1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Synchronous Cryptographic Hash operations. 4 * 5 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8 #include <crypto/scatterwalk.h> 9 #include <crypto/internal/hash.h> 10 #include <linux/err.h> 11 #include <linux/kernel.h> 12 #include <linux/module.h> 13 #include <linux/slab.h> 14 #include <linux/seq_file.h> 15 #include <linux/cryptouser.h> 16 #include <net/netlink.h> 17 #include <linux/compiler.h> 18 19 #include "internal.h" 20 21 static const struct crypto_type crypto_shash_type; 22 23 static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, 24 unsigned int keylen) 25 { 26 return -ENOSYS; 27 } 28 29 /* 30 * Check whether an shash algorithm has a setkey function. 31 * 32 * For CFI compatibility, this must not be an inline function. This is because 33 * when CFI is enabled, modules won't get the same address for shash_no_setkey 34 * (if it were exported, which inlining would require) as the core kernel will. 35 */ 36 bool crypto_shash_alg_has_setkey(struct shash_alg *alg) 37 { 38 return alg->setkey != shash_no_setkey; 39 } 40 EXPORT_SYMBOL_GPL(crypto_shash_alg_has_setkey); 41 42 static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, 43 unsigned int keylen) 44 { 45 struct shash_alg *shash = crypto_shash_alg(tfm); 46 unsigned long alignmask = crypto_shash_alignmask(tfm); 47 unsigned long absize; 48 u8 *buffer, *alignbuffer; 49 int err; 50 51 absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); 52 buffer = kmalloc(absize, GFP_ATOMIC); 53 if (!buffer) 54 return -ENOMEM; 55 56 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 57 memcpy(alignbuffer, key, keylen); 58 err = shash->setkey(tfm, alignbuffer, keylen); 59 kfree_sensitive(buffer); 60 return err; 61 } 62 63 static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) 64 { 65 if (crypto_shash_alg_needs_key(alg)) 66 crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); 67 } 68 69 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, 70 unsigned int keylen) 71 { 72 struct shash_alg *shash = crypto_shash_alg(tfm); 73 unsigned long alignmask = crypto_shash_alignmask(tfm); 74 int err; 75 76 if ((unsigned long)key & alignmask) 77 err = shash_setkey_unaligned(tfm, key, keylen); 78 else 79 err = shash->setkey(tfm, key, keylen); 80 81 if (unlikely(err)) { 82 shash_set_needkey(tfm, shash); 83 return err; 84 } 85 86 crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 87 return 0; 88 } 89 EXPORT_SYMBOL_GPL(crypto_shash_setkey); 90 91 static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, 92 unsigned int len) 93 { 94 struct crypto_shash *tfm = desc->tfm; 95 struct shash_alg *shash = crypto_shash_alg(tfm); 96 unsigned long alignmask = crypto_shash_alignmask(tfm); 97 unsigned int unaligned_len = alignmask + 1 - 98 ((unsigned long)data & alignmask); 99 /* 100 * We cannot count on __aligned() working for large values: 101 * https://patchwork.kernel.org/patch/9507697/ 102 */ 103 u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2]; 104 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); 105 int err; 106 107 if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf))) 108 return -EINVAL; 109 110 if (unaligned_len > len) 111 unaligned_len = len; 112 113 memcpy(buf, data, unaligned_len); 114 err = shash->update(desc, buf, unaligned_len); 115 memset(buf, 0, unaligned_len); 116 117 return err ?: 118 shash->update(desc, data + unaligned_len, len - unaligned_len); 119 } 120 121 int crypto_shash_update(struct shash_desc *desc, const u8 *data, 122 unsigned int len) 123 { 124 struct crypto_shash *tfm = desc->tfm; 125 struct shash_alg *shash = crypto_shash_alg(tfm); 126 unsigned long alignmask = crypto_shash_alignmask(tfm); 127 128 if ((unsigned long)data & alignmask) 129 return shash_update_unaligned(desc, data, len); 130 131 return shash->update(desc, data, len); 132 } 133 EXPORT_SYMBOL_GPL(crypto_shash_update); 134 135 static int shash_final_unaligned(struct shash_desc *desc, u8 *out) 136 { 137 struct crypto_shash *tfm = desc->tfm; 138 unsigned long alignmask = crypto_shash_alignmask(tfm); 139 struct shash_alg *shash = crypto_shash_alg(tfm); 140 unsigned int ds = crypto_shash_digestsize(tfm); 141 /* 142 * We cannot count on __aligned() working for large values: 143 * https://patchwork.kernel.org/patch/9507697/ 144 */ 145 u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE]; 146 u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); 147 int err; 148 149 if (WARN_ON(buf + ds > ubuf + sizeof(ubuf))) 150 return -EINVAL; 151 152 err = shash->final(desc, buf); 153 if (err) 154 goto out; 155 156 memcpy(out, buf, ds); 157 158 out: 159 memset(buf, 0, ds); 160 return err; 161 } 162 163 int crypto_shash_final(struct shash_desc *desc, u8 *out) 164 { 165 struct crypto_shash *tfm = desc->tfm; 166 struct shash_alg *shash = crypto_shash_alg(tfm); 167 unsigned long alignmask = crypto_shash_alignmask(tfm); 168 169 if ((unsigned long)out & alignmask) 170 return shash_final_unaligned(desc, out); 171 172 return shash->final(desc, out); 173 } 174 EXPORT_SYMBOL_GPL(crypto_shash_final); 175 176 static int shash_finup_unaligned(struct shash_desc *desc, const u8 *data, 177 unsigned int len, u8 *out) 178 { 179 return crypto_shash_update(desc, data, len) ?: 180 crypto_shash_final(desc, out); 181 } 182 183 int crypto_shash_finup(struct shash_desc *desc, const u8 *data, 184 unsigned int len, u8 *out) 185 { 186 struct crypto_shash *tfm = desc->tfm; 187 struct shash_alg *shash = crypto_shash_alg(tfm); 188 unsigned long alignmask = crypto_shash_alignmask(tfm); 189 190 if (((unsigned long)data | (unsigned long)out) & alignmask) 191 return shash_finup_unaligned(desc, data, len, out); 192 193 return shash->finup(desc, data, len, out); 194 } 195 EXPORT_SYMBOL_GPL(crypto_shash_finup); 196 197 static int shash_digest_unaligned(struct shash_desc *desc, const u8 *data, 198 unsigned int len, u8 *out) 199 { 200 return crypto_shash_init(desc) ?: 201 crypto_shash_finup(desc, data, len, out); 202 } 203 204 int crypto_shash_digest(struct shash_desc *desc, const u8 *data, 205 unsigned int len, u8 *out) 206 { 207 struct crypto_shash *tfm = desc->tfm; 208 struct shash_alg *shash = crypto_shash_alg(tfm); 209 unsigned long alignmask = crypto_shash_alignmask(tfm); 210 211 if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 212 return -ENOKEY; 213 214 if (((unsigned long)data | (unsigned long)out) & alignmask) 215 return shash_digest_unaligned(desc, data, len, out); 216 217 return shash->digest(desc, data, len, out); 218 } 219 EXPORT_SYMBOL_GPL(crypto_shash_digest); 220 221 int crypto_shash_tfm_digest(struct crypto_shash *tfm, const u8 *data, 222 unsigned int len, u8 *out) 223 { 224 SHASH_DESC_ON_STACK(desc, tfm); 225 int err; 226 227 desc->tfm = tfm; 228 229 err = crypto_shash_digest(desc, data, len, out); 230 231 shash_desc_zero(desc); 232 233 return err; 234 } 235 EXPORT_SYMBOL_GPL(crypto_shash_tfm_digest); 236 237 static int shash_default_export(struct shash_desc *desc, void *out) 238 { 239 memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm)); 240 return 0; 241 } 242 243 static int shash_default_import(struct shash_desc *desc, const void *in) 244 { 245 memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(desc->tfm)); 246 return 0; 247 } 248 249 static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key, 250 unsigned int keylen) 251 { 252 struct crypto_shash **ctx = crypto_ahash_ctx(tfm); 253 254 return crypto_shash_setkey(*ctx, key, keylen); 255 } 256 257 static int shash_async_init(struct ahash_request *req) 258 { 259 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 260 struct shash_desc *desc = ahash_request_ctx(req); 261 262 desc->tfm = *ctx; 263 264 return crypto_shash_init(desc); 265 } 266 267 int shash_ahash_update(struct ahash_request *req, struct shash_desc *desc) 268 { 269 struct crypto_hash_walk walk; 270 int nbytes; 271 272 for (nbytes = crypto_hash_walk_first(req, &walk); nbytes > 0; 273 nbytes = crypto_hash_walk_done(&walk, nbytes)) 274 nbytes = crypto_shash_update(desc, walk.data, nbytes); 275 276 return nbytes; 277 } 278 EXPORT_SYMBOL_GPL(shash_ahash_update); 279 280 static int shash_async_update(struct ahash_request *req) 281 { 282 return shash_ahash_update(req, ahash_request_ctx(req)); 283 } 284 285 static int shash_async_final(struct ahash_request *req) 286 { 287 return crypto_shash_final(ahash_request_ctx(req), req->result); 288 } 289 290 int shash_ahash_finup(struct ahash_request *req, struct shash_desc *desc) 291 { 292 struct crypto_hash_walk walk; 293 int nbytes; 294 295 nbytes = crypto_hash_walk_first(req, &walk); 296 if (!nbytes) 297 return crypto_shash_final(desc, req->result); 298 299 do { 300 nbytes = crypto_hash_walk_last(&walk) ? 301 crypto_shash_finup(desc, walk.data, nbytes, 302 req->result) : 303 crypto_shash_update(desc, walk.data, nbytes); 304 nbytes = crypto_hash_walk_done(&walk, nbytes); 305 } while (nbytes > 0); 306 307 return nbytes; 308 } 309 EXPORT_SYMBOL_GPL(shash_ahash_finup); 310 311 static int shash_async_finup(struct ahash_request *req) 312 { 313 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 314 struct shash_desc *desc = ahash_request_ctx(req); 315 316 desc->tfm = *ctx; 317 318 return shash_ahash_finup(req, desc); 319 } 320 321 int shash_ahash_digest(struct ahash_request *req, struct shash_desc *desc) 322 { 323 unsigned int nbytes = req->nbytes; 324 struct scatterlist *sg; 325 unsigned int offset; 326 int err; 327 328 if (nbytes && 329 (sg = req->src, offset = sg->offset, 330 nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) { 331 void *data; 332 333 data = kmap_atomic(sg_page(sg)); 334 err = crypto_shash_digest(desc, data + offset, nbytes, 335 req->result); 336 kunmap_atomic(data); 337 } else 338 err = crypto_shash_init(desc) ?: 339 shash_ahash_finup(req, desc); 340 341 return err; 342 } 343 EXPORT_SYMBOL_GPL(shash_ahash_digest); 344 345 static int shash_async_digest(struct ahash_request *req) 346 { 347 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 348 struct shash_desc *desc = ahash_request_ctx(req); 349 350 desc->tfm = *ctx; 351 352 return shash_ahash_digest(req, desc); 353 } 354 355 static int shash_async_export(struct ahash_request *req, void *out) 356 { 357 return crypto_shash_export(ahash_request_ctx(req), out); 358 } 359 360 static int shash_async_import(struct ahash_request *req, const void *in) 361 { 362 struct crypto_shash **ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 363 struct shash_desc *desc = ahash_request_ctx(req); 364 365 desc->tfm = *ctx; 366 367 return crypto_shash_import(desc, in); 368 } 369 370 static void crypto_exit_shash_ops_async(struct crypto_tfm *tfm) 371 { 372 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 373 374 crypto_free_shash(*ctx); 375 } 376 377 int crypto_init_shash_ops_async(struct crypto_tfm *tfm) 378 { 379 struct crypto_alg *calg = tfm->__crt_alg; 380 struct shash_alg *alg = __crypto_shash_alg(calg); 381 struct crypto_ahash *crt = __crypto_ahash_cast(tfm); 382 struct crypto_shash **ctx = crypto_tfm_ctx(tfm); 383 struct crypto_shash *shash; 384 385 if (!crypto_mod_get(calg)) 386 return -EAGAIN; 387 388 shash = crypto_create_tfm(calg, &crypto_shash_type); 389 if (IS_ERR(shash)) { 390 crypto_mod_put(calg); 391 return PTR_ERR(shash); 392 } 393 394 *ctx = shash; 395 tfm->exit = crypto_exit_shash_ops_async; 396 397 crt->init = shash_async_init; 398 crt->update = shash_async_update; 399 crt->final = shash_async_final; 400 crt->finup = shash_async_finup; 401 crt->digest = shash_async_digest; 402 if (crypto_shash_alg_has_setkey(alg)) 403 crt->setkey = shash_async_setkey; 404 405 crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & 406 CRYPTO_TFM_NEED_KEY); 407 408 crt->export = shash_async_export; 409 crt->import = shash_async_import; 410 411 crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash); 412 413 return 0; 414 } 415 416 static void crypto_shash_exit_tfm(struct crypto_tfm *tfm) 417 { 418 struct crypto_shash *hash = __crypto_shash_cast(tfm); 419 struct shash_alg *alg = crypto_shash_alg(hash); 420 421 alg->exit_tfm(hash); 422 } 423 424 static int crypto_shash_init_tfm(struct crypto_tfm *tfm) 425 { 426 struct crypto_shash *hash = __crypto_shash_cast(tfm); 427 struct shash_alg *alg = crypto_shash_alg(hash); 428 int err; 429 430 hash->descsize = alg->descsize; 431 432 shash_set_needkey(hash, alg); 433 434 if (alg->exit_tfm) 435 tfm->exit = crypto_shash_exit_tfm; 436 437 if (!alg->init_tfm) 438 return 0; 439 440 err = alg->init_tfm(hash); 441 if (err) 442 return err; 443 444 /* ->init_tfm() may have increased the descsize. */ 445 if (WARN_ON_ONCE(hash->descsize > HASH_MAX_DESCSIZE)) { 446 if (alg->exit_tfm) 447 alg->exit_tfm(hash); 448 return -EINVAL; 449 } 450 451 return 0; 452 } 453 454 static void crypto_shash_free_instance(struct crypto_instance *inst) 455 { 456 struct shash_instance *shash = shash_instance(inst); 457 458 shash->free(shash); 459 } 460 461 #ifdef CONFIG_NET 462 static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) 463 { 464 struct crypto_report_hash rhash; 465 struct shash_alg *salg = __crypto_shash_alg(alg); 466 467 memset(&rhash, 0, sizeof(rhash)); 468 469 strscpy(rhash.type, "shash", sizeof(rhash.type)); 470 471 rhash.blocksize = alg->cra_blocksize; 472 rhash.digestsize = salg->digestsize; 473 474 return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash); 475 } 476 #else 477 static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) 478 { 479 return -ENOSYS; 480 } 481 #endif 482 483 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 484 __maybe_unused; 485 static void crypto_shash_show(struct seq_file *m, struct crypto_alg *alg) 486 { 487 struct shash_alg *salg = __crypto_shash_alg(alg); 488 489 seq_printf(m, "type : shash\n"); 490 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 491 seq_printf(m, "digestsize : %u\n", salg->digestsize); 492 } 493 494 static const struct crypto_type crypto_shash_type = { 495 .extsize = crypto_alg_extsize, 496 .init_tfm = crypto_shash_init_tfm, 497 .free = crypto_shash_free_instance, 498 #ifdef CONFIG_PROC_FS 499 .show = crypto_shash_show, 500 #endif 501 .report = crypto_shash_report, 502 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 503 .maskset = CRYPTO_ALG_TYPE_MASK, 504 .type = CRYPTO_ALG_TYPE_SHASH, 505 .tfmsize = offsetof(struct crypto_shash, base), 506 }; 507 508 int crypto_grab_shash(struct crypto_shash_spawn *spawn, 509 struct crypto_instance *inst, 510 const char *name, u32 type, u32 mask) 511 { 512 spawn->base.frontend = &crypto_shash_type; 513 return crypto_grab_spawn(&spawn->base, inst, name, type, mask); 514 } 515 EXPORT_SYMBOL_GPL(crypto_grab_shash); 516 517 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type, 518 u32 mask) 519 { 520 return crypto_alloc_tfm(alg_name, &crypto_shash_type, type, mask); 521 } 522 EXPORT_SYMBOL_GPL(crypto_alloc_shash); 523 524 int crypto_has_shash(const char *alg_name, u32 type, u32 mask) 525 { 526 return crypto_type_has_alg(alg_name, &crypto_shash_type, type, mask); 527 } 528 EXPORT_SYMBOL_GPL(crypto_has_shash); 529 530 static int shash_prepare_alg(struct shash_alg *alg) 531 { 532 struct crypto_alg *base = &alg->base; 533 534 if (alg->digestsize > HASH_MAX_DIGESTSIZE || 535 alg->descsize > HASH_MAX_DESCSIZE || 536 alg->statesize > HASH_MAX_STATESIZE) 537 return -EINVAL; 538 539 if ((alg->export && !alg->import) || (alg->import && !alg->export)) 540 return -EINVAL; 541 542 base->cra_type = &crypto_shash_type; 543 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 544 base->cra_flags |= CRYPTO_ALG_TYPE_SHASH; 545 546 if (!alg->finup) 547 alg->finup = shash_finup_unaligned; 548 if (!alg->digest) 549 alg->digest = shash_digest_unaligned; 550 if (!alg->export) { 551 alg->export = shash_default_export; 552 alg->import = shash_default_import; 553 alg->statesize = alg->descsize; 554 } 555 if (!alg->setkey) 556 alg->setkey = shash_no_setkey; 557 558 return 0; 559 } 560 561 int crypto_register_shash(struct shash_alg *alg) 562 { 563 struct crypto_alg *base = &alg->base; 564 int err; 565 566 err = shash_prepare_alg(alg); 567 if (err) 568 return err; 569 570 return crypto_register_alg(base); 571 } 572 EXPORT_SYMBOL_GPL(crypto_register_shash); 573 574 void crypto_unregister_shash(struct shash_alg *alg) 575 { 576 crypto_unregister_alg(&alg->base); 577 } 578 EXPORT_SYMBOL_GPL(crypto_unregister_shash); 579 580 int crypto_register_shashes(struct shash_alg *algs, int count) 581 { 582 int i, ret; 583 584 for (i = 0; i < count; i++) { 585 ret = crypto_register_shash(&algs[i]); 586 if (ret) 587 goto err; 588 } 589 590 return 0; 591 592 err: 593 for (--i; i >= 0; --i) 594 crypto_unregister_shash(&algs[i]); 595 596 return ret; 597 } 598 EXPORT_SYMBOL_GPL(crypto_register_shashes); 599 600 void crypto_unregister_shashes(struct shash_alg *algs, int count) 601 { 602 int i; 603 604 for (i = count - 1; i >= 0; --i) 605 crypto_unregister_shash(&algs[i]); 606 } 607 EXPORT_SYMBOL_GPL(crypto_unregister_shashes); 608 609 int shash_register_instance(struct crypto_template *tmpl, 610 struct shash_instance *inst) 611 { 612 int err; 613 614 if (WARN_ON(!inst->free)) 615 return -EINVAL; 616 617 err = shash_prepare_alg(&inst->alg); 618 if (err) 619 return err; 620 621 return crypto_register_instance(tmpl, shash_crypto_instance(inst)); 622 } 623 EXPORT_SYMBOL_GPL(shash_register_instance); 624 625 void shash_free_singlespawn_instance(struct shash_instance *inst) 626 { 627 crypto_drop_spawn(shash_instance_ctx(inst)); 628 kfree(inst); 629 } 630 EXPORT_SYMBOL_GPL(shash_free_singlespawn_instance); 631 632 MODULE_LICENSE("GPL"); 633 MODULE_DESCRIPTION("Synchronous cryptographic hash type"); 634