linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms
@ 2019-11-29 19:35 Eric Biggers
  2019-12-03 18:14 ` Ard Biesheuvel
  2019-12-11  9:42 ` Herbert Xu
  0 siblings, 2 replies; 3+ messages in thread
From: Eric Biggers @ 2019-11-29 19:35 UTC (permalink / raw)
  To: linux-crypto

From: Eric Biggers <ebiggers@google.com>

The essiv and hmac templates refuse to use any hash algorithm that has a
->setkey() function, which includes not just algorithms that always need
a key, but also algorithms that optionally take a key.

Previously the only optionally-keyed hash algorithms in the crypto API
were non-cryptographic algorithms like crc32, so this didn't really
matter.  But that's changed with BLAKE2 support being added.  BLAKE2
should work with essiv and hmac, just like any other cryptographic hash.

Fix this by allowing the use of both algorithms without a ->setkey()
function and algorithms that have the OPTIONAL_KEY flag set.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/essiv.c                 | 2 +-
 crypto/hmac.c                  | 4 ++--
 crypto/shash.c                 | 3 +--
 include/crypto/internal/hash.h | 6 ++++++
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/crypto/essiv.c b/crypto/essiv.c
index 808f2b362106..e4b32c2ea7ec 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name,
 	if (ivsize != alg->cra_blocksize)
 		goto out;
 
-	if (crypto_shash_alg_has_setkey(hash_alg))
+	if (crypto_shash_alg_needs_key(hash_alg))
 		goto out;
 
 	ret = true;
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 8b2a212eb0ad..377f07733e2f 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
 		return PTR_ERR(salg);
 	alg = &salg->base;
 
-	/* The underlying hash algorithm must be unkeyed */
+	/* The underlying hash algorithm must not require a key */
 	err = -EINVAL;
-	if (crypto_shash_alg_has_setkey(salg))
+	if (crypto_shash_alg_needs_key(salg))
 		goto out_put_alg;
 
 	ds = salg->digestsize;
diff --git a/crypto/shash.c b/crypto/shash.c
index e83c5124f6eb..7989258a46b4 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
 
 static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
 {
-	if (crypto_shash_alg_has_setkey(alg) &&
-	    !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+	if (crypto_shash_alg_needs_key(alg))
 		crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
 }
 
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index bfc9db7b100d..f68dab38f160 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
 	return alg->setkey != shash_no_setkey;
 }
 
+static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg)
+{
+	return crypto_shash_alg_has_setkey(alg) &&
+		!(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY);
+}
+
 bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
 
 int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
-- 
2.24.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms
  2019-11-29 19:35 [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms Eric Biggers
@ 2019-12-03 18:14 ` Ard Biesheuvel
  2019-12-11  9:42 ` Herbert Xu
  1 sibling, 0 replies; 3+ messages in thread
From: Ard Biesheuvel @ 2019-12-03 18:14 UTC (permalink / raw)
  To: Eric Biggers; +Cc: open list:HARDWARE RANDOM NUMBER GENERATOR CORE

On Fri, 29 Nov 2019 at 20:36, Eric Biggers <ebiggers@kernel.org> wrote:
>
> From: Eric Biggers <ebiggers@google.com>
>
> The essiv and hmac templates refuse to use any hash algorithm that has a
> ->setkey() function, which includes not just algorithms that always need
> a key, but also algorithms that optionally take a key.
>
> Previously the only optionally-keyed hash algorithms in the crypto API
> were non-cryptographic algorithms like crc32, so this didn't really
> matter.  But that's changed with BLAKE2 support being added.  BLAKE2
> should work with essiv and hmac, just like any other cryptographic hash.
>
> Fix this by allowing the use of both algorithms without a ->setkey()
> function and algorithms that have the OPTIONAL_KEY flag set.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>

Hey Eric,

Even though I am not convinced that using hmac() with blake2 makes a
lot of sense, I agree that the mere presence or absence of the
setkey() hook should decide whether this is permitted.

So,

Acked-by: Ard Biesheuvel <ardb@kernel.org>

> ---
>  crypto/essiv.c                 | 2 +-
>  crypto/hmac.c                  | 4 ++--
>  crypto/shash.c                 | 3 +--
>  include/crypto/internal/hash.h | 6 ++++++
>  4 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/crypto/essiv.c b/crypto/essiv.c
> index 808f2b362106..e4b32c2ea7ec 100644
> --- a/crypto/essiv.c
> +++ b/crypto/essiv.c
> @@ -442,7 +442,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name,
>         if (ivsize != alg->cra_blocksize)
>                 goto out;
>
> -       if (crypto_shash_alg_has_setkey(hash_alg))
> +       if (crypto_shash_alg_needs_key(hash_alg))
>                 goto out;
>
>         ret = true;
> diff --git a/crypto/hmac.c b/crypto/hmac.c
> index 8b2a212eb0ad..377f07733e2f 100644
> --- a/crypto/hmac.c
> +++ b/crypto/hmac.c
> @@ -185,9 +185,9 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb)
>                 return PTR_ERR(salg);
>         alg = &salg->base;
>
> -       /* The underlying hash algorithm must be unkeyed */
> +       /* The underlying hash algorithm must not require a key */
>         err = -EINVAL;
> -       if (crypto_shash_alg_has_setkey(salg))
> +       if (crypto_shash_alg_needs_key(salg))
>                 goto out_put_alg;
>
>         ds = salg->digestsize;
> diff --git a/crypto/shash.c b/crypto/shash.c
> index e83c5124f6eb..7989258a46b4 100644
> --- a/crypto/shash.c
> +++ b/crypto/shash.c
> @@ -50,8 +50,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
>
>  static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
>  {
> -       if (crypto_shash_alg_has_setkey(alg) &&
> -           !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
> +       if (crypto_shash_alg_needs_key(alg))
>                 crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
>  }
>
> diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
> index bfc9db7b100d..f68dab38f160 100644
> --- a/include/crypto/internal/hash.h
> +++ b/include/crypto/internal/hash.h
> @@ -85,6 +85,12 @@ static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg)
>         return alg->setkey != shash_no_setkey;
>  }
>
> +static inline bool crypto_shash_alg_needs_key(struct shash_alg *alg)
> +{
> +       return crypto_shash_alg_has_setkey(alg) &&
> +               !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY);
> +}
> +
>  bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
>
>  int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
> --
> 2.24.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms
  2019-11-29 19:35 [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms Eric Biggers
  2019-12-03 18:14 ` Ard Biesheuvel
@ 2019-12-11  9:42 ` Herbert Xu
  1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2019-12-11  9:42 UTC (permalink / raw)
  To: Eric Biggers; +Cc: linux-crypto

Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> The essiv and hmac templates refuse to use any hash algorithm that has a
> ->setkey() function, which includes not just algorithms that always need
> a key, but also algorithms that optionally take a key.
> 
> Previously the only optionally-keyed hash algorithms in the crypto API
> were non-cryptographic algorithms like crc32, so this didn't really
> matter.  But that's changed with BLAKE2 support being added.  BLAKE2
> should work with essiv and hmac, just like any other cryptographic hash.
> 
> Fix this by allowing the use of both algorithms without a ->setkey()
> function and algorithms that have the OPTIONAL_KEY flag set.
> 
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
> crypto/essiv.c                 | 2 +-
> crypto/hmac.c                  | 4 ++--
> crypto/shash.c                 | 3 +--
> include/crypto/internal/hash.h | 6 ++++++
> 4 files changed, 10 insertions(+), 5 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-12-11  9:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-29 19:35 [PATCH] crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms Eric Biggers
2019-12-03 18:14 ` Ard Biesheuvel
2019-12-11  9:42 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).