xref: /openbmc/linux/include/crypto/hash.h (revision 8bd1369b)
1 /*
2  * Hash: Hash algorithms under the crypto API
3  *
4  * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  *
11  */
12 
13 #ifndef _CRYPTO_HASH_H
14 #define _CRYPTO_HASH_H
15 
16 #include <linux/crypto.h>
17 #include <linux/string.h>
18 
19 struct crypto_ahash;
20 
21 /**
22  * DOC: Message Digest Algorithm Definitions
23  *
24  * These data structures define modular message digest algorithm
25  * implementations, managed via crypto_register_ahash(),
26  * crypto_register_shash(), crypto_unregister_ahash() and
27  * crypto_unregister_shash().
28  */
29 
30 /**
31  * struct hash_alg_common - define properties of message digest
32  * @digestsize: Size of the result of the transformation. A buffer of this size
33  *	        must be available to the @final and @finup calls, so they can
34  *	        store the resulting hash into it. For various predefined sizes,
35  *	        search include/crypto/ using
36  *	        git grep _DIGEST_SIZE include/crypto.
37  * @statesize: Size of the block for partial state of the transformation. A
38  *	       buffer of this size must be passed to the @export function as it
39  *	       will save the partial state of the transformation into it. On the
40  *	       other side, the @import function will load the state from a
41  *	       buffer of this size as well.
42  * @base: Start of data structure of cipher algorithm. The common data
43  *	  structure of crypto_alg contains information common to all ciphers.
44  *	  The hash_alg_common data structure now adds the hash-specific
45  *	  information.
46  */
47 struct hash_alg_common {
48 	unsigned int digestsize;
49 	unsigned int statesize;
50 
51 	struct crypto_alg base;
52 };
53 
54 struct ahash_request {
55 	struct crypto_async_request base;
56 
57 	unsigned int nbytes;
58 	struct scatterlist *src;
59 	u8 *result;
60 
61 	/* This field may only be used by the ahash API code. */
62 	void *priv;
63 
64 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
65 };
66 
67 #define AHASH_REQUEST_ON_STACK(name, ahash) \
68 	char __##name##_desc[sizeof(struct ahash_request) + \
69 		crypto_ahash_reqsize(ahash)] CRYPTO_MINALIGN_ATTR; \
70 	struct ahash_request *name = (void *)__##name##_desc
71 
72 /**
73  * struct ahash_alg - asynchronous message digest definition
74  * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the
75  *	  state of the HASH transformation at the beginning. This shall fill in
76  *	  the internal structures used during the entire duration of the whole
77  *	  transformation. No data processing happens at this point. Driver code
78  *	  implementation must not use req->result.
79  * @update: **[mandatory]** Push a chunk of data into the driver for transformation. This
80  *	   function actually pushes blocks of data from upper layers into the
81  *	   driver, which then passes those to the hardware as seen fit. This
82  *	   function must not finalize the HASH transformation by calculating the
83  *	   final message digest as this only adds more data into the
84  *	   transformation. This function shall not modify the transformation
85  *	   context, as this function may be called in parallel with the same
86  *	   transformation object. Data processing can happen synchronously
87  *	   [SHASH] or asynchronously [AHASH] at this point. Driver must not use
88  *	   req->result.
89  * @final: **[mandatory]** Retrieve result from the driver. This function finalizes the
90  *	   transformation and retrieves the resulting hash from the driver and
91  *	   pushes it back to upper layers. No data processing happens at this
92  *	   point unless hardware requires it to finish the transformation
93  *	   (then the data buffered by the device driver is processed).
94  * @finup: **[optional]** Combination of @update and @final. This function is effectively a
95  *	   combination of @update and @final calls issued in sequence. As some
96  *	   hardware cannot do @update and @final separately, this callback was
97  *	   added to allow such hardware to be used at least by IPsec. Data
98  *	   processing can happen synchronously [SHASH] or asynchronously [AHASH]
99  *	   at this point.
100  * @digest: Combination of @init and @update and @final. This function
101  *	    effectively behaves as the entire chain of operations, @init,
102  *	    @update and @final issued in sequence. Just like @finup, this was
103  *	    added for hardware which cannot do even the @finup, but can only do
104  *	    the whole transformation in one run. Data processing can happen
105  *	    synchronously [SHASH] or asynchronously [AHASH] at this point.
106  * @setkey: Set optional key used by the hashing algorithm. Intended to push
107  *	    optional key used by the hashing algorithm from upper layers into
108  *	    the driver. This function can store the key in the transformation
109  *	    context or can outright program it into the hardware. In the former
110  *	    case, one must be careful to program the key into the hardware at
111  *	    appropriate time and one must be careful that .setkey() can be
112  *	    called multiple times during the existence of the transformation
113  *	    object. Not  all hashing algorithms do implement this function as it
114  *	    is only needed for keyed message digests. SHAx/MDx/CRCx do NOT
115  *	    implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement
116  *	    this function. This function must be called before any other of the
117  *	    @init, @update, @final, @finup, @digest is called. No data
118  *	    processing happens at this point.
119  * @export: Export partial state of the transformation. This function dumps the
120  *	    entire state of the ongoing transformation into a provided block of
121  *	    data so it can be @import 'ed back later on. This is useful in case
122  *	    you want to save partial result of the transformation after
123  *	    processing certain amount of data and reload this partial result
124  *	    multiple times later on for multiple re-use. No data processing
125  *	    happens at this point. Driver must not use req->result.
126  * @import: Import partial state of the transformation. This function loads the
127  *	    entire state of the ongoing transformation from a provided block of
128  *	    data so the transformation can continue from this point onward. No
129  *	    data processing happens at this point. Driver must not use
130  *	    req->result.
131  * @halg: see struct hash_alg_common
132  */
133 struct ahash_alg {
134 	int (*init)(struct ahash_request *req);
135 	int (*update)(struct ahash_request *req);
136 	int (*final)(struct ahash_request *req);
137 	int (*finup)(struct ahash_request *req);
138 	int (*digest)(struct ahash_request *req);
139 	int (*export)(struct ahash_request *req, void *out);
140 	int (*import)(struct ahash_request *req, const void *in);
141 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
142 		      unsigned int keylen);
143 
144 	struct hash_alg_common halg;
145 };
146 
147 struct shash_desc {
148 	struct crypto_shash *tfm;
149 	u32 flags;
150 
151 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
152 };
153 
154 #define SHASH_DESC_ON_STACK(shash, ctx)				  \
155 	char __##shash##_desc[sizeof(struct shash_desc) +	  \
156 		crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \
157 	struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
158 
159 /**
160  * struct shash_alg - synchronous message digest definition
161  * @init: see struct ahash_alg
162  * @update: see struct ahash_alg
163  * @final: see struct ahash_alg
164  * @finup: see struct ahash_alg
165  * @digest: see struct ahash_alg
166  * @export: see struct ahash_alg
167  * @import: see struct ahash_alg
168  * @setkey: see struct ahash_alg
169  * @digestsize: see struct ahash_alg
170  * @statesize: see struct ahash_alg
171  * @descsize: Size of the operational state for the message digest. This state
172  * 	      size is the memory size that needs to be allocated for
173  *	      shash_desc.__ctx
174  * @base: internally used
175  */
176 struct shash_alg {
177 	int (*init)(struct shash_desc *desc);
178 	int (*update)(struct shash_desc *desc, const u8 *data,
179 		      unsigned int len);
180 	int (*final)(struct shash_desc *desc, u8 *out);
181 	int (*finup)(struct shash_desc *desc, const u8 *data,
182 		     unsigned int len, u8 *out);
183 	int (*digest)(struct shash_desc *desc, const u8 *data,
184 		      unsigned int len, u8 *out);
185 	int (*export)(struct shash_desc *desc, void *out);
186 	int (*import)(struct shash_desc *desc, const void *in);
187 	int (*setkey)(struct crypto_shash *tfm, const u8 *key,
188 		      unsigned int keylen);
189 
190 	unsigned int descsize;
191 
192 	/* These fields must match hash_alg_common. */
193 	unsigned int digestsize
194 		__attribute__ ((aligned(__alignof__(struct hash_alg_common))));
195 	unsigned int statesize;
196 
197 	struct crypto_alg base;
198 };
199 
200 struct crypto_ahash {
201 	int (*init)(struct ahash_request *req);
202 	int (*update)(struct ahash_request *req);
203 	int (*final)(struct ahash_request *req);
204 	int (*finup)(struct ahash_request *req);
205 	int (*digest)(struct ahash_request *req);
206 	int (*export)(struct ahash_request *req, void *out);
207 	int (*import)(struct ahash_request *req, const void *in);
208 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
209 		      unsigned int keylen);
210 
211 	unsigned int reqsize;
212 	struct crypto_tfm base;
213 };
214 
215 struct crypto_shash {
216 	unsigned int descsize;
217 	struct crypto_tfm base;
218 };
219 
220 /**
221  * DOC: Asynchronous Message Digest API
222  *
223  * The asynchronous message digest API is used with the ciphers of type
224  * CRYPTO_ALG_TYPE_AHASH (listed as type "ahash" in /proc/crypto)
225  *
226  * The asynchronous cipher operation discussion provided for the
227  * CRYPTO_ALG_TYPE_ABLKCIPHER API applies here as well.
228  */
229 
230 static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
231 {
232 	return container_of(tfm, struct crypto_ahash, base);
233 }
234 
235 /**
236  * crypto_alloc_ahash() - allocate ahash cipher handle
237  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
238  *	      ahash cipher
239  * @type: specifies the type of the cipher
240  * @mask: specifies the mask for the cipher
241  *
242  * Allocate a cipher handle for an ahash. The returned struct
243  * crypto_ahash is the cipher handle that is required for any subsequent
244  * API invocation for that ahash.
245  *
246  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
247  *	   of an error, PTR_ERR() returns the error code.
248  */
249 struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
250 					u32 mask);
251 
252 static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
253 {
254 	return &tfm->base;
255 }
256 
257 /**
258  * crypto_free_ahash() - zeroize and free the ahash handle
259  * @tfm: cipher handle to be freed
260  */
261 static inline void crypto_free_ahash(struct crypto_ahash *tfm)
262 {
263 	crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
264 }
265 
266 /**
267  * crypto_has_ahash() - Search for the availability of an ahash.
268  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
269  *	      ahash
270  * @type: specifies the type of the ahash
271  * @mask: specifies the mask for the ahash
272  *
273  * Return: true when the ahash is known to the kernel crypto API; false
274  *	   otherwise
275  */
276 int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
277 
278 static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
279 {
280 	return crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
281 }
282 
283 static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm)
284 {
285 	return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
286 }
287 
288 static inline unsigned int crypto_ahash_alignmask(
289 	struct crypto_ahash *tfm)
290 {
291 	return crypto_tfm_alg_alignmask(crypto_ahash_tfm(tfm));
292 }
293 
294 /**
295  * crypto_ahash_blocksize() - obtain block size for cipher
296  * @tfm: cipher handle
297  *
298  * The block size for the message digest cipher referenced with the cipher
299  * handle is returned.
300  *
301  * Return: block size of cipher
302  */
303 static inline unsigned int crypto_ahash_blocksize(struct crypto_ahash *tfm)
304 {
305 	return crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
306 }
307 
308 static inline struct hash_alg_common *__crypto_hash_alg_common(
309 	struct crypto_alg *alg)
310 {
311 	return container_of(alg, struct hash_alg_common, base);
312 }
313 
314 static inline struct hash_alg_common *crypto_hash_alg_common(
315 	struct crypto_ahash *tfm)
316 {
317 	return __crypto_hash_alg_common(crypto_ahash_tfm(tfm)->__crt_alg);
318 }
319 
320 /**
321  * crypto_ahash_digestsize() - obtain message digest size
322  * @tfm: cipher handle
323  *
324  * The size for the message digest created by the message digest cipher
325  * referenced with the cipher handle is returned.
326  *
327  *
328  * Return: message digest size of cipher
329  */
330 static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
331 {
332 	return crypto_hash_alg_common(tfm)->digestsize;
333 }
334 
335 /**
336  * crypto_ahash_statesize() - obtain size of the ahash state
337  * @tfm: cipher handle
338  *
339  * Return the size of the ahash state. With the crypto_ahash_export()
340  * function, the caller can export the state into a buffer whose size is
341  * defined with this function.
342  *
343  * Return: size of the ahash state
344  */
345 static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
346 {
347 	return crypto_hash_alg_common(tfm)->statesize;
348 }
349 
350 static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm)
351 {
352 	return crypto_tfm_get_flags(crypto_ahash_tfm(tfm));
353 }
354 
355 static inline void crypto_ahash_set_flags(struct crypto_ahash *tfm, u32 flags)
356 {
357 	crypto_tfm_set_flags(crypto_ahash_tfm(tfm), flags);
358 }
359 
360 static inline void crypto_ahash_clear_flags(struct crypto_ahash *tfm, u32 flags)
361 {
362 	crypto_tfm_clear_flags(crypto_ahash_tfm(tfm), flags);
363 }
364 
365 /**
366  * crypto_ahash_reqtfm() - obtain cipher handle from request
367  * @req: asynchronous request handle that contains the reference to the ahash
368  *	 cipher handle
369  *
370  * Return the ahash cipher handle that is registered with the asynchronous
371  * request handle ahash_request.
372  *
373  * Return: ahash cipher handle
374  */
375 static inline struct crypto_ahash *crypto_ahash_reqtfm(
376 	struct ahash_request *req)
377 {
378 	return __crypto_ahash_cast(req->base.tfm);
379 }
380 
381 /**
382  * crypto_ahash_reqsize() - obtain size of the request data structure
383  * @tfm: cipher handle
384  *
385  * Return: size of the request data
386  */
387 static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm)
388 {
389 	return tfm->reqsize;
390 }
391 
392 static inline void *ahash_request_ctx(struct ahash_request *req)
393 {
394 	return req->__ctx;
395 }
396 
397 /**
398  * crypto_ahash_setkey - set key for cipher handle
399  * @tfm: cipher handle
400  * @key: buffer holding the key
401  * @keylen: length of the key in bytes
402  *
403  * The caller provided key is set for the ahash cipher. The cipher
404  * handle must point to a keyed hash in order for this function to succeed.
405  *
406  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
407  */
408 int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
409 			unsigned int keylen);
410 
411 /**
412  * crypto_ahash_finup() - update and finalize message digest
413  * @req: reference to the ahash_request handle that holds all information
414  *	 needed to perform the cipher operation
415  *
416  * This function is a "short-hand" for the function calls of
417  * crypto_ahash_update and crypto_ahash_final. The parameters have the same
418  * meaning as discussed for those separate functions.
419  *
420  * Return: see crypto_ahash_final()
421  */
422 int crypto_ahash_finup(struct ahash_request *req);
423 
424 /**
425  * crypto_ahash_final() - calculate message digest
426  * @req: reference to the ahash_request handle that holds all information
427  *	 needed to perform the cipher operation
428  *
429  * Finalize the message digest operation and create the message digest
430  * based on all data added to the cipher handle. The message digest is placed
431  * into the output buffer registered with the ahash_request handle.
432  *
433  * Return:
434  * 0		if the message digest was successfully calculated;
435  * -EINPROGRESS	if data is feeded into hardware (DMA) or queued for later;
436  * -EBUSY	if queue is full and request should be resubmitted later;
437  * other < 0	if an error occurred
438  */
439 int crypto_ahash_final(struct ahash_request *req);
440 
441 /**
442  * crypto_ahash_digest() - calculate message digest for a buffer
443  * @req: reference to the ahash_request handle that holds all information
444  *	 needed to perform the cipher operation
445  *
446  * This function is a "short-hand" for the function calls of crypto_ahash_init,
447  * crypto_ahash_update and crypto_ahash_final. The parameters have the same
448  * meaning as discussed for those separate three functions.
449  *
450  * Return: see crypto_ahash_final()
451  */
452 int crypto_ahash_digest(struct ahash_request *req);
453 
454 /**
455  * crypto_ahash_export() - extract current message digest state
456  * @req: reference to the ahash_request handle whose state is exported
457  * @out: output buffer of sufficient size that can hold the hash state
458  *
459  * This function exports the hash state of the ahash_request handle into the
460  * caller-allocated output buffer out which must have sufficient size (e.g. by
461  * calling crypto_ahash_statesize()).
462  *
463  * Return: 0 if the export was successful; < 0 if an error occurred
464  */
465 static inline int crypto_ahash_export(struct ahash_request *req, void *out)
466 {
467 	return crypto_ahash_reqtfm(req)->export(req, out);
468 }
469 
470 /**
471  * crypto_ahash_import() - import message digest state
472  * @req: reference to ahash_request handle the state is imported into
473  * @in: buffer holding the state
474  *
475  * This function imports the hash state into the ahash_request handle from the
476  * input buffer. That buffer should have been generated with the
477  * crypto_ahash_export function.
478  *
479  * Return: 0 if the import was successful; < 0 if an error occurred
480  */
481 static inline int crypto_ahash_import(struct ahash_request *req, const void *in)
482 {
483 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
484 
485 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
486 		return -ENOKEY;
487 
488 	return tfm->import(req, in);
489 }
490 
491 /**
492  * crypto_ahash_init() - (re)initialize message digest handle
493  * @req: ahash_request handle that already is initialized with all necessary
494  *	 data using the ahash_request_* API functions
495  *
496  * The call (re-)initializes the message digest referenced by the ahash_request
497  * handle. Any potentially existing state created by previous operations is
498  * discarded.
499  *
500  * Return: see crypto_ahash_final()
501  */
502 static inline int crypto_ahash_init(struct ahash_request *req)
503 {
504 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
505 
506 	if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
507 		return -ENOKEY;
508 
509 	return tfm->init(req);
510 }
511 
512 /**
513  * crypto_ahash_update() - add data to message digest for processing
514  * @req: ahash_request handle that was previously initialized with the
515  *	 crypto_ahash_init call.
516  *
517  * Updates the message digest state of the &ahash_request handle. The input data
518  * is pointed to by the scatter/gather list registered in the &ahash_request
519  * handle
520  *
521  * Return: see crypto_ahash_final()
522  */
523 static inline int crypto_ahash_update(struct ahash_request *req)
524 {
525 	return crypto_ahash_reqtfm(req)->update(req);
526 }
527 
528 /**
529  * DOC: Asynchronous Hash Request Handle
530  *
531  * The &ahash_request data structure contains all pointers to data
532  * required for the asynchronous cipher operation. This includes the cipher
533  * handle (which can be used by multiple &ahash_request instances), pointer
534  * to plaintext and the message digest output buffer, asynchronous callback
535  * function, etc. It acts as a handle to the ahash_request_* API calls in a
536  * similar way as ahash handle to the crypto_ahash_* API calls.
537  */
538 
539 /**
540  * ahash_request_set_tfm() - update cipher handle reference in request
541  * @req: request handle to be modified
542  * @tfm: cipher handle that shall be added to the request handle
543  *
544  * Allow the caller to replace the existing ahash handle in the request
545  * data structure with a different one.
546  */
547 static inline void ahash_request_set_tfm(struct ahash_request *req,
548 					 struct crypto_ahash *tfm)
549 {
550 	req->base.tfm = crypto_ahash_tfm(tfm);
551 }
552 
553 /**
554  * ahash_request_alloc() - allocate request data structure
555  * @tfm: cipher handle to be registered with the request
556  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
557  *
558  * Allocate the request data structure that must be used with the ahash
559  * message digest API calls. During
560  * the allocation, the provided ahash handle
561  * is registered in the request data structure.
562  *
563  * Return: allocated request handle in case of success, or NULL if out of memory
564  */
565 static inline struct ahash_request *ahash_request_alloc(
566 	struct crypto_ahash *tfm, gfp_t gfp)
567 {
568 	struct ahash_request *req;
569 
570 	req = kmalloc(sizeof(struct ahash_request) +
571 		      crypto_ahash_reqsize(tfm), gfp);
572 
573 	if (likely(req))
574 		ahash_request_set_tfm(req, tfm);
575 
576 	return req;
577 }
578 
579 /**
580  * ahash_request_free() - zeroize and free the request data structure
581  * @req: request data structure cipher handle to be freed
582  */
583 static inline void ahash_request_free(struct ahash_request *req)
584 {
585 	kzfree(req);
586 }
587 
588 static inline void ahash_request_zero(struct ahash_request *req)
589 {
590 	memzero_explicit(req, sizeof(*req) +
591 			      crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
592 }
593 
594 static inline struct ahash_request *ahash_request_cast(
595 	struct crypto_async_request *req)
596 {
597 	return container_of(req, struct ahash_request, base);
598 }
599 
600 /**
601  * ahash_request_set_callback() - set asynchronous callback function
602  * @req: request handle
603  * @flags: specify zero or an ORing of the flags
604  *	   CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
605  *	   increase the wait queue beyond the initial maximum size;
606  *	   CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
607  * @compl: callback function pointer to be registered with the request handle
608  * @data: The data pointer refers to memory that is not used by the kernel
609  *	  crypto API, but provided to the callback function for it to use. Here,
610  *	  the caller can provide a reference to memory the callback function can
611  *	  operate on. As the callback function is invoked asynchronously to the
612  *	  related functionality, it may need to access data structures of the
613  *	  related functionality which can be referenced using this pointer. The
614  *	  callback function can access the memory via the "data" field in the
615  *	  &crypto_async_request data structure provided to the callback function.
616  *
617  * This function allows setting the callback function that is triggered once
618  * the cipher operation completes.
619  *
620  * The callback function is registered with the &ahash_request handle and
621  * must comply with the following template::
622  *
623  *	void callback_function(struct crypto_async_request *req, int error)
624  */
625 static inline void ahash_request_set_callback(struct ahash_request *req,
626 					      u32 flags,
627 					      crypto_completion_t compl,
628 					      void *data)
629 {
630 	req->base.complete = compl;
631 	req->base.data = data;
632 	req->base.flags = flags;
633 }
634 
635 /**
636  * ahash_request_set_crypt() - set data buffers
637  * @req: ahash_request handle to be updated
638  * @src: source scatter/gather list
639  * @result: buffer that is filled with the message digest -- the caller must
640  *	    ensure that the buffer has sufficient space by, for example, calling
641  *	    crypto_ahash_digestsize()
642  * @nbytes: number of bytes to process from the source scatter/gather list
643  *
644  * By using this call, the caller references the source scatter/gather list.
645  * The source scatter/gather list points to the data the message digest is to
646  * be calculated for.
647  */
648 static inline void ahash_request_set_crypt(struct ahash_request *req,
649 					   struct scatterlist *src, u8 *result,
650 					   unsigned int nbytes)
651 {
652 	req->src = src;
653 	req->nbytes = nbytes;
654 	req->result = result;
655 }
656 
657 /**
658  * DOC: Synchronous Message Digest API
659  *
660  * The synchronous message digest API is used with the ciphers of type
661  * CRYPTO_ALG_TYPE_SHASH (listed as type "shash" in /proc/crypto)
662  *
663  * The message digest API is able to maintain state information for the
664  * caller.
665  *
666  * The synchronous message digest API can store user-related context in in its
667  * shash_desc request data structure.
668  */
669 
670 /**
671  * crypto_alloc_shash() - allocate message digest handle
672  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
673  *	      message digest cipher
674  * @type: specifies the type of the cipher
675  * @mask: specifies the mask for the cipher
676  *
677  * Allocate a cipher handle for a message digest. The returned &struct
678  * crypto_shash is the cipher handle that is required for any subsequent
679  * API invocation for that message digest.
680  *
681  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
682  *	   of an error, PTR_ERR() returns the error code.
683  */
684 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
685 					u32 mask);
686 
687 static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
688 {
689 	return &tfm->base;
690 }
691 
692 /**
693  * crypto_free_shash() - zeroize and free the message digest handle
694  * @tfm: cipher handle to be freed
695  */
696 static inline void crypto_free_shash(struct crypto_shash *tfm)
697 {
698 	crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm));
699 }
700 
701 static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm)
702 {
703 	return crypto_tfm_alg_name(crypto_shash_tfm(tfm));
704 }
705 
706 static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm)
707 {
708 	return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
709 }
710 
711 static inline unsigned int crypto_shash_alignmask(
712 	struct crypto_shash *tfm)
713 {
714 	return crypto_tfm_alg_alignmask(crypto_shash_tfm(tfm));
715 }
716 
717 /**
718  * crypto_shash_blocksize() - obtain block size for cipher
719  * @tfm: cipher handle
720  *
721  * The block size for the message digest cipher referenced with the cipher
722  * handle is returned.
723  *
724  * Return: block size of cipher
725  */
726 static inline unsigned int crypto_shash_blocksize(struct crypto_shash *tfm)
727 {
728 	return crypto_tfm_alg_blocksize(crypto_shash_tfm(tfm));
729 }
730 
731 static inline struct shash_alg *__crypto_shash_alg(struct crypto_alg *alg)
732 {
733 	return container_of(alg, struct shash_alg, base);
734 }
735 
736 static inline struct shash_alg *crypto_shash_alg(struct crypto_shash *tfm)
737 {
738 	return __crypto_shash_alg(crypto_shash_tfm(tfm)->__crt_alg);
739 }
740 
741 /**
742  * crypto_shash_digestsize() - obtain message digest size
743  * @tfm: cipher handle
744  *
745  * The size for the message digest created by the message digest cipher
746  * referenced with the cipher handle is returned.
747  *
748  * Return: digest size of cipher
749  */
750 static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm)
751 {
752 	return crypto_shash_alg(tfm)->digestsize;
753 }
754 
755 static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm)
756 {
757 	return crypto_shash_alg(tfm)->statesize;
758 }
759 
760 static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm)
761 {
762 	return crypto_tfm_get_flags(crypto_shash_tfm(tfm));
763 }
764 
765 static inline void crypto_shash_set_flags(struct crypto_shash *tfm, u32 flags)
766 {
767 	crypto_tfm_set_flags(crypto_shash_tfm(tfm), flags);
768 }
769 
770 static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags)
771 {
772 	crypto_tfm_clear_flags(crypto_shash_tfm(tfm), flags);
773 }
774 
775 /**
776  * crypto_shash_descsize() - obtain the operational state size
777  * @tfm: cipher handle
778  *
779  * The size of the operational state the cipher needs during operation is
780  * returned for the hash referenced with the cipher handle. This size is
781  * required to calculate the memory requirements to allow the caller allocating
782  * sufficient memory for operational state.
783  *
784  * The operational state is defined with struct shash_desc where the size of
785  * that data structure is to be calculated as
786  * sizeof(struct shash_desc) + crypto_shash_descsize(alg)
787  *
788  * Return: size of the operational state
789  */
790 static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
791 {
792 	return tfm->descsize;
793 }
794 
795 static inline void *shash_desc_ctx(struct shash_desc *desc)
796 {
797 	return desc->__ctx;
798 }
799 
800 /**
801  * crypto_shash_setkey() - set key for message digest
802  * @tfm: cipher handle
803  * @key: buffer holding the key
804  * @keylen: length of the key in bytes
805  *
806  * The caller provided key is set for the keyed message digest cipher. The
807  * cipher handle must point to a keyed message digest cipher in order for this
808  * function to succeed.
809  *
810  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
811  */
812 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
813 			unsigned int keylen);
814 
815 /**
816  * crypto_shash_digest() - calculate message digest for buffer
817  * @desc: see crypto_shash_final()
818  * @data: see crypto_shash_update()
819  * @len: see crypto_shash_update()
820  * @out: see crypto_shash_final()
821  *
822  * This function is a "short-hand" for the function calls of crypto_shash_init,
823  * crypto_shash_update and crypto_shash_final. The parameters have the same
824  * meaning as discussed for those separate three functions.
825  *
826  * Return: 0 if the message digest creation was successful; < 0 if an error
827  *	   occurred
828  */
829 int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
830 			unsigned int len, u8 *out);
831 
832 /**
833  * crypto_shash_export() - extract operational state for message digest
834  * @desc: reference to the operational state handle whose state is exported
835  * @out: output buffer of sufficient size that can hold the hash state
836  *
837  * This function exports the hash state of the operational state handle into the
838  * caller-allocated output buffer out which must have sufficient size (e.g. by
839  * calling crypto_shash_descsize).
840  *
841  * Return: 0 if the export creation was successful; < 0 if an error occurred
842  */
843 static inline int crypto_shash_export(struct shash_desc *desc, void *out)
844 {
845 	return crypto_shash_alg(desc->tfm)->export(desc, out);
846 }
847 
848 /**
849  * crypto_shash_import() - import operational state
850  * @desc: reference to the operational state handle the state imported into
851  * @in: buffer holding the state
852  *
853  * This function imports the hash state into the operational state handle from
854  * the input buffer. That buffer should have been generated with the
855  * crypto_ahash_export function.
856  *
857  * Return: 0 if the import was successful; < 0 if an error occurred
858  */
859 static inline int crypto_shash_import(struct shash_desc *desc, const void *in)
860 {
861 	struct crypto_shash *tfm = desc->tfm;
862 
863 	if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
864 		return -ENOKEY;
865 
866 	return crypto_shash_alg(tfm)->import(desc, in);
867 }
868 
869 /**
870  * crypto_shash_init() - (re)initialize message digest
871  * @desc: operational state handle that is already filled
872  *
873  * The call (re-)initializes the message digest referenced by the
874  * operational state handle. Any potentially existing state created by
875  * previous operations is discarded.
876  *
877  * Return: 0 if the message digest initialization was successful; < 0 if an
878  *	   error occurred
879  */
880 static inline int crypto_shash_init(struct shash_desc *desc)
881 {
882 	struct crypto_shash *tfm = desc->tfm;
883 
884 	if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
885 		return -ENOKEY;
886 
887 	return crypto_shash_alg(tfm)->init(desc);
888 }
889 
890 /**
891  * crypto_shash_update() - add data to message digest for processing
892  * @desc: operational state handle that is already initialized
893  * @data: input data to be added to the message digest
894  * @len: length of the input data
895  *
896  * Updates the message digest state of the operational state handle.
897  *
898  * Return: 0 if the message digest update was successful; < 0 if an error
899  *	   occurred
900  */
901 int crypto_shash_update(struct shash_desc *desc, const u8 *data,
902 			unsigned int len);
903 
904 /**
905  * crypto_shash_final() - calculate message digest
906  * @desc: operational state handle that is already filled with data
907  * @out: output buffer filled with the message digest
908  *
909  * Finalize the message digest operation and create the message digest
910  * based on all data added to the cipher handle. The message digest is placed
911  * into the output buffer. The caller must ensure that the output buffer is
912  * large enough by using crypto_shash_digestsize.
913  *
914  * Return: 0 if the message digest creation was successful; < 0 if an error
915  *	   occurred
916  */
917 int crypto_shash_final(struct shash_desc *desc, u8 *out);
918 
919 /**
920  * crypto_shash_finup() - calculate message digest of buffer
921  * @desc: see crypto_shash_final()
922  * @data: see crypto_shash_update()
923  * @len: see crypto_shash_update()
924  * @out: see crypto_shash_final()
925  *
926  * This function is a "short-hand" for the function calls of
927  * crypto_shash_update and crypto_shash_final. The parameters have the same
928  * meaning as discussed for those separate functions.
929  *
930  * Return: 0 if the message digest creation was successful; < 0 if an error
931  *	   occurred
932  */
933 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
934 		       unsigned int len, u8 *out);
935 
936 static inline void shash_desc_zero(struct shash_desc *desc)
937 {
938 	memzero_explicit(desc,
939 			 sizeof(*desc) + crypto_shash_descsize(desc->tfm));
940 }
941 
942 #endif	/* _CRYPTO_HASH_H */
943