbert Xu 	unsigned int nbytes = walk->entrylen;
9020036252SHerbert Xu 
9120036252SHerbert Xu 	walk->data -= walk->offset;
9220036252SHerbert Xu 
9320036252SHerbert Xu 	if (nbytes && walk->offset & alignmask && !err) {
9420036252SHerbert Xu 		walk->offset = ALIGN(walk->offset, alignmask + 1);
9520036252SHerbert Xu 		nbytes = min(nbytes,
9620036252SHerbert Xu 			     ((unsigned int)(PAGE_SIZE)) - walk->offset);
9720036252SHerbert Xu 		walk->entrylen -= nbytes;
9820036252SHerbert Xu 
99900a081fSHerbert Xu 		if (nbytes) {
100900a081fSHerbert Xu 			walk->data += walk->offset;
10120036252SHerbert Xu 			return nbytes;
10220036252SHerbert Xu 		}
103900a081fSHerbert Xu 	}
10420036252SHerbert Xu 
10575ecb231SHerbert Xu 	if (walk->flags & CRYPTO_ALG_ASYNC)
10675ecb231SHerbert Xu 		kunmap(walk->pg);
10775ecb231SHerbert Xu 	else {
108f0dfc0b0SCong Wang 		kunmap_atomic(walk->data);
10975ecb231SHerbert Xu 		/*
11075ecb231SHerbert Xu 		 * The may sleep test only makes sense for sync users.
11175ecb231SHerbert Xu 		 * Async users don't need to sleep here anyway.
11275ecb231SHerbert Xu 		 */
11320036252SHerbert Xu 		crypto_yield(walk->flags);
11475ecb231SHerbert Xu 	}
11520036252SHerbert Xu 
11620036252SHerbert Xu 	if (err)
11720036252SHerbert Xu 		return err;
11820036252SHerbert Xu 
119d315a0e0SHerbert Xu 	if (nbytes) {
12020036252SHerbert Xu 		walk->offset = 0;
121d315a0e0SHerbert Xu 		walk->pg++;
12220036252SHerbert Xu 		return hash_walk_next(walk);
123d315a0e0SHerbert Xu 	}
12420036252SHerbert Xu 
12520036252SHerbert Xu 	if (!walk->total)
12620036252SHerbert Xu 		return 0;
12720036252SHerbert Xu 
1285be4d4c9SCristian Stoica 	walk->sg = sg_next(walk->sg);
12920036252SHerbert Xu 
13020036252SHerbert Xu 	return hash_walk_new_entry(walk);
13120036252SHerbert Xu }
13220036252SHerbert Xu EXPORT_SYMBOL_GPL(crypto_hash_walk_done);
13320036252SHerbert Xu 
13420036252SHerbert Xu int crypto_hash_walk_first(struct ahash_request *req,
13520036252SHerbert Xu 			   struct crypto_hash_walk *walk)
13620036252SHerbert Xu {
13720036252SHerbert Xu 	walk->total = req->nbytes;
13820036252SHerbert Xu 
1396d9529c5STim Chen 	if (!walk->total) {
1406d9529c5STim Chen 		walk->entrylen = 0;
14120036252SHerbert Xu 		return 0;
1426d9529c5STim Chen 	}
14320036252SHerbert Xu 
14420036252SHerbert Xu 	walk->alignmask = crypto_ahash_alignmask(crypto_ahash_reqtfm(req));
14520036252SHerbert Xu 	walk->sg = req->src;
14675ecb231SHerbert Xu 	walk->flags = req->base.flags & CRYPTO_TFM_REQ_MASK;
14720036252SHerbert Xu 
14820036252SHerbert Xu 	return hash_walk_new_entry(walk);
14920036252SHerbert Xu }
15020036252SHerbert Xu EXPORT_SYMBOL_GPL(crypto_hash_walk_first);
15120036252SHerbert Xu 
15275ecb231SHerbert Xu int crypto_ahash_walk_first(struct ahash_request *req,
15375ecb231SHerbert Xu 			    struct crypto_hash_walk *walk)
15475ecb231SHerbert Xu {
15575ecb231SHerbert Xu 	walk->total = req->nbytes;
15675ecb231SHerbert Xu 
1576d9529c5STim Chen 	if (!walk->total) {
1586d9529c5STim Chen 		walk->entrylen = 0;
15975ecb231SHerbert Xu 		return 0;
1606d9529c5STim Chen 	}
16175ecb231SHerbert Xu 
16275ecb231SHerbert Xu 	walk->alignmask = crypto_ahash_alignmask(crypto_ahash_reqtfm(req));
16375ecb231SHerbert Xu 	walk->sg = req->src;
16475ecb231SHerbert Xu 	walk->flags = req->base.flags & CRYPTO_TFM_REQ_MASK;
16575ecb231SHerbert Xu 	walk->flags |= CRYPTO_ALG_ASYNC;
16675ecb231SHerbert Xu 
16775ecb231SHerbert Xu 	BUILD_BUG_ON(CRYPTO_TFM_REQ_MASK & CRYPTO_ALG_ASYNC);
16875ecb231SHerbert Xu 
16975ecb231SHerbert Xu 	return hash_walk_new_entry(walk);
17075ecb231SHerbert Xu }
17175ecb231SHerbert Xu EXPORT_SYMBOL_GPL(crypto_ahash_walk_first);
17275ecb231SHerbert Xu 
173004a403cSLoc Ho static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
174004a403cSLoc Ho 				unsigned int keylen)
175004a403cSLoc Ho {
176004a403cSLoc Ho 	unsigned long alignmask = crypto_ahash_alignmask(tfm);
177004a403cSLoc Ho 	int ret;
178004a403cSLoc Ho 	u8 *buffer, *alignbuffer;
179004a403cSLoc Ho 	unsigned long absize;
180004a403cSLoc Ho 
181004a403cSLoc Ho 	absize = keylen + alignmask;
182093900c2SHerbert Xu 	buffer = kmalloc(absize, GFP_KERNEL);
183004a403cSLoc Ho 	if (!buffer)
184004a403cSLoc Ho 		return -ENOMEM;
185004a403cSLoc Ho 
186004a403cSLoc Ho 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
187004a403cSLoc Ho 	memcpy(alignbuffer, key, keylen);
188a70c5225SHerbert Xu 	ret = tfm->setkey(tfm, alignbuffer, keylen);
1898c32c516SHerbert Xu 	kzfree(buffer);
190004a403cSLoc Ho 	return ret;
191004a403cSLoc Ho }
192004a403cSLoc Ho 
19366f6ce5eSHerbert Xu int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
194004a403cSLoc Ho 			unsigned int keylen)
195004a403cSLoc Ho {
196004a403cSLoc Ho 	unsigned long alignmask = crypto_ahash_alignmask(tfm);
1979fa68f62SEric Biggers 	int err;
198004a403cSLoc Ho 
199004a403cSLoc Ho 	if ((unsigned long)key & alignmask)
2009fa68f62SEric Biggers 		err = ahash_setkey_unaligned(tfm, key, keylen);
2019fa68f62SEric Biggers 	else
2029fa68f62SEric Biggers 		err = tfm->setkey(tfm, key, keylen);
203004a403cSLoc Ho 
2049fa68f62SEric Biggers 	if (err)
2059fa68f62SEric Biggers 		return err;
2069fa68f62SEric Biggers 
2079fa68f62SEric Biggers 	crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
2089fa68f62SEric Biggers 	return 0;
209004a403cSLoc Ho }
21066f6ce5eSHerbert Xu EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
211004a403cSLoc Ho 
2123751f402SHerbert Xu static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
2133751f402SHerbert Xu 			  unsigned int keylen)
2143751f402SHerbert Xu {
2153751f402SHerbert Xu 	return -ENOSYS;
2163751f402SHerbert Xu }
2173751f402SHerbert Xu 
21866f6ce5eSHerbert Xu static inline unsigned int ahash_align_buffer_size(unsigned len,
21966f6ce5eSHerbert Xu 						   unsigned long mask)
22066f6ce5eSHerbert Xu {
22166f6ce5eSHerbert Xu 	return len + (mask & ~(crypto_tfm_ctx_alignment() - 1));
22266f6ce5eSHerbert Xu }
22366f6ce5eSHerbert Xu 
2241ffc9fbdSMarek Vasut static int ahash_save_req(struct ahash_request *req, crypto_completion_t cplt)
22566f6ce5eSHerbert Xu {
22666f6ce5eSHerbert Xu 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
22766f6ce5eSHerbert Xu 	unsigned long alignmask = crypto_ahash_alignmask(tfm);
22866f6ce5eSHerbert Xu 	unsigned int ds = crypto_ahash_digestsize(tfm);
22966f6ce5eSHerbert Xu 	struct ahash_request_priv *priv;
23066f6ce5eSHerbert Xu 
23166f6ce5eSHerbert Xu 	priv = kmalloc(sizeof(*priv) + ahash_align_buffer_size(ds, alignmask),
23266f6ce5eSHerbert Xu 		       (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
2335befbd5aSSteffen Klassert 		       GFP_KERNEL : GFP_ATOMIC);
23466f6ce5eSHerbert Xu 	if (!priv)
23566f6ce5eSHerbert Xu 		return -ENOMEM;
23666f6ce5eSHerbert Xu 
237ab6bf4e5SMarek Vasut 	/*
238ab6bf4e5SMarek Vasut 	 * WARNING: Voodoo programming below!
239ab6bf4e5SMarek Vasut 	 *
240ab6bf4e5SMarek Vasut 	 * The code below is obscure and hard to understand, thus explanation
241ab6bf4e5SMarek Vasut 	 * is necessary. See include/crypto/hash.h and include/linux/crypto.h
242ab6bf4e5SMarek Vasut 	 * to understand the layout of structures used here!
243ab6bf4e5SMarek Vasut 	 *
244ab6bf4e5SMarek Vasut 	 * The code here will replace portions of the ORIGINAL request with
245ab6bf4e5SMarek Vasut 	 * pointers to new code and buffers so the hashing operation can store
246ab6bf4e5SMarek Vasut 	 * the result in aligned buffer. We will call the modified request
247ab6bf4e5SMarek Vasut 	 * an ADJUSTED request.
248ab6bf4e5SMarek Vasut 	 *
249ab6bf4e5SMarek Vasut 	 * The newly mangled request will look as such:
250ab6bf4e5SMarek Vasut 	 *
251ab6bf4e5SMarek Vasut 	 * req {
252ab6bf4e5SMarek Vasut 	 *   .result        = ADJUSTED[new aligned buffer]
253ab6bf4e5SMarek Vasut 	 *   .base.complete = ADJUSTED[pointer to completion function]
254ab6bf4e5SMarek Vasut 	 *   .base.data     = ADJUSTED[*req (pointer to self)]
255ab6bf4e5SMarek Vasut 	 *   .priv          = ADJUSTED[new priv] {
256ab6bf4e5SMarek Vasut 	 *           .result   = ORIGINAL(result)
257ab6bf4e5SMarek Vasut 	 *           .complete = ORIGINAL(base.complete)
258ab6bf4e5SMarek Vasut 	 *           .data     = ORIGINAL(base.data)
259ab6bf4e5SMarek Vasut 	 *   }
260ab6bf4e5SMarek Vasut 	 */
261ab6bf4e5SMarek Vasut 
26266f6ce5eSHerbert Xu 	priv->result = req->result;
26366f6ce5eSHerbert Xu 	priv->complete = req->base.complete;
26466f6ce5eSHerbert Xu 	priv->data = req->base.data;
265ef0579b6SHerbert Xu 	priv->flags = req->base.flags;
266ef0579b6SHerbert Xu 
267ab6bf4e5SMarek Vasut 	/*
268ab6bf4e5SMarek Vasut 	 * WARNING: We do not backup req->priv here! The req->priv
269ab6bf4e5SMarek Vasut 	 *          is for internal use of the Crypto API and the
270ab6bf4e5SMarek Vasut 	 *          user must _NOT_ _EVER_ depend on it's content!
271ab6bf4e5SMarek Vasut 	 */
27266f6ce5eSHerbert Xu 
27366f6ce5eSHerbert Xu 	req->result = PTR_ALIGN((u8 *)priv->ubuf, alignmask + 1);
2741ffc9fbdSMarek Vasut 	req->base.complete = cplt;
27566f6ce5eSHerbert Xu 	req->base.data = req;
27666f6ce5eSHerbert Xu 	req->priv = priv;
27766f6ce5eSHerbert Xu 
2781ffc9fbdSMarek Vasut 	return 0;
2791ffc9fbdSMarek Vasut }
2801ffc9fbdSMarek Vasut 
281ef0579b6SHerbert Xu static void ahash_restore_req(struct ahash_request *req, int err)
2821ffc9fbdSMarek Vasut {
2831ffc9fbdSMarek Vasut 	struct ahash_request_priv *priv = req->priv;
2841ffc9fbdSMarek Vasut 
285ef0579b6SHerbert Xu 	if (!err)
286ef0579b6SHerbert Xu 		memcpy(priv->result, req->result,
287ef0579b6SHerbert Xu 		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
288ef0579b6SHerbert Xu 
2891ffc9fbdSMarek Vasut 	/* Restore the original crypto request. */
2901ffc9fbdSMarek Vasut 	req->result = priv->result;
291ef0579b6SHerbert Xu 
292ef0579b6SHerbert Xu 	ahash_request_set_callback(req, priv->flags,
293ef0579b6SHerbert Xu 				   priv->complete, priv->data);
2941ffc9fbdSMarek Vasut 	req->priv = NULL;
2951ffc9fbdSMarek Vasut 
2961ffc9fbdSMarek Vasut 	/* Free the req->priv.priv from the ADJUSTED request. */
2971ffc9fbdSMarek Vasut 	kzfree(priv);
2981ffc9fbdSMarek Vasut }
2991ffc9fbdSMarek Vasut 
300ef0579b6SHerbert Xu static void ahash_notify_einprogress(struct ahash_request *req)
3011ffc9fbdSMarek Vasut {
3021ffc9fbdSMarek Vasut 	struct ahash_request_priv *priv = req->priv;
303ef0579b6SHerbert Xu 	struct crypto_async_request oreq;
3041ffc9fbdSMarek Vasut 
305ef0579b6SHerbert Xu 	oreq.data = priv->data;
3061ffc9fbdSMarek Vasut 
307ef0579b6SHerbert Xu 	priv->complete(&oreq, -EINPROGRESS);
3081ffc9fbdSMarek Vasut }
3091ffc9fbdSMarek Vasut 
3101ffc9fbdSMarek Vasut static void ahash_op_unaligned_done(struct crypto_async_request *req, int err)
3111ffc9fbdSMarek Vasut {
3121ffc9fbdSMarek Vasut 	struct ahash_request *areq = req->data;
3131ffc9fbdSMarek Vasut 
314ef0579b6SHerbert Xu 	if (err == -EINPROGRESS) {
315ef0579b6SHerbert Xu 		ahash_notify_einprogress(areq);
316ef0579b6SHerbert Xu 		return;
317ef0579b6SHerbert Xu 	}
318ef0579b6SHerbert Xu 
3191ffc9fbdSMarek Vasut 	/*
3201ffc9fbdSMarek Vasut 	 * Restore the original request, see ahash_op_unaligned() for what
3211ffc9fbdSMarek Vasut 	 * goes where.
3221ffc9fbdSMarek Vasut 	 *
3231ffc9fbdSMarek Vasut 	 * The "struct ahash_request *req" here is in fact the "req.base"
3241ffc9fbdSMarek Vasut 	 * from the ADJUSTED request from ahash_op_unaligned(), thus as it
3251ffc9fbdSMarek Vasut 	 * is a pointer to self, it is also the ADJUSTED "req" .
3261ffc9fbdSMarek Vasut 	 */
3271ffc9fbdSMarek Vasut 
3281ffc9fbdSMarek Vasut 	/* First copy req->result into req->priv.result */
329ef0579b6SHerbert Xu 	ahash_restore_req(areq, err);
3301ffc9fbdSMarek Vasut 
3311ffc9fbdSMarek Vasut 	/* Complete the ORIGINAL request. */
3321ffc9fbdSMarek Vasut 	areq->base.complete(&areq->base, err);
3331ffc9fbdSMarek Vasut }
3341ffc9fbdSMarek Vasut 
3351ffc9fbdSMarek Vasut static int ahash_op_unaligned(struct ahash_request *req,
3361ffc9fbdSMarek Vasut 			      int (*op)(struct ahash_request *))
3371ffc9fbdSMarek Vasut {
3381ffc9fbdSMarek Vasut 	int err;
3391ffc9fbdSMarek Vasut 
3401ffc9fbdSMarek Vasut 	err = ahash_save_req(req, ahash_op_unaligned_done);
3411ffc9fbdSMarek Vasut 	if (err)
3421ffc9fbdSMarek Vasut 		return err;
3431ffc9fbdSMarek Vasut 
34466f6ce5eSHerbert Xu 	err = op(req);
3454e5b0ad5SGilad Ben-Yossef 	if (err == -EINPROGRESS || err == -EBUSY)
346ef0579b6SHerbert Xu 		return err;
347ef0579b6SHerbert Xu 
348ef0579b6SHerbert Xu 	ahash_restore_req(req, err);
34966f6ce5eSHerbert Xu 
35066f6ce5eSHerbert Xu 	return err;
35166f6ce5eSHerbert Xu }
35266f6ce5eSHerbert Xu 
35366f6ce5eSHerbert Xu static int crypto_ahash_op(struct ahash_request *req,
35466f6ce5eSHerbert Xu 			   int (*op)(struct ahash_request *))
35566f6ce5eSHerbert Xu {
35666f6ce5eSHerbert Xu 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
35766f6ce5eSHerbert Xu 	unsigned long alignmask = crypto_ahash_alignmask(tfm);
35866f6ce5eSHerbert Xu 
35966f6ce5eSHerbert Xu 	if ((unsigned long)req->result & alignmask)
36066f6ce5eSHerbert Xu 		return ahash_op_unaligned(req, op);
36166f6ce5eSHerbert Xu 
36266f6ce5eSHerbert Xu 	return op(req);
36366f6ce5eSHerbert Xu }
36466f6ce5eSHerbert Xu 
36566f6ce5eSHerbert Xu int crypto_ahash_final(struct ahash_request *req)
36666f6ce5eSHerbert Xu {
367*cac5818cSCorentin Labbe 	int ret;
368*cac5818cSCorentin Labbe 
369*cac5818cSCorentin Labbe 	ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
370*cac5818cSCorentin Labbe 	crypto_stat_ahash_final(req, ret);
371*cac5818cSCorentin Labbe 	return ret;
37266f6ce5eSHerbert Xu }
37366f6ce5eSHerbert Xu EXPORT_SYMBOL_GPL(crypto_ahash_final);
37466f6ce5eSHerbert Xu 
37566f6ce5eSHerbert Xu int crypto_ahash_finup(struct ahash_request *req)
37666f6ce5eSHerbert Xu {
377*cac5818cSCorentin Labbe 	int ret;
378*cac5818cSCorentin Labbe 
379*cac5818cSCorentin Labbe 	ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
380*cac5818cSCorentin Labbe 	crypto_stat_ahash_final(req, ret);
381*cac5818cSCorentin Labbe 	return ret;
38266f6ce5eSHerbert Xu }
38366f6ce5eSHerbert Xu EXPORT_SYMBOL_GPL(crypto_ahash_finup);
38466f6ce5eSHerbert Xu 
38566f6ce5eSHerbert Xu int crypto_ahash_digest(struct ahash_request *req)
38666f6ce5eSHerbert Xu {
3879fa68f62SEric Biggers 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
388*cac5818cSCorentin Labbe 	int ret;
3899fa68f62SEric Biggers 
3909fa68f62SEric Biggers 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
391*cac5818cSCorentin Labbe 		ret = -ENOKEY;
392*cac5818cSCorentin Labbe 	else
393*cac5818cSCorentin Labbe 		ret = crypto_ahash_op(req, tfm->digest);
394*cac5818cSCorentin Labbe 	crypto_stat_ahash_final(req, ret);
395*cac5818cSCorentin Labbe 	return ret;
39666f6ce5eSHerbert Xu }
39766f6ce5eSHerbert Xu EXPORT_SYMBOL_GPL(crypto_ahash_digest);
39866f6ce5eSHerbert Xu 
39966f6ce5eSHerbert Xu static void ahash_def_finup_done2(struct crypto_async_request *req, int err)
40066f6ce5eSHerbert Xu {
40166f6ce5eSHerbert Xu 	struct ahash_request *areq = req->data;
40266f6ce5eSHerbert Xu 
403ef0579b6SHerbert Xu 	if (err == -EINPROGRESS)
404ef0579b6SHerbert Xu 		return;
405ef0579b6SHerbert Xu 
406ef0579b6SHerbert Xu 	ahash_restore_req(areq, err);
40766f6ce5eSHerbert Xu 
408d4a7a0fbSMarek Vasut 	areq->base.complete(&areq->base, err);
40966f6ce5eSHerbert Xu }
41066f6ce5eSHerbert Xu 
41166f6ce5eSHerbert Xu static int ahash_def_finup_finish1(struct ahash_request *req, int err)
41266f6ce5eSHerbert Xu {
41366f6ce5eSHerbert Xu 	if (err)
41466f6ce5eSHerbert Xu 		goto out;
41566f6ce5eSHerbert Xu 
41666f6ce5eSHerbert Xu 	req->base.complete = ahash_def_finup_done2;
417ef0579b6SHerbert Xu 
41866f6ce5eSHerbert Xu 	err = crypto_ahash_reqtfm(req)->final(req);
4194e5b0ad5SGilad Ben-Yossef 	if (err == -EINPROGRESS || err == -EBUSY)
420ef0579b6SHerbert Xu 		return err;
42166f6ce5eSHerbert Xu 
42266f6ce5eSHerbert Xu out:
423ef0579b6SHerbert Xu 	ahash_restore_req(req, err);
42466f6ce5eSHerbert Xu 	return err;
42566f6ce5eSHerbert Xu }
42666f6ce5eSHerbert Xu 
42766f6ce5eSHerbert Xu static void ahash_def_finup_done1(struct crypto_async_request *req, int err)
42866f6ce5eSHerbert Xu {
42966f6ce5eSHerbert Xu 	struct ahash_request *areq = req->data;
43066f6ce5eSHerbert Xu 
431ef0579b6SHerbert Xu 	if (err == -EINPROGRESS) {
432ef0579b6SHerbert Xu 		ahash_notify_einprogress(areq);
433ef0579b6SHerbert Xu 		return;
434ef0579b6SHerbert Xu 	}
435ef0579b6SHerbert Xu 
436ef0579b6SHerbert Xu 	areq->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
437ef0579b6SHerbert Xu 
43866f6ce5eSHerbert Xu 	err = ahash_def_finup_finish1(areq, err);
439ef0579b6SHerbert Xu 	if (areq->priv)
440ef0579b6SHerbert Xu 		return;
44166f6ce5eSHerbert Xu 
442d4a7a0fbSMarek Vasut 	areq->base.complete(&areq->base, err);
44366f6ce5eSHerbert Xu }
44466f6ce5eSHerbert Xu 
44566f6ce5eSHerbert Xu static int ahash_def_finup(struct ahash_request *req)
44666f6ce5eSHerbert Xu {
44766f6ce5eSHerbert Xu 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
448d4a7a0fbSMarek Vasut 	int err;
44966f6ce5eSHerbert Xu 
450d4a7a0fbSMarek Vasut 	err = ahash_save_req(req, ahash_def_finup_done1);
451d4a7a0fbSMarek Vasut 	if (err)
452d4a7a0fbSMarek Vasut 		return err;
45366f6ce5eSHerbert Xu 
454d4a7a0fbSMarek Vasut 	err = tfm->update(req);
4554e5b0ad5SGilad Ben-Yossef 	if (err == -EINPROGRESS || err == -EBUSY)
456ef0579b6SHerbert Xu 		return err;
457ef0579b6SHerbert Xu 
458d4a7a0fbSMarek Vasut 	return ahash_def_finup_finish1(req, err);
45966f6ce5eSHerbert Xu }
46066f6ce5eSHerbert Xu 
46188056ec3SHerbert Xu static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
46288056ec3SHerbert Xu {
46388056ec3SHerbert Xu 	struct crypto_ahash *hash = __crypto_ahash_cast(tfm);
46488056ec3SHerbert Xu 	struct ahash_alg *alg = crypto_ahash_alg(hash);
46588056ec3SHerbert Xu 
46666f6ce5eSHerbert Xu 	hash->setkey = ahash_nosetkey;
46766f6ce5eSHerbert Xu 
46888056ec3SHerbert Xu 	if (tfm->__crt_alg->cra_type != &crypto_ahash_type)
46988056ec3SHerbert Xu 		return crypto_init_shash_ops_async(tfm);
47088056ec3SHerbert Xu 
47188056ec3SHerbert Xu 	hash->init = alg->init;
47288056ec3SHerbert Xu 	hash->update = alg->update;
47388056ec3SHerbert Xu 	hash->final = alg->final;
47466f6ce5eSHerbert Xu 	hash->finup = alg->finup ?: ahash_def_finup;
47588056ec3SHerbert Xu 	hash->digest = alg->digest;
4766f221f7eSKamil Konieczny 	hash->export = alg->export;
4776f221f7eSKamil Konieczny 	hash->import = alg->import;
47866f6ce5eSHerbert Xu 
479a5596d63SHerbert Xu 	if (alg->setkey) {
48066f6ce5eSHerbert Xu 		hash->setkey = alg->setkey;
4819fa68f62SEric Biggers 		if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
4829fa68f62SEric Biggers 			crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
483a5596d63SHerbert Xu 	}
48488056ec3SHerbert Xu 
48588056ec3SHerbert Xu 	return 0;
48688056ec3SHerbert Xu }
48788056ec3SHerbert Xu 
48888056ec3SHerbert Xu static unsigned int crypto_ahash_extsize(struct crypto_alg *alg)
48988056ec3SHerbert Xu {
4902495cf25SHerbert Xu 	if (alg->cra_type != &crypto_ahash_type)
49188056ec3SHerbert Xu 		return sizeof(struct crypto_shash *);
4922495cf25SHerbert Xu 
4932495cf25SHerbert Xu 	return crypto_alg_extsize(alg);
49488056ec3SHerbert Xu }
49588056ec3SHerbert Xu 
4963acc8473SHerbert Xu #ifdef CONFIG_NET
4976238cbaeSSteffen Klassert static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
4986238cbaeSSteffen Klassert {
4996238cbaeSSteffen Klassert 	struct crypto_report_hash rhash;
5006238cbaeSSteffen Klassert 
5019a5467bfSMathias Krause 	strncpy(rhash.type, "ahash", sizeof(rhash.type));
5026238cbaeSSteffen Klassert 
5036238cbaeSSteffen Klassert 	rhash.blocksize = alg->cra_blocksize;
5046238cbaeSSteffen Klassert 	rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
5056238cbaeSSteffen Klassert 
5066662df33SDavid S. Miller 	if (nla_put(skb, CRYPTOCFGA_REPORT_HASH,
5076662df33SDavid S. Miller 		    sizeof(struct crypto_report_hash), &rhash))
5086662df33SDavid S. Miller 		goto nla_put_failure;
5096238cbaeSSteffen Klassert 	return 0;
5106238cbaeSSteffen Klassert 
5116238cbaeSSteffen Klassert nla_put_failure:
5126238cbaeSSteffen Klassert 	return -EMSGSIZE;
5136238cbaeSSteffen Klassert }
5143acc8473SHerbert Xu #else
5153acc8473SHerbert Xu static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
5163acc8473SHerbert Xu {
5173acc8473SHerbert Xu 	return -ENOSYS;
5183acc8473SHerbert Xu }
5193acc8473SHerbert Xu #endif
5206238cbaeSSteffen Klassert 
521004a403cSLoc Ho static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
522d8c34b94SGideon Israel Dsouza 	__maybe_unused;
523004a403cSLoc Ho static void crypto_ahash_show(struct seq_file *m, struct crypto_alg *alg)
524004a403cSLoc Ho {
525004a403cSLoc Ho 	seq_printf(m, "type         : ahash\n");
526004a403cSLoc Ho 	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
527004a403cSLoc Ho 					     "yes" : "no");
528004a403cSLoc Ho 	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
52988056ec3SHerbert Xu 	seq_printf(m, "digestsize   : %u\n",
53088056ec3SHerbert Xu 		   __crypto_hash_alg_common(alg)->digestsize);
531004a403cSLoc Ho }
532004a403cSLoc Ho 
533004a403cSLoc Ho const struct crypto_type crypto_ahash_type = {
53488056ec3SHerbert Xu 	.extsize = crypto_ahash_extsize,
53588056ec3SHerbert Xu 	.init_tfm = crypto_ahash_init_tfm,
536004a403cSLoc Ho #ifdef CONFIG_PROC_FS
537004a403cSLoc Ho 	.show = crypto_ahash_show,
538004a403cSLoc Ho #endif
5396238cbaeSSteffen Klassert 	.report = crypto_ahash_report,
54088056ec3SHerbert Xu 	.maskclear = ~CRYPTO_ALG_TYPE_MASK,
54188056ec3SHerbert Xu 	.maskset = CRYPTO_ALG_TYPE_AHASH_MASK,
54288056ec3SHerbert Xu 	.type = CRYPTO_ALG_TYPE_AHASH,
54388056ec3SHerbert Xu 	.tfmsize = offsetof(struct crypto_ahash, base),
544004a403cSLoc Ho };
545004a403cSLoc Ho EXPORT_SYMBOL_GPL(crypto_ahash_type);
546004a403cSLoc Ho 
54788056ec3SHerbert Xu struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
54888056ec3SHerbert Xu 					u32 mask)
54988056ec3SHerbert Xu {
55088056ec3SHerbert Xu 	return crypto_alloc_tfm(alg_name, &crypto_ahash_type, type, mask);
55188056ec3SHerbert Xu }
55288056ec3SHerbert Xu EXPORT_SYMBOL_GPL(crypto_alloc_ahash);
55388056ec3SHerbert Xu 
5548d18e34cSHerbert Xu int crypto_has_ahash(const char *alg_name, u32 type, u32 mask)
5558d18e34cSHerbert Xu {
5568d18e34cSHerbert Xu 	return crypto_type_has_alg(alg_name, &crypto_ahash_type, type, mask);
5578d18e34cSHerbert Xu }
5588d18e34cSHerbert Xu EXPORT_SYMBOL_GPL(crypto_has_ahash);
5598d18e34cSHerbert Xu 
56001c2deceSHerbert Xu static int ahash_prepare_alg(struct ahash_alg *alg)
56101c2deceSHerbert Xu {
56201c2deceSHerbert Xu 	struct crypto_alg *base = &alg->halg.base;
56301c2deceSHerbert Xu 
564b68a7ec1SKees Cook 	if (alg->halg.digestsize > HASH_MAX_DIGESTSIZE ||
565b68a7ec1SKees Cook 	    alg->halg.statesize > HASH_MAX_STATESIZE ||
5668996eafdSRussell King 	    alg->halg.statesize == 0)
56701c2deceSHerbert Xu 		return -EINVAL;
56801c2deceSHerbert Xu 
56901c2deceSHerbert Xu 	base->cra_type = &crypto_ahash_type;
57001c2deceSHerbert Xu 	base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
57101c2deceSHerbert Xu 	base->cra_flags |= CRYPTO_ALG_TYPE_AHASH;
57201c2deceSHerbert Xu 
57301c2deceSHerbert Xu 	return 0;
57401c2deceSHerbert Xu }
57501c2deceSHerbert Xu 
57601c2deceSHerbert Xu int crypto_register_ahash(struct ahash_alg *alg)
57701c2deceSHerbert Xu {
57801c2deceSHerbert Xu 	struct crypto_alg *base = &alg->halg.base;
57901c2deceSHerbert Xu 	int err;
58001c2deceSHerbert Xu 
58101c2deceSHerbert Xu 	err = ahash_prepare_alg(alg);
58201c2deceSHerbert Xu 	if (err)
58301c2deceSHerbert Xu 		return err;
58401c2deceSHerbert Xu 
58501c2deceSHerbert Xu 	return crypto_register_alg(base);
58601c2deceSHerbert Xu }
58701c2deceSHerbert Xu EXPORT_SYMBOL_GPL(crypto_register_ahash);
58801c2deceSHerbert Xu 
58901c2deceSHerbert Xu int crypto_unregister_ahash(struct ahash_alg *alg)
59001c2deceSHerbert Xu {
59101c2deceSHerbert Xu 	return crypto_unregister_alg(&alg->halg.base);
59201c2deceSHerbert Xu }
59301c2deceSHerbert Xu EXPORT_SYMBOL_GPL(crypto_unregister_ahash);
59401c2deceSHerbert Xu 
5956f7473c5SRabin Vincent int crypto_register_ahashes(struct ahash_alg *algs, int count)
5966f7473c5SRabin Vincent {
5976f7473c5SRabin Vincent 	int i, ret;
5986f7473c5SRabin Vincent 
5996f7473c5SRabin Vincent 	for (i = 0; i < count; i++) {
6006f7473c5SRabin Vincent 		ret = crypto_register_ahash(&algs[i]);
6016f7473c5SRabin Vincent 		if (ret)
6026f7473c5SRabin Vincent 			goto err;
6036f7473c5SRabin Vincent 	}
6046f7473c5SRabin Vincent 
6056f7473c5SRabin Vincent 	return 0;
6066f7473c5SRabin Vincent 
6076f7473c5SRabin Vincent err:
6086f7473c5SRabin Vincent 	for (--i; i >= 0; --i)
6096f7473c5SRabin Vincent 		crypto_unregister_ahash(&algs[i]);
6106f7473c5SRabin Vincent 
6116f7473c5SRabin Vincent 	return ret;
6126f7473c5SRabin Vincent }
6136f7473c5SRabin Vincent EXPORT_SYMBOL_GPL(crypto_register_ahashes);
6146f7473c5SRabin Vincent 
6156f7473c5SRabin Vincent void crypto_unregister_ahashes(struct ahash_alg *algs, int count)
6166f7473c5SRabin Vincent {
6176f7473c5SRabin Vincent 	int i;
6186f7473c5SRabin Vincent 
6196f7473c5SRabin Vincent 	for (i = count - 1; i >= 0; --i)
6206f7473c5SRabin Vincent 		crypto_unregister_ahash(&algs[i]);
6216f7473c5SRabin Vincent }
6226f7473c5SRabin Vincent EXPORT_SYMBOL_GPL(crypto_unregister_ahashes);
6236f7473c5SRabin Vincent 
62401c2deceSHerbert Xu int ahash_register_instance(struct crypto_template *tmpl,
62501c2deceSHerbert Xu 			    struct ahash_instance *inst)
62601c2deceSHerbert Xu {
62701c2deceSHerbert Xu 	int err;
62801c2deceSHerbert Xu 
62901c2deceSHerbert Xu 	err = ahash_prepare_alg(&inst->alg);
63001c2deceSHerbert Xu 	if (err)
63101c2deceSHerbert Xu 		return err;
63201c2deceSHerbert Xu 
63301c2deceSHerbert Xu 	return crypto_register_instance(tmpl, ahash_crypto_instance(inst));
63401c2deceSHerbert Xu }
63501c2deceSHerbert Xu EXPORT_SYMBOL_GPL(ahash_register_instance);
63601c2deceSHerbert Xu 
63701c2deceSHerbert Xu void ahash_free_instance(struct crypto_instance *inst)
63801c2deceSHerbert Xu {
63901c2deceSHerbert Xu 	crypto_drop_spawn(crypto_instance_ctx(inst));
64001c2deceSHerbert Xu 	kfree(ahash_instance(inst));
64101c2deceSHerbert Xu }
64201c2deceSHerbert Xu EXPORT_SYMBOL_GPL(ahash_free_instance);
64301c2deceSHerbert Xu 
64401c2deceSHerbert Xu int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
64501c2deceSHerbert Xu 			    struct hash_alg_common *alg,
64601c2deceSHerbert Xu 			    struct crypto_instance *inst)
64701c2deceSHerbert Xu {
64801c2deceSHerbert Xu 	return crypto_init_spawn2(&spawn->base, &alg->base, inst,
64901c2deceSHerbert Xu 				  &crypto_ahash_type);
65001c2deceSHerbert Xu }
65101c2deceSHerbert Xu EXPORT_SYMBOL_GPL(crypto_init_ahash_spawn);
65201c2deceSHerbert Xu 
65301c2deceSHerbert Xu struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, u32 type, u32 mask)
65401c2deceSHerbert Xu {
65501c2deceSHerbert Xu 	struct crypto_alg *alg;
65601c2deceSHerbert Xu 
65701c2deceSHerbert Xu 	alg = crypto_attr_alg2(rta, &crypto_ahash_type, type, mask);
65801c2deceSHerbert Xu 	return IS_ERR(alg) ? ERR_CAST(alg) : __crypto_hash_alg_common(alg);
65901c2deceSHerbert Xu }
66001c2deceSHerbert Xu EXPORT_SYMBOL_GPL(ahash_attr_alg);
66101c2deceSHerbert Xu 
662cd6ed77aSEric Biggers bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
663cd6ed77aSEric Biggers {
664cd6ed77aSEric Biggers 	struct crypto_alg *alg = &halg->base;
665cd6ed77aSEric Biggers 
666cd6ed77aSEric Biggers 	if (alg->cra_type != &crypto_ahash_type)
667cd6ed77aSEric Biggers 		return crypto_shash_alg_has_setkey(__crypto_shash_alg(alg));
668cd6ed77aSEric Biggers 
669cd6ed77aSEric Biggers 	return __crypto_ahash_alg(alg)->setkey != NULL;
670cd6ed77aSEric Biggers }
671cd6ed77aSEric Biggers EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
672cd6ed77aSEric Biggers 
673004a403cSLoc Ho MODULE_LICENSE("GPL");
674004a403cSLoc Ho MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
675