Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / ffe213a3c58a33f2213b29b79ea9241458b7d8c4 / . / ap / os / linux / linux-3.4.x / crypto / hmac.c
blob: b281996f7ee5be9db7715834631e1012dfe0edf7 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/*
2 * Cryptographic API.
3 *
4 * HMAC: Keyed-Hashing for Message Authentication (RFC2104).
5 *
6 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
7 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
8 *
9 * The HMAC implementation is derived from USAGI.
10 * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the Free
14 * Software Foundation; either version 2 of the License, or (at your option)
15 * any later version.
16 *
17 */
18
19#include <crypto/internal/hash.h>
20#include <crypto/scatterwalk.h>
21#include <linux/err.h>
22#include <linux/init.h>
23#include <linux/kernel.h>
24#include <linux/module.h>
25#include <linux/scatterlist.h>
26#include <linux/string.h>
27
28struct hmac_ctx {
29 struct crypto_shash *hash;
30};
31
32static inline void *align_ptr(void *p, unsigned int align)
33{
34 return (void *)ALIGN((unsigned long)p, align);
35}
36
37static inline struct hmac_ctx *hmac_ctx(struct crypto_shash *tfm)
38{
39 return align_ptr(crypto_shash_ctx_aligned(tfm) +
40 crypto_shash_statesize(tfm) * 2,
41 crypto_tfm_ctx_alignment());
42}
43
44static int hmac_setkey(struct crypto_shash *parent,
45 const u8 *inkey, unsigned int keylen)
46{
47 int bs = crypto_shash_blocksize(parent);
48 int ds = crypto_shash_digestsize(parent);
49 int ss = crypto_shash_statesize(parent);
50 char *ipad = crypto_shash_ctx_aligned(parent);
51 char *opad = ipad + ss;
52 struct hmac_ctx *ctx = align_ptr(opad + ss,
53 crypto_tfm_ctx_alignment());
54 struct crypto_shash *hash = ctx->hash;
55 struct {
56 struct shash_desc shash;
57 char ctx[crypto_shash_descsize(hash)];
58 } desc;
59 unsigned int i;
60
61 desc.shash.tfm = hash;
62 desc.shash.flags = crypto_shash_get_flags(parent) &
63 CRYPTO_TFM_REQ_MAY_SLEEP;
64
65 if (keylen > bs) {
66 int err;
67
68 err = crypto_shash_digest(&desc.shash, inkey, keylen, ipad);
69 if (err)
70 return err;
71
72 keylen = ds;
73 } else
74 memcpy(ipad, inkey, keylen);
75
76 memset(ipad + keylen, 0, bs - keylen);
77 memcpy(opad, ipad, bs);
78
79 for (i = 0; i < bs; i++) {
80 ipad[i] ^= 0x36;
81 opad[i] ^= 0x5c;
82 }
83
84 return crypto_shash_init(&desc.shash) ?:
85 crypto_shash_update(&desc.shash, ipad, bs) ?:
86 crypto_shash_export(&desc.shash, ipad) ?:
87 crypto_shash_init(&desc.shash) ?:
88 crypto_shash_update(&desc.shash, opad, bs) ?:
89 crypto_shash_export(&desc.shash, opad);
90}
91
92static int hmac_export(struct shash_desc *pdesc, void *out)
93{
94 struct shash_desc *desc = shash_desc_ctx(pdesc);
95
96 desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
97
98 return crypto_shash_export(desc, out);
99}
100
101static int hmac_import(struct shash_desc *pdesc, const void *in)
102{
103 struct shash_desc *desc = shash_desc_ctx(pdesc);
104 struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
105
106 desc->tfm = ctx->hash;
107 desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
108
109 return crypto_shash_import(desc, in);
110}
111
112static int hmac_init(struct shash_desc *pdesc)
113{
114 return hmac_import(pdesc, crypto_shash_ctx_aligned(pdesc->tfm));
115}
116
117static int hmac_update(struct shash_desc *pdesc,
118 const u8 *data, unsigned int nbytes)
119{
120 struct shash_desc *desc = shash_desc_ctx(pdesc);
121
122 desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
123
124 return crypto_shash_update(desc, data, nbytes);
125}
126
127static int hmac_final(struct shash_desc *pdesc, u8 *out)
128{
129 struct crypto_shash *parent = pdesc->tfm;
130 int ds = crypto_shash_digestsize(parent);
131 int ss = crypto_shash_statesize(parent);
132 char *opad = crypto_shash_ctx_aligned(parent) + ss;
133 struct shash_desc *desc = shash_desc_ctx(pdesc);
134
135 desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
136
137 return crypto_shash_final(desc, out) ?:
138 crypto_shash_import(desc, opad) ?:
139 crypto_shash_finup(desc, out, ds, out);
140}
141
142static int hmac_finup(struct shash_desc *pdesc, const u8 *data,
143 unsigned int nbytes, u8 *out)
144{
145
146 struct crypto_shash *parent = pdesc->tfm;
147 int ds = crypto_shash_digestsize(parent);
148 int ss = crypto_shash_statesize(parent);
149 char *opad = crypto_shash_ctx_aligned(parent) + ss;
150 struct shash_desc *desc = shash_desc_ctx(pdesc);
151
152 desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
153
154 return crypto_shash_finup(desc, data, nbytes, out) ?:
155 crypto_shash_import(desc, opad) ?:
156 crypto_shash_finup(desc, out, ds, out);
157}
158
159static int hmac_init_tfm(struct crypto_tfm *tfm)
160{
161 struct crypto_shash *parent = __crypto_shash_cast(tfm);
162 struct crypto_shash *hash;
163 struct crypto_instance *inst = (void *)tfm->__crt_alg;
164 struct crypto_shash_spawn *spawn = crypto_instance_ctx(inst);
165 struct hmac_ctx *ctx = hmac_ctx(parent);
166
167 hash = crypto_spawn_shash(spawn);
168 if (IS_ERR(hash))
169 return PTR_ERR(hash);
170
171 parent->descsize = sizeof(struct shash_desc) +
172 crypto_shash_descsize(hash);
173
174 ctx->hash = hash;
175 return 0;
176}
177
178static void hmac_exit_tfm(struct crypto_tfm *tfm)
179{
180 struct hmac_ctx *ctx = hmac_ctx(__crypto_shash_cast(tfm));
181 crypto_free_shash(ctx->hash);
182}
183
184static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
185{
186 struct shash_instance *inst;
187 struct crypto_alg *alg;
188 struct shash_alg *salg;
189 int err;
190 int ds;
191 int ss;
192
193 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH);
194 if (err)
195 return err;
196
197 salg = shash_attr_alg(tb[1], 0, 0);
198 if (IS_ERR(salg))
199 return PTR_ERR(salg);
200 /*fix for hub CVE-2017-17806*/
201 alg = &salg->base;
202
203 /*The underlying hash algorithm must be unkeyed */
204 err = -EINVAL;
205
206 if (crypto_shash_alg_has_setkey(salg))
207 goto out_put_alg;
208
209 ds = salg->digestsize;
210 ss = salg->statesize;
211
212 if (ds > alg->cra_blocksize ||
213 ss < alg->cra_blocksize)
214 goto out_put_alg;
215
216 inst = shash_alloc_instance("hmac", alg);
217 err = PTR_ERR(inst);
218 if (IS_ERR(inst))
219 goto out_put_alg;
220
221 err = crypto_init_shash_spawn(shash_instance_ctx(inst), salg,
222 shash_crypto_instance(inst));
223 if (err)
224 goto out_free_inst;
225
226 inst->alg.base.cra_priority = alg->cra_priority;
227 inst->alg.base.cra_blocksize = alg->cra_blocksize;
228 inst->alg.base.cra_alignmask = alg->cra_alignmask;
229
230 ss = ALIGN(ss, alg->cra_alignmask + 1);
231 inst->alg.digestsize = ds;
232 inst->alg.statesize = ss;
233
234 inst->alg.base.cra_ctxsize = sizeof(struct hmac_ctx) +
235 ALIGN(ss * 2, crypto_tfm_ctx_alignment());
236
237 inst->alg.base.cra_init = hmac_init_tfm;
238 inst->alg.base.cra_exit = hmac_exit_tfm;
239
240 inst->alg.init = hmac_init;
241 inst->alg.update = hmac_update;
242 inst->alg.final = hmac_final;
243 inst->alg.finup = hmac_finup;
244 inst->alg.export = hmac_export;
245 inst->alg.import = hmac_import;
246 inst->alg.setkey = hmac_setkey;
247
248 err = shash_register_instance(tmpl, inst);
249 if (err) {
250out_free_inst:
251 shash_free_instance(shash_crypto_instance(inst));
252 }
253
254out_put_alg:
255 crypto_mod_put(alg);
256 return err;
257}
258
259static struct crypto_template hmac_tmpl = {
260 .name = "hmac",
261 .create = hmac_create,
262 .free = shash_free_instance,
263 .module = THIS_MODULE,
264};
265
266static int __init hmac_module_init(void)
267{
268 return crypto_register_template(&hmac_tmpl);
269}
270
271static void __exit hmac_module_exit(void)
272{
273 crypto_unregister_template(&hmac_tmpl);
274}
275
276module_init(hmac_module_init);
277module_exit(hmac_module_exit);
278
279MODULE_LICENSE("GPL");
280MODULE_DESCRIPTION("HMAC hash algorithm");