hmac.c 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Cryptographic API.
  4. *
  5. * HMAC: Keyed-Hashing for Message Authentication (RFC2104).
  6. *
  7. * Copyright (c) 2002 James Morris <[email protected]>
  8. * Copyright (c) 2006 Herbert Xu <[email protected]>
  9. *
  10. * The HMAC implementation is derived from USAGI.
  11. * Copyright (c) 2002 Kazunori Miyazawa <[email protected]> / USAGI
  12. */
  13. #include <crypto/hmac.h>
  14. #include <crypto/internal/hash.h>
  15. #include <crypto/scatterwalk.h>
  16. #include <linux/err.h>
  17. #include <linux/fips.h>
  18. #include <linux/init.h>
  19. #include <linux/kernel.h>
  20. #include <linux/module.h>
  21. #include <linux/scatterlist.h>
  22. #include <linux/string.h>
  23. struct hmac_ctx {
  24. struct crypto_shash *hash;
  25. };
  26. static inline void *align_ptr(void *p, unsigned int align)
  27. {
  28. return (void *)ALIGN((unsigned long)p, align);
  29. }
  30. static inline struct hmac_ctx *hmac_ctx(struct crypto_shash *tfm)
  31. {
  32. return align_ptr(crypto_shash_ctx_aligned(tfm) +
  33. crypto_shash_statesize(tfm) * 2,
  34. crypto_tfm_ctx_alignment());
  35. }
  36. static int hmac_setkey(struct crypto_shash *parent,
  37. const u8 *inkey, unsigned int keylen)
  38. {
  39. int bs = crypto_shash_blocksize(parent);
  40. int ds = crypto_shash_digestsize(parent);
  41. int ss = crypto_shash_statesize(parent);
  42. char *ipad = crypto_shash_ctx_aligned(parent);
  43. char *opad = ipad + ss;
  44. struct hmac_ctx *ctx = align_ptr(opad + ss,
  45. crypto_tfm_ctx_alignment());
  46. struct crypto_shash *hash = ctx->hash;
  47. SHASH_DESC_ON_STACK(shash, hash);
  48. unsigned int i;
  49. if (fips_enabled && (keylen < 112 / 8))
  50. return -EINVAL;
  51. shash->tfm = hash;
  52. if (keylen > bs) {
  53. int err;
  54. err = crypto_shash_digest(shash, inkey, keylen, ipad);
  55. if (err)
  56. return err;
  57. keylen = ds;
  58. } else
  59. memcpy(ipad, inkey, keylen);
  60. memset(ipad + keylen, 0, bs - keylen);
  61. memcpy(opad, ipad, bs);
  62. for (i = 0; i < bs; i++) {
  63. ipad[i] ^= HMAC_IPAD_VALUE;
  64. opad[i] ^= HMAC_OPAD_VALUE;
  65. }
  66. return crypto_shash_init(shash) ?:
  67. crypto_shash_update(shash, ipad, bs) ?:
  68. crypto_shash_export(shash, ipad) ?:
  69. crypto_shash_init(shash) ?:
  70. crypto_shash_update(shash, opad, bs) ?:
  71. crypto_shash_export(shash, opad);
  72. }
  73. static int hmac_export(struct shash_desc *pdesc, void *out)
  74. {
  75. struct shash_desc *desc = shash_desc_ctx(pdesc);
  76. return crypto_shash_export(desc, out);
  77. }
  78. static int hmac_import(struct shash_desc *pdesc, const void *in)
  79. {
  80. struct shash_desc *desc = shash_desc_ctx(pdesc);
  81. struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
  82. desc->tfm = ctx->hash;
  83. return crypto_shash_import(desc, in);
  84. }
  85. static int hmac_init(struct shash_desc *pdesc)
  86. {
  87. return hmac_import(pdesc, crypto_shash_ctx_aligned(pdesc->tfm));
  88. }
  89. static int hmac_update(struct shash_desc *pdesc,
  90. const u8 *data, unsigned int nbytes)
  91. {
  92. struct shash_desc *desc = shash_desc_ctx(pdesc);
  93. return crypto_shash_update(desc, data, nbytes);
  94. }
  95. static int hmac_final(struct shash_desc *pdesc, u8 *out)
  96. {
  97. struct crypto_shash *parent = pdesc->tfm;
  98. int ds = crypto_shash_digestsize(parent);
  99. int ss = crypto_shash_statesize(parent);
  100. char *opad = crypto_shash_ctx_aligned(parent) + ss;
  101. struct shash_desc *desc = shash_desc_ctx(pdesc);
  102. return crypto_shash_final(desc, out) ?:
  103. crypto_shash_import(desc, opad) ?:
  104. crypto_shash_finup(desc, out, ds, out);
  105. }
  106. static int hmac_finup(struct shash_desc *pdesc, const u8 *data,
  107. unsigned int nbytes, u8 *out)
  108. {
  109. struct crypto_shash *parent = pdesc->tfm;
  110. int ds = crypto_shash_digestsize(parent);
  111. int ss = crypto_shash_statesize(parent);
  112. char *opad = crypto_shash_ctx_aligned(parent) + ss;
  113. struct shash_desc *desc = shash_desc_ctx(pdesc);
  114. return crypto_shash_finup(desc, data, nbytes, out) ?:
  115. crypto_shash_import(desc, opad) ?:
  116. crypto_shash_finup(desc, out, ds, out);
  117. }
  118. static int hmac_init_tfm(struct crypto_shash *parent)
  119. {
  120. struct crypto_shash *hash;
  121. struct shash_instance *inst = shash_alg_instance(parent);
  122. struct crypto_shash_spawn *spawn = shash_instance_ctx(inst);
  123. struct hmac_ctx *ctx = hmac_ctx(parent);
  124. hash = crypto_spawn_shash(spawn);
  125. if (IS_ERR(hash))
  126. return PTR_ERR(hash);
  127. parent->descsize = sizeof(struct shash_desc) +
  128. crypto_shash_descsize(hash);
  129. ctx->hash = hash;
  130. return 0;
  131. }
  132. static void hmac_exit_tfm(struct crypto_shash *parent)
  133. {
  134. struct hmac_ctx *ctx = hmac_ctx(parent);
  135. crypto_free_shash(ctx->hash);
  136. }
  137. static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
  138. {
  139. struct shash_instance *inst;
  140. struct crypto_shash_spawn *spawn;
  141. struct crypto_alg *alg;
  142. struct shash_alg *salg;
  143. u32 mask;
  144. int err;
  145. int ds;
  146. int ss;
  147. err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH, &mask);
  148. if (err)
  149. return err;
  150. inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
  151. if (!inst)
  152. return -ENOMEM;
  153. spawn = shash_instance_ctx(inst);
  154. err = crypto_grab_shash(spawn, shash_crypto_instance(inst),
  155. crypto_attr_alg_name(tb[1]), 0, mask);
  156. if (err)
  157. goto err_free_inst;
  158. salg = crypto_spawn_shash_alg(spawn);
  159. alg = &salg->base;
  160. /* The underlying hash algorithm must not require a key */
  161. err = -EINVAL;
  162. if (crypto_shash_alg_needs_key(salg))
  163. goto err_free_inst;
  164. ds = salg->digestsize;
  165. ss = salg->statesize;
  166. if (ds > alg->cra_blocksize ||
  167. ss < alg->cra_blocksize)
  168. goto err_free_inst;
  169. err = crypto_inst_setname(shash_crypto_instance(inst), tmpl->name, alg);
  170. if (err)
  171. goto err_free_inst;
  172. inst->alg.base.cra_priority = alg->cra_priority;
  173. inst->alg.base.cra_blocksize = alg->cra_blocksize;
  174. inst->alg.base.cra_alignmask = alg->cra_alignmask;
  175. ss = ALIGN(ss, alg->cra_alignmask + 1);
  176. inst->alg.digestsize = ds;
  177. inst->alg.statesize = ss;
  178. inst->alg.base.cra_ctxsize = sizeof(struct hmac_ctx) +
  179. ALIGN(ss * 2, crypto_tfm_ctx_alignment());
  180. inst->alg.init = hmac_init;
  181. inst->alg.update = hmac_update;
  182. inst->alg.final = hmac_final;
  183. inst->alg.finup = hmac_finup;
  184. inst->alg.export = hmac_export;
  185. inst->alg.import = hmac_import;
  186. inst->alg.setkey = hmac_setkey;
  187. inst->alg.init_tfm = hmac_init_tfm;
  188. inst->alg.exit_tfm = hmac_exit_tfm;
  189. inst->free = shash_free_singlespawn_instance;
  190. err = shash_register_instance(tmpl, inst);
  191. if (err) {
  192. err_free_inst:
  193. shash_free_singlespawn_instance(inst);
  194. }
  195. return err;
  196. }
  197. static struct crypto_template hmac_tmpl = {
  198. .name = "hmac",
  199. .create = hmac_create,
  200. .module = THIS_MODULE,
  201. };
  202. static int __init hmac_module_init(void)
  203. {
  204. return crypto_register_template(&hmac_tmpl);
  205. }
  206. static void __exit hmac_module_exit(void)
  207. {
  208. crypto_unregister_template(&hmac_tmpl);
  209. }
  210. subsys_initcall(hmac_module_init);
  211. module_exit(hmac_module_exit);
  212. MODULE_LICENSE("GPL");
  213. MODULE_DESCRIPTION("HMAC hash algorithm");
  214. MODULE_ALIAS_CRYPTO("hmac");