tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: chelsio - Use library to prepare HMAC keys

To prepare HMAC keys, just use the library functions instead of
crypto_shash. This is much simpler, avoids depending on the fragile
export_core and import_core methods, and is faster too.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu 9c6ed103 408cf485

+61 -201
+3 -3
drivers/crypto/chelsio/Kconfig
··· 4 4 depends on CHELSIO_T4 5 5 select CRYPTO_LIB_AES 6 6 select CRYPTO_LIB_GF128MUL 7 - select CRYPTO_SHA1 8 - select CRYPTO_SHA256 9 - select CRYPTO_SHA512 7 + select CRYPTO_LIB_SHA1 8 + select CRYPTO_LIB_SHA256 9 + select CRYPTO_LIB_SHA512 10 10 select CRYPTO_AUTHENC 11 11 help 12 12 The Chelsio Crypto Co-processor driver for T6 adapters.
+58 -197
drivers/crypto/chelsio/chcr_algo.c
··· 51 51 52 52 #include <crypto/aes.h> 53 53 #include <crypto/algapi.h> 54 - #include <crypto/hash.h> 55 54 #include <crypto/gcm.h> 56 55 #include <crypto/sha1.h> 57 56 #include <crypto/sha2.h> ··· 276 277 } 277 278 } 278 279 279 - static struct crypto_shash *chcr_alloc_shash(unsigned int ds) 280 + static int chcr_prepare_hmac_key(const u8 *raw_key, unsigned int raw_key_len, 281 + int digestsize, void *istate, void *ostate) 280 282 { 281 - struct crypto_shash *base_hash = ERR_PTR(-EINVAL); 283 + __be32 *istate32 = istate, *ostate32 = ostate; 284 + __be64 *istate64 = istate, *ostate64 = ostate; 285 + union { 286 + struct hmac_sha1_key sha1; 287 + struct hmac_sha224_key sha224; 288 + struct hmac_sha256_key sha256; 289 + struct hmac_sha384_key sha384; 290 + struct hmac_sha512_key sha512; 291 + } k; 282 292 283 - switch (ds) { 293 + switch (digestsize) { 284 294 case SHA1_DIGEST_SIZE: 285 - base_hash = crypto_alloc_shash("sha1", 0, 0); 295 + hmac_sha1_preparekey(&k.sha1, raw_key, raw_key_len); 296 + for (int i = 0; i < ARRAY_SIZE(k.sha1.istate.h); i++) { 297 + istate32[i] = cpu_to_be32(k.sha1.istate.h[i]); 298 + ostate32[i] = cpu_to_be32(k.sha1.ostate.h[i]); 299 + } 286 300 break; 287 301 case SHA224_DIGEST_SIZE: 288 - base_hash = crypto_alloc_shash("sha224", 0, 0); 302 + hmac_sha224_preparekey(&k.sha224, raw_key, raw_key_len); 303 + for (int i = 0; i < ARRAY_SIZE(k.sha224.key.istate.h); i++) { 304 + istate32[i] = cpu_to_be32(k.sha224.key.istate.h[i]); 305 + ostate32[i] = cpu_to_be32(k.sha224.key.ostate.h[i]); 306 + } 289 307 break; 290 308 case SHA256_DIGEST_SIZE: 291 - base_hash = crypto_alloc_shash("sha256", 0, 0); 309 + hmac_sha256_preparekey(&k.sha256, raw_key, raw_key_len); 310 + for (int i = 0; i < ARRAY_SIZE(k.sha256.key.istate.h); i++) { 311 + istate32[i] = cpu_to_be32(k.sha256.key.istate.h[i]); 312 + ostate32[i] = cpu_to_be32(k.sha256.key.ostate.h[i]); 313 + } 292 314 break; 293 315 case SHA384_DIGEST_SIZE: 294 - base_hash = crypto_alloc_shash("sha384", 0, 0); 316 + hmac_sha384_preparekey(&k.sha384, raw_key, raw_key_len); 317 + for (int i = 0; i < ARRAY_SIZE(k.sha384.key.istate.h); i++) { 318 + istate64[i] = cpu_to_be64(k.sha384.key.istate.h[i]); 319 + ostate64[i] = cpu_to_be64(k.sha384.key.ostate.h[i]); 320 + } 295 321 break; 296 322 case SHA512_DIGEST_SIZE: 297 - base_hash = crypto_alloc_shash("sha512", 0, 0); 323 + hmac_sha512_preparekey(&k.sha512, raw_key, raw_key_len); 324 + for (int i = 0; i < ARRAY_SIZE(k.sha512.key.istate.h); i++) { 325 + istate64[i] = cpu_to_be64(k.sha512.key.istate.h[i]); 326 + ostate64[i] = cpu_to_be64(k.sha512.key.ostate.h[i]); 327 + } 298 328 break; 329 + default: 330 + return -EINVAL; 299 331 } 300 - 301 - return base_hash; 302 - } 303 - 304 - static int chcr_compute_partial_hash(struct shash_desc *desc, 305 - char *iopad, char *result_hash, 306 - int digest_size) 307 - { 308 - struct sha1_state sha1_st; 309 - struct sha256_state sha256_st; 310 - struct sha512_state sha512_st; 311 - int error; 312 - 313 - if (digest_size == SHA1_DIGEST_SIZE) { 314 - error = crypto_shash_init(desc) ?: 315 - crypto_shash_update(desc, iopad, SHA1_BLOCK_SIZE) ?: 316 - crypto_shash_export_core(desc, &sha1_st); 317 - memcpy(result_hash, sha1_st.state, SHA1_DIGEST_SIZE); 318 - } else if (digest_size == SHA224_DIGEST_SIZE) { 319 - error = crypto_shash_init(desc) ?: 320 - crypto_shash_update(desc, iopad, SHA256_BLOCK_SIZE) ?: 321 - crypto_shash_export_core(desc, &sha256_st); 322 - memcpy(result_hash, sha256_st.state, SHA256_DIGEST_SIZE); 323 - 324 - } else if (digest_size == SHA256_DIGEST_SIZE) { 325 - error = crypto_shash_init(desc) ?: 326 - crypto_shash_update(desc, iopad, SHA256_BLOCK_SIZE) ?: 327 - crypto_shash_export_core(desc, &sha256_st); 328 - memcpy(result_hash, sha256_st.state, SHA256_DIGEST_SIZE); 329 - 330 - } else if (digest_size == SHA384_DIGEST_SIZE) { 331 - error = crypto_shash_init(desc) ?: 332 - crypto_shash_update(desc, iopad, SHA512_BLOCK_SIZE) ?: 333 - crypto_shash_export_core(desc, &sha512_st); 334 - memcpy(result_hash, sha512_st.state, SHA512_DIGEST_SIZE); 335 - 336 - } else if (digest_size == SHA512_DIGEST_SIZE) { 337 - error = crypto_shash_init(desc) ?: 338 - crypto_shash_update(desc, iopad, SHA512_BLOCK_SIZE) ?: 339 - crypto_shash_export_core(desc, &sha512_st); 340 - memcpy(result_hash, sha512_st.state, SHA512_DIGEST_SIZE); 341 - } else { 342 - error = -EINVAL; 343 - pr_err("Unknown digest size %d\n", digest_size); 344 - } 345 - return error; 346 - } 347 - 348 - static void chcr_change_order(char *buf, int ds) 349 - { 350 - int i; 351 - 352 - if (ds == SHA512_DIGEST_SIZE) { 353 - for (i = 0; i < (ds / sizeof(u64)); i++) 354 - *((__be64 *)buf + i) = 355 - cpu_to_be64(*((u64 *)buf + i)); 356 - } else { 357 - for (i = 0; i < (ds / sizeof(u32)); i++) 358 - *((__be32 *)buf + i) = 359 - cpu_to_be32(*((u32 *)buf + i)); 360 - } 332 + memzero_explicit(&k, sizeof(k)); 333 + return 0; 361 334 } 362 335 363 336 static inline int is_hmac(struct crypto_tfm *tfm) ··· 1518 1547 return 0; 1519 1548 } 1520 1549 1521 - static inline void chcr_free_shash(struct crypto_shash *base_hash) 1522 - { 1523 - crypto_free_shash(base_hash); 1524 - } 1525 - 1526 1550 /** 1527 1551 * create_hash_wr - Create hash work request 1528 1552 * @req: Cipher req base ··· 2168 2202 unsigned int keylen) 2169 2203 { 2170 2204 struct hmac_ctx *hmacctx = HMAC_CTX(h_ctx(tfm)); 2171 - unsigned int digestsize = crypto_ahash_digestsize(tfm); 2172 - unsigned int bs = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm)); 2173 - unsigned int i, err = 0, updated_digestsize; 2174 - 2175 - SHASH_DESC_ON_STACK(shash, hmacctx->base_hash); 2176 2205 2177 2206 /* use the key to calculate the ipad and opad. ipad will sent with the 2178 2207 * first request's data. opad will be sent with the final hash result 2179 2208 * ipad in hmacctx->ipad and opad in hmacctx->opad location 2180 2209 */ 2181 - shash->tfm = hmacctx->base_hash; 2182 - if (keylen > bs) { 2183 - err = crypto_shash_digest(shash, key, keylen, 2184 - hmacctx->ipad); 2185 - if (err) 2186 - goto out; 2187 - keylen = digestsize; 2188 - } else { 2189 - memcpy(hmacctx->ipad, key, keylen); 2190 - } 2191 - memset(hmacctx->ipad + keylen, 0, bs - keylen); 2192 - unsafe_memcpy(hmacctx->opad, hmacctx->ipad, bs, 2193 - "fortified memcpy causes -Wrestrict warning"); 2194 - 2195 - for (i = 0; i < bs / sizeof(int); i++) { 2196 - *((unsigned int *)(&hmacctx->ipad) + i) ^= IPAD_DATA; 2197 - *((unsigned int *)(&hmacctx->opad) + i) ^= OPAD_DATA; 2198 - } 2199 - 2200 - updated_digestsize = digestsize; 2201 - if (digestsize == SHA224_DIGEST_SIZE) 2202 - updated_digestsize = SHA256_DIGEST_SIZE; 2203 - else if (digestsize == SHA384_DIGEST_SIZE) 2204 - updated_digestsize = SHA512_DIGEST_SIZE; 2205 - err = chcr_compute_partial_hash(shash, hmacctx->ipad, 2206 - hmacctx->ipad, digestsize); 2207 - if (err) 2208 - goto out; 2209 - chcr_change_order(hmacctx->ipad, updated_digestsize); 2210 - 2211 - err = chcr_compute_partial_hash(shash, hmacctx->opad, 2212 - hmacctx->opad, digestsize); 2213 - if (err) 2214 - goto out; 2215 - chcr_change_order(hmacctx->opad, updated_digestsize); 2216 - out: 2217 - return err; 2210 + return chcr_prepare_hmac_key(key, keylen, crypto_ahash_digestsize(tfm), 2211 + hmacctx->ipad, hmacctx->opad); 2218 2212 } 2219 2213 2220 2214 static int chcr_aes_xts_setkey(struct crypto_skcipher *cipher, const u8 *key, ··· 2270 2344 2271 2345 static int chcr_hmac_cra_init(struct crypto_tfm *tfm) 2272 2346 { 2273 - struct chcr_context *ctx = crypto_tfm_ctx(tfm); 2274 - struct hmac_ctx *hmacctx = HMAC_CTX(ctx); 2275 - unsigned int digestsize = 2276 - crypto_ahash_digestsize(__crypto_ahash_cast(tfm)); 2277 - 2278 2347 crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), 2279 2348 sizeof(struct chcr_ahash_req_ctx)); 2280 - hmacctx->base_hash = chcr_alloc_shash(digestsize); 2281 - if (IS_ERR(hmacctx->base_hash)) 2282 - return PTR_ERR(hmacctx->base_hash); 2283 2349 return chcr_device_init(crypto_tfm_ctx(tfm)); 2284 - } 2285 - 2286 - static void chcr_hmac_cra_exit(struct crypto_tfm *tfm) 2287 - { 2288 - struct chcr_context *ctx = crypto_tfm_ctx(tfm); 2289 - struct hmac_ctx *hmacctx = HMAC_CTX(ctx); 2290 - 2291 - if (hmacctx->base_hash) { 2292 - chcr_free_shash(hmacctx->base_hash); 2293 - hmacctx->base_hash = NULL; 2294 - } 2295 2350 } 2296 2351 2297 2352 inline void chcr_aead_common_exit(struct aead_request *req) ··· 3464 3557 struct chcr_authenc_ctx *actx = AUTHENC_CTX(aeadctx); 3465 3558 /* it contains auth and cipher key both*/ 3466 3559 struct crypto_authenc_keys keys; 3467 - unsigned int bs, subtype; 3560 + unsigned int subtype; 3468 3561 unsigned int max_authsize = crypto_aead_alg(authenc)->maxauthsize; 3469 - int err = 0, i, key_ctx_len = 0; 3562 + int err = 0, key_ctx_len = 0; 3470 3563 unsigned char ck_size = 0; 3471 - unsigned char pad[CHCR_HASH_MAX_BLOCK_SIZE_128] = { 0 }; 3472 - struct crypto_shash *base_hash = ERR_PTR(-EINVAL); 3473 3564 struct algo_param param; 3474 3565 int align; 3475 - u8 *o_ptr = NULL; 3476 3566 3477 3567 crypto_aead_clear_flags(aeadctx->sw_cipher, CRYPTO_TFM_REQ_MASK); 3478 3568 crypto_aead_set_flags(aeadctx->sw_cipher, crypto_aead_get_flags(authenc) ··· 3517 3613 get_aes_decrypt_key(actx->dec_rrkey, aeadctx->key, 3518 3614 aeadctx->enckey_len << 3); 3519 3615 } 3520 - base_hash = chcr_alloc_shash(max_authsize); 3521 - if (IS_ERR(base_hash)) { 3522 - pr_err("Base driver cannot be loaded\n"); 3616 + 3617 + align = KEYCTX_ALIGN_PAD(max_authsize); 3618 + err = chcr_prepare_hmac_key(keys.authkey, keys.authkeylen, max_authsize, 3619 + actx->h_iopad, 3620 + actx->h_iopad + param.result_size + align); 3621 + if (err) 3523 3622 goto out; 3524 - } 3525 - { 3526 - SHASH_DESC_ON_STACK(shash, base_hash); 3527 3623 3528 - shash->tfm = base_hash; 3529 - bs = crypto_shash_blocksize(base_hash); 3530 - align = KEYCTX_ALIGN_PAD(max_authsize); 3531 - o_ptr = actx->h_iopad + param.result_size + align; 3624 + key_ctx_len = sizeof(struct _key_ctx) + roundup(keys.enckeylen, 16) + 3625 + (param.result_size + align) * 2; 3626 + aeadctx->key_ctx_hdr = FILL_KEY_CTX_HDR(ck_size, param.mk_size, 0, 1, 3627 + key_ctx_len >> 4); 3628 + actx->auth_mode = param.auth_mode; 3532 3629 3533 - if (keys.authkeylen > bs) { 3534 - err = crypto_shash_digest(shash, keys.authkey, 3535 - keys.authkeylen, 3536 - o_ptr); 3537 - if (err) { 3538 - pr_err("Base driver cannot be loaded\n"); 3539 - goto out; 3540 - } 3541 - keys.authkeylen = max_authsize; 3542 - } else 3543 - memcpy(o_ptr, keys.authkey, keys.authkeylen); 3630 + memzero_explicit(&keys, sizeof(keys)); 3631 + return 0; 3544 3632 3545 - /* Compute the ipad-digest*/ 3546 - memset(pad + keys.authkeylen, 0, bs - keys.authkeylen); 3547 - memcpy(pad, o_ptr, keys.authkeylen); 3548 - for (i = 0; i < bs >> 2; i++) 3549 - *((unsigned int *)pad + i) ^= IPAD_DATA; 3550 - 3551 - if (chcr_compute_partial_hash(shash, pad, actx->h_iopad, 3552 - max_authsize)) 3553 - goto out; 3554 - /* Compute the opad-digest */ 3555 - memset(pad + keys.authkeylen, 0, bs - keys.authkeylen); 3556 - memcpy(pad, o_ptr, keys.authkeylen); 3557 - for (i = 0; i < bs >> 2; i++) 3558 - *((unsigned int *)pad + i) ^= OPAD_DATA; 3559 - 3560 - if (chcr_compute_partial_hash(shash, pad, o_ptr, max_authsize)) 3561 - goto out; 3562 - 3563 - /* convert the ipad and opad digest to network order */ 3564 - chcr_change_order(actx->h_iopad, param.result_size); 3565 - chcr_change_order(o_ptr, param.result_size); 3566 - key_ctx_len = sizeof(struct _key_ctx) + 3567 - roundup(keys.enckeylen, 16) + 3568 - (param.result_size + align) * 2; 3569 - aeadctx->key_ctx_hdr = FILL_KEY_CTX_HDR(ck_size, param.mk_size, 3570 - 0, 1, key_ctx_len >> 4); 3571 - actx->auth_mode = param.auth_mode; 3572 - chcr_free_shash(base_hash); 3573 - 3574 - memzero_explicit(&keys, sizeof(keys)); 3575 - return 0; 3576 - } 3577 3633 out: 3578 3634 aeadctx->enckey_len = 0; 3579 3635 memzero_explicit(&keys, sizeof(keys)); 3580 - if (!IS_ERR(base_hash)) 3581 - chcr_free_shash(base_hash); 3582 3636 return -EINVAL; 3583 3637 } 3584 3638 ··· 4352 4490 4353 4491 if (driver_algs[i].type == CRYPTO_ALG_TYPE_HMAC) { 4354 4492 a_hash->halg.base.cra_init = chcr_hmac_cra_init; 4355 - a_hash->halg.base.cra_exit = chcr_hmac_cra_exit; 4356 4493 a_hash->init = chcr_hmac_init; 4357 4494 a_hash->setkey = chcr_ahash_setkey; 4358 4495 a_hash->halg.base.cra_ctxsize = SZ_AHASH_H_CTX;
-1
drivers/crypto/chelsio/chcr_crypto.h
··· 241 241 }; 242 242 243 243 struct hmac_ctx { 244 - struct crypto_shash *base_hash; 245 244 u8 ipad[CHCR_HASH_MAX_BLOCK_SIZE_128]; 246 245 u8 opad[CHCR_HASH_MAX_BLOCK_SIZE_128]; 247 246 };