tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: sha256 - Use same state format as legacy drivers

Make the export and import functions for the sha224, sha256,
hmac(sha224), and hmac(sha256) shash algorithms use the same format as
the padlock-sha and nx-sha256 drivers, as required by Herbert.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250630160645.3198-11-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Eric Biggers 07f09095 e0cd3716

+95
+95
crypto/sha256.c
··· 13 13 #include <linux/kernel.h> 14 14 #include <linux/module.h> 15 15 16 + /* 17 + * Export and import functions. crypto_shash wants a particular format that 18 + * matches that used by some legacy drivers. It currently is the same as the 19 + * library SHA context, except the value in bytecount must be block-aligned and 20 + * the remainder must be stored in an extra u8 appended to the struct. 21 + */ 22 + 23 + #define SHA256_SHASH_STATE_SIZE 105 24 + static_assert(offsetof(struct __sha256_ctx, state) == 0); 25 + static_assert(offsetof(struct __sha256_ctx, bytecount) == 32); 26 + static_assert(offsetof(struct __sha256_ctx, buf) == 40); 27 + static_assert(sizeof(struct __sha256_ctx) + 1 == SHA256_SHASH_STATE_SIZE); 28 + 29 + static int __crypto_sha256_export(const struct __sha256_ctx *ctx0, void *out) 30 + { 31 + struct __sha256_ctx ctx = *ctx0; 32 + unsigned int partial; 33 + u8 *p = out; 34 + 35 + partial = ctx.bytecount % SHA256_BLOCK_SIZE; 36 + ctx.bytecount -= partial; 37 + memcpy(p, &ctx, sizeof(ctx)); 38 + p += sizeof(ctx); 39 + *p = partial; 40 + return 0; 41 + } 42 + 43 + static int __crypto_sha256_import(struct __sha256_ctx *ctx, const void *in) 44 + { 45 + const u8 *p = in; 46 + 47 + memcpy(ctx, p, sizeof(*ctx)); 48 + p += sizeof(*ctx); 49 + ctx->bytecount += *p; 50 + return 0; 51 + } 52 + 16 53 /* SHA-224 */ 17 54 18 55 const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = { ··· 88 51 return 0; 89 52 } 90 53 54 + static int crypto_sha224_export(struct shash_desc *desc, void *out) 55 + { 56 + return __crypto_sha256_export(&SHA224_CTX(desc)->ctx, out); 57 + } 58 + 59 + static int crypto_sha224_import(struct shash_desc *desc, const void *in) 60 + { 61 + return __crypto_sha256_import(&SHA224_CTX(desc)->ctx, in); 62 + } 63 + 91 64 /* SHA-256 */ 92 65 93 66 const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = { ··· 134 87 { 135 88 sha256(data, len, out); 136 89 return 0; 90 + } 91 + 92 + static int crypto_sha256_export(struct shash_desc *desc, void *out) 93 + { 94 + return __crypto_sha256_export(&SHA256_CTX(desc)->ctx, out); 95 + } 96 + 97 + static int crypto_sha256_import(struct shash_desc *desc, const void *in) 98 + { 99 + return __crypto_sha256_import(&SHA256_CTX(desc)->ctx, in); 137 100 } 138 101 139 102 /* HMAC-SHA224 */ ··· 185 128 return 0; 186 129 } 187 130 131 + static int crypto_hmac_sha224_export(struct shash_desc *desc, void *out) 132 + { 133 + return __crypto_sha256_export(&HMAC_SHA224_CTX(desc)->ctx.sha_ctx, out); 134 + } 135 + 136 + static int crypto_hmac_sha224_import(struct shash_desc *desc, const void *in) 137 + { 138 + struct hmac_sha224_ctx *ctx = HMAC_SHA224_CTX(desc); 139 + 140 + ctx->ctx.ostate = HMAC_SHA224_KEY(desc->tfm)->key.ostate; 141 + return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 142 + } 143 + 188 144 /* HMAC-SHA256 */ 189 145 190 146 #define HMAC_SHA256_KEY(tfm) ((struct hmac_sha256_key *)crypto_shash_ctx(tfm)) ··· 237 167 return 0; 238 168 } 239 169 170 + static int crypto_hmac_sha256_export(struct shash_desc *desc, void *out) 171 + { 172 + return __crypto_sha256_export(&HMAC_SHA256_CTX(desc)->ctx.sha_ctx, out); 173 + } 174 + 175 + static int crypto_hmac_sha256_import(struct shash_desc *desc, const void *in) 176 + { 177 + struct hmac_sha256_ctx *ctx = HMAC_SHA256_CTX(desc); 178 + 179 + ctx->ctx.ostate = HMAC_SHA256_KEY(desc->tfm)->key.ostate; 180 + return __crypto_sha256_import(&ctx->ctx.sha_ctx, in); 181 + } 182 + 240 183 /* Algorithm definitions */ 241 184 242 185 static struct shash_alg algs[] = { ··· 264 181 .update = crypto_sha224_update, 265 182 .final = crypto_sha224_final, 266 183 .digest = crypto_sha224_digest, 184 + .export = crypto_sha224_export, 185 + .import = crypto_sha224_import, 267 186 .descsize = sizeof(struct sha224_ctx), 187 + .statesize = SHA256_SHASH_STATE_SIZE, 268 188 }, 269 189 { 270 190 .base.cra_name = "sha256", ··· 280 194 .update = crypto_sha256_update, 281 195 .final = crypto_sha256_final, 282 196 .digest = crypto_sha256_digest, 197 + .export = crypto_sha256_export, 198 + .import = crypto_sha256_import, 283 199 .descsize = sizeof(struct sha256_ctx), 200 + .statesize = SHA256_SHASH_STATE_SIZE, 284 201 }, 285 202 { 286 203 .base.cra_name = "hmac(sha224)", ··· 298 209 .update = crypto_hmac_sha224_update, 299 210 .final = crypto_hmac_sha224_final, 300 211 .digest = crypto_hmac_sha224_digest, 212 + .export = crypto_hmac_sha224_export, 213 + .import = crypto_hmac_sha224_import, 301 214 .descsize = sizeof(struct hmac_sha224_ctx), 215 + .statesize = SHA256_SHASH_STATE_SIZE, 302 216 }, 303 217 { 304 218 .base.cra_name = "hmac(sha256)", ··· 316 224 .update = crypto_hmac_sha256_update, 317 225 .final = crypto_hmac_sha256_final, 318 226 .digest = crypto_hmac_sha256_digest, 227 + .export = crypto_hmac_sha256_export, 228 + .import = crypto_hmac_sha256_import, 319 229 .descsize = sizeof(struct hmac_sha256_ctx), 230 + .statesize = SHA256_SHASH_STATE_SIZE, 320 231 }, 321 232 }; 322 233