Allow hmac to be cloned. The underlying cipher needs to support
cloning by not having a cra_init function (all implementations of
aes that do not require a fallback can be cloned).
Signed-off-by: Herbert Xu <[email protected]>
---
crypto/cmac.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/crypto/cmac.c b/crypto/cmac.c
index bcc6f19a4f64..fce6b0f58e88 100644
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@@ -213,7 +213,22 @@ static int cmac_init_tfm(struct crypto_shash *tfm)
ctx->child = cipher;
return 0;
-};
+}
+
+static int cmac_clone_tfm(struct crypto_shash *tfm, struct crypto_shash *otfm)
+{
+ struct cmac_tfm_ctx *octx = crypto_shash_ctx(otfm);
+ struct cmac_tfm_ctx *ctx = crypto_shash_ctx(tfm);
+ struct crypto_cipher *cipher;
+
+ cipher = crypto_clone_cipher(octx->child);
+ if (IS_ERR(cipher))
+ return PTR_ERR(cipher);
+
+ ctx->child = cipher;
+
+ return 0;
+}
static void cmac_exit_tfm(struct crypto_shash *tfm)
{
@@ -280,6 +295,7 @@ static int cmac_create(struct crypto_template *tmpl, struct rtattr **tb)
inst->alg.final = crypto_cmac_digest_final;
inst->alg.setkey = crypto_cmac_digest_setkey;
inst->alg.init_tfm = cmac_init_tfm;
+ inst->alg.clone_tfm = cmac_clone_tfm;
inst->alg.exit_tfm = cmac_exit_tfm;
inst->free = shash_free_singlespawn_instance;
Hi Herbert,
On Fri, 19 May 2023 at 10:29, Herbert Xu <[email protected]> wrote:
>
> Allow hmac to be cloned. The underlying cipher needs to support
> cloning by not having a cra_init function (all implementations of
> aes that do not require a fallback can be cloned).
>
> Signed-off-by: Herbert Xu <[email protected]>
Does this imply that the cmac-aes-ce and cmac-aes-neon implementations
for arm64 need a similar treatment?
> ---
>
> crypto/cmac.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/cmac.c b/crypto/cmac.c
> index bcc6f19a4f64..fce6b0f58e88 100644
> --- a/crypto/cmac.c
> +++ b/crypto/cmac.c
> @@ -213,7 +213,22 @@ static int cmac_init_tfm(struct crypto_shash *tfm)
> ctx->child = cipher;
>
> return 0;
> -};
> +}
> +
> +static int cmac_clone_tfm(struct crypto_shash *tfm, struct crypto_shash *otfm)
> +{
> + struct cmac_tfm_ctx *octx = crypto_shash_ctx(otfm);
> + struct cmac_tfm_ctx *ctx = crypto_shash_ctx(tfm);
> + struct crypto_cipher *cipher;
> +
> + cipher = crypto_clone_cipher(octx->child);
> + if (IS_ERR(cipher))
> + return PTR_ERR(cipher);
> +
> + ctx->child = cipher;
> +
> + return 0;
> +}
>
> static void cmac_exit_tfm(struct crypto_shash *tfm)
> {
> @@ -280,6 +295,7 @@ static int cmac_create(struct crypto_template *tmpl, struct rtattr **tb)
> inst->alg.final = crypto_cmac_digest_final;
> inst->alg.setkey = crypto_cmac_digest_setkey;
> inst->alg.init_tfm = cmac_init_tfm;
> + inst->alg.clone_tfm = cmac_clone_tfm;
> inst->alg.exit_tfm = cmac_exit_tfm;
>
> inst->free = shash_free_singlespawn_instance;
On Fri, May 19, 2023 at 10:54:11AM +0200, Ard Biesheuvel wrote:
>
> Does this imply that the cmac-aes-ce and cmac-aes-neon implementations
> for arm64 need a similar treatment?
Good catch. Since these don't have init functions we can deal
with them at a higher level:
---8<---
Some shash algorithms are so simple that they don't have an init_tfm
function. These can be cloned trivially. Check this before failing
in crypto_clone_shash.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/shash.c b/crypto/shash.c
index 717b42df3495..1fadb6b59bdc 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -597,7 +597,7 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
return hash;
}
- if (!alg->clone_tfm)
+ if (!alg->clone_tfm && (alg->init_tfm || alg->base.cra_init))
return ERR_PTR(-ENOSYS);
nhash = crypto_clone_tfm(&crypto_shash_type, tfm);
@@ -606,10 +606,12 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
nhash->descsize = hash->descsize;
- err = alg->clone_tfm(nhash, hash);
- if (err) {
- crypto_free_shash(nhash);
- return ERR_PTR(err);
+ if (alg->clone_tfm) {
+ err = alg->clone_tfm(nhash, hash);
+ if (err) {
+ crypto_free_shash(nhash);
+ return ERR_PTR(err);
+ }
}
return nhash;
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Fri, 19 May 2023 at 11:04, Herbert Xu <[email protected]> wrote:
>
> On Fri, May 19, 2023 at 10:54:11AM +0200, Ard Biesheuvel wrote:
> >
> > Does this imply that the cmac-aes-ce and cmac-aes-neon implementations
> > for arm64 need a similar treatment?
>
> Good catch. Since these don't have init functions we can deal
> with them at a higher level:
>
> ---8<---
> Some shash algorithms are so simple that they don't have an init_tfm
> function. These can be cloned trivially. Check this before failing
> in crypto_clone_shash.
>
OK. So IIUC, cloning a keyless hash just shares the TFM and bumps the
refcount, but here we must actually allocate a new TFM referring to
the same algo, and this new TFM needs its key to be set before use, as
it doesn't inherit it from the clonee, right? And this works in the
same way as cloning an instance of the generic HMAC template, as this
will just clone the inner shash too, and will also leave the key
unset.
If so,
Acked-by: Ard Biesheuvel <[email protected]>
If not, could you explain it to me again? :-)
> Signed-off-by: Herbert Xu <[email protected]>
>
> diff --git a/crypto/shash.c b/crypto/shash.c
> index 717b42df3495..1fadb6b59bdc 100644
> --- a/crypto/shash.c
> +++ b/crypto/shash.c
> @@ -597,7 +597,7 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
> return hash;
> }
>
> - if (!alg->clone_tfm)
> + if (!alg->clone_tfm && (alg->init_tfm || alg->base.cra_init))
> return ERR_PTR(-ENOSYS);
>
> nhash = crypto_clone_tfm(&crypto_shash_type, tfm);
> @@ -606,10 +606,12 @@ struct crypto_shash *crypto_clone_shash(struct crypto_shash *hash)
>
> nhash->descsize = hash->descsize;
>
> - err = alg->clone_tfm(nhash, hash);
> - if (err) {
> - crypto_free_shash(nhash);
> - return ERR_PTR(err);
> + if (alg->clone_tfm) {
> + err = alg->clone_tfm(nhash, hash);
> + if (err) {
> + crypto_free_shash(nhash);
> + return ERR_PTR(err);
> + }
> }
>
> return nhash;
> --
> Email: Herbert Xu <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
Thanks for the patches!
On 5/19/23 09:28, Herbert Xu wrote:
> Allow hmac to be cloned. The underlying cipher needs to support
Small nit ^cmac
> cloning by not having a cra_init function (all implementations of
> aes that do not require a fallback can be cloned).
>
> Signed-off-by: Herbert Xu <[email protected]>
I'll remove per-CPU request allocations and base version7 on this.
Thanks,
Dmitry