| Message ID | 20191129193522.52513-1-ebiggers@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms | expand |
On Fri, 29 Nov 2019 at 20:36, Eric Biggers <ebiggers@kernel.org> wrote: > > From: Eric Biggers <ebiggers@google.com> > > The essiv and hmac templates refuse to use any hash algorithm that has a > ->setkey() function, which includes not just algorithms that always need > a key, but also algorithms that optionally take a key. > > Previously the only optionally-keyed hash algorithms in the crypto API > were non-cryptographic algorithms like crc32, so this didn't really > matter. But that's changed with BLAKE2 support being added. BLAKE2 > should work with essiv and hmac, just like any other cryptographic hash. > > Fix this by allowing the use of both algorithms without a ->setkey() > function and algorithms that have the OPTIONAL_KEY flag set. > > Signed-off-by: Eric Biggers <ebiggers@google.com> Hey Eric, Even though I am not convinced that using hmac() with blake2 makes a lot of sense, I agree that the mere presence or absence of the setkey() hook should decide whether this is permitted. So, Acked-by: Ard Biesheuvel <ardb@kernel.org> > --- > crypto/essiv.c | 2 +- > crypto/hmac.c | 4 ++-- > crypto/shash.c | 3 +-- > include/crypto/internal/hash.h | 6 ++++++ > 4 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/crypto/essiv.c b/crypto/essiv.c > index 808f2b362106..e4b32c2ea7ec 100644 > --- a/crypto/essiv.c > +++ b/crypto/essiv.c > @@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, > if (ivsize != alg->cra_blocksize) > goto out; > > - if (crypto_shash_alg_has_setkey(hash_alg)) > + if (crypto_shash_alg_needs_key(hash_alg)) > goto out; > > ret = true; > diff --git a/crypto/hmac.c b/crypto/hmac.c > index 8b2a212eb0ad..377f07733e2f 100644 > --- a/crypto/hmac.c > +++ b/crypto/hmac.c > @@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) > return PTR_ERR(salg); > alg = &salg->base; > > - /* The underlying hash algorithm must be unkeyed */ > + /* The underlying hash algorithm must not require a key */ > err = -EINVAL; > - if (crypto_shash_alg_has_setkey(salg)) > + if (crypto_shash_alg_needs_key(salg)) > goto out_put_alg; > > ds = salg->digestsize; > diff --git a/crypto/shash.c b/crypto/shash.c > index e83c5124f6eb..7989258a46b4 100644 > --- a/crypto/shash.c > +++ b/crypto/shash.c > @@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, > > static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) > { > - if (crypto_shash_alg_has_setkey(alg) && > - !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) > + if (crypto_shash_alg_needs_key(alg)) > crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); > } > > diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h > index bfc9db7b100d..f68dab38f160 100644 > --- a/include/crypto/internal/hash.h > +++ b/include/crypto/internal/hash.h > @@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg) > return alg->setkey != shash_no_setkey; > } > > +static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg) > +{ > + return crypto_shash_alg_has_setkey(alg) && > + !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY); > +} > + > bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg); > > int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn, > -- > 2.24.0 >
Eric Biggers <ebiggers@kernel.org> wrote: > From: Eric Biggers <ebiggers@google.com> > > The essiv and hmac templates refuse to use any hash algorithm that has a > ->setkey() function, which includes not just algorithms that always need > a key, but also algorithms that optionally take a key. > > Previously the only optionally-keyed hash algorithms in the crypto API > were non-cryptographic algorithms like crc32, so this didn't really > matter. But that's changed with BLAKE2 support being added. BLAKE2 > should work with essiv and hmac, just like any other cryptographic hash. > > Fix this by allowing the use of both algorithms without a ->setkey() > function and algorithms that have the OPTIONAL_KEY flag set. > > Signed-off-by: Eric Biggers <ebiggers@google.com> > --- > crypto/essiv.c | 2 +- > crypto/hmac.c | 4 ++-- > crypto/shash.c | 3 +-- > include/crypto/internal/hash.h | 6 ++++++ > 4 files changed, 10 insertions(+), 5 deletions(-) Patch applied. Thanks.
diff --git a/crypto/essiv.c b/crypto/essiv.c index 808f2b362106..e4b32c2ea7ec 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, if (ivsize != alg->cra_blocksize) goto out; - if (crypto_shash_alg_has_setkey(hash_alg)) + if (crypto_shash_alg_needs_key(hash_alg)) goto out; ret = true; diff --git a/crypto/hmac.c b/crypto/hmac.c index 8b2a212eb0ad..377f07733e2f 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) return PTR_ERR(salg); alg = &salg->base; - /* The underlying hash algorithm must be unkeyed */ + /* The underlying hash algorithm must not require a key */ err = -EINVAL; - if (crypto_shash_alg_has_setkey(salg)) + if (crypto_shash_alg_needs_key(salg)) goto out_put_alg; ds = salg->digestsize; diff --git a/crypto/shash.c b/crypto/shash.c index e83c5124f6eb..7989258a46b4 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) { - if (crypto_shash_alg_has_setkey(alg) && - !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) + if (crypto_shash_alg_needs_key(alg)) crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); } diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h index bfc9db7b100d..f68dab38f160 100644 --- a/include/crypto/internal/hash.h +++ b/include/crypto/internal/hash.h @@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg) return alg->setkey != shash_no_setkey; } +static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg) +{ + return crypto_shash_alg_has_setkey(alg) && + !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY); +} + bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg); int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,