參考鏈接

Linux加密框架中的主要數據結構（二）_家有一希的博客-CSDN博客

定義

通用算法說明數據結構crypto_alg的聯合體成員變量cra_u中包含多種算法的個性化屬性，如分組算法、塊加密算法、壓縮算法、偽隨機數算法等，但不包含哈希算法的個性化屬性。
Linux加密框架crypto crypto_alg|cipher_alg數據結構|AES例子_CHYabc123456hh的博客-CSDN博客
加密框架以通用算法說明數據結構crypto_alg為基類定義了哈希算法說明數據結構，根據算法實現不同哈希算法說明分為同步哈希（synchronous hash）算法說明數據結構struct shash_alg和異步哈希（asynchronous hash）算法說明數據結構struct ahash_alg。
哈希算法的結構需要派生繼承自通用數據結構?crypto_alg
hash.h - include/crypto/hash.h - Linux source code (v5.15.11) - Bootlin

同步哈希（synchronous hash）算法說明數據結構struct shash_alg

/*** struct shash_alg - synchronous message digest definition* @init: see struct ahash_alg* @update: see struct ahash_alg* @final: see struct ahash_alg* @finup: see struct ahash_alg* @digest: see struct ahash_alg* @export: see struct ahash_alg* @import: see struct ahash_alg* @setkey: see struct ahash_alg* @init_tfm: Initialize the cryptographic transformation object.*	      This function is called only once at the instantiation*	      time, right after the transformation context was*	      allocated. In case the cryptographic hardware has*	      some special requirements which need to be handled*	      by software, this function shall check for the precise*	      requirement of the transformation and put any software*	      fallbacks in place.* @exit_tfm: Deinitialize the cryptographic transformation object.*	      This is a counterpart to @init_tfm, used to remove*	      various changes set in @init_tfm.* @digestsize: see struct ahash_alg* @statesize: see struct ahash_alg* @descsize: Size of the operational state for the message digest. This state* 	      size is the memory size that needs to be allocated for*	      shash_desc.__ctx* @base: internally used*/
struct shash_alg {int (*init)(struct shash_desc *desc);int (*update)(struct shash_desc *desc, const u8 *data,unsigned int len);int (*final)(struct shash_desc *desc, u8 *out);int (*finup)(struct shash_desc *desc, const u8 *data,unsigned int len, u8 *out);int (*digest)(struct shash_desc *desc, const u8 *data,unsigned int len, u8 *out);int (*export)(struct shash_desc *desc, void *out);int (*import)(struct shash_desc *desc, const void *in);int (*setkey)(struct crypto_shash *tfm, const u8 *key,unsigned int keylen);int (*init_tfm)(struct crypto_shash *tfm);void (*exit_tfm)(struct crypto_shash *tfm);unsigned int descsize;/* These fields must match hash_alg_common. */unsigned int digestsize__attribute__ ((aligned(__alignof__(struct hash_alg_common))));unsigned int statesize;struct crypto_alg base;
};

異步哈希（asynchronous hash）算法說明數據結構struct ahash_alg

/*** struct ahash_alg - asynchronous message digest definition* @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the*	  state of the HASH transformation at the beginning. This shall fill in*	  the internal structures used during the entire duration of the whole*	  transformation. No data processing happens at this point. Driver code*	  implementation must not use req->result.* @update: **[mandatory]** Push a chunk of data into the driver for transformation. This*	   function actually pushes blocks of data from upper layers into the*	   driver, which then passes those to the hardware as seen fit. This*	   function must not finalize the HASH transformation by calculating the*	   final message digest as this only adds more data into the*	   transformation. This function shall not modify the transformation*	   context, as this function may be called in parallel with the same*	   transformation object. Data processing can happen synchronously*	   [SHASH] or asynchronously [AHASH] at this point. Driver must not use*	   req->result.* @final: **[mandatory]** Retrieve result from the driver. This function finalizes the*	   transformation and retrieves the resulting hash from the driver and*	   pushes it back to upper layers. No data processing happens at this*	   point unless hardware requires it to finish the transformation*	   (then the data buffered by the device driver is processed).* @finup: **[optional]** Combination of @update and @final. This function is effectively a*	   combination of @update and @final calls issued in sequence. As some*	   hardware cannot do @update and @final separately, this callback was*	   added to allow such hardware to be used at least by IPsec. Data*	   processing can happen synchronously [SHASH] or asynchronously [AHASH]*	   at this point.* @digest: Combination of @init and @update and @final. This function*	    effectively behaves as the entire chain of operations, @init,*	    @update and @final issued in sequence. Just like @finup, this was*	    added for hardware which cannot do even the @finup, but can only do*	    the whole transformation in one run. Data processing can happen*	    synchronously [SHASH] or asynchronously [AHASH] at this point.* @setkey: Set optional key used by the hashing algorithm. Intended to push*	    optional key used by the hashing algorithm from upper layers into*	    the driver. This function can store the key in the transformation*	    context or can outright program it into the hardware. In the former*	    case, one must be careful to program the key into the hardware at*	    appropriate time and one must be careful that .setkey() can be*	    called multiple times during the existence of the transformation*	    object. Not  all hashing algorithms do implement this function as it*	    is only needed for keyed message digests. SHAx/MDx/CRCx do NOT*	    implement this function. HMAC(MDx)/HMAC(SHAx)/CMAC(AES) do implement*	    this function. This function must be called before any other of the*	    @init, @update, @final, @finup, @digest is called. No data*	    processing happens at this point.* @export: Export partial state of the transformation. This function dumps the*	    entire state of the ongoing transformation into a provided block of*	    data so it can be @import 'ed back later on. This is useful in case*	    you want to save partial result of the transformation after*	    processing certain amount of data and reload this partial result*	    multiple times later on for multiple re-use. No data processing*	    happens at this point. Driver must not use req->result.* @import: Import partial state of the transformation. This function loads the*	    entire state of the ongoing transformation from a provided block of*	    data so the transformation can continue from this point onward. No*	    data processing happens at this point. Driver must not use*	    req->result.* @init_tfm: Initialize the cryptographic transformation object.*	      This function is called only once at the instantiation*	      time, right after the transformation context was*	      allocated. In case the cryptographic hardware has*	      some special requirements which need to be handled*	      by software, this function shall check for the precise*	      requirement of the transformation and put any software*	      fallbacks in place.* @exit_tfm: Deinitialize the cryptographic transformation object.*	      This is a counterpart to @init_tfm, used to remove*	      various changes set in @init_tfm.* @halg: see struct hash_alg_common*/
struct ahash_alg {int (*init)(struct ahash_request *req);int (*update)(struct ahash_request *req);int (*final)(struct ahash_request *req);int (*finup)(struct ahash_request *req);int (*digest)(struct ahash_request *req);int (*export)(struct ahash_request *req, void *out);int (*import)(struct ahash_request *req, const void *in);int (*setkey)(struct crypto_ahash *tfm, const u8 *key,unsigned int keylen);int (*init_tfm)(struct crypto_ahash *tfm);void (*exit_tfm)(struct crypto_ahash *tfm);struct hash_alg_common halg;
};

算法接口

init：? ? ? 三段式調用的初始化接口；
update：三段式調用的計算更新接口；
final：? ? 三段式調用的結束（輸出）接口；
finup：? ?兩段式調用的計算更新和結束（輸出）接口；? ?是將final和update合在一起的
digest：? 一段式調用的摘要計算接口；
export：上下文環境導出接口；
import：上下文環境導入接口；
setkey：?HMAC密鑰設置接口。
init_tfm：初始化加密轉換對象
exit_tfm:? 取消初始化加密轉換對象

匯總

同步哈希算法說明數據結構中的算法接口為哈希算法接口全集，包括最小集的三段式調用接口（init、update和final），也包括在最小集基礎上衍生出來的兩段式調用接口（init和finup）以及一段式調用接口（digest）。
每種哈希算法只需要實現算法接口的最小集（init、update和final）即可，即實現三段式調用接口即可，在注冊算法時將使用默認的算法接口作為算法未定義接口的實現。
以MD5算法為例，其算法說明只定義了init、update和final三段式調用接口，未定義finup和digest等接口，這樣在注冊算法時將使用同步哈希算法默認接口shash_finup_unaligned和shash_diget_unaligned作為MD5算法的finup和digest等接口的實現。
分析代碼，shash_finup_unaligned和shash_diget_unaligned等接口都是在算法已實現的三段式調用接口基礎上實現具體功能的。同步哈希算法的上下文運行空間由同步哈希算法描述符desc提供。
與靜態分組算法和動態分組算法（即塊加密算法）對應不同的個性化屬性數據結構不同，靜態哈希算法和動態哈希算法（即HMAC算法）對應相同的個性化屬性數據結構。
個性化屬性數據結構中的算法接口是靜態哈希算法和動態哈希算法的算法接口合集，如靜態哈希算法不用實現setkey接口（將默認的shash_no_setkey作為setkey接口實現），而HMAC算法是與密鑰相關的，涉及到密鑰輸入必須實現setkey接口。由于在分時分段計算（如HMAC運算）中，需要更新或切換哈希算法的上下文環境（與具體哈希算法實現相關），因此哈希算法還必須實現import和export兩個接口。在加密框架支持的哈希算法中只有MD4算法未import和export兩個接口，因此MD4算法無法支持分時分段調用，也無法實現HMAC運算。
注：所謂同步指發出一個功能調用時，在沒有得到結果之前，該調用不會返回。當一個異步調用發出后，需要其他部件協作或需要等待一段時間，因此調用者不能立刻得到結果，但調用會立刻返回。等處理完成后，由部件通過狀態通知和回調來通知調用者。
注：加密框架將同步哈希算法說明和異步哈希算法說明的通用部分抽象為數據結構hash_alg_common，如下所示，其成員變量與數據結構struct shash_alg最后三個成員變量相同。? ?最新版文直接將這三個成員變量使用封裝好的結構體?hash_alg_common 進行替代

同步和異步通用部分抽象? ?hash_alg_common

hash.h - include/crypto/hash.h - Linux source code (v5.15.11) - Bootlin

/*** struct hash_alg_common - define properties of message digest* @digestsize: Size of the result of the transformation. A buffer of this size*	        must be available to the @final and @finup calls, so they can*	        store the resulting hash into it. For various predefined sizes,*	        search include/crypto/ using*	        git grep _DIGEST_SIZE include/crypto.* @statesize: Size of the block for partial state of the transformation. A*	       buffer of this size must be passed to the @export function as it*	       will save the partial state of the transformation into it. On the*	       other side, the @import function will load the state from a*	       buffer of this size as well.* @base: Start of data structure of cipher algorithm. The common data*	  structure of crypto_alg contains information common to all ciphers.*	  The hash_alg_common data structure now adds the hash-specific*	  information.*/
struct hash_alg_common {unsigned int digestsize;unsigned int statesize;struct crypto_alg base;
};