Message Digest Algorithm Definitions¶
These data structures define modular message digest algorithm implementations, managed via crypto_register_ahash(), crypto_register_shash(), crypto_unregister_ahash() and crypto_unregister_shash().
-
struct
hash_alg_common
¶ define properties of message digest
Definition
struct hash_alg_common {
unsigned int digestsize;
unsigned int statesize;
struct crypto_alg base;
};
Members
digestsize
- Size of the result of the transformation. A buffer of this size must be available to the final and finup calls, so they can store the resulting hash into it. For various predefined sizes, search include/crypto/ using git grep _DIGEST_SIZE include/crypto.
statesize
- Size of the block for partial state of the transformation. A buffer of this size must be passed to the export function as it will save the partial state of the transformation into it. On the other side, the import function will load the state from a buffer of this size as well.
base
- Start of data structure of cipher algorithm. The common data structure of crypto_alg contains information common to all ciphers. The hash_alg_common data structure now adds the hash-specific information.
-
struct
ahash_alg
¶ asynchronous message digest definition
Definition
struct ahash_alg {
int (*init)(struct ahash_request *req);
int (*update)(struct ahash_request *req);
int (*final)(struct ahash_request *req);
int (*finup)(struct ahash_request *req);
int (*digest)(struct ahash_request *req);
int (*export)(struct ahash_request *req, void *out);
int (*import)(struct ahash_request *req, const void *in);
int (*setkey)(struct crypto_ahash *tfm, const u8 *key, unsigned int keylen);
int (*init_tfm)(struct crypto_ahash *tfm);
void (*exit_tfm)(struct crypto_ahash *tfm);
struct hash_alg_common halg;
};
Members
init
- [mandatory] Initialize the transformation context. Intended only to initialize the state of the HASH transformation at the beginning. This shall fill in the internal structures used during the entire duration of the whole transformation. No data processing happens at this point. Driver code implementation must not use req->result.
update
- [mandatory] Push a chunk of data into the driver for transformation. This function actually pushes blocks of data from upper layers into the driver, which then passes those to the hardware as seen fit. This function must not finalize the HASH transformation by calculating the final message digest as this only adds more data into the transformation. This function shall not modify the transformation context, as this function may be called in parallel with the same transformation object. Data processing can happen synchronously [SHASH] or asynchronously [AHASH] at this point. Driver must not use req->result.
final
- [mandatory] Retrieve result from the driver. This function finalizes the transformation and retrieves the resulting hash from the driver and pushes it back to upper layers. No data processing happens at this point unless hardware requires it to finish the transformation (then the data buffered by the device driver is processed).
finup
- [optional] Combination of update and final. This function is effectively a combination of update and final calls issued in sequence. As some hardware cannot do update and final separately, this callback was added to allow such hardware to be used at least by IPsec. Data processing can happen synchronously [SHASH] or asynchronously [AHASH] at this point.
digest
- Combination of init and update and final. This function effectively behaves as the entire chain of operations, init, update and final issued in sequence. Just like finup, this was added for hardware which cannot do even the finup, but can only do the whole transformation in one run. Data processing can happen synchronously [SHASH] or asynchronously [AHASH] at this point.
export
- Export partial state of the transformation. This function dumps the entire state of the ongoing transformation into a provided block of data so it can be import ‘ed back later on. This is useful in case you want to save partial result of the transformation after processing certain amount of data and reload this partial result multiple times later on for multiple re-use. No data processing happens at this point. Driver must not use req->result.
import
- Import partial state of the transformation. This function loads the entire state of the ongoing transformation from a provided block of data so the transformation can continue from this point onward. No data processing happens at this point. Driver must not use req->result.
setkey
- Set optional key used by the hashing algorithm. Intended to push optional key used by the hashing algorithm from upper layers into the driver. This function can store the key in the transformation context or can outright program it into the hardware. In the former case, one must be careful to program the key into the hardware at appropriate time and one must be careful that .setkey() can be called multiple times during the existence of the transformation object. Not all hashing algorithms do implement this function as it is only needed for keyed message digests. SHAx/MDx/CRCx do NOT implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement this function. This function must be called before any other of the init, update, final, finup, digest is called. No data processing happens at this point.
init_tfm
- Initialize the cryptographic transformation object. This function is called only once at the instantiation time, right after the transformation context was allocated. In case the cryptographic hardware has some special requirements which need to be handled by software, this function shall check for the precise requirement of the transformation and put any software fallbacks in place.
exit_tfm
- Deinitialize the cryptographic transformation object. This is a counterpart to init_tfm, used to remove various changes set in init_tfm.
halg
- see
struct hash_alg_common
-
struct
shash_alg
¶ synchronous message digest definition
Definition
struct shash_alg {
int (*init)(struct shash_desc *desc);
int (*update)(struct shash_desc *desc, const u8 *data, unsigned int len);
int (*final)(struct shash_desc *desc, u8 *out);
int (*finup)(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out);
int (*digest)(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out);
int (*export)(struct shash_desc *desc, void *out);
int (*import)(struct shash_desc *desc, const void *in);
int (*setkey)(struct crypto_shash *tfm, const u8 *key, unsigned int keylen);
int (*init_tfm)(struct crypto_shash *tfm);
void (*exit_tfm)(struct crypto_shash *tfm);
unsigned int descsize;
unsigned int digestsize ;
unsigned int statesize;
struct crypto_alg base;
};
Members
init
- see
struct ahash_alg
update
- see
struct ahash_alg
final
- see
struct ahash_alg
finup
- see
struct ahash_alg
digest
- see
struct ahash_alg
export
- see
struct ahash_alg
import
- see
struct ahash_alg
setkey
- see
struct ahash_alg
init_tfm
- Initialize the cryptographic transformation object. This function is called only once at the instantiation time, right after the transformation context was allocated. In case the cryptographic hardware has some special requirements which need to be handled by software, this function shall check for the precise requirement of the transformation and put any software fallbacks in place.
exit_tfm
- Deinitialize the cryptographic transformation object. This is a counterpart to init_tfm, used to remove various changes set in init_tfm.
descsize
- Size of the operational state for the message digest. This state size is the memory size that needs to be allocated for shash_desc.__ctx
digestsize
- see
struct ahash_alg
statesize
- see
struct ahash_alg
base
- internally used
Asynchronous Message Digest API¶
The asynchronous message digest API is used with the ciphers of type CRYPTO_ALG_TYPE_AHASH (listed as type “ahash” in /proc/crypto)
The asynchronous cipher operation discussion provided for the CRYPTO_ALG_TYPE_SKCIPHER API applies here as well.
-
struct crypto_ahash *
crypto_alloc_ahash
(const char *alg_name, u32 type, u32 mask)¶ allocate ahash cipher handle
Parameters
const char *alg_name
- is the cra_name / name or cra_driver_name / driver name of the ahash cipher
u32 type
- specifies the type of the cipher
u32 mask
- specifies the mask for the cipher
Description
Allocate a cipher handle for an ahash. The returned struct crypto_ahash is the cipher handle that is required for any subsequent API invocation for that ahash.
Return
- allocated cipher handle in case of success; IS_ERR() is true in case
- of an error, PTR_ERR() returns the error code.
-
void
crypto_free_ahash
(struct crypto_ahash *tfm)¶ zeroize and free the ahash handle
Parameters
struct crypto_ahash *tfm
- cipher handle to be freed
-
unsigned int
crypto_ahash_digestsize
(struct crypto_ahash *tfm)¶ obtain message digest size
Parameters
struct crypto_ahash *tfm
- cipher handle
Description
The size for the message digest created by the message digest cipher referenced with the cipher handle is returned.
Return
message digest size of cipher
-
unsigned int
crypto_ahash_statesize
(struct crypto_ahash *tfm)¶ obtain size of the ahash state
Parameters
struct crypto_ahash *tfm
- cipher handle
Description
Return the size of the ahash state. With the crypto_ahash_export()
function, the caller can export the state into a buffer whose size is
defined with this function.
Return
size of the ahash state
-
struct crypto_ahash *
crypto_ahash_reqtfm
(struct ahash_request *req)¶ obtain cipher handle from request
Parameters
struct ahash_request *req
- asynchronous request handle that contains the reference to the ahash cipher handle
Description
Return the ahash cipher handle that is registered with the asynchronous request handle ahash_request.
Return
ahash cipher handle
-
unsigned int
crypto_ahash_reqsize
(struct crypto_ahash *tfm)¶ obtain size of the request data structure
Parameters
struct crypto_ahash *tfm
- cipher handle
Return
size of the request data
-
int
crypto_ahash_setkey
(struct crypto_ahash *tfm, const u8 *key, unsigned int keylen)¶ set key for cipher handle
Parameters
struct crypto_ahash *tfm
- cipher handle
const u8 *key
- buffer holding the key
unsigned int keylen
- length of the key in bytes
Description
The caller provided key is set for the ahash cipher. The cipher handle must point to a keyed hash in order for this function to succeed.
Return
0 if the setting of the key was successful; < 0 if an error occurred
-
int
crypto_ahash_finup
(struct ahash_request *req)¶ update and finalize message digest
Parameters
struct ahash_request *req
- reference to the ahash_request handle that holds all information needed to perform the cipher operation
Description
This function is a “short-hand” for the function calls of crypto_ahash_update and crypto_ahash_final. The parameters have the same meaning as discussed for those separate functions.
Return
-
int
crypto_ahash_final
(struct ahash_request *req)¶ calculate message digest
Parameters
struct ahash_request *req
- reference to the ahash_request handle that holds all information needed to perform the cipher operation
Description
Finalize the message digest operation and create the message digest based on all data added to the cipher handle. The message digest is placed into the output buffer registered with the ahash_request handle.
Return
0 if the message digest was successfully calculated; -EINPROGRESS if data is feeded into hardware (DMA) or queued for later; -EBUSY if queue is full and request should be resubmitted later; other < 0 if an error occurred
-
int
crypto_ahash_digest
(struct ahash_request *req)¶ calculate message digest for a buffer
Parameters
struct ahash_request *req
- reference to the ahash_request handle that holds all information needed to perform the cipher operation
Description
This function is a “short-hand” for the function calls of crypto_ahash_init, crypto_ahash_update and crypto_ahash_final. The parameters have the same meaning as discussed for those separate three functions.
Return
-
int
crypto_ahash_export
(struct ahash_request *req, void *out)¶ extract current message digest state
Parameters
struct ahash_request *req
- reference to the ahash_request handle whose state is exported
void *out
- output buffer of sufficient size that can hold the hash state
Description
This function exports the hash state of the ahash_request handle into the
caller-allocated output buffer out which must have sufficient size (e.g. by
calling crypto_ahash_statesize()
).
Return
0 if the export was successful; < 0 if an error occurred
-
int
crypto_ahash_import
(struct ahash_request *req, const void *in)¶ import message digest state
Parameters
struct ahash_request *req
- reference to ahash_request handle the state is imported into
const void *in
- buffer holding the state
Description
This function imports the hash state into the ahash_request handle from the input buffer. That buffer should have been generated with the crypto_ahash_export function.
Return
0 if the import was successful; < 0 if an error occurred
-
int
crypto_ahash_init
(struct ahash_request *req)¶ (re)initialize message digest handle
Parameters
struct ahash_request *req
- ahash_request handle that already is initialized with all necessary data using the ahash_request_* API functions
Description
The call (re-)initializes the message digest referenced by the ahash_request handle. Any potentially existing state created by previous operations is discarded.
Return
Asynchronous Hash Request Handle¶
The ahash_request
data structure contains all pointers to data
required for the asynchronous cipher operation. This includes the cipher
handle (which can be used by multiple ahash_request
instances), pointer
to plaintext and the message digest output buffer, asynchronous callback
function, etc. It acts as a handle to the ahash_request_* API calls in a
similar way as ahash handle to the crypto_ahash_* API calls.
-
void
ahash_request_set_tfm
(struct ahash_request *req, struct crypto_ahash *tfm)¶ update cipher handle reference in request
Parameters
struct ahash_request *req
- request handle to be modified
struct crypto_ahash *tfm
- cipher handle that shall be added to the request handle
Description
Allow the caller to replace the existing ahash handle in the request data structure with a different one.
-
struct ahash_request *
ahash_request_alloc
(struct crypto_ahash *tfm, gfp_t gfp)¶ allocate request data structure
Parameters
struct crypto_ahash *tfm
- cipher handle to be registered with the request
gfp_t gfp
- memory allocation flag that is handed to kmalloc by the API call.
Description
Allocate the request data structure that must be used with the ahash message digest API calls. During the allocation, the provided ahash handle is registered in the request data structure.
Return
allocated request handle in case of success, or NULL if out of memory
-
void
ahash_request_free
(struct ahash_request *req)¶ zeroize and free the request data structure
Parameters
struct ahash_request *req
- request data structure cipher handle to be freed
-
void
ahash_request_set_callback
(struct ahash_request *req, u32 flags, crypto_completion_t compl, void *data)¶ set asynchronous callback function
Parameters
struct ahash_request *req
- request handle
u32 flags
- specify zero or an ORing of the flags CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and increase the wait queue beyond the initial maximum size; CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
crypto_completion_t compl
- callback function pointer to be registered with the request handle
void *data
- The data pointer refers to memory that is not used by the kernel
crypto API, but provided to the callback function for it to use. Here,
the caller can provide a reference to memory the callback function can
operate on. As the callback function is invoked asynchronously to the
related functionality, it may need to access data structures of the
related functionality which can be referenced using this pointer. The
callback function can access the memory via the “data” field in the
crypto_async_request
data structure provided to the callback function.
Description
This function allows setting the callback function that is triggered once the cipher operation completes.
The callback function is registered with the ahash_request
handle and
must comply with the following template:
void callback_function(struct crypto_async_request *req, int error)
-
void
ahash_request_set_crypt
(struct ahash_request *req, struct scatterlist *src, u8 *result, unsigned int nbytes)¶ set data buffers
Parameters
struct ahash_request *req
- ahash_request handle to be updated
struct scatterlist *src
- source scatter/gather list
u8 *result
- buffer that is filled with the message digest – the caller must
ensure that the buffer has sufficient space by, for example, calling
crypto_ahash_digestsize()
unsigned int nbytes
- number of bytes to process from the source scatter/gather list
Description
By using this call, the caller references the source scatter/gather list. The source scatter/gather list points to the data the message digest is to be calculated for.
Synchronous Message Digest API¶
The synchronous message digest API is used with the ciphers of type CRYPTO_ALG_TYPE_SHASH (listed as type “shash” in /proc/crypto)
The message digest API is able to maintain state information for the caller.
The synchronous message digest API can store user-related context in its shash_desc request data structure.
-
struct crypto_shash *
crypto_alloc_shash
(const char *alg_name, u32 type, u32 mask)¶ allocate message digest handle
Parameters
const char *alg_name
- is the cra_name / name or cra_driver_name / driver name of the message digest cipher
u32 type
- specifies the type of the cipher
u32 mask
- specifies the mask for the cipher
Description
Allocate a cipher handle for a message digest. The returned struct
crypto_shash
is the cipher handle that is required for any subsequent
API invocation for that message digest.
Return
- allocated cipher handle in case of success; IS_ERR() is true in case
- of an error, PTR_ERR() returns the error code.
-
void
crypto_free_shash
(struct crypto_shash *tfm)¶ zeroize and free the message digest handle
Parameters
struct crypto_shash *tfm
- cipher handle to be freed
-
unsigned int
crypto_shash_blocksize
(struct crypto_shash *tfm)¶ obtain block size for cipher
Parameters
struct crypto_shash *tfm
- cipher handle
Description
The block size for the message digest cipher referenced with the cipher handle is returned.
Return
block size of cipher
-
unsigned int
crypto_shash_digestsize
(struct crypto_shash *tfm)¶ obtain message digest size
Parameters
struct crypto_shash *tfm
- cipher handle
Description
The size for the message digest created by the message digest cipher referenced with the cipher handle is returned.
Return
digest size of cipher
-
unsigned int
crypto_shash_descsize
(struct crypto_shash *tfm)¶ obtain the operational state size
Parameters
struct crypto_shash *tfm
- cipher handle
Description
The size of the operational state the cipher needs during operation is returned for the hash referenced with the cipher handle. This size is required to calculate the memory requirements to allow the caller allocating sufficient memory for operational state.
The operational state is defined with struct shash_desc where the size of that data structure is to be calculated as sizeof(struct shash_desc) + crypto_shash_descsize(alg)
Return
size of the operational state
-
int
crypto_shash_setkey
(struct crypto_shash *tfm, const u8 *key, unsigned int keylen)¶ set key for message digest
Parameters
struct crypto_shash *tfm
- cipher handle
const u8 *key
- buffer holding the key
unsigned int keylen
- length of the key in bytes
Description
The caller provided key is set for the keyed message digest cipher. The cipher handle must point to a keyed message digest cipher in order for this function to succeed.
Context
Any context.
Return
0 if the setting of the key was successful; < 0 if an error occurred
-
int
crypto_shash_digest
(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out)¶ calculate message digest for buffer
Parameters
struct shash_desc *desc
- see
crypto_shash_final()
const u8 *data
- see
crypto_shash_update()
unsigned int len
- see
crypto_shash_update()
u8 *out
- see
crypto_shash_final()
Description
This function is a “short-hand” for the function calls of crypto_shash_init, crypto_shash_update and crypto_shash_final. The parameters have the same meaning as discussed for those separate three functions.
Context
Any context.
Return
- 0 if the message digest creation was successful; < 0 if an error
- occurred
-
int
crypto_shash_export
(struct shash_desc *desc, void *out)¶ extract operational state for message digest
Parameters
struct shash_desc *desc
- reference to the operational state handle whose state is exported
void *out
- output buffer of sufficient size that can hold the hash state
Description
This function exports the hash state of the operational state handle into the caller-allocated output buffer out which must have sufficient size (e.g. by calling crypto_shash_descsize).
Context
Any context.
Return
0 if the export creation was successful; < 0 if an error occurred
-
int
crypto_shash_import
(struct shash_desc *desc, const void *in)¶ import operational state
Parameters
struct shash_desc *desc
- reference to the operational state handle the state imported into
const void *in
- buffer holding the state
Description
This function imports the hash state into the operational state handle from the input buffer. That buffer should have been generated with the crypto_ahash_export function.
Context
Any context.
Return
0 if the import was successful; < 0 if an error occurred
-
int
crypto_shash_init
(struct shash_desc *desc)¶ (re)initialize message digest
Parameters
struct shash_desc *desc
- operational state handle that is already filled
Description
The call (re-)initializes the message digest referenced by the operational state handle. Any potentially existing state created by previous operations is discarded.
Context
Any context.
Return
- 0 if the message digest initialization was successful; < 0 if an
- error occurred
-
int
crypto_shash_update
(struct shash_desc *desc, const u8 *data, unsigned int len)¶ add data to message digest for processing
Parameters
struct shash_desc *desc
- operational state handle that is already initialized
const u8 *data
- input data to be added to the message digest
unsigned int len
- length of the input data
Description
Updates the message digest state of the operational state handle.
Context
Any context.
Return
- 0 if the message digest update was successful; < 0 if an error
- occurred
-
int
crypto_shash_final
(struct shash_desc *desc, u8 *out)¶ calculate message digest
Parameters
struct shash_desc *desc
- operational state handle that is already filled with data
u8 *out
- output buffer filled with the message digest
Description
Finalize the message digest operation and create the message digest based on all data added to the cipher handle. The message digest is placed into the output buffer. The caller must ensure that the output buffer is large enough by using crypto_shash_digestsize.
Context
Any context.
Return
- 0 if the message digest creation was successful; < 0 if an error
- occurred
-
int
crypto_shash_finup
(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *out)¶ calculate message digest of buffer
Parameters
struct shash_desc *desc
- see
crypto_shash_final()
const u8 *data
- see
crypto_shash_update()
unsigned int len
- see
crypto_shash_update()
u8 *out
- see
crypto_shash_final()
Description
This function is a “short-hand” for the function calls of crypto_shash_update and crypto_shash_final. The parameters have the same meaning as discussed for those separate functions.
Context
Any context.
Return
- 0 if the message digest creation was successful; < 0 if an error
- occurred