Re: [PATCH 1/2] rust: add synchronous message digest support

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: FUJITA Tomonori <tomo@exabit.dev>
Cc: rust-for-linux@vger.kernel.org, netdev@vger.kernel.org,
	linux-crypto@vger.kernel.org,
	FUJITA Tomonori <fujita.tomonori@gmail.com>
Subject: Re: [PATCH 1/2] rust: add synchronous message digest support
Date: Mon, 15 May 2023 22:52:19 -0700	[thread overview]
Message-ID: <20230516055219.GC2704@sol.localdomain> (raw)
In-Reply-To: <010101881db037b4-c8c941a9-c482-4759-9c07-b8bf645d96ed-000000@us-west-2.amazonses.com>

Hi Fujita,

On Mon, May 15, 2023 at 04:34:27AM +0000, FUJITA Tomonori wrote:
> diff --git a/rust/helpers.c b/rust/helpers.c
> index 81e80261d597..03c131b1ca38 100644
> --- a/rust/helpers.c
> +++ b/rust/helpers.c
> @@ -18,6 +18,7 @@
>   * accidentally exposed.
>   */
>  
> +#include <crypto/hash.h>
>  #include <linux/bug.h>
>  #include <linux/build_bug.h>
>  #include <linux/err.h>
> @@ -27,6 +28,29 @@
>  #include <linux/sched/signal.h>
>  #include <linux/wait.h>
>  
> +void rust_helper_crypto_free_shash(struct crypto_shash *tfm)
> +{
> +	crypto_free_shash(tfm);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_crypto_free_shash);

Shouldn't this code be compiled only when the crypto API is available?

> +impl<'a> ShashDesc<'a> {
> +    /// Creates a [`ShashDesc`] object for a request data structure for message digest.
> +    pub fn new(tfm: &'a Shash) -> Result<Self> {
> +        // SAFETY: The type invariant guarantees that the pointer is valid.
> +        let size = core::mem::size_of::<bindings::shash_desc>()
> +            + unsafe { bindings::crypto_shash_descsize(tfm.0) } as usize;
> +        let layout = Layout::from_size_align(size, 2)?;
> +        let ptr = unsafe { alloc(layout) } as *mut bindings::shash_desc;
> +        let mut desc = ShashDesc { ptr, tfm, size };
> +        // SAFETY: The `desc.tfm` is non-null and valid for the lifetime of this object.
> +        unsafe { (*desc.ptr).tfm = desc.tfm.0 };
> +        Ok(desc)
> +    }
> +
> +    /// (Re)initializes message digest.
> +    pub fn init(&mut self) -> Result {
> +        // SAFETY: The type invariant guarantees that the pointer is valid.
> +        to_result(unsafe { bindings::crypto_shash_init(self.ptr) })
> +    }
> +
> +    /// Adds data to message digest for processing.
> +    pub fn update(&mut self, data: &[u8]) -> Result {
> +        // SAFETY: The type invariant guarantees that the pointer is valid.
> +        to_result(unsafe {
> +            bindings::crypto_shash_update(self.ptr, data.as_ptr(), data.len() as u32)
> +        })
> +    }
> +
> +    /// Calculates message digest.
> +    pub fn finalize(&mut self, output: &mut [u8]) -> Result {
> +        // SAFETY: The type invariant guarantees that the pointer is valid.
> +        to_result(unsafe { bindings::crypto_shash_final(self.ptr, output.as_mut_ptr()) })
> +    }

This doesn't enforce that init() is called before update() or finalize().  I
think that needs to be checked in the Rust code, since the C code doesn't have
defined behavior in that case.

- Eric

next prev parent reply	other threads:[~2023-05-16  5:52 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20230515043353.2324288-1-tomo@exabit.dev>
2023-05-15  4:34 ` [PATCH 1/2] rust: add synchronous message digest support FUJITA Tomonori
2023-05-15  6:11   ` Kent Overstreet
2023-05-16  5:52   ` Eric Biggers [this message]
2023-05-16  8:25     ` FUJITA Tomonori
2023-05-15  4:34 ` [PATCH 2/2] rust: add socket support FUJITA Tomonori
2023-05-15 14:14   ` Andrew Lunn
2023-05-16  5:43     ` FUJITA Tomonori
2023-05-16 12:07       ` Andrew Lunn
2023-05-16 17:08   ` Wedson Almeida Filho
2023-05-17  2:46     ` FUJITA Tomonori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230516055219.GC2704@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=fujita.tomonori@gmail.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=tomo@exabit.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).