* [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC
@ 2025-07-31 19:50 Eric Biggers
2025-07-31 21:27 ` Matthieu Baerts
0 siblings, 1 reply; 4+ messages in thread
From: Eric Biggers @ 2025-07-31 19:50 UTC (permalink / raw)
To: Matthieu Baerts, Mat Martineau, Geliang Tang, netdev, mptcp
Cc: linux-crypto, linux-kernel, Paolo Abeni, Eric Biggers
Now that there are easy-to-use HMAC-SHA256 library functions, use these
in net/mptcp/crypto.c instead of open-coding the HMAC algorithm.
Remove the WARN_ON_ONCE() for messages longer than SHA256_DIGEST_SIZE.
The new implementation handles all message lengths correctly.
The mptcp-crypto KUnit test still passes after this change.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
net/mptcp/crypto.c | 35 ++---------------------------------
1 file changed, 2 insertions(+), 33 deletions(-)
diff --git a/net/mptcp/crypto.c b/net/mptcp/crypto.c
index b08ba959ac4fd..31948e18d97da 100644
--- a/net/mptcp/crypto.c
+++ b/net/mptcp/crypto.c
@@ -20,11 +20,10 @@
* Brandon Heller <brandonh@stanford.edu>
*/
#include <linux/kernel.h>
#include <crypto/sha2.h>
-#include <linux/unaligned.h>
#include "protocol.h"
#define SHA256_DIGEST_WORDS (SHA256_DIGEST_SIZE / 4)
@@ -41,43 +40,13 @@ void mptcp_crypto_key_sha(u64 key, u32 *token, u64 *idsn)
*idsn = be64_to_cpu(*((__be64 *)&mptcp_hashed_key[6]));
}
void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u8 *msg, int len, void *hmac)
{
- u8 input[SHA256_BLOCK_SIZE + SHA256_DIGEST_SIZE];
- u8 key1be[8];
- u8 key2be[8];
- int i;
+ __be64 key[2] = { cpu_to_be64(key1), cpu_to_be64(key2) };
- if (WARN_ON_ONCE(len > SHA256_DIGEST_SIZE))
- len = SHA256_DIGEST_SIZE;
-
- put_unaligned_be64(key1, key1be);
- put_unaligned_be64(key2, key2be);
-
- /* Generate key xored with ipad */
- memset(input, 0x36, SHA256_BLOCK_SIZE);
- for (i = 0; i < 8; i++)
- input[i] ^= key1be[i];
- for (i = 0; i < 8; i++)
- input[i + 8] ^= key2be[i];
-
- memcpy(&input[SHA256_BLOCK_SIZE], msg, len);
-
- /* emit sha256(K1 || msg) on the second input block, so we can
- * reuse 'input' for the last hashing
- */
- sha256(input, SHA256_BLOCK_SIZE + len, &input[SHA256_BLOCK_SIZE]);
-
- /* Prepare second part of hmac */
- memset(input, 0x5C, SHA256_BLOCK_SIZE);
- for (i = 0; i < 8; i++)
- input[i] ^= key1be[i];
- for (i = 0; i < 8; i++)
- input[i + 8] ^= key2be[i];
-
- sha256(input, SHA256_BLOCK_SIZE + SHA256_DIGEST_SIZE, hmac);
+ hmac_sha256_usingrawkey((const u8 *)key, sizeof(key), msg, len, hmac);
}
#if IS_MODULE(CONFIG_MPTCP_KUNIT_TEST)
EXPORT_SYMBOL_GPL(mptcp_crypto_hmac_sha);
#endif
base-commit: d6084bb815c453de27af8071a23163a711586a6c
--
2.50.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC
2025-07-31 19:50 [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC Eric Biggers
@ 2025-07-31 21:27 ` Matthieu Baerts
2025-07-31 21:41 ` Eric Biggers
0 siblings, 1 reply; 4+ messages in thread
From: Matthieu Baerts @ 2025-07-31 21:27 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-crypto, linux-kernel, Paolo Abeni, Mat Martineau,
Geliang Tang, netdev, mptcp
Hi Eric,
On 31/07/2025 21:50, Eric Biggers wrote:
> Now that there are easy-to-use HMAC-SHA256 library functions, use these
> in net/mptcp/crypto.c instead of open-coding the HMAC algorithm.
>
> Remove the WARN_ON_ONCE() for messages longer than SHA256_DIGEST_SIZE.
> The new implementation handles all message lengths correctly.
>
> The mptcp-crypto KUnit test still passes after this change.
Thank you for this patch! It is a good idea, and it looks good to me!
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
One small detail: net-next is currently closed [1], and I don't think
this patch can be applied in -net. So except if you plan to take it in
the libcrypto tree for 6.17 -- but that's probably strange -- what I can
do is to apply it in the MPTCP tree, and send it to net-next later on.
Is this OK for you?
[1] https://patchwork.hopto.org/net-next.html
Cheers,
Matt
--
pw-bot: defer
--
Sponsored by the NGI0 Core fund.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC
2025-07-31 21:27 ` Matthieu Baerts
@ 2025-07-31 21:41 ` Eric Biggers
2025-08-01 15:17 ` Matthieu Baerts
0 siblings, 1 reply; 4+ messages in thread
From: Eric Biggers @ 2025-07-31 21:41 UTC (permalink / raw)
To: Matthieu Baerts
Cc: linux-crypto, linux-kernel, Paolo Abeni, Mat Martineau,
Geliang Tang, netdev, mptcp
On Thu, Jul 31, 2025 at 11:27:50PM +0200, Matthieu Baerts wrote:
> Hi Eric,
>
> On 31/07/2025 21:50, Eric Biggers wrote:
> > Now that there are easy-to-use HMAC-SHA256 library functions, use these
> > in net/mptcp/crypto.c instead of open-coding the HMAC algorithm.
> >
> > Remove the WARN_ON_ONCE() for messages longer than SHA256_DIGEST_SIZE.
> > The new implementation handles all message lengths correctly.
> >
> > The mptcp-crypto KUnit test still passes after this change.
>
> Thank you for this patch! It is a good idea, and it looks good to me!
>
> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
>
> One small detail: net-next is currently closed [1], and I don't think
> this patch can be applied in -net. So except if you plan to take it in
> the libcrypto tree for 6.17 -- but that's probably strange -- what I can
> do is to apply it in the MPTCP tree, and send it to net-next later on.
> Is this OK for you?
>
> [1] https://patchwork.hopto.org/net-next.html
>
> Cheers,
> Matt
> --
The MPTCP tree (and then net-next) for 6.18 is fine. I know this isn't
a great time to send patches, but I just happened to have some time now.
- Eric
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC
2025-07-31 21:41 ` Eric Biggers
@ 2025-08-01 15:17 ` Matthieu Baerts
0 siblings, 0 replies; 4+ messages in thread
From: Matthieu Baerts @ 2025-08-01 15:17 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-crypto, linux-kernel, Paolo Abeni, Mat Martineau,
Geliang Tang, netdev, mptcp
Hi Eric,
On 31/07/2025 23:41, Eric Biggers wrote:
> On Thu, Jul 31, 2025 at 11:27:50PM +0200, Matthieu Baerts wrote:
>> Hi Eric,
>>
>> On 31/07/2025 21:50, Eric Biggers wrote:
>>> Now that there are easy-to-use HMAC-SHA256 library functions, use these
>>> in net/mptcp/crypto.c instead of open-coding the HMAC algorithm.
>>>
>>> Remove the WARN_ON_ONCE() for messages longer than SHA256_DIGEST_SIZE.
>>> The new implementation handles all message lengths correctly.
>>>
>>> The mptcp-crypto KUnit test still passes after this change.
>>
>> Thank you for this patch! It is a good idea, and it looks good to me!
>>
>> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
>>
>> One small detail: net-next is currently closed [1], and I don't think
>> this patch can be applied in -net. So except if you plan to take it in
>> the libcrypto tree for 6.17 -- but that's probably strange -- what I can
>> do is to apply it in the MPTCP tree, and send it to net-next later on.
>> Is this OK for you?
>>
>> [1] https://patchwork.hopto.org/net-next.html
>>
>> Cheers,
>> Matt
>> --
>
> The MPTCP tree (and then net-next) for 6.18 is fine. I know this isn't
> a great time to send patches, but I just happened to have some time now.
No problem, having this patch now is fine for MPTCP. I just queued it
for 6.18.
Applied in our tree (feat. for net-next):
New patches for t/upstream:
- 1eadc6f75c43: mptcp: use HMAC-SHA256 library instead of open-coded HMAC
- Results: 94c274f914c9..5c7ec796258e (export)
Cheers,
Matt
--
Sponsored by the NGI0 Core fund.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-08-01 15:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-31 19:50 [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded HMAC Eric Biggers
2025-07-31 21:27 ` Matthieu Baerts
2025-07-31 21:41 ` Eric Biggers
2025-08-01 15:17 ` Matthieu Baerts
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).