[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230516055219.GC2704@sol.localdomain>
Date: Mon, 15 May 2023 22:52:19 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: FUJITA Tomonori <tomo@...bit.dev>
Cc: rust-for-linux@...r.kernel.org, netdev@...r.kernel.org,
linux-crypto@...r.kernel.org,
FUJITA Tomonori <fujita.tomonori@...il.com>
Subject: Re: [PATCH 1/2] rust: add synchronous message digest support
Hi Fujita,
On Mon, May 15, 2023 at 04:34:27AM +0000, FUJITA Tomonori wrote:
> diff --git a/rust/helpers.c b/rust/helpers.c
> index 81e80261d597..03c131b1ca38 100644
> --- a/rust/helpers.c
> +++ b/rust/helpers.c
> @@ -18,6 +18,7 @@
> * accidentally exposed.
> */
>
> +#include <crypto/hash.h>
> #include <linux/bug.h>
> #include <linux/build_bug.h>
> #include <linux/err.h>
> @@ -27,6 +28,29 @@
> #include <linux/sched/signal.h>
> #include <linux/wait.h>
>
> +void rust_helper_crypto_free_shash(struct crypto_shash *tfm)
> +{
> + crypto_free_shash(tfm);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_crypto_free_shash);
Shouldn't this code be compiled only when the crypto API is available?
> +impl<'a> ShashDesc<'a> {
> + /// Creates a [`ShashDesc`] object for a request data structure for message digest.
> + pub fn new(tfm: &'a Shash) -> Result<Self> {
> + // SAFETY: The type invariant guarantees that the pointer is valid.
> + let size = core::mem::size_of::<bindings::shash_desc>()
> + + unsafe { bindings::crypto_shash_descsize(tfm.0) } as usize;
> + let layout = Layout::from_size_align(size, 2)?;
> + let ptr = unsafe { alloc(layout) } as *mut bindings::shash_desc;
> + let mut desc = ShashDesc { ptr, tfm, size };
> + // SAFETY: The `desc.tfm` is non-null and valid for the lifetime of this object.
> + unsafe { (*desc.ptr).tfm = desc.tfm.0 };
> + Ok(desc)
> + }
> +
> + /// (Re)initializes message digest.
> + pub fn init(&mut self) -> Result {
> + // SAFETY: The type invariant guarantees that the pointer is valid.
> + to_result(unsafe { bindings::crypto_shash_init(self.ptr) })
> + }
> +
> + /// Adds data to message digest for processing.
> + pub fn update(&mut self, data: &[u8]) -> Result {
> + // SAFETY: The type invariant guarantees that the pointer is valid.
> + to_result(unsafe {
> + bindings::crypto_shash_update(self.ptr, data.as_ptr(), data.len() as u32)
> + })
> + }
> +
> + /// Calculates message digest.
> + pub fn finalize(&mut self, output: &mut [u8]) -> Result {
> + // SAFETY: The type invariant guarantees that the pointer is valid.
> + to_result(unsafe { bindings::crypto_shash_final(self.ptr, output.as_mut_ptr()) })
> + }
This doesn't enforce that init() is called before update() or finalize(). I
think that needs to be checked in the Rust code, since the C code doesn't have
defined behavior in that case.
- Eric
Powered by blists - more mailing lists