[PATCH] fscrypt: use sha256() instead of open coding

[PATCH] fscrypt: use sha256() instead of open coding

[Eric Biggers]

From: Eric Biggers <ebiggers@google.com>

Now that there's a library function that calculates the SHA-256 digest
of a buffer in one step, use it instead of sha256_init() +
sha256_update() + sha256_final().

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/crypto/fname.c | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 47bcfddb278ba..89a05e33e1b3b 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -61,15 +61,6 @@ struct fscrypt_nokey_name {
  */
 #define FSCRYPT_NOKEY_NAME_MAX	offsetofend(struct fscrypt_nokey_name, sha256)
 
-static void fscrypt_do_sha256(const u8 *data, unsigned int data_len, u8 *result)
-{
-	struct sha256_state sctx;
-
-	sha256_init(&sctx);
-	sha256_update(&sctx, data, data_len);
-	sha256_final(&sctx, result);
-}
-
 static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
 {
 	if (str->len == 1 && str->name[0] == '.')
@@ -366,9 +357,9 @@ int fscrypt_fname_disk_to_usr(const struct inode *inode,
 	} else {
 		memcpy(nokey_name.bytes, iname->name, sizeof(nokey_name.bytes));
 		/* Compute strong hash of remaining part of name. */
-		fscrypt_do_sha256(&iname->name[sizeof(nokey_name.bytes)],
-				  iname->len - sizeof(nokey_name.bytes),
-				  nokey_name.sha256);
+		sha256(&iname->name[sizeof(nokey_name.bytes)],
+		       iname->len - sizeof(nokey_name.bytes),
+		       nokey_name.sha256);
 		size = FSCRYPT_NOKEY_NAME_MAX;
 	}
 	oname->len = base64_encode((const u8 *)&nokey_name, size, oname->name);
@@ -496,7 +487,7 @@ bool fscrypt_match_name(const struct fscrypt_name *fname,
 {
 	const struct fscrypt_nokey_name *nokey_name =
 		(const void *)fname->crypto_buf.name;
-	u8 sha256[SHA256_DIGEST_SIZE];
+	u8 digest[SHA256_DIGEST_SIZE];
 
 	if (likely(fname->disk_name.name)) {
 		if (de_name_len != fname->disk_name.len)
@@ -507,9 +498,9 @@ bool fscrypt_match_name(const struct fscrypt_name *fname,
 		return false;
 	if (memcmp(de_name, nokey_name->bytes, sizeof(nokey_name->bytes)))
 		return false;
-	fscrypt_do_sha256(&de_name[sizeof(nokey_name->bytes)],
-			  de_name_len - sizeof(nokey_name->bytes), sha256);
-	return !memcmp(sha256, nokey_name->sha256, sizeof(sha256));
+	sha256(&de_name[sizeof(nokey_name->bytes)],
+	       de_name_len - sizeof(nokey_name->bytes), digest);
+	return !memcmp(digest, nokey_name->sha256, sizeof(digest));
 }
 EXPORT_SYMBOL_GPL(fscrypt_match_name);
 
-- 
2.28.0

Re: [PATCH] fscrypt: use sha256() instead of open coding

[Eric Biggers]

On Wed, Sep 16, 2020 at 09:53:41PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> Now that there's a library function that calculates the SHA-256 digest
> of a buffer in one step, use it instead of sha256_init() +
> sha256_update() + sha256_final().
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  fs/crypto/fname.c | 23 +++++++----------------
>  1 file changed, 7 insertions(+), 16 deletions(-)
> 
> diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
> index 47bcfddb278ba..89a05e33e1b3b 100644
> --- a/fs/crypto/fname.c
> +++ b/fs/crypto/fname.c
> @@ -61,15 +61,6 @@ struct fscrypt_nokey_name {
>   */
>  #define FSCRYPT_NOKEY_NAME_MAX	offsetofend(struct fscrypt_nokey_name, sha256)
>  
> -static void fscrypt_do_sha256(const u8 *data, unsigned int data_len, u8 *result)
> -{
> -	struct sha256_state sctx;
> -
> -	sha256_init(&sctx);
> -	sha256_update(&sctx, data, data_len);
> -	sha256_final(&sctx, result);
> -}
> -
>  static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
>  {
>  	if (str->len == 1 && str->name[0] == '.')
> @@ -366,9 +357,9 @@ int fscrypt_fname_disk_to_usr(const struct inode *inode,
>  	} else {
>  		memcpy(nokey_name.bytes, iname->name, sizeof(nokey_name.bytes));
>  		/* Compute strong hash of remaining part of name. */
> -		fscrypt_do_sha256(&iname->name[sizeof(nokey_name.bytes)],
> -				  iname->len - sizeof(nokey_name.bytes),
> -				  nokey_name.sha256);
> +		sha256(&iname->name[sizeof(nokey_name.bytes)],
> +		       iname->len - sizeof(nokey_name.bytes),
> +		       nokey_name.sha256);
>  		size = FSCRYPT_NOKEY_NAME_MAX;
>  	}
>  	oname->len = base64_encode((const u8 *)&nokey_name, size, oname->name);
> @@ -496,7 +487,7 @@ bool fscrypt_match_name(const struct fscrypt_name *fname,
>  {
>  	const struct fscrypt_nokey_name *nokey_name =
>  		(const void *)fname->crypto_buf.name;
> -	u8 sha256[SHA256_DIGEST_SIZE];
> +	u8 digest[SHA256_DIGEST_SIZE];
>  
>  	if (likely(fname->disk_name.name)) {
>  		if (de_name_len != fname->disk_name.len)
> @@ -507,9 +498,9 @@ bool fscrypt_match_name(const struct fscrypt_name *fname,
>  		return false;
>  	if (memcmp(de_name, nokey_name->bytes, sizeof(nokey_name->bytes)))
>  		return false;
> -	fscrypt_do_sha256(&de_name[sizeof(nokey_name->bytes)],
> -			  de_name_len - sizeof(nokey_name->bytes), sha256);
> -	return !memcmp(sha256, nokey_name->sha256, sizeof(sha256));
> +	sha256(&de_name[sizeof(nokey_name->bytes)],
> +	       de_name_len - sizeof(nokey_name->bytes), digest);
> +	return !memcmp(digest, nokey_name->sha256, sizeof(digest));
>  }
>  EXPORT_SYMBOL_GPL(fscrypt_match_name);
>  

Applied to fscrypt.git#master for 5.10.

- Eric