xref: /openbmc/linux/include/crypto/hash.h (revision bc5aa3a0)
1 /*
2  * Hash: Hash algorithms under the crypto API
3  *
4  * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License as published by the Free
8  * Software Foundation; either version 2 of the License, or (at your option)
9  * any later version.
10  *
11  */
12 
13 #ifndef _CRYPTO_HASH_H
14 #define _CRYPTO_HASH_H
15 
16 #include <linux/crypto.h>
17 #include <linux/string.h>
18 
19 struct crypto_ahash;
20 
21 /**
22  * DOC: Message Digest Algorithm Definitions
23  *
24  * These data structures define modular message digest algorithm
25  * implementations, managed via crypto_register_ahash(),
26  * crypto_register_shash(), crypto_unregister_ahash() and
27  * crypto_unregister_shash().
28  */
29 
30 /**
31  * struct hash_alg_common - define properties of message digest
32  * @digestsize: Size of the result of the transformation. A buffer of this size
33  *	        must be available to the @final and @finup calls, so they can
34  *	        store the resulting hash into it. For various predefined sizes,
35  *	        search include/crypto/ using
36  *	        git grep _DIGEST_SIZE include/crypto.
37  * @statesize: Size of the block for partial state of the transformation. A
38  *	       buffer of this size must be passed to the @export function as it
39  *	       will save the partial state of the transformation into it. On the
40  *	       other side, the @import function will load the state from a
41  *	       buffer of this size as well.
42  * @base: Start of data structure of cipher algorithm. The common data
43  *	  structure of crypto_alg contains information common to all ciphers.
44  *	  The hash_alg_common data structure now adds the hash-specific
45  *	  information.
46  */
47 struct hash_alg_common {
48 	unsigned int digestsize;
49 	unsigned int statesize;
50 
51 	struct crypto_alg base;
52 };
53 
54 struct ahash_request {
55 	struct crypto_async_request base;
56 
57 	unsigned int nbytes;
58 	struct scatterlist *src;
59 	u8 *result;
60 
61 	/* This field may only be used by the ahash API code. */
62 	void *priv;
63 
64 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
65 };
66 
67 #define AHASH_REQUEST_ON_STACK(name, ahash) \
68 	char __##name##_desc[sizeof(struct ahash_request) + \
69 		crypto_ahash_reqsize(ahash)] CRYPTO_MINALIGN_ATTR; \
70 	struct ahash_request *name = (void *)__##name##_desc
71 
72 /**
73  * struct ahash_alg - asynchronous message digest definition
74  * @init: Initialize the transformation context. Intended only to initialize the
75  *	  state of the HASH transformation at the beginning. This shall fill in
76  *	  the internal structures used during the entire duration of the whole
77  *	  transformation. No data processing happens at this point.
78  * @update: Push a chunk of data into the driver for transformation. This
79  *	   function actually pushes blocks of data from upper layers into the
80  *	   driver, which then passes those to the hardware as seen fit. This
81  *	   function must not finalize the HASH transformation by calculating the
82  *	   final message digest as this only adds more data into the
83  *	   transformation. This function shall not modify the transformation
84  *	   context, as this function may be called in parallel with the same
85  *	   transformation object. Data processing can happen synchronously
86  *	   [SHASH] or asynchronously [AHASH] at this point.
87  * @final: Retrieve result from the driver. This function finalizes the
88  *	   transformation and retrieves the resulting hash from the driver and
89  *	   pushes it back to upper layers. No data processing happens at this
90  *	   point.
91  * @finup: Combination of @update and @final. This function is effectively a
92  *	   combination of @update and @final calls issued in sequence. As some
93  *	   hardware cannot do @update and @final separately, this callback was
94  *	   added to allow such hardware to be used at least by IPsec. Data
95  *	   processing can happen synchronously [SHASH] or asynchronously [AHASH]
96  *	   at this point.
97  * @digest: Combination of @init and @update and @final. This function
98  *	    effectively behaves as the entire chain of operations, @init,
99  *	    @update and @final issued in sequence. Just like @finup, this was
100  *	    added for hardware which cannot do even the @finup, but can only do
101  *	    the whole transformation in one run. Data processing can happen
102  *	    synchronously [SHASH] or asynchronously [AHASH] at this point.
103  * @setkey: Set optional key used by the hashing algorithm. Intended to push
104  *	    optional key used by the hashing algorithm from upper layers into
105  *	    the driver. This function can store the key in the transformation
106  *	    context or can outright program it into the hardware. In the former
107  *	    case, one must be careful to program the key into the hardware at
108  *	    appropriate time and one must be careful that .setkey() can be
109  *	    called multiple times during the existence of the transformation
110  *	    object. Not  all hashing algorithms do implement this function as it
111  *	    is only needed for keyed message digests. SHAx/MDx/CRCx do NOT
112  *	    implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement
113  *	    this function. This function must be called before any other of the
114  *	    @init, @update, @final, @finup, @digest is called. No data
115  *	    processing happens at this point.
116  * @export: Export partial state of the transformation. This function dumps the
117  *	    entire state of the ongoing transformation into a provided block of
118  *	    data so it can be @import 'ed back later on. This is useful in case
119  *	    you want to save partial result of the transformation after
120  *	    processing certain amount of data and reload this partial result
121  *	    multiple times later on for multiple re-use. No data processing
122  *	    happens at this point.
123  * @import: Import partial state of the transformation. This function loads the
124  *	    entire state of the ongoing transformation from a provided block of
125  *	    data so the transformation can continue from this point onward. No
126  *	    data processing happens at this point.
127  * @halg: see struct hash_alg_common
128  */
129 struct ahash_alg {
130 	int (*init)(struct ahash_request *req);
131 	int (*update)(struct ahash_request *req);
132 	int (*final)(struct ahash_request *req);
133 	int (*finup)(struct ahash_request *req);
134 	int (*digest)(struct ahash_request *req);
135 	int (*export)(struct ahash_request *req, void *out);
136 	int (*import)(struct ahash_request *req, const void *in);
137 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
138 		      unsigned int keylen);
139 
140 	struct hash_alg_common halg;
141 };
142 
143 struct shash_desc {
144 	struct crypto_shash *tfm;
145 	u32 flags;
146 
147 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
148 };
149 
150 #define SHASH_DESC_ON_STACK(shash, ctx)				  \
151 	char __##shash##_desc[sizeof(struct shash_desc) +	  \
152 		crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \
153 	struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
154 
155 /**
156  * struct shash_alg - synchronous message digest definition
157  * @init: see struct ahash_alg
158  * @update: see struct ahash_alg
159  * @final: see struct ahash_alg
160  * @finup: see struct ahash_alg
161  * @digest: see struct ahash_alg
162  * @export: see struct ahash_alg
163  * @import: see struct ahash_alg
164  * @setkey: see struct ahash_alg
165  * @digestsize: see struct ahash_alg
166  * @statesize: see struct ahash_alg
167  * @descsize: Size of the operational state for the message digest. This state
168  * 	      size is the memory size that needs to be allocated for
169  *	      shash_desc.__ctx
170  * @base: internally used
171  */
172 struct shash_alg {
173 	int (*init)(struct shash_desc *desc);
174 	int (*update)(struct shash_desc *desc, const u8 *data,
175 		      unsigned int len);
176 	int (*final)(struct shash_desc *desc, u8 *out);
177 	int (*finup)(struct shash_desc *desc, const u8 *data,
178 		     unsigned int len, u8 *out);
179 	int (*digest)(struct shash_desc *desc, const u8 *data,
180 		      unsigned int len, u8 *out);
181 	int (*export)(struct shash_desc *desc, void *out);
182 	int (*import)(struct shash_desc *desc, const void *in);
183 	int (*setkey)(struct crypto_shash *tfm, const u8 *key,
184 		      unsigned int keylen);
185 
186 	unsigned int descsize;
187 
188 	/* These fields must match hash_alg_common. */
189 	unsigned int digestsize
190 		__attribute__ ((aligned(__alignof__(struct hash_alg_common))));
191 	unsigned int statesize;
192 
193 	struct crypto_alg base;
194 };
195 
196 struct crypto_ahash {
197 	int (*init)(struct ahash_request *req);
198 	int (*update)(struct ahash_request *req);
199 	int (*final)(struct ahash_request *req);
200 	int (*finup)(struct ahash_request *req);
201 	int (*digest)(struct ahash_request *req);
202 	int (*export)(struct ahash_request *req, void *out);
203 	int (*import)(struct ahash_request *req, const void *in);
204 	int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
205 		      unsigned int keylen);
206 
207 	unsigned int reqsize;
208 	bool has_setkey;
209 	struct crypto_tfm base;
210 };
211 
212 struct crypto_shash {
213 	unsigned int descsize;
214 	struct crypto_tfm base;
215 };
216 
217 /**
218  * DOC: Asynchronous Message Digest API
219  *
220  * The asynchronous message digest API is used with the ciphers of type
221  * CRYPTO_ALG_TYPE_AHASH (listed as type "ahash" in /proc/crypto)
222  *
223  * The asynchronous cipher operation discussion provided for the
224  * CRYPTO_ALG_TYPE_ABLKCIPHER API applies here as well.
225  */
226 
227 static inline struct crypto_ahash *__crypto_ahash_cast(struct crypto_tfm *tfm)
228 {
229 	return container_of(tfm, struct crypto_ahash, base);
230 }
231 
232 /**
233  * crypto_alloc_ahash() - allocate ahash cipher handle
234  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
235  *	      ahash cipher
236  * @type: specifies the type of the cipher
237  * @mask: specifies the mask for the cipher
238  *
239  * Allocate a cipher handle for an ahash. The returned struct
240  * crypto_ahash is the cipher handle that is required for any subsequent
241  * API invocation for that ahash.
242  *
243  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
244  *	   of an error, PTR_ERR() returns the error code.
245  */
246 struct crypto_ahash *crypto_alloc_ahash(const char *alg_name, u32 type,
247 					u32 mask);
248 
249 static inline struct crypto_tfm *crypto_ahash_tfm(struct crypto_ahash *tfm)
250 {
251 	return &tfm->base;
252 }
253 
254 /**
255  * crypto_free_ahash() - zeroize and free the ahash handle
256  * @tfm: cipher handle to be freed
257  */
258 static inline void crypto_free_ahash(struct crypto_ahash *tfm)
259 {
260 	crypto_destroy_tfm(tfm, crypto_ahash_tfm(tfm));
261 }
262 
263 /**
264  * crypto_has_ahash() - Search for the availability of an ahash.
265  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
266  *	      ahash
267  * @type: specifies the type of the ahash
268  * @mask: specifies the mask for the ahash
269  *
270  * Return: true when the ahash is known to the kernel crypto API; false
271  *	   otherwise
272  */
273 int crypto_has_ahash(const char *alg_name, u32 type, u32 mask);
274 
275 static inline const char *crypto_ahash_alg_name(struct crypto_ahash *tfm)
276 {
277 	return crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
278 }
279 
280 static inline const char *crypto_ahash_driver_name(struct crypto_ahash *tfm)
281 {
282 	return crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
283 }
284 
285 static inline unsigned int crypto_ahash_alignmask(
286 	struct crypto_ahash *tfm)
287 {
288 	return crypto_tfm_alg_alignmask(crypto_ahash_tfm(tfm));
289 }
290 
291 /**
292  * crypto_ahash_blocksize() - obtain block size for cipher
293  * @tfm: cipher handle
294  *
295  * The block size for the message digest cipher referenced with the cipher
296  * handle is returned.
297  *
298  * Return: block size of cipher
299  */
300 static inline unsigned int crypto_ahash_blocksize(struct crypto_ahash *tfm)
301 {
302 	return crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
303 }
304 
305 static inline struct hash_alg_common *__crypto_hash_alg_common(
306 	struct crypto_alg *alg)
307 {
308 	return container_of(alg, struct hash_alg_common, base);
309 }
310 
311 static inline struct hash_alg_common *crypto_hash_alg_common(
312 	struct crypto_ahash *tfm)
313 {
314 	return __crypto_hash_alg_common(crypto_ahash_tfm(tfm)->__crt_alg);
315 }
316 
317 /**
318  * crypto_ahash_digestsize() - obtain message digest size
319  * @tfm: cipher handle
320  *
321  * The size for the message digest created by the message digest cipher
322  * referenced with the cipher handle is returned.
323  *
324  *
325  * Return: message digest size of cipher
326  */
327 static inline unsigned int crypto_ahash_digestsize(struct crypto_ahash *tfm)
328 {
329 	return crypto_hash_alg_common(tfm)->digestsize;
330 }
331 
332 static inline unsigned int crypto_ahash_statesize(struct crypto_ahash *tfm)
333 {
334 	return crypto_hash_alg_common(tfm)->statesize;
335 }
336 
337 static inline u32 crypto_ahash_get_flags(struct crypto_ahash *tfm)
338 {
339 	return crypto_tfm_get_flags(crypto_ahash_tfm(tfm));
340 }
341 
342 static inline void crypto_ahash_set_flags(struct crypto_ahash *tfm, u32 flags)
343 {
344 	crypto_tfm_set_flags(crypto_ahash_tfm(tfm), flags);
345 }
346 
347 static inline void crypto_ahash_clear_flags(struct crypto_ahash *tfm, u32 flags)
348 {
349 	crypto_tfm_clear_flags(crypto_ahash_tfm(tfm), flags);
350 }
351 
352 /**
353  * crypto_ahash_reqtfm() - obtain cipher handle from request
354  * @req: asynchronous request handle that contains the reference to the ahash
355  *	 cipher handle
356  *
357  * Return the ahash cipher handle that is registered with the asynchronous
358  * request handle ahash_request.
359  *
360  * Return: ahash cipher handle
361  */
362 static inline struct crypto_ahash *crypto_ahash_reqtfm(
363 	struct ahash_request *req)
364 {
365 	return __crypto_ahash_cast(req->base.tfm);
366 }
367 
368 /**
369  * crypto_ahash_reqsize() - obtain size of the request data structure
370  * @tfm: cipher handle
371  *
372  * Return the size of the ahash state size. With the crypto_ahash_export
373  * function, the caller can export the state into a buffer whose size is
374  * defined with this function.
375  *
376  * Return: size of the ahash state
377  */
378 static inline unsigned int crypto_ahash_reqsize(struct crypto_ahash *tfm)
379 {
380 	return tfm->reqsize;
381 }
382 
383 static inline void *ahash_request_ctx(struct ahash_request *req)
384 {
385 	return req->__ctx;
386 }
387 
388 /**
389  * crypto_ahash_setkey - set key for cipher handle
390  * @tfm: cipher handle
391  * @key: buffer holding the key
392  * @keylen: length of the key in bytes
393  *
394  * The caller provided key is set for the ahash cipher. The cipher
395  * handle must point to a keyed hash in order for this function to succeed.
396  *
397  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
398  */
399 int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
400 			unsigned int keylen);
401 
402 static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
403 {
404 	return tfm->has_setkey;
405 }
406 
407 /**
408  * crypto_ahash_finup() - update and finalize message digest
409  * @req: reference to the ahash_request handle that holds all information
410  *	 needed to perform the cipher operation
411  *
412  * This function is a "short-hand" for the function calls of
413  * crypto_ahash_update and crypto_shash_final. The parameters have the same
414  * meaning as discussed for those separate functions.
415  *
416  * Return: 0 if the message digest creation was successful; < 0 if an error
417  *	   occurred
418  */
419 int crypto_ahash_finup(struct ahash_request *req);
420 
421 /**
422  * crypto_ahash_final() - calculate message digest
423  * @req: reference to the ahash_request handle that holds all information
424  *	 needed to perform the cipher operation
425  *
426  * Finalize the message digest operation and create the message digest
427  * based on all data added to the cipher handle. The message digest is placed
428  * into the output buffer registered with the ahash_request handle.
429  *
430  * Return: 0 if the message digest creation was successful; < 0 if an error
431  *	   occurred
432  */
433 int crypto_ahash_final(struct ahash_request *req);
434 
435 /**
436  * crypto_ahash_digest() - calculate message digest for a buffer
437  * @req: reference to the ahash_request handle that holds all information
438  *	 needed to perform the cipher operation
439  *
440  * This function is a "short-hand" for the function calls of crypto_ahash_init,
441  * crypto_ahash_update and crypto_ahash_final. The parameters have the same
442  * meaning as discussed for those separate three functions.
443  *
444  * Return: 0 if the message digest creation was successful; < 0 if an error
445  *	   occurred
446  */
447 int crypto_ahash_digest(struct ahash_request *req);
448 
449 /**
450  * crypto_ahash_export() - extract current message digest state
451  * @req: reference to the ahash_request handle whose state is exported
452  * @out: output buffer of sufficient size that can hold the hash state
453  *
454  * This function exports the hash state of the ahash_request handle into the
455  * caller-allocated output buffer out which must have sufficient size (e.g. by
456  * calling crypto_ahash_reqsize).
457  *
458  * Return: 0 if the export was successful; < 0 if an error occurred
459  */
460 static inline int crypto_ahash_export(struct ahash_request *req, void *out)
461 {
462 	return crypto_ahash_reqtfm(req)->export(req, out);
463 }
464 
465 /**
466  * crypto_ahash_import() - import message digest state
467  * @req: reference to ahash_request handle the state is imported into
468  * @in: buffer holding the state
469  *
470  * This function imports the hash state into the ahash_request handle from the
471  * input buffer. That buffer should have been generated with the
472  * crypto_ahash_export function.
473  *
474  * Return: 0 if the import was successful; < 0 if an error occurred
475  */
476 static inline int crypto_ahash_import(struct ahash_request *req, const void *in)
477 {
478 	return crypto_ahash_reqtfm(req)->import(req, in);
479 }
480 
481 /**
482  * crypto_ahash_init() - (re)initialize message digest handle
483  * @req: ahash_request handle that already is initialized with all necessary
484  *	 data using the ahash_request_* API functions
485  *
486  * The call (re-)initializes the message digest referenced by the ahash_request
487  * handle. Any potentially existing state created by previous operations is
488  * discarded.
489  *
490  * Return: 0 if the message digest initialization was successful; < 0 if an
491  *	   error occurred
492  */
493 static inline int crypto_ahash_init(struct ahash_request *req)
494 {
495 	return crypto_ahash_reqtfm(req)->init(req);
496 }
497 
498 /**
499  * crypto_ahash_update() - add data to message digest for processing
500  * @req: ahash_request handle that was previously initialized with the
501  *	 crypto_ahash_init call.
502  *
503  * Updates the message digest state of the &ahash_request handle. The input data
504  * is pointed to by the scatter/gather list registered in the &ahash_request
505  * handle
506  *
507  * Return: 0 if the message digest update was successful; < 0 if an error
508  *	   occurred
509  */
510 static inline int crypto_ahash_update(struct ahash_request *req)
511 {
512 	return crypto_ahash_reqtfm(req)->update(req);
513 }
514 
515 /**
516  * DOC: Asynchronous Hash Request Handle
517  *
518  * The &ahash_request data structure contains all pointers to data
519  * required for the asynchronous cipher operation. This includes the cipher
520  * handle (which can be used by multiple &ahash_request instances), pointer
521  * to plaintext and the message digest output buffer, asynchronous callback
522  * function, etc. It acts as a handle to the ahash_request_* API calls in a
523  * similar way as ahash handle to the crypto_ahash_* API calls.
524  */
525 
526 /**
527  * ahash_request_set_tfm() - update cipher handle reference in request
528  * @req: request handle to be modified
529  * @tfm: cipher handle that shall be added to the request handle
530  *
531  * Allow the caller to replace the existing ahash handle in the request
532  * data structure with a different one.
533  */
534 static inline void ahash_request_set_tfm(struct ahash_request *req,
535 					 struct crypto_ahash *tfm)
536 {
537 	req->base.tfm = crypto_ahash_tfm(tfm);
538 }
539 
540 /**
541  * ahash_request_alloc() - allocate request data structure
542  * @tfm: cipher handle to be registered with the request
543  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
544  *
545  * Allocate the request data structure that must be used with the ahash
546  * message digest API calls. During
547  * the allocation, the provided ahash handle
548  * is registered in the request data structure.
549  *
550  * Return: allocated request handle in case of success, or NULL if out of memory
551  */
552 static inline struct ahash_request *ahash_request_alloc(
553 	struct crypto_ahash *tfm, gfp_t gfp)
554 {
555 	struct ahash_request *req;
556 
557 	req = kmalloc(sizeof(struct ahash_request) +
558 		      crypto_ahash_reqsize(tfm), gfp);
559 
560 	if (likely(req))
561 		ahash_request_set_tfm(req, tfm);
562 
563 	return req;
564 }
565 
566 /**
567  * ahash_request_free() - zeroize and free the request data structure
568  * @req: request data structure cipher handle to be freed
569  */
570 static inline void ahash_request_free(struct ahash_request *req)
571 {
572 	kzfree(req);
573 }
574 
575 static inline void ahash_request_zero(struct ahash_request *req)
576 {
577 	memzero_explicit(req, sizeof(*req) +
578 			      crypto_ahash_reqsize(crypto_ahash_reqtfm(req)));
579 }
580 
581 static inline struct ahash_request *ahash_request_cast(
582 	struct crypto_async_request *req)
583 {
584 	return container_of(req, struct ahash_request, base);
585 }
586 
587 /**
588  * ahash_request_set_callback() - set asynchronous callback function
589  * @req: request handle
590  * @flags: specify zero or an ORing of the flags
591  *	   CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
592  *	   increase the wait queue beyond the initial maximum size;
593  *	   CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
594  * @compl: callback function pointer to be registered with the request handle
595  * @data: The data pointer refers to memory that is not used by the kernel
596  *	  crypto API, but provided to the callback function for it to use. Here,
597  *	  the caller can provide a reference to memory the callback function can
598  *	  operate on. As the callback function is invoked asynchronously to the
599  *	  related functionality, it may need to access data structures of the
600  *	  related functionality which can be referenced using this pointer. The
601  *	  callback function can access the memory via the "data" field in the
602  *	  &crypto_async_request data structure provided to the callback function.
603  *
604  * This function allows setting the callback function that is triggered once
605  * the cipher operation completes.
606  *
607  * The callback function is registered with the &ahash_request handle and
608  * must comply with the following template
609  *
610  *	void callback_function(struct crypto_async_request *req, int error)
611  */
612 static inline void ahash_request_set_callback(struct ahash_request *req,
613 					      u32 flags,
614 					      crypto_completion_t compl,
615 					      void *data)
616 {
617 	req->base.complete = compl;
618 	req->base.data = data;
619 	req->base.flags = flags;
620 }
621 
622 /**
623  * ahash_request_set_crypt() - set data buffers
624  * @req: ahash_request handle to be updated
625  * @src: source scatter/gather list
626  * @result: buffer that is filled with the message digest -- the caller must
627  *	    ensure that the buffer has sufficient space by, for example, calling
628  *	    crypto_ahash_digestsize()
629  * @nbytes: number of bytes to process from the source scatter/gather list
630  *
631  * By using this call, the caller references the source scatter/gather list.
632  * The source scatter/gather list points to the data the message digest is to
633  * be calculated for.
634  */
635 static inline void ahash_request_set_crypt(struct ahash_request *req,
636 					   struct scatterlist *src, u8 *result,
637 					   unsigned int nbytes)
638 {
639 	req->src = src;
640 	req->nbytes = nbytes;
641 	req->result = result;
642 }
643 
644 /**
645  * DOC: Synchronous Message Digest API
646  *
647  * The synchronous message digest API is used with the ciphers of type
648  * CRYPTO_ALG_TYPE_SHASH (listed as type "shash" in /proc/crypto)
649  *
650  * The message digest API is able to maintain state information for the
651  * caller.
652  *
653  * The synchronous message digest API can store user-related context in in its
654  * shash_desc request data structure.
655  */
656 
657 /**
658  * crypto_alloc_shash() - allocate message digest handle
659  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
660  *	      message digest cipher
661  * @type: specifies the type of the cipher
662  * @mask: specifies the mask for the cipher
663  *
664  * Allocate a cipher handle for a message digest. The returned &struct
665  * crypto_shash is the cipher handle that is required for any subsequent
666  * API invocation for that message digest.
667  *
668  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
669  *	   of an error, PTR_ERR() returns the error code.
670  */
671 struct crypto_shash *crypto_alloc_shash(const char *alg_name, u32 type,
672 					u32 mask);
673 
674 static inline struct crypto_tfm *crypto_shash_tfm(struct crypto_shash *tfm)
675 {
676 	return &tfm->base;
677 }
678 
679 /**
680  * crypto_free_shash() - zeroize and free the message digest handle
681  * @tfm: cipher handle to be freed
682  */
683 static inline void crypto_free_shash(struct crypto_shash *tfm)
684 {
685 	crypto_destroy_tfm(tfm, crypto_shash_tfm(tfm));
686 }
687 
688 static inline const char *crypto_shash_alg_name(struct crypto_shash *tfm)
689 {
690 	return crypto_tfm_alg_name(crypto_shash_tfm(tfm));
691 }
692 
693 static inline const char *crypto_shash_driver_name(struct crypto_shash *tfm)
694 {
695 	return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
696 }
697 
698 static inline unsigned int crypto_shash_alignmask(
699 	struct crypto_shash *tfm)
700 {
701 	return crypto_tfm_alg_alignmask(crypto_shash_tfm(tfm));
702 }
703 
704 /**
705  * crypto_shash_blocksize() - obtain block size for cipher
706  * @tfm: cipher handle
707  *
708  * The block size for the message digest cipher referenced with the cipher
709  * handle is returned.
710  *
711  * Return: block size of cipher
712  */
713 static inline unsigned int crypto_shash_blocksize(struct crypto_shash *tfm)
714 {
715 	return crypto_tfm_alg_blocksize(crypto_shash_tfm(tfm));
716 }
717 
718 static inline struct shash_alg *__crypto_shash_alg(struct crypto_alg *alg)
719 {
720 	return container_of(alg, struct shash_alg, base);
721 }
722 
723 static inline struct shash_alg *crypto_shash_alg(struct crypto_shash *tfm)
724 {
725 	return __crypto_shash_alg(crypto_shash_tfm(tfm)->__crt_alg);
726 }
727 
728 /**
729  * crypto_shash_digestsize() - obtain message digest size
730  * @tfm: cipher handle
731  *
732  * The size for the message digest created by the message digest cipher
733  * referenced with the cipher handle is returned.
734  *
735  * Return: digest size of cipher
736  */
737 static inline unsigned int crypto_shash_digestsize(struct crypto_shash *tfm)
738 {
739 	return crypto_shash_alg(tfm)->digestsize;
740 }
741 
742 static inline unsigned int crypto_shash_statesize(struct crypto_shash *tfm)
743 {
744 	return crypto_shash_alg(tfm)->statesize;
745 }
746 
747 static inline u32 crypto_shash_get_flags(struct crypto_shash *tfm)
748 {
749 	return crypto_tfm_get_flags(crypto_shash_tfm(tfm));
750 }
751 
752 static inline void crypto_shash_set_flags(struct crypto_shash *tfm, u32 flags)
753 {
754 	crypto_tfm_set_flags(crypto_shash_tfm(tfm), flags);
755 }
756 
757 static inline void crypto_shash_clear_flags(struct crypto_shash *tfm, u32 flags)
758 {
759 	crypto_tfm_clear_flags(crypto_shash_tfm(tfm), flags);
760 }
761 
762 /**
763  * crypto_shash_descsize() - obtain the operational state size
764  * @tfm: cipher handle
765  *
766  * The size of the operational state the cipher needs during operation is
767  * returned for the hash referenced with the cipher handle. This size is
768  * required to calculate the memory requirements to allow the caller allocating
769  * sufficient memory for operational state.
770  *
771  * The operational state is defined with struct shash_desc where the size of
772  * that data structure is to be calculated as
773  * sizeof(struct shash_desc) + crypto_shash_descsize(alg)
774  *
775  * Return: size of the operational state
776  */
777 static inline unsigned int crypto_shash_descsize(struct crypto_shash *tfm)
778 {
779 	return tfm->descsize;
780 }
781 
782 static inline void *shash_desc_ctx(struct shash_desc *desc)
783 {
784 	return desc->__ctx;
785 }
786 
787 /**
788  * crypto_shash_setkey() - set key for message digest
789  * @tfm: cipher handle
790  * @key: buffer holding the key
791  * @keylen: length of the key in bytes
792  *
793  * The caller provided key is set for the keyed message digest cipher. The
794  * cipher handle must point to a keyed message digest cipher in order for this
795  * function to succeed.
796  *
797  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
798  */
799 int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
800 			unsigned int keylen);
801 
802 /**
803  * crypto_shash_digest() - calculate message digest for buffer
804  * @desc: see crypto_shash_final()
805  * @data: see crypto_shash_update()
806  * @len: see crypto_shash_update()
807  * @out: see crypto_shash_final()
808  *
809  * This function is a "short-hand" for the function calls of crypto_shash_init,
810  * crypto_shash_update and crypto_shash_final. The parameters have the same
811  * meaning as discussed for those separate three functions.
812  *
813  * Return: 0 if the message digest creation was successful; < 0 if an error
814  *	   occurred
815  */
816 int crypto_shash_digest(struct shash_desc *desc, const u8 *data,
817 			unsigned int len, u8 *out);
818 
819 /**
820  * crypto_shash_export() - extract operational state for message digest
821  * @desc: reference to the operational state handle whose state is exported
822  * @out: output buffer of sufficient size that can hold the hash state
823  *
824  * This function exports the hash state of the operational state handle into the
825  * caller-allocated output buffer out which must have sufficient size (e.g. by
826  * calling crypto_shash_descsize).
827  *
828  * Return: 0 if the export creation was successful; < 0 if an error occurred
829  */
830 static inline int crypto_shash_export(struct shash_desc *desc, void *out)
831 {
832 	return crypto_shash_alg(desc->tfm)->export(desc, out);
833 }
834 
835 /**
836  * crypto_shash_import() - import operational state
837  * @desc: reference to the operational state handle the state imported into
838  * @in: buffer holding the state
839  *
840  * This function imports the hash state into the operational state handle from
841  * the input buffer. That buffer should have been generated with the
842  * crypto_ahash_export function.
843  *
844  * Return: 0 if the import was successful; < 0 if an error occurred
845  */
846 static inline int crypto_shash_import(struct shash_desc *desc, const void *in)
847 {
848 	return crypto_shash_alg(desc->tfm)->import(desc, in);
849 }
850 
851 /**
852  * crypto_shash_init() - (re)initialize message digest
853  * @desc: operational state handle that is already filled
854  *
855  * The call (re-)initializes the message digest referenced by the
856  * operational state handle. Any potentially existing state created by
857  * previous operations is discarded.
858  *
859  * Return: 0 if the message digest initialization was successful; < 0 if an
860  *	   error occurred
861  */
862 static inline int crypto_shash_init(struct shash_desc *desc)
863 {
864 	return crypto_shash_alg(desc->tfm)->init(desc);
865 }
866 
867 /**
868  * crypto_shash_update() - add data to message digest for processing
869  * @desc: operational state handle that is already initialized
870  * @data: input data to be added to the message digest
871  * @len: length of the input data
872  *
873  * Updates the message digest state of the operational state handle.
874  *
875  * Return: 0 if the message digest update was successful; < 0 if an error
876  *	   occurred
877  */
878 int crypto_shash_update(struct shash_desc *desc, const u8 *data,
879 			unsigned int len);
880 
881 /**
882  * crypto_shash_final() - calculate message digest
883  * @desc: operational state handle that is already filled with data
884  * @out: output buffer filled with the message digest
885  *
886  * Finalize the message digest operation and create the message digest
887  * based on all data added to the cipher handle. The message digest is placed
888  * into the output buffer. The caller must ensure that the output buffer is
889  * large enough by using crypto_shash_digestsize.
890  *
891  * Return: 0 if the message digest creation was successful; < 0 if an error
892  *	   occurred
893  */
894 int crypto_shash_final(struct shash_desc *desc, u8 *out);
895 
896 /**
897  * crypto_shash_finup() - calculate message digest of buffer
898  * @desc: see crypto_shash_final()
899  * @data: see crypto_shash_update()
900  * @len: see crypto_shash_update()
901  * @out: see crypto_shash_final()
902  *
903  * This function is a "short-hand" for the function calls of
904  * crypto_shash_update and crypto_shash_final. The parameters have the same
905  * meaning as discussed for those separate functions.
906  *
907  * Return: 0 if the message digest creation was successful; < 0 if an error
908  *	   occurred
909  */
910 int crypto_shash_finup(struct shash_desc *desc, const u8 *data,
911 		       unsigned int len, u8 *out);
912 
913 static inline void shash_desc_zero(struct shash_desc *desc)
914 {
915 	memzero_explicit(desc,
916 			 sizeof(*desc) + crypto_shash_descsize(desc->tfm));
917 }
918 
919 #endif	/* _CRYPTO_HASH_H */
920