the-tree/crypto/hmac.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  * Cryptographic API.
0004  *
0005  * HMAC: Keyed-Hashing for Message Authentication (RFC2104).
0006  *
0007  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
0008  * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
0009  *
0010  * The HMAC implementation is derived from USAGI.
0011  * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI
0012  */
0013
0014 #include <crypto/hmac.h>
0015 #include <crypto/internal/hash.h>
0016 #include <crypto/scatterwalk.h>
0017 #include <linux/err.h>
0018 #include <linux/fips.h>
0019 #include <linux/init.h>
0020 #include <linux/kernel.h>
0021 #include <linux/module.h>
0022 #include <linux/scatterlist.h>
0023 #include <linux/string.h>
0024
0025 struct hmac_ctx {
0026     struct crypto_shash *hash;
0027 };
0028
0029 static inline void *align_ptr(void *p, unsigned int align)
0030 {
0031     return (void *)ALIGN((unsigned long)p, align);
0032 }
0033
0034 static inline struct hmac_ctx *hmac_ctx(struct crypto_shash *tfm)
0035 {
0036     return align_ptr(crypto_shash_ctx_aligned(tfm) +
0037              crypto_shash_statesize(tfm) * 2,
0038              crypto_tfm_ctx_alignment());
0039 }
0040
0041 static int hmac_setkey(struct crypto_shash *parent,
0042                const u8 *inkey, unsigned int keylen)
0043 {
0044     int bs = crypto_shash_blocksize(parent);
0045     int ds = crypto_shash_digestsize(parent);
0046     int ss = crypto_shash_statesize(parent);
0047     char *ipad = crypto_shash_ctx_aligned(parent);
0048     char *opad = ipad + ss;
0049     struct hmac_ctx *ctx = align_ptr(opad + ss,
0050                      crypto_tfm_ctx_alignment());
0051     struct crypto_shash *hash = ctx->hash;
0052     SHASH_DESC_ON_STACK(shash, hash);
0053     unsigned int i;
0054
0055     if (fips_enabled && (keylen < 112 / 8))
0056         return -EINVAL;
0057
0058     shash->tfm = hash;
0059
0060     if (keylen > bs) {
0061         int err;
0062
0063         err = crypto_shash_digest(shash, inkey, keylen, ipad);
0064         if (err)
0065             return err;
0066
0067         keylen = ds;
0068     } else
0069         memcpy(ipad, inkey, keylen);
0070
0071     memset(ipad + keylen, 0, bs - keylen);
0072     memcpy(opad, ipad, bs);
0073
0074     for (i = 0; i < bs; i++) {
0075         ipad[i] ^= HMAC_IPAD_VALUE;
0076         opad[i] ^= HMAC_OPAD_VALUE;
0077     }
0078
0079     return crypto_shash_init(shash) ?:
0080            crypto_shash_update(shash, ipad, bs) ?:
0081            crypto_shash_export(shash, ipad) ?:
0082            crypto_shash_init(shash) ?:
0083            crypto_shash_update(shash, opad, bs) ?:
0084            crypto_shash_export(shash, opad);
0085 }
0086
0087 static int hmac_export(struct shash_desc *pdesc, void *out)
0088 {
0089     struct shash_desc *desc = shash_desc_ctx(pdesc);
0090
0091     return crypto_shash_export(desc, out);
0092 }
0093
0094 static int hmac_import(struct shash_desc *pdesc, const void *in)
0095 {
0096     struct shash_desc *desc = shash_desc_ctx(pdesc);
0097     struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
0098
0099     desc->tfm = ctx->hash;
0100
0101     return crypto_shash_import(desc, in);
0102 }
0103
0104 static int hmac_init(struct shash_desc *pdesc)
0105 {
0106     return hmac_import(pdesc, crypto_shash_ctx_aligned(pdesc->tfm));
0107 }
0108
0109 static int hmac_update(struct shash_desc *pdesc,
0110                const u8 *data, unsigned int nbytes)
0111 {
0112     struct shash_desc *desc = shash_desc_ctx(pdesc);
0113
0114     return crypto_shash_update(desc, data, nbytes);
0115 }
0116
0117 static int hmac_final(struct shash_desc *pdesc, u8 *out)
0118 {
0119     struct crypto_shash *parent = pdesc->tfm;
0120     int ds = crypto_shash_digestsize(parent);
0121     int ss = crypto_shash_statesize(parent);
0122     char *opad = crypto_shash_ctx_aligned(parent) + ss;
0123     struct shash_desc *desc = shash_desc_ctx(pdesc);
0124
0125     return crypto_shash_final(desc, out) ?:
0126            crypto_shash_import(desc, opad) ?:
0127            crypto_shash_finup(desc, out, ds, out);
0128 }
0129
0130 static int hmac_finup(struct shash_desc *pdesc, const u8 *data,
0131               unsigned int nbytes, u8 *out)
0132 {
0133
0134     struct crypto_shash *parent = pdesc->tfm;
0135     int ds = crypto_shash_digestsize(parent);
0136     int ss = crypto_shash_statesize(parent);
0137     char *opad = crypto_shash_ctx_aligned(parent) + ss;
0138     struct shash_desc *desc = shash_desc_ctx(pdesc);
0139
0140     return crypto_shash_finup(desc, data, nbytes, out) ?:
0141            crypto_shash_import(desc, opad) ?:
0142            crypto_shash_finup(desc, out, ds, out);
0143 }
0144
0145 static int hmac_init_tfm(struct crypto_shash *parent)
0146 {
0147     struct crypto_shash *hash;
0148     struct shash_instance *inst = shash_alg_instance(parent);
0149     struct crypto_shash_spawn *spawn = shash_instance_ctx(inst);
0150     struct hmac_ctx *ctx = hmac_ctx(parent);
0151
0152     hash = crypto_spawn_shash(spawn);
0153     if (IS_ERR(hash))
0154         return PTR_ERR(hash);
0155
0156     parent->descsize = sizeof(struct shash_desc) +
0157                crypto_shash_descsize(hash);
0158
0159     ctx->hash = hash;
0160     return 0;
0161 }
0162
0163 static void hmac_exit_tfm(struct crypto_shash *parent)
0164 {
0165     struct hmac_ctx *ctx = hmac_ctx(parent);
0166     crypto_free_shash(ctx->hash);
0167 }
0168
0169 static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
0170 {
0171     struct shash_instance *inst;
0172     struct crypto_shash_spawn *spawn;
0173     struct crypto_alg *alg;
0174     struct shash_alg *salg;
0175     u32 mask;
0176     int err;
0177     int ds;
0178     int ss;
0179
0180     err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH, &mask);
0181     if (err)
0182         return err;
0183
0184     inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
0185     if (!inst)
0186         return -ENOMEM;
0187     spawn = shash_instance_ctx(inst);
0188
0189     err = crypto_grab_shash(spawn, shash_crypto_instance(inst),
0190                 crypto_attr_alg_name(tb[1]), 0, mask);
0191     if (err)
0192         goto err_free_inst;
0193     salg = crypto_spawn_shash_alg(spawn);
0194     alg = &salg->base;
0195
0196     /* The underlying hash algorithm must not require a key */
0197     err = -EINVAL;
0198     if (crypto_shash_alg_needs_key(salg))
0199         goto err_free_inst;
0200
0201     ds = salg->digestsize;
0202     ss = salg->statesize;
0203     if (ds > alg->cra_blocksize ||
0204         ss < alg->cra_blocksize)
0205         goto err_free_inst;
0206
0207     err = crypto_inst_setname(shash_crypto_instance(inst), tmpl->name, alg);
0208     if (err)
0209         goto err_free_inst;
0210
0211     inst->alg.base.cra_priority = alg->cra_priority;
0212     inst->alg.base.cra_blocksize = alg->cra_blocksize;
0213     inst->alg.base.cra_alignmask = alg->cra_alignmask;
0214
0215     ss = ALIGN(ss, alg->cra_alignmask + 1);
0216     inst->alg.digestsize = ds;
0217     inst->alg.statesize = ss;
0218
0219     inst->alg.base.cra_ctxsize = sizeof(struct hmac_ctx) +
0220                      ALIGN(ss * 2, crypto_tfm_ctx_alignment());
0221
0222     inst->alg.init = hmac_init;
0223     inst->alg.update = hmac_update;
0224     inst->alg.final = hmac_final;
0225     inst->alg.finup = hmac_finup;
0226     inst->alg.export = hmac_export;
0227     inst->alg.import = hmac_import;
0228     inst->alg.setkey = hmac_setkey;
0229     inst->alg.init_tfm = hmac_init_tfm;
0230     inst->alg.exit_tfm = hmac_exit_tfm;
0231
0232     inst->free = shash_free_singlespawn_instance;
0233
0234     err = shash_register_instance(tmpl, inst);
0235     if (err) {
0236 err_free_inst:
0237         shash_free_singlespawn_instance(inst);
0238     }
0239     return err;
0240 }
0241
0242 static struct crypto_template hmac_tmpl = {
0243     .name = "hmac",
0244     .create = hmac_create,
0245     .module = THIS_MODULE,
0246 };
0247
0248 static int __init hmac_module_init(void)
0249 {
0250     return crypto_register_template(&hmac_tmpl);
0251 }
0252
0253 static void __exit hmac_module_exit(void)
0254 {
0255     crypto_unregister_template(&hmac_tmpl);
0256 }
0257
0258 subsys_initcall(hmac_module_init);
0259 module_exit(hmac_module_exit);
0260
0261 MODULE_LICENSE("GPL");
0262 MODULE_DESCRIPTION("HMAC hash algorithm");
0263 MODULE_ALIAS_CRYPTO("hmac");