xref: /openbmc/linux/include/crypto/hash.h (revision a36954f5)
1 /*
2  * Hash: Hash algorithms under the crypto API
3  *
4  * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  *
11  */
12 
13 #ifndef _CRYPTO_HASH_H
14 #define _CRYPTO_HASH_H
15 
16 #include <linux/crypto.h>
17 #include <linux/string.h>
18 
19 struct crypto_ahash;
20 
21 /**
22  * DOC: Message Digest Algorithm Definitions
23  *
24  * These data structures define modular message digest algorithm
25  * implementations, managed via crypto_register_ahash(),
26  * crypto_register_shash(), crypto_unregister_ahash() and
27  * crypto_unregister_shash().
28  */
29 
30 /**
31  * struct hash_alg_common - define properties of message digest
32  * @digestsize: Size of the result of the transformation. A buffer of this size
33  *	        must be available to the @final and @finup calls, so they can
34  *	        store the resulting hash into it. For various predefined sizes,
35  *	        search include/crypto/ using
36  *	        git grep _DIGEST_SIZE include/crypto.
37  * @statesize: Size of the block for partial state of the transformation. A
38  *	       buffer of this size must be passed to the @export function as it
39  *	       will save the partial state of the transformation into it. On the
40  *	       other side, the @import function will load the state from a
41  *	       buffer of this size as well.
42  * @base: Start of data structure of cipher algorithm. The common data
43  *	  structure of crypto_alg contains information common to all ciphers.
44  *	  The hash_alg_common data structure now adds the hash-specific
45  *	  information.
46  */
47 struct hash_alg_common {
48 	unsigned int digestsize;
49 	unsigned int statesize;
50 
51 	struct crypto_alg base;
52 };
53 
54 struct ahash_request {
55 	struct crypto_async_request base;
56 
57 	unsigned int nbytes;
58 	struct scatterlist *src;
59 	u8 *result;
60 
61 	/* This field may only be used by the ahash API code. */
62 	void *priv;
63 
64 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
65 };
66 
67 #define AHASH_REQUEST_ON_STACK(name, ahash) \
68 	char __##name##_desc[sizeof(struct ahash_request) + \
69 		crypto_ahash_reqsize(ahash)] CRYPTO_MINALIGN_ATTR; \
70 	struct ahash_request *name = (void *)__##name##_desc
71 
72 /**
73  * struct ahash_alg - asynchronous message digest definition
74  * @init: Initialize the transformation context. Intended only to initialize the
75  *	  state of the HASH transformation at the beginning. This shall fill in
76  *	  the internal structures used during the entire duration of the whole
77  *	  transformation. No data processing happens at this point.
78  * @update: Push a chunk of data into the driver for transformation. This
79  *	   function actually pushes blocks of data from upper layers into the
80  *	   driver, which then passes those to the hardware as seen fit. This
81  *	   function must not finalize the HASH transformation by calculating the
82  *	   final message digest as this only adds more data into the
83  *	   transformation. This function shall not modify the transformation
84  *	   context, as this function may be called in parallel with the same
85  *	   transformation object. Data processing can happen synchronously
86  *	   [SHASH] or asynchronously [AHASH] at this point.
87  * @final: Retrieve result from the driver. This function finalizes the
88  *	   transformation and retrieves the resulting hash from the driver and
89  *	   pushes it back to upper layers. No data processing happens at this
90  *	   point.
91  * @finup: Combination of @update and @final. This function is effectively a
92  *	   combination of @update and @final calls issued in sequence. As some
93  *	   hardware cannot do @update and @final separately, this callback was
94  *	   added to allow such hardware to be used at least by IPsec. Data
95  *	   processing can happen synchronously [SHASH] or asynchronously [AHASH]
96  *	   at this point.
97  * @digest: Combination of @init and @update and @final. This function
98  *	    effectively behaves as the entire chain of operations, @init,
99  *	    @update and @final issued in sequence. Just like @finup, this was
100  *	    added for hardware which cannot do even the @finup, but can only do
101  *	    the whole transformation in one run. Data processing can happen
102  *	    synchronously [SHASH] or asynchronously [AHASH] at this point.
103  * @setkey: Set optional key used by the hashing algorithm. Intended to push
104  *	    optional key used by the hashing algorithm from upper layers into
105  *	    the driver. This function can store the key in the transformation
106  *	    context or can outright program it into the hardware. In the former
107  *	    case, one must be careful to program the key into the hardware at
108  *	    appropriate time and one must be careful that .setkey() can be
109  *	    called multiple times during the existence of the transformation
110  *	    object. Not  all hashing algorithms do implement this function as it
111  *	    is only needed for keyed message digests. SHAx/MDx/CRCx do NOT
112  *	    implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement
113  *	    this function. This function must be called before any other of the
114  *	    @init, @update, @final, @finup, @digest is called. No data
115  *	    processing happens at this point.
116  * @export: Export partial state of the transformation. This function dumps the
117  *	    entire state of the ongoing transformation into a provided block of
118  *	    data so it can be @import 'ed back later on. This is useful in case
119  *	    you want to save partial result of the transformation after
120  *	    processing certain amount of data and reload this partial result
121  *	    multiple times later on for multiple re-use. No data processing
122  *	    happens at this point.
123  * @import: Import partial state of the transformation. This function loads the
124  *	    entire state of the ongoing transformation from a provided block of
125  *	    data so the transformation can continue from this point onward. No
126  *	    data processing happens at this point.
127  * @halg: see struct hash_alg_common
128  */
129 struct ahash_alg {
130 	int (*init)(struct ahash_request *req);
131 	int (*update)(struct ahash_request *req);
132 	int (*final)(struct ahash_request *req);
133 	int (*finup)(struct ahash_request *req);
134 	int (*digest)(struct ahash_request *req);
135 	int (*export)(struct ahash_request *req, void *out);
136 	int (*import)(struct ahash_request *req, const void *in);
137 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
138 		      unsigned int keylen);
139 
140 	struct hash_alg_common halg;
141 };
142 
143 struct shash_desc {
144 	struct crypto_shash *tfm;
145 	u32 flags;
146 
147 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
148 };
149 
150 #define SHASH_DESC_ON_STACK(shash, ctx)				  \
151 	char __##shash##_desc[sizeof(struct shash_desc) +	  \
152 		crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \
153 	struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
154 
155 /**
156  * struct shash_alg - synchronous message digest definition
157  * @init: see struct ahash_alg
158  * @update: see struct ahash_alg
159  * @final: see struct ahash_alg
160  * @finup: see struct ahash_alg
161  * @digest: see struct ahash_alg
162  * @export: see struct ahash_alg
163  * @import: see struct ahash_alg
164  * @setkey: see struct ahash_alg
165  * @digestsize: see struct ahash_alg
166  * @statesize: see struct ahash_alg
167  * @descsize: Size of the operational state for the message digest. This state
168  * 	      size is the memory size that needs to be allocated for
169  *	      shash_desc.__ctx
170  * @base: internally used
171  */
172 struct shash_alg {
173 	int (*init)(struct shash_desc *desc);
174 	int (*update)(struct shash_desc *desc, const u8 *data,
175 		      unsigned int len);
176 	int (*final)(struct shash_desc *desc, u8 *out);
177 	int (*finup)(struct shash_desc *desc, const u8 *data,
178 		     unsigned int len, u8 *out);
179 	int (*digest)(struct shash_desc *desc, const u8 *data,
180 		      unsigned int len, u8 *out);
181 	int (*export)(struct shash_desc *desc, void *out);
182 	int (*import)(struct shash_desc *desc, const void *in);
183 	int (*setkey)(struct crypto_shash *tfm, const u8 *key,
184 		      unsigned int keylen);
185 
186 	unsigned int descsize;
187 
188 	/* These fields must match hash_alg_common. */
189 	unsigned int digestsize
190 		__attribute__ ((aligned(__alignof__(struct hash_alg_common))));
191 	unsigned int statesize;
192 
193 	struct crypto_alg base;
194 };
195 
196 struct crypto_ahash {
197 	int (*init)(struct ahash_request *req);
198 	int (*update)(struct ahash_request *req);
199 	int (*final)(struct ahash_request *req);
200 	int (*finup)(struct ahash_request *req);
201 	int (*digest)(struct ahash_request *req);
202 	int (*export)(struct ahash_request *req, void *out);
203 	int (*import)(struct ahash_request *req, const void *in);
204 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
205 		      unsigned int keylen);
206 
207 	unsigned int reqsize;
208 	bool has_setkey;
209 	struct crypto_tfm base;
210 };
211 
212 struct crypto_shash {
213 	unsigned int descsize;
214 	struct crypto_tfm base;
215 };
216 
217 /**
218  * DOC: Asynchronous Message Digest API
219  *
220  * The asynchronous message digest API is used with the ciphers of type
221  * CRYPTO_ALG_TYPE_AHASH (listed as type "ahash" in /proc/crypto)
222  *
223  * The asynchronous cipher operation discussion provided for the
224  * CRYPTO_ALG_TYPE_ABLKCIPHER API applies here as well.
225  */
226 
227 static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
228 {
229 	return container_of(tfm, struct crypto_ahash, base);
230 }
231 
232 /**
233  * crypto_alloc_ahash() - allocate ahash cipher handle
234  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
235  *	      ahash cipher
236  * @type: specifies the type of the cipher
237  * @mask: specifies the mask for the cipher
238  *
239  * Allocate a cipher handle for an ahash. The returned struct
240  * crypto_ahash is the cipher handle that is required for any subsequent
241  * API invocation for that ahash.
242  *
243  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
244  *	   of an error, PTR_ERR() returns the error code.
245  */
246 struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
247 					u32 mask);
248 
249 static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
250 {
251 	return &tfm->base;
252 }
253 
254 /**
255  * crypto_free_ahash() - zeroize and free the ahash handle
256  * @tfm: cipher handle to be freed
257  */
258 static inline void crypto_free_ahash(struct crypto_ahash *tfm)
259 {
260 	crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
261 }
262 
263 /**
264  * crypto_has_ahash() - Search for the availability of an ahash.
265  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
266  *	      ahash
267  * @type: specifies the type of the ahash
268  * @mask: specifies the mask for the ahash
269  *
270  * Return: true when the ahash is known to the kernel crypto API; false
271  *	   otherwise
272  */
273 int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
274 
275 static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
276 {
277 	return crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
278 }
279 
280 static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm)
281 {
282 	return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
283 }
284 
285 static inline unsigned int crypto_ahash_alignmask(
286 	struct crypto_ahash *tfm)
287 {
288 	return crypto_tfm_alg_alignmask(crypto_ahash_tfm(tfm));
289 }
290 
291 /**
292  * crypto_ahash_blocksize() - obtain block size for cipher
293  * @tfm: cipher handle
294  *
295  * The block size for the message digest cipher referenced with the cipher
296  * handle is returned.
297  *
298  * Return: block size of cipher
299  */
300 static inline unsigned int crypto_ahash_blocksize(struct crypto_ahash *tfm)
301 {
302 	return crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
303 }
304 
305 static inline struct hash_alg_common *__crypto_hash_alg_common(
306 	struct crypto_alg *alg)
307 {
308 	return container_of(alg, struct hash_alg_common, base);
309 }
310 
311 static inline struct hash_alg_common *crypto_hash_alg_common(
312 	struct crypto_ahash *tfm)
313 {
314 	return __crypto_hash_alg_common(crypto_ahash_tfm(tfm)->__crt_alg);
315 }
316 
317 /**
318  * crypto_ahash_digestsize() - obtain message digest size
319  * @tfm: cipher handle
320  *
321  * The size for the message digest created by the message digest cipher
322  * referenced with the cipher handle is returned.
323  *
324  *
325  * Return: message digest size of cipher
326  */
327 static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
328 {
329 	return crypto_hash_alg_common(tfm)->digestsize;
330 }
331 
332 /**
333  * crypto_ahash_statesize() - obtain size of the ahash state
334  * @tfm: cipher handle
335  *
336  * Return the size of the ahash state. With the crypto_ahash_export()
337  * function, the caller can export the state into a buffer whose size is
338  * defined with this function.
339  *
340  * Return: size of the ahash state
341  */
342 static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
343 {
344 	return crypto_hash_alg_common(tfm)->statesize;
345 }
346 
347 static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm)
348 {
349 	return crypto_tfm_get_flags(crypto_ahash_tfm(tfm));
350 }
351 
352 static inline void crypto_ahash_set_flags(struct crypto_ahash *tfm, u32 flags)
353 {
354 	crypto_tfm_set_flags(crypto_ahash_tfm(tfm), flags);
355 }
356 
357 static inline void crypto_ahash_clear_flags(struct crypto_ahash *tfm, u32 flags)
358 {
359 	crypto_tfm_clear_flags(crypto_ahash_tfm(tfm), flags);
360 }
361 
362 /**
363  * crypto_ahash_reqtfm() - obtain cipher handle from request
364  * @req: asynchronous request handle that contains the reference to the ahash
365  *	 cipher handle
366  *
367  * Return the ahash cipher handle that is registered with the asynchronous
368  * request handle ahash_request.
369  *
370  * Return: ahash cipher handle
371  */
372 static inline struct crypto_ahash *crypto_ahash_reqtfm(
373 	struct ahash_request *req)
374 {
375 	return __crypto_ahash_cast(req->base.tfm);
376 }
377 
378 /**
379  * crypto_ahash_reqsize() - obtain size of the request data structure
380  * @tfm: cipher handle
381  *
382  * Return: size of the request data
383  */
384 static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm)
385 {
386 	return tfm->reqsize;
387 }
388 
389 static inline void *ahash_request_ctx(struct ahash_request *req)
390 {
391 	return req->__ctx;
392 }
393 
394 /**
395  * crypto_ahash_setkey - set key for cipher handle
396  * @tfm: cipher handle
397  * @key: buffer holding the key
398  * @keylen: length of the key in bytes
399  *
400  * The caller provided key is set for the ahash cipher. The cipher
401  * handle must point to a keyed hash in order for this function to succeed.
402  *
403  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
404  */
405 int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
406 			unsigned int keylen);
407 
408 static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
409 {
410 	return tfm->has_setkey;
411 }
412 
413 /**
414  * crypto_ahash_finup() - update and finalize message digest
415  * @req: reference to the ahash_request handle that holds all information
416  *	 needed to perform the cipher operation
417  *
418  * This function is a "short-hand" for the function calls of
419  * crypto_ahash_update and crypto_shash_final. The parameters have the same
420  * meaning as discussed for those separate functions.
421  *
422  * Return: 0 if the message digest creation was successful; < 0 if an error
423  *	   occurred
424  */
425 int crypto_ahash_finup(struct ahash_request *req);
426 
427 /**
428  * crypto_ahash_final() - calculate message digest
429  * @req: reference to the ahash_request handle that holds all information
430  *	 needed to perform the cipher operation
431  *
432  * Finalize the message digest operation and create the message digest
433  * based on all data added to the cipher handle. The message digest is placed
434  * into the output buffer registered with the ahash_request handle.
435  *
436  * Return: 0 if the message digest creation was successful; < 0 if an error
437  *	   occurred
438  */
439 int crypto_ahash_final(struct ahash_request *req);
440 
441 /**
442  * crypto_ahash_digest() - calculate message digest for a buffer
443  * @req: reference to the ahash_request handle that holds all information
444  *	 needed to perform the cipher operation
445  *
446  * This function is a "short-hand" for the function calls of crypto_ahash_init,
447  * crypto_ahash_update and crypto_ahash_final. The parameters have the same
448  * meaning as discussed for those separate three functions.
449  *
450  * Return: 0 if the message digest creation was successful; < 0 if an error
451  *	   occurred
452  */
453 int crypto_ahash_digest(struct ahash_request *req);
454 
455 /**
456  * crypto_ahash_export() - extract current message digest state
457  * @req: reference to the ahash_request handle whose state is exported
458  * @out: output buffer of sufficient size that can hold the hash state
459  *
460  * This function exports the hash state of the ahash_request handle into the
461  * caller-allocated output buffer out which must have sufficient size (e.g. by
462  * calling crypto_ahash_statesize()).
463  *
464  * Return: 0 if the export was successful; < 0 if an error occurred
465  */
466 static inline int crypto_ahash_export(struct ahash_request *req, void *out)
467 {
468 	return crypto_ahash_reqtfm(req)->export(req, out);
469 }
470 
471 /**
472  * crypto_ahash_import() - import message digest state
473  * @req: reference to ahash_request handle the state is imported into
474  * @in: buffer holding the state
475  *
476  * This function imports the hash state into the ahash_request handle from the
477  * input buffer. That buffer should have been generated with the
478  * crypto_ahash_export function.
479  *
480  * Return: 0 if the import was successful; < 0 if an error occurred
481  */
482 static inline int crypto_ahash_import(struct ahash_request *req, const void *in)
483 {
484 	return crypto_ahash_reqtfm(req)->import(req, in);
485 }
486 
487 /**
488  * crypto_ahash_init() - (re)initialize message digest handle
489  * @req: ahash_request handle that already is initialized with all necessary
490  *	 data using the ahash_request_* API functions
491  *
492  * The call (re-)initializes the message digest referenced by the ahash_request
493  * handle. Any potentially existing state created by previous operations is
494  * discarded.
495  *
496  * Return: 0 if the message digest initialization was successful; < 0 if an
497  *	   error occurred
498  */
499 static inline int crypto_ahash_init(struct ahash_request *req)
500 {
501 	return crypto_ahash_reqtfm(req)->init(req);
502 }
503 
504 /**
505  * crypto_ahash_update() - add data to message digest for processing
506  * @req: ahash_request handle that was previously initialized with the
507  *	 crypto_ahash_init call.
508  *
509  * Updates the message digest state of the &ahash_request handle. The input data
510  * is pointed to by the scatter/gather list registered in the &ahash_request
511  * handle
512  *
513  * Return: 0 if the message digest update was successful; < 0 if an error
514  *	   occurred
515  */
516 static inline int crypto_ahash_update(struct ahash_request *req)
517 {
518 	return crypto_ahash_reqtfm(req)->update(req);
519 }
520 
521 /**
522  * DOC: Asynchronous Hash Request Handle
523  *
524  * The &ahash_request data structure contains all pointers to data
525  * required for the asynchronous cipher operation. This includes the cipher
526  * handle (which can be used by multiple &ahash_request instances), pointer
527  * to plaintext and the message digest output buffer, asynchronous callback
528  * function, etc. It acts as a handle to the ahash_request_* API calls in a
529  * similar way as ahash handle to the crypto_ahash_* API calls.
530  */
531 
532 /**
533  * ahash_request_set_tfm() - update cipher handle reference in request
534  * @req: request handle to be modified
535  * @tfm: cipher handle that shall be added to the request handle
536  *
537  * Allow the caller to replace the existing ahash handle in the request
538  * data structure with a different one.
539  */
540 static inline void ahash_request_set_tfm(struct ahash_request *req,
541 					 struct crypto_ahash *tfm)
542 {
543 	req->base.tfm = crypto_ahash_tfm(tfm);
544 }
545 
546 /**
547  * ahash_request_alloc() - allocate request data structure
548  * @tfm: cipher handle to be registered with the request
549  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
550  *
551  * Allocate the request data structure that must be used with the ahash
552  * message digest API calls. During
553  * the allocation, the provided ahash handle
554  * is registered in the request data structure.
555  *
556  * Return: allocated request handle in case of success, or NULL if out of memory
557  */
558 static inline struct ahash_request *ahash_request_alloc(
559 	struct crypto_ahash *tfm, gfp_t gfp)
560 {
561 	struct ahash_request *req;
562 
563 	req = kmalloc(sizeof(struct ahash_request) +
564 		      crypto_ahash_reqsize(tfm), gfp);
565 
566 	if (likely(req))
567 		ahash_request_set_tfm(req, tfm);
568 
569 	return req;
570 }
571 
572 /**
573  * ahash_request_free() - zeroize and free the request data structure
574  * @req: request data structure cipher handle to be freed
575  */
576 static inline void ahash_request_free(struct ahash_request *req)
577 {
578 	kzfree(req);
579 }
580 
581 static inline void ahash_request_zero(struct ahash_request *req)
582 {
583 	memzero_explicit(req, sizeof(*req) +
584 			      crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
585 }
586 
587 static inline struct ahash_request *ahash_request_cast(
588 	struct crypto_async_request *req)
589 {
590 	return container_of(req, struct ahash_request, base);
591 }
592 
593 /**
594  * ahash_request_set_callback() - set asynchronous callback function
595  * @req: request handle
596  * @flags: specify zero or an ORing of the flags
597  *	   CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
598  *	   increase the wait queue beyond the initial maximum size;
599  *	   CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
600  * @compl: callback function pointer to be registered with the request handle
601  * @data: The data pointer refers to memory that is not used by the kernel
602  *	  crypto API, but provided to the callback function for it to use. Here,
603  *	  the caller can provide a reference to memory the callback function can
604  *	  operate on. As the callback function is invoked asynchronously to the
605  *	  related functionality, it may need to access data structures of the
606  *	  related functionality which can be referenced using this pointer. The
607  *	  callback function can access the memory via the "data" field in the
608  *	  &crypto_async_request data structure provided to the callback function.
609  *
610  * This function allows setting the callback function that is triggered once
611  * the cipher operation completes.
612  *
613  * The callback function is registered with the &ahash_request handle and
614  * must comply with the following template::
615  *
616  *	void callback_function(struct crypto_async_request *req, int error)
617  */
618 static inline void ahash_request_set_callback(struct ahash_request *req,
619 					      u32 flags,
620 					      crypto_completion_t compl,
621 					      void *data)
622 {
623 	req->base.complete = compl;
624 	req->base.data = data;
625 	req->base.flags = flags;
626 }
627 
628 /**
629  * ahash_request_set_crypt() - set data buffers
630  * @req: ahash_request handle to be updated
631  * @src: source scatter/gather list
632  * @result: buffer that is filled with the message digest -- the caller must
633  *	    ensure that the buffer has sufficient space by, for example, calling
634  *	    crypto_ahash_digestsize()
635  * @nbytes: number of bytes to process from the source scatter/gather list
636  *
637  * By using this call, the caller references the source scatter/gather list.
638  * The source scatter/gather list points to the data the message digest is to
639  * be calculated for.
640  */
641 static inline void ahash_request_set_crypt(struct ahash_request *req,
642 					   struct scatterlist *src, u8 *result,
643 					   unsigned int nbytes)
644 {
645 	req->src = src;
646 	req->nbytes = nbytes;
647 	req->result = result;
648 }
649 
650 /**
651  * DOC: Synchronous Message Digest API
652  *
653  * The synchronous message digest API is used with the ciphers of type
654  * CRYPTO_ALG_TYPE_SHASH (listed as type "shash" in /proc/crypto)
655  *
656  * The message digest API is able to maintain state information for the
657  * caller.
658  *
659  * The synchronous message digest API can store user-related context in in its
660  * shash_desc request data structure.
661  */
662 
663 /**
664  * crypto_alloc_shash() - allocate message digest handle
665  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
666  *	      message digest cipher
667  * @type: specifies the type of the cipher
668  * @mask: specifies the mask for the cipher
669  *
670  * Allocate a cipher handle for a message digest. The returned &struct
671  * crypto_shash is the cipher handle that is required for any subsequent
672  * API invocation for that message digest.
673  *
674  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
675  *	   of an error, PTR_ERR() returns the error code.
676  */
677 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
678 					u32 mask);
679 
680 static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
681 {
682 	return &tfm->base;
683 }
684 
685 /**
686  * crypto_free_shash() - zeroize and free the message digest handle
687  * @tfm: cipher handle to be freed
688  */
689 static inline void crypto_free_shash(struct crypto_shash *tfm)
690 {
691 	crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm));
692 }
693 
694 static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm)
695 {
696 	return crypto_tfm_alg_name(crypto_shash_tfm(tfm));
697 }
698 
699 static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm)
700 {
701 	return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
702 }
703 
704 static inline unsigned int crypto_shash_alignmask(
705 	struct crypto_shash *tfm)
706 {
707 	return crypto_tfm_alg_alignmask(crypto_shash_tfm(tfm));
708 }
709 
710 /**
711  * crypto_shash_blocksize() - obtain block size for cipher
712  * @tfm: cipher handle
713  *
714  * The block size for the message digest cipher referenced with the cipher
715  * handle is returned.
716  *
717  * Return: block size of cipher
718  */
719 static inline unsigned int crypto_shash_blocksize(struct crypto_shash *tfm)
720 {
721 	return crypto_tfm_alg_blocksize(crypto_shash_tfm(tfm));
722 }
723 
724 static inline struct shash_alg *__crypto_shash_alg(struct crypto_alg *alg)
725 {
726 	return container_of(alg, struct shash_alg, base);
727 }
728 
729 static inline struct shash_alg *crypto_shash_alg(struct crypto_shash *tfm)
730 {
731 	return __crypto_shash_alg(crypto_shash_tfm(tfm)->__crt_alg);
732 }
733 
734 /**
735  * crypto_shash_digestsize() - obtain message digest size
736  * @tfm: cipher handle
737  *
738  * The size for the message digest created by the message digest cipher
739  * referenced with the cipher handle is returned.
740  *
741  * Return: digest size of cipher
742  */
743 static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm)
744 {
745 	return crypto_shash_alg(tfm)->digestsize;
746 }
747 
748 static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm)
749 {
750 	return crypto_shash_alg(tfm)->statesize;
751 }
752 
753 static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm)
754 {
755 	return crypto_tfm_get_flags(crypto_shash_tfm(tfm));
756 }
757 
758 static inline void crypto_shash_set_flags(struct crypto_shash *tfm, u32 flags)
759 {
760 	crypto_tfm_set_flags(crypto_shash_tfm(tfm), flags);
761 }
762 
763 static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags)
764 {
765 	crypto_tfm_clear_flags(crypto_shash_tfm(tfm), flags);
766 }
767 
768 /**
769  * crypto_shash_descsize() - obtain the operational state size
770  * @tfm: cipher handle
771  *
772  * The size of the operational state the cipher needs during operation is
773  * returned for the hash referenced with the cipher handle. This size is
774  * required to calculate the memory requirements to allow the caller allocating
775  * sufficient memory for operational state.
776  *
777  * The operational state is defined with struct shash_desc where the size of
778  * that data structure is to be calculated as
779  * sizeof(struct shash_desc) + crypto_shash_descsize(alg)
780  *
781  * Return: size of the operational state
782  */
783 static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
784 {
785 	return tfm->descsize;
786 }
787 
788 static inline void *shash_desc_ctx(struct shash_desc *desc)
789 {
790 	return desc->__ctx;
791 }
792 
793 /**
794  * crypto_shash_setkey() - set key for message digest
795  * @tfm: cipher handle
796  * @key: buffer holding the key
797  * @keylen: length of the key in bytes
798  *
799  * The caller provided key is set for the keyed message digest cipher. The
800  * cipher handle must point to a keyed message digest cipher in order for this
801  * function to succeed.
802  *
803  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
804  */
805 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
806 			unsigned int keylen);
807 
808 /**
809  * crypto_shash_digest() - calculate message digest for buffer
810  * @desc: see crypto_shash_final()
811  * @data: see crypto_shash_update()
812  * @len: see crypto_shash_update()
813  * @out: see crypto_shash_final()
814  *
815  * This function is a "short-hand" for the function calls of crypto_shash_init,
816  * crypto_shash_update and crypto_shash_final. The parameters have the same
817  * meaning as discussed for those separate three functions.
818  *
819  * Return: 0 if the message digest creation was successful; < 0 if an error
820  *	   occurred
821  */
822 int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
823 			unsigned int len, u8 *out);
824 
825 /**
826  * crypto_shash_export() - extract operational state for message digest
827  * @desc: reference to the operational state handle whose state is exported
828  * @out: output buffer of sufficient size that can hold the hash state
829  *
830  * This function exports the hash state of the operational state handle into the
831  * caller-allocated output buffer out which must have sufficient size (e.g. by
832  * calling crypto_shash_descsize).
833  *
834  * Return: 0 if the export creation was successful; < 0 if an error occurred
835  */
836 static inline int crypto_shash_export(struct shash_desc *desc, void *out)
837 {
838 	return crypto_shash_alg(desc->tfm)->export(desc, out);
839 }
840 
841 /**
842  * crypto_shash_import() - import operational state
843  * @desc: reference to the operational state handle the state imported into
844  * @in: buffer holding the state
845  *
846  * This function imports the hash state into the operational state handle from
847  * the input buffer. That buffer should have been generated with the
848  * crypto_ahash_export function.
849  *
850  * Return: 0 if the import was successful; < 0 if an error occurred
851  */
852 static inline int crypto_shash_import(struct shash_desc *desc, const void *in)
853 {
854 	return crypto_shash_alg(desc->tfm)->import(desc, in);
855 }
856 
857 /**
858  * crypto_shash_init() - (re)initialize message digest
859  * @desc: operational state handle that is already filled
860  *
861  * The call (re-)initializes the message digest referenced by the
862  * operational state handle. Any potentially existing state created by
863  * previous operations is discarded.
864  *
865  * Return: 0 if the message digest initialization was successful; < 0 if an
866  *	   error occurred
867  */
868 static inline int crypto_shash_init(struct shash_desc *desc)
869 {
870 	return crypto_shash_alg(desc->tfm)->init(desc);
871 }
872 
873 /**
874  * crypto_shash_update() - add data to message digest for processing
875  * @desc: operational state handle that is already initialized
876  * @data: input data to be added to the message digest
877  * @len: length of the input data
878  *
879  * Updates the message digest state of the operational state handle.
880  *
881  * Return: 0 if the message digest update was successful; < 0 if an error
882  *	   occurred
883  */
884 int crypto_shash_update(struct shash_desc *desc, const u8 *data,
885 			unsigned int len);
886 
887 /**
888  * crypto_shash_final() - calculate message digest
889  * @desc: operational state handle that is already filled with data
890  * @out: output buffer filled with the message digest
891  *
892  * Finalize the message digest operation and create the message digest
893  * based on all data added to the cipher handle. The message digest is placed
894  * into the output buffer. The caller must ensure that the output buffer is
895  * large enough by using crypto_shash_digestsize.
896  *
897  * Return: 0 if the message digest creation was successful; < 0 if an error
898  *	   occurred
899  */
900 int crypto_shash_final(struct shash_desc *desc, u8 *out);
901 
902 /**
903  * crypto_shash_finup() - calculate message digest of buffer
904  * @desc: see crypto_shash_final()
905  * @data: see crypto_shash_update()
906  * @len: see crypto_shash_update()
907  * @out: see crypto_shash_final()
908  *
909  * This function is a "short-hand" for the function calls of
910  * crypto_shash_update and crypto_shash_final. The parameters have the same
911  * meaning as discussed for those separate functions.
912  *
913  * Return: 0 if the message digest creation was successful; < 0 if an error
914  *	   occurred
915  */
916 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
917 		       unsigned int len, u8 *out);
918 
919 static inline void shash_desc_zero(struct shash_desc *desc)
920 {
921 	memzero_explicit(desc,
922 			 sizeof(*desc) + crypto_shash_descsize(desc->tfm));
923 }
924 
925 #endif	/* _CRYPTO_HASH_H */
926