From: FUJITA Tomonori <fujita.tomonori@gmail.com>
To: rust-for-linux@vger.kernel.org, linux-crypto@vger.kernel.org
Cc: alex.gaynor@gmail.com, herbert@gondor.apana.org.au,
ebiggers@kernel.org, benno.lossin@proton.me
Subject: [PATCH v2 1/3] rust: crypto abstractions for synchronous message digest API
Date: Mon, 10 Jul 2023 19:22:23 +0900 [thread overview]
Message-ID: <20230710102225.155019-2-fujita.tomonori@gmail.com> (raw)
In-Reply-To: <20230710102225.155019-1-fujita.tomonori@gmail.com>
This patch adds basic abstractions for synchronous message digest API,
wrapping crypto_shash and shash_desc structures.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@gmail.com>
---
rust/bindings/bindings_helper.h | 1 +
rust/helpers.c | 26 +++++++
rust/kernel/crypto.rs | 5 ++
rust/kernel/crypto/hash.rs | 128 ++++++++++++++++++++++++++++++++
rust/kernel/lib.rs | 2 +
5 files changed, 162 insertions(+)
create mode 100644 rust/kernel/crypto.rs
create mode 100644 rust/kernel/crypto/hash.rs
diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
index 3e601ce2548d..2f198c6d5de5 100644
--- a/rust/bindings/bindings_helper.h
+++ b/rust/bindings/bindings_helper.h
@@ -6,6 +6,7 @@
* Sorted alphabetically.
*/
+#include <crypto/hash.h>
#include <linux/errname.h>
#include <linux/slab.h>
#include <linux/refcount.h>
diff --git a/rust/helpers.c b/rust/helpers.c
index bb594da56137..7966902ed8eb 100644
--- a/rust/helpers.c
+++ b/rust/helpers.c
@@ -18,6 +18,7 @@
* accidentally exposed.
*/
+#include <crypto/hash.h>
#include <linux/bug.h>
#include <linux/build_bug.h>
#include <linux/err.h>
@@ -28,6 +29,31 @@
#include <linux/sched/signal.h>
#include <linux/wait.h>
+#ifdef CONFIG_CRYPTO
+void rust_helper_crypto_free_shash(struct crypto_shash *tfm)
+{
+ crypto_free_shash(tfm);
+}
+EXPORT_SYMBOL_GPL(rust_helper_crypto_free_shash);
+
+unsigned int rust_helper_crypto_shash_digestsize(struct crypto_shash *tfm)
+{
+ return crypto_shash_digestsize(tfm);
+}
+EXPORT_SYMBOL_GPL(rust_helper_crypto_shash_digestsize);
+
+unsigned int rust_helper_crypto_shash_descsize(struct crypto_shash *tfm)
+{
+ return crypto_shash_descsize(tfm);
+}
+EXPORT_SYMBOL_GPL(rust_helper_crypto_shash_descsize);
+
+int rust_helper_crypto_shash_init(struct shash_desc *desc) {
+ return crypto_shash_init(desc);
+}
+EXPORT_SYMBOL_GPL(rust_helper_crypto_shash_init);
+#endif
+
__noreturn void rust_helper_BUG(void)
{
BUG();
diff --git a/rust/kernel/crypto.rs b/rust/kernel/crypto.rs
new file mode 100644
index 000000000000..f80dd7bd3381
--- /dev/null
+++ b/rust/kernel/crypto.rs
@@ -0,0 +1,5 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Cryptography.
+
+pub mod hash;
diff --git a/rust/kernel/crypto/hash.rs b/rust/kernel/crypto/hash.rs
new file mode 100644
index 000000000000..cdbc8e70e8f5
--- /dev/null
+++ b/rust/kernel/crypto/hash.rs
@@ -0,0 +1,128 @@
+// SPDX-License-Identifier: GPL-2.0
+
+//! Cryptographic Hash operations.
+//!
+//! C headers: [`include/crypto/hash.h`](../../../../include/crypto/hash.h)
+
+use crate::{
+ error::{
+ code::{EINVAL, ENOMEM},
+ from_err_ptr, to_result, Result,
+ },
+ str::CStr,
+};
+use alloc::alloc::{alloc, dealloc};
+use core::alloc::Layout;
+
+/// Corresponds to the kernel's `struct crypto_shash`.
+///
+/// # Invariants
+///
+/// The pointer is valid.
+pub struct Shash(*mut bindings::crypto_shash);
+
+impl Drop for Shash {
+ fn drop(&mut self) {
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ unsafe { bindings::crypto_free_shash(self.0) }
+ }
+}
+
+impl Shash {
+ /// Creates a [`Shash`] object for a message digest handle.
+ pub fn new(name: &CStr, t: u32, mask: u32) -> Result<Shash> {
+ // SAFETY: There are no safety requirements for this FFI call.
+ let ptr =
+ unsafe { from_err_ptr(bindings::crypto_alloc_shash(name.as_char_ptr(), t, mask)) }?;
+ // INVARIANT: `ptr` is valid and non-null since `crypto_alloc_shash`
+ // returned a valid pointer which was null-checked.
+ Ok(Self(ptr))
+ }
+
+ /// Sets optional key used by the hashing algorithm.
+ pub fn setkey(&mut self, data: &[u8]) -> Result {
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ to_result(unsafe {
+ bindings::crypto_shash_setkey(self.0, data.as_ptr(), data.len() as u32)
+ })
+ }
+
+ /// Returns the size of the result of the transformation.
+ pub fn digestsize(&self) -> u32 {
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ unsafe { bindings::crypto_shash_digestsize(self.0) }
+ }
+}
+
+/// Corresponds to the kernel's `struct shash_desc`.
+///
+/// # Invariants
+///
+/// The field `ptr` is valid.
+pub struct ShashDesc<'a> {
+ ptr: *mut bindings::shash_desc,
+ tfm: &'a Shash,
+ size: usize,
+}
+
+impl Drop for ShashDesc<'_> {
+ fn drop(&mut self) {
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ unsafe {
+ dealloc(
+ self.ptr.cast(),
+ Layout::from_size_align(self.size, 2).unwrap(),
+ );
+ }
+ }
+}
+
+impl<'a> ShashDesc<'a> {
+ /// Creates a [`ShashDesc`] object for a request data structure for message digest.
+ pub fn new(tfm: &'a Shash) -> Result<Self> {
+ // SAFETY: The type invariant guarantees that `tfm.0` pointer is valid.
+ let size = core::mem::size_of::<bindings::shash_desc>()
+ + unsafe { bindings::crypto_shash_descsize(tfm.0) } as usize;
+ let layout = Layout::from_size_align(size, 2)?;
+ // SAFETY: It's safe because layout has non-zero size.
+ let ptr = unsafe { alloc(layout) } as *mut bindings::shash_desc;
+ if ptr.is_null() {
+ return Err(ENOMEM);
+ }
+ // INVARIANT: `ptr` is valid and non-null since `alloc`
+ // returned a valid pointer which was null-checked.
+ let mut desc = ShashDesc { ptr, tfm, size };
+ // SAFETY: `desc.ptr` is valid and non-null since `alloc`
+ // returned a valid pointer which was null-checked.
+ // Additionally, The type invariant guarantees that `tfm.0` is valid.
+ unsafe { (*desc.ptr).tfm = desc.tfm.0 };
+ desc.reset()?;
+ Ok(desc)
+ }
+
+ /// Re-initializes message digest.
+ pub fn reset(&mut self) -> Result {
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ to_result(unsafe { bindings::crypto_shash_init(self.ptr) })
+ }
+
+ /// Adds data to message digest for processing.
+ pub fn update(&mut self, data: &[u8]) -> Result {
+ if data.len() > u32::MAX as usize {
+ return Err(EINVAL);
+ }
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ to_result(unsafe {
+ bindings::crypto_shash_update(self.ptr, data.as_ptr(), data.len() as u32)
+ })
+ }
+
+ /// Calculates message digest.
+ pub fn finalize(&mut self, output: &mut [u8]) -> Result {
+ if self.tfm.digestsize() as usize > output.len() {
+ return Err(EINVAL);
+ }
+ // SAFETY: The type invariant guarantees that the pointer is valid.
+ to_result(unsafe { bindings::crypto_shash_final(self.ptr, output.as_mut_ptr()) })
+ }
+}
diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
index 85b261209977..3cb8bd8a17d9 100644
--- a/rust/kernel/lib.rs
+++ b/rust/kernel/lib.rs
@@ -31,6 +31,8 @@
#[cfg(not(testlib))]
mod allocator;
mod build_assert;
+#[cfg(CONFIG_CRYPTO)]
+pub mod crypto;
pub mod error;
pub mod init;
pub mod ioctl;
--
2.34.1
next prev parent reply other threads:[~2023-07-10 10:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 10:22 [PATCH v2 0/3] Rust abstractions for Crypto API FUJITA Tomonori
2023-07-10 10:22 ` FUJITA Tomonori [this message]
2023-07-14 16:19 ` [PATCH v2 1/3] rust: crypto abstractions for synchronous message digest API Benno Lossin
2023-07-10 10:22 ` [PATCH v2 2/3] rust: crypto abstractions for random number generator API FUJITA Tomonori
2023-07-14 16:20 ` Benno Lossin
2023-07-10 10:22 ` [PATCH v2 3/3] MAINTAINERS: add Rust crypto abstractions files to the CRYPTO API entry FUJITA Tomonori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230710102225.155019-2-fujita.tomonori@gmail.com \
--to=fujita.tomonori@gmail.com \
--cc=alex.gaynor@gmail.com \
--cc=benno.lossin@proton.me \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=rust-for-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).