linuxkm shims for all SHA and SHA-HMAC flavors.

Author: douzzer

configure.ac

@@ -9421,6 +9421,20 @@ then
         'ofb(aes)') test "$ENABLED_AESOFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-OFB implementation not enabled.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESOFB" ;;
         'ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESECB -DHAVE_AES_ECB" ;;
+        'sha1')     test "$ENABLED_SHA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-1 implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA1" ;;
+        'sha2')     test "$ENABLED_SHA224" != "no" || test "$ENABLED_SHA256" != "no" || test "$ENABLED_SHA384" != "no" || test "$ENABLED_SHA512" != "no" || \
+                    AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: No SHA-2 implementations are enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2" ;;
+        'sha3')     test "$ENABLED_SHA3" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3" ;;
+        'hmac(sha1)')     test "$ENABLED_SHA" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-1 HMAC implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA1_HMAC" ;;
+        'hmac(sha2)') (test "$ENABLED_SHA224" != "no" || test "$ENABLED_SHA256" != "no" || test "$ENABLED_SHA384" != "no" || test "$ENABLED_SHA512" != "no") && \
+                    test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: No SHA-2 HMAC implementations are enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;;
+        'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;;
         'ecdsa')    test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
         'ecdh')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
@@ -9436,6 +9450,12 @@ then
         '-ctr(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCTR" ;;
         '-ofb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESOFB" ;;
         '-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
+        '-sha1')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA1" ;;
+        '-sha2')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA2" ;;
+        '-sha3')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA3" ;;
+        '-hmac(sha1)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC" ;;
+        '-hmac(sha2)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA2_HMAC" ;;
+        '-hmac(sha3)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA3_HMAC" ;;
         '-ecdsa')    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
         '-ecdh')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
         '-rsa')      AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;

linuxkm/linuxkm_wc_port.h

@@ -293,6 +293,7 @@
         #include <linux/scatterlist.h>
         #include <crypto/scatterwalk.h>
         #include <crypto/internal/aead.h>
+        #include <crypto/internal/hash.h>
         #include <crypto/internal/skcipher.h>
         #include <crypto/internal/akcipher.h>
         #include <crypto/internal/kpp.h>

linuxkm/lkcapi_aes_glue.c

@@ -25,12 +25,12 @@
     #error lkcapi_aes_glue.c compiled with NO_AES.
 #endif
 
+#include <wolfssl/wolfcrypt/aes.h>
+
 #if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI)
     #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but WC_FLAG_DONT_USE_AESNI is missing.
 #endif
 
-#include <wolfssl/wolfcrypt/aes.h>
-
 /* note the FIPS code will be returned on failure even in non-FIPS builds. */
 #define LINUXKM_LKCAPI_AES_KAT_MISMATCH_E AES_KAT_FIPS_E
 #define LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E AESGCM_KAT_FIPS_E
@@ -1001,7 +1001,12 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
 
     if (req->src->length >= assoclen && req->src->length) {
         scatterwalk_start(&assocSgWalk, req->src);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&assocSgWalk);
+        assoc = assocSgWalk.addr;
+#else
         assoc = scatterwalk_map(&assocSgWalk);
+#endif
         if (unlikely(IS_ERR(assoc))) {
             pr_err("%s: scatterwalk_map failed: %ld\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
@@ -1033,8 +1038,13 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
 
     if (assocmem)
         free(assocmem);
-    else
+    else {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_unmap(&assocSgWalk);
+#else
         scatterwalk_unmap(assoc);
+#endif
+    }
 
     if (unlikely(err)) {
         pr_err("%s: %s failed: %d\n",
@@ -1184,7 +1194,12 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
         (req->dst->length >= req->assoclen + req->cryptlen))
     {
         scatterwalk_start(&in_walk, req->src);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&in_walk);
+        in_map = in_walk.addr;
+#else
         in_map = scatterwalk_map(&in_walk);
+#endif
         if (unlikely(IS_ERR(in_map))) {
             pr_err("%s: scatterwalk_map failed: %ld\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
@@ -1195,7 +1210,12 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
         in_text = in_map + req->assoclen;
 
         scatterwalk_start(&out_walk, req->dst);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+        scatterwalk_map(&out_walk);
+        out_map = out_walk.addr;
+#else
         out_map = scatterwalk_map(&out_walk);
+#endif
         if (unlikely(IS_ERR(out_map))) {
             pr_err("%s: scatterwalk_map failed: %ld\n",
                    crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
@@ -1281,10 +1301,20 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
         free(sg_buf);
     }
     else {
-        if (in_map)
+        if (in_map) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+            scatterwalk_unmap(&in_walk);
+#else
             scatterwalk_unmap(in_map);
-        if (out_map)
+#endif
+        }
+        if (out_map) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
+            scatterwalk_unmap(&out_walk);
+#else
             scatterwalk_unmap(out_map);
+#endif
+        }
     }
 
     km_AesFree(&aes_copy);

linuxkm/lkcapi_glue.c

@@ -176,10 +176,45 @@ WC_MAYBE_UNUSED static int check_aead_driver_masking(struct crypto_aead *tfm, co
 #endif
 }
 
+WC_MAYBE_UNUSED static int check_shash_driver_masking(struct crypto_shash *tfm, const char *alg_name, const char *expected_driver_name) {
+#ifdef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
+    (void)tfm; (void)alg_name; (void)expected_driver_name;
+    return 0;
+#else
+    const char *actual_driver_name;
+    int ret;
+    int alloced_tfm = 0;
+
+    if (! tfm) {
+        alloced_tfm = 1;
+        tfm = crypto_alloc_shash(alg_name, 0, 0);
+    }
+    if (IS_ERR(tfm)) {
+        pr_err("error: allocating shash algorithm %s failed: %ld\n",
+               alg_name, PTR_ERR(tfm));
+        return -EINVAL;
+    }
+    actual_driver_name = crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
+    if (strcmp(actual_driver_name, expected_driver_name)) {
+        pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
+               alg_name, actual_driver_name, expected_driver_name);
+        ret = -ENOENT;
+    } else
+        ret = 0;
+
+    if (alloced_tfm)
+        crypto_free_shash(tfm);
+
+    return ret;
+#endif
+}
+
 #ifndef NO_AES
     #include "lkcapi_aes_glue.c"
 #endif
 
+#include "lkcapi_sha_glue.c"
+
 #ifdef HAVE_ECC
     #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA)) && \
         !defined(LINUXKM_LKCAPI_REGISTER_ECDSA)
@@ -350,6 +385,64 @@ static int linuxkm_lkcapi_register(void)
     REGISTER_ALG(ecbAesAlg, crypto_register_skcipher, linuxkm_test_aesecb);
 #endif
 
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
+    REGISTER_ALG(sha1_alg, crypto_register_shash, linuxkm_test_sha1);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224
+    REGISTER_ALG(sha2_224_alg, crypto_register_shash, linuxkm_test_sha2_224);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256
+    REGISTER_ALG(sha2_256_alg, crypto_register_shash, linuxkm_test_sha2_256);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384
+    REGISTER_ALG(sha2_384_alg, crypto_register_shash, linuxkm_test_sha2_384);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512
+    REGISTER_ALG(sha2_512_alg, crypto_register_shash, linuxkm_test_sha2_512);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224
+    REGISTER_ALG(sha3_224_alg, crypto_register_shash, linuxkm_test_sha3_224);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256
+    REGISTER_ALG(sha3_256_alg, crypto_register_shash, linuxkm_test_sha3_256);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384
+    REGISTER_ALG(sha3_384_alg, crypto_register_shash, linuxkm_test_sha3_384);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512
+    REGISTER_ALG(sha3_512_alg, crypto_register_shash, linuxkm_test_sha3_512);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC
+    REGISTER_ALG(sha1_hmac_alg, crypto_register_shash, linuxkm_test_sha1_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
+    REGISTER_ALG(sha2_224_hmac_alg, crypto_register_shash, linuxkm_test_sha2_224_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
+    REGISTER_ALG(sha2_256_hmac_alg, crypto_register_shash, linuxkm_test_sha2_256_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
+    REGISTER_ALG(sha2_384_hmac_alg, crypto_register_shash, linuxkm_test_sha2_384_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
+    REGISTER_ALG(sha2_512_hmac_alg, crypto_register_shash, linuxkm_test_sha2_512_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC
+    REGISTER_ALG(sha3_224_hmac_alg, crypto_register_shash, linuxkm_test_sha3_224_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC
+    REGISTER_ALG(sha3_256_hmac_alg, crypto_register_shash, linuxkm_test_sha3_256_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC
+    REGISTER_ALG(sha3_384_hmac_alg, crypto_register_shash, linuxkm_test_sha3_384_hmac);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC
+    REGISTER_ALG(sha3_512_hmac_alg, crypto_register_shash, linuxkm_test_sha3_512_hmac);
+#endif
+
+
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
     #if defined(LINUXKM_ECC192)
     REGISTER_ALG(ecdsa_nist_p192, crypto_register_akcipher,
@@ -445,6 +538,64 @@ static void linuxkm_lkcapi_unregister(void)
     UNREGISTER_ALG(ecbAesAlg, crypto_unregister_skcipher);
 #endif
 
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
+    UNREGISTER_ALG(sha1_alg, crypto_unregister_shash);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224
+    UNREGISTER_ALG(sha2_224_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256
+    UNREGISTER_ALG(sha2_256_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384
+    UNREGISTER_ALG(sha2_384_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512
+    UNREGISTER_ALG(sha2_512_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224
+    UNREGISTER_ALG(sha3_224_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256
+    UNREGISTER_ALG(sha3_256_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384
+    UNREGISTER_ALG(sha3_384_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512
+    UNREGISTER_ALG(sha3_512_alg, crypto_unregister_shash);
+#endif
+
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA1
+    UNREGISTER_ALG(sha1_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC
+    UNREGISTER_ALG(sha2_224_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC
+    UNREGISTER_ALG(sha2_256_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC
+    UNREGISTER_ALG(sha2_384_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC
+    UNREGISTER_ALG(sha2_512_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_224_HMAC
+    UNREGISTER_ALG(sha3_224_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_256_HMAC
+    UNREGISTER_ALG(sha3_256_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_384_HMAC
+    UNREGISTER_ALG(sha3_384_hmac_alg, crypto_unregister_shash);
+#endif
+#ifdef LINUXKM_LKCAPI_REGISTER_SHA3_512_HMAC
+    UNREGISTER_ALG(sha3_512_hmac_alg, crypto_unregister_shash);
+#endif
+
+
 #ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
     #if defined(LINUXKM_ECC192)
     UNREGISTER_ALG(ecdsa_nist_p192, crypto_unregister_akcipher);