1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#include <crypto/algapi.h>
20#include <crypto/scatterwalk.h>
21#include <linux/err.h>
22#include <linux/init.h>
23#include <linux/kernel.h>
24#include <linux/module.h>
25#include <linux/scatterlist.h>
26#include <linux/slab.h>
27#include <linux/string.h>
28
29struct hmac_ctx {
30 struct crypto_hash *child;
31};
32
33static inline void *align_ptr(void *p, unsigned int align)
34{
35 return (void *)ALIGN((unsigned long)p, align);
36}
37
38static inline struct hmac_ctx *hmac_ctx(struct crypto_hash *tfm)
39{
40 return align_ptr(crypto_hash_ctx_aligned(tfm) +
41 crypto_hash_blocksize(tfm) * 2 +
42 crypto_hash_digestsize(tfm), sizeof(void *));
43}
44
45static int hmac_setkey(struct crypto_hash *parent,
46 const u8 *inkey, unsigned int keylen)
47{
48 int bs = crypto_hash_blocksize(parent);
49 int ds = crypto_hash_digestsize(parent);
50 char *ipad = crypto_hash_ctx_aligned(parent);
51 char *opad = ipad + bs;
52 char *digest = opad + bs;
53 struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
54 struct crypto_hash *tfm = ctx->child;
55 unsigned int i;
56
57 if (keylen > bs) {
58 struct hash_desc desc;
59 struct scatterlist tmp;
60 int tmplen;
61 int err;
62
63 desc.tfm = tfm;
64 desc.flags = crypto_hash_get_flags(parent);
65 desc.flags &= CRYPTO_TFM_REQ_MAY_SLEEP;
66
67 err = crypto_hash_init(&desc);
68 if (err)
69 return err;
70
71 tmplen = bs * 2 + ds;
72 sg_init_one(&tmp, ipad, tmplen);
73
74 for (; keylen > tmplen; inkey += tmplen, keylen -= tmplen) {
75 memcpy(ipad, inkey, tmplen);
76 err = crypto_hash_update(&desc, &tmp, tmplen);
77 if (err)
78 return err;
79 }
80
81 if (keylen) {
82 memcpy(ipad, inkey, keylen);
83 err = crypto_hash_update(&desc, &tmp, keylen);
84 if (err)
85 return err;
86 }
87
88 err = crypto_hash_final(&desc, digest);
89 if (err)
90 return err;
91
92 inkey = digest;
93 keylen = ds;
94 }
95
96 memcpy(ipad, inkey, keylen);
97 memset(ipad + keylen, 0, bs - keylen);
98 memcpy(opad, ipad, bs);
99
100 for (i = 0; i < bs; i++) {
101 ipad[i] ^= 0x36;
102 opad[i] ^= 0x5c;
103 }
104
105 return 0;
106}
107
108static int hmac_init(struct hash_desc *pdesc)
109{
110 struct crypto_hash *parent = pdesc->tfm;
111 int bs = crypto_hash_blocksize(parent);
112 int ds = crypto_hash_digestsize(parent);
113 char *ipad = crypto_hash_ctx_aligned(parent);
114 struct hmac_ctx *ctx = align_ptr(ipad + bs * 2 + ds, sizeof(void *));
115 struct hash_desc desc;
116 struct scatterlist tmp;
117 int err;
118
119 desc.tfm = ctx->child;
120 desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
121 sg_init_one(&tmp, ipad, bs);
122
123 err = crypto_hash_init(&desc);
124 if (unlikely(err))
125 return err;
126
127 return crypto_hash_update(&desc, &tmp, bs);
128}
129
130static int hmac_update(struct hash_desc *pdesc,
131 struct scatterlist *sg, unsigned int nbytes)
132{
133 struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
134 struct hash_desc desc;
135
136 desc.tfm = ctx->child;
137 desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
138
139 return crypto_hash_update(&desc, sg, nbytes);
140}
141
142static int hmac_final(struct hash_desc *pdesc, u8 *out)
143{
144 struct crypto_hash *parent = pdesc->tfm;
145 int bs = crypto_hash_blocksize(parent);
146 int ds = crypto_hash_digestsize(parent);
147 char *opad = crypto_hash_ctx_aligned(parent) + bs;
148 char *digest = opad + bs;
149 struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
150 struct hash_desc desc;
151 struct scatterlist tmp;
152 int err;
153
154 desc.tfm = ctx->child;
155 desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
156 sg_init_one(&tmp, opad, bs + ds);
157
158 err = crypto_hash_final(&desc, digest);
159 if (unlikely(err))
160 return err;
161
162 return crypto_hash_digest(&desc, &tmp, bs + ds, out);
163}
164
165static int hmac_digest(struct hash_desc *pdesc, struct scatterlist *sg,
166 unsigned int nbytes, u8 *out)
167{
168 struct crypto_hash *parent = pdesc->tfm;
169 int bs = crypto_hash_blocksize(parent);
170 int ds = crypto_hash_digestsize(parent);
171 char *ipad = crypto_hash_ctx_aligned(parent);
172 char *opad = ipad + bs;
173 char *digest = opad + bs;
174 struct hmac_ctx *ctx = align_ptr(digest + ds, sizeof(void *));
175 struct hash_desc desc;
176 struct scatterlist sg1[2];
177 struct scatterlist sg2[1];
178 int err;
179
180 desc.tfm = ctx->child;
181 desc.flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
182
183 sg_init_table(sg1, 2);
184 sg_set_buf(sg1, ipad, bs);
185 scatterwalk_sg_chain(sg1, 2, sg);
186
187 sg_init_table(sg2, 1);
188 sg_set_buf(sg2, opad, bs + ds);
189
190 err = crypto_hash_digest(&desc, sg1, nbytes + bs, digest);
191 if (unlikely(err))
192 return err;
193
194 return crypto_hash_digest(&desc, sg2, bs + ds, out);
195}
196
197static int hmac_init_tfm(struct crypto_tfm *tfm)
198{
199 struct crypto_hash *hash;
200 struct crypto_instance *inst = (void *)tfm->__crt_alg;
201 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
202 struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm));
203
204 hash = crypto_spawn_hash(spawn);
205 if (IS_ERR(hash))
206 return PTR_ERR(hash);
207
208 ctx->child = hash;
209 return 0;
210}
211
212static void hmac_exit_tfm(struct crypto_tfm *tfm)
213{
214 struct hmac_ctx *ctx = hmac_ctx(__crypto_hash_cast(tfm));
215 crypto_free_hash(ctx->child);
216}
217
218static void hmac_free(struct crypto_instance *inst)
219{
220 crypto_drop_spawn(crypto_instance_ctx(inst));
221 kfree(inst);
222}
223
224static struct crypto_instance *hmac_alloc(struct rtattr **tb)
225{
226 struct crypto_instance *inst;
227 struct crypto_alg *alg;
228 int err;
229 int ds;
230
231 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH);
232 if (err)
233 return ERR_PTR(err);
234
235 alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_HASH,
236 CRYPTO_ALG_TYPE_HASH_MASK);
237 if (IS_ERR(alg))
238 return ERR_CAST(alg);
239
240 inst = ERR_PTR(-EINVAL);
241 ds = (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
242 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
243 alg->cra_digest.dia_digestsize;
244 if (ds > alg->cra_blocksize)
245 goto out_put_alg;
246
247 inst = crypto_alloc_instance("hmac", alg);
248 if (IS_ERR(inst))
249 goto out_put_alg;
250
251 inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
252 inst->alg.cra_priority = alg->cra_priority;
253 inst->alg.cra_blocksize = alg->cra_blocksize;
254 inst->alg.cra_alignmask = alg->cra_alignmask;
255 inst->alg.cra_type = &crypto_hash_type;
256
257 inst->alg.cra_hash.digestsize = ds;
258
259 inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) +
260 ALIGN(inst->alg.cra_blocksize * 2 + ds,
261 sizeof(void *));
262
263 inst->alg.cra_init = hmac_init_tfm;
264 inst->alg.cra_exit = hmac_exit_tfm;
265
266 inst->alg.cra_hash.init = hmac_init;
267 inst->alg.cra_hash.update = hmac_update;
268 inst->alg.cra_hash.final = hmac_final;
269 inst->alg.cra_hash.digest = hmac_digest;
270 inst->alg.cra_hash.setkey = hmac_setkey;
271
272out_put_alg:
273 crypto_mod_put(alg);
274 return inst;
275}
276
277static struct crypto_template hmac_tmpl = {
278 .name = "hmac",
279 .alloc = hmac_alloc,
280 .free = hmac_free,
281 .module = THIS_MODULE,
282};
283
284static int __init hmac_module_init(void)
285{
286 return crypto_register_template(&hmac_tmpl);
287}
288
289static void __exit hmac_module_exit(void)
290{
291 crypto_unregister_template(&hmac_tmpl);
292}
293
294module_init(hmac_module_init);
295module_exit(hmac_module_exit);
296
297MODULE_LICENSE("GPL");
298MODULE_DESCRIPTION("HMAC hash algorithm");
299