[PATCH 1/2] AES-XCBC-MAC

[PATCH 1/2] AES-XCBC-MAC

[Kazunori MIYAZAWA]

This is preparation to introduce AES-XCBC-MAC.
- introducing common interface "keyed hash"
- making HMAC use the interface

---
commit 9c6b9affbacf12fc1e32868eaa14fef279b2696c
tree 67b19707fae179e20bfb8060444f287d0bda7bb1
parent 650fb8382287f7990d5127a82a54295139224606
author Kazunori MIYAZAWA <kazunori@miyazawa.org> Tue, 13 Jun 2006 10:02:54 +0900
committer Kazunori MIYAZAWA <kazunori@miyazawa.org> Tue, 13 Jun 2006 10:02:54 +0900

 crypto/digest.c        |   23 +++++++++++++++++++----
 crypto/hmac.c          |   36 +++++++++++++++++++++++++-----------
 crypto/tcrypt.c        |    2 +-
 include/linux/crypto.h |   31 +++++++++++++++++++++++++------
 4 files changed, 70 insertions(+), 22 deletions(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index d9b6ac9..66bc263 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -85,11 +85,13 @@ static void digest(struct crypto_tfm *tf
 
 int crypto_init_digest_flags(struct crypto_tfm *tfm, u32 flags)
 {
-	return flags ? -EINVAL : 0;
+	tfm->crt_digest.cit_mode = flags & CRYPTO_TFM_MODE_MASK;
+	return 0;
 }
 
 int crypto_init_digest_ops(struct crypto_tfm *tfm)
 {
+	int ret = 0;
 	struct digest_tfm *ops = &tfm->crt_digest;
 	
 	ops->dit_init	= init;
@@ -97,11 +99,24 @@ int crypto_init_digest_ops(struct crypto
 	ops->dit_final	= final;
 	ops->dit_digest	= digest;
 	ops->dit_setkey	= setkey;
-	
-	return crypto_alloc_hmac_block(tfm);
+
+#ifdef CONFIG_CRYPTO_HMAC
+	if (tfm->crt_digest.cit_mode & CRYPTO_TFM_MODE_HMAC) {
+		ret = crypto_alloc_hmac_block(tfm);
+		tfm->crt_keyedhash.kht_init = crypto_hmac_init;
+		tfm->crt_keyedhash.kht_update = crypto_hmac_update;
+		tfm->crt_keyedhash.kht_final = crypto_hmac_final;
+		tfm->crt_keyedhash.keyed_hash = crypto_hmac;
+		tfm->crt_keyedhash.kht_digestsize = crypto_tfm_alg_digestsize;
+	}
+#endif
+	return ret;
 }
 
 void crypto_exit_digest_ops(struct crypto_tfm *tfm)
 {
-	crypto_free_hmac_block(tfm);
+#ifdef CONFIG_CRYPTO_HMAC
+	if (tfm->crt_digest.cit_mode & CRYPTO_TFM_MODE_HMAC)
+		crypto_free_hmac_block(tfm);
+#endif
 }
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 46120de..d9610ca 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -34,10 +34,10 @@ int crypto_alloc_hmac_block(struct crypt
 	int ret = 0;
 
 	BUG_ON(!crypto_tfm_alg_blocksize(tfm));
-	
-	tfm->crt_digest.dit_hmac_block = kmalloc(crypto_tfm_alg_blocksize(tfm),
+
+	tfm->crt_keyedhash.kht_hmac_block = kmalloc(crypto_tfm_alg_blocksize(tfm),
 	                                         GFP_KERNEL);
-	if (tfm->crt_digest.dit_hmac_block == NULL)
+	if (tfm->crt_keyedhash.kht_hmac_block == NULL)
 		ret = -ENOMEM;
 
 	return ret;
@@ -46,14 +46,16 @@ int crypto_alloc_hmac_block(struct crypt
 
 void crypto_free_hmac_block(struct crypto_tfm *tfm)
 {
-	kfree(tfm->crt_digest.dit_hmac_block);
+	kfree(tfm->crt_keyedhash.kht_hmac_block);
 }
 
-void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen)
+int crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen)
 {
 	unsigned int i;
 	struct scatterlist tmp;
-	char *ipad = tfm->crt_digest.dit_hmac_block;
+	char *ipad = tfm->crt_keyedhash.kht_hmac_block;
+
+	BUG_ON(ipad == NULL);
 	
 	if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
 		hash_key(tfm, key, *keylen);
@@ -70,6 +72,8 @@ void crypto_hmac_init(struct crypto_tfm 
 	
 	crypto_digest_init(tfm);
 	crypto_digest_update(tfm, &tmp, 1);
+
+	return 0;
 }
 
 void crypto_hmac_update(struct crypto_tfm *tfm,
@@ -78,13 +82,15 @@ void crypto_hmac_update(struct crypto_tf
 	crypto_digest_update(tfm, sg, nsg);
 }
 
-void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
+int crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
                        unsigned int *keylen, u8 *out)
 {
 	unsigned int i;
 	struct scatterlist tmp;
-	char *opad = tfm->crt_digest.dit_hmac_block;
+	char *opad = tfm->crt_keyedhash.kht_hmac_block;
 	
+	BUG_ON(opad == NULL);
+
 	if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
 		hash_key(tfm, key, *keylen);
 		*keylen = crypto_tfm_alg_digestsize(tfm);
@@ -107,14 +113,22 @@ void crypto_hmac_final(struct crypto_tfm
 	
 	crypto_digest_update(tfm, &tmp, 1);
 	crypto_digest_final(tfm, out);
+
+	return 0;
 }
 
-void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
+int crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
                  struct scatterlist *sg, unsigned int nsg, u8 *out)
 {
-	crypto_hmac_init(tfm, key, keylen);
+	int ret = 0;
+
+	ret = crypto_hmac_init(tfm, key, keylen);
+	if (ret != 0)
+		return ret;
 	crypto_hmac_update(tfm, sg, nsg);
-	crypto_hmac_final(tfm, key, keylen, out);
+	ret = crypto_hmac_final(tfm, key, keylen, out);
+
+	return ret;
 }
 
 EXPORT_SYMBOL_GPL(crypto_hmac_init);
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 49e344f..37aeced 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -180,7 +180,7 @@ static void test_hmac(char *algo, struct
 	struct hmac_testvec *hmac_tv;
 	unsigned int tsize, klen;
 
-	tfm = crypto_alloc_tfm(algo, 0);
+	tfm = crypto_alloc_tfm(algo, CRYPTO_TFM_MODE_HMAC);
 	if (tfm == NULL) {
 		printk("failed to load transform for %s\n", algo);
 		return;
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 0ab1bc1..1ade651 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -44,6 +44,7 @@
 #define CRYPTO_TFM_MODE_CBC		0x00000002
 #define CRYPTO_TFM_MODE_CFB		0x00000004
 #define CRYPTO_TFM_MODE_CTR		0x00000008
+#define CRYPTO_TFM_MODE_HMAC		0x00000080
 
 #define CRYPTO_TFM_REQ_WEAK_KEY		0x00000100
 #define CRYPTO_TFM_REQ_MAY_SLEEP	0x00000200
@@ -192,6 +193,7 @@ struct cipher_tfm {
 };
 
 struct digest_tfm {
+	u32 cit_mode;
 	void (*dit_init)(struct crypto_tfm *tfm);
 	void (*dit_update)(struct crypto_tfm *tfm,
 	                   struct scatterlist *sg, unsigned int nsg);
@@ -200,9 +202,6 @@ struct digest_tfm {
 	                   unsigned int nsg, u8 *out);
 	int (*dit_setkey)(struct crypto_tfm *tfm,
 	                  const u8 *key, unsigned int keylen);
-#ifdef CONFIG_CRYPTO_HMAC
-	void *dit_hmac_block;
-#endif
 };
 
 struct compress_tfm {
@@ -218,6 +217,23 @@ struct compress_tfm {
 #define crt_digest	crt_u.digest
 #define crt_compress	crt_u.compress
 
+#if defined(CONFIG_CRYPTO_HMAC)
+
+#define kht_hmac_block	kht_u.hmac_block
+
+struct keyed_hash_tfm {
+	int (*kht_init)(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen);
+	void (*kht_update)(struct crypto_tfm *tfm, struct scatterlist *sg, unsigned int nsg);
+	int (*kht_final)(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen, u8 *out);
+	int (*keyed_hash)(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
+			 struct scatterlist *sg, unsigned int nsg, u8 *out);
+	unsigned int (*kht_digestsize)(struct crypto_tfm *tfm);
+	union {
+		void *hmac_block;
+	} kht_u;
+};
+#endif
+
 struct crypto_tfm {
 
 	u32 crt_flags;
@@ -228,6 +244,9 @@ struct crypto_tfm {
 		struct compress_tfm compress;
 	} crt_u;
 	
+#if defined(CONFIG_CRYPTO_HMAC)
+	struct keyed_hash_tfm crt_keyedhash;
+#endif	
 	struct crypto_alg *__crt_alg;
 
 	char __crt_ctx[] __attribute__ ((__aligned__));
@@ -431,12 +450,12 @@ static inline int crypto_comp_decompress
  * HMAC support.
  */
 #ifdef CONFIG_CRYPTO_HMAC
-void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen);
+int crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen);
 void crypto_hmac_update(struct crypto_tfm *tfm,
                         struct scatterlist *sg, unsigned int nsg);
-void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
+int crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
                        unsigned int *keylen, u8 *out);
-void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
+int crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
                  struct scatterlist *sg, unsigned int nsg, u8 *out);
 #endif	/* CONFIG_CRYPTO_HMAC */
 

Re: [PATCH 1/2] AES-XCBC-MAC

[YOSHIFUJI Hideaki / 吉藤英明]

In article <1150213440.4200.36.camel@hookipa> (at Wed, 14 Jun 2006 00:44:00 +0900), Kazunori MIYAZAWA <kazunori@miyazawa.org> says:

> This is preparation to introduce AES-XCBC-MAC.
> - introducing common interface "keyed hash"
> - making HMAC use the interface

Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

BTW, why not sign off?

-- 
YOSHIFUJI Hideaki @ USAGI Project  <yoshfuji@linux-ipv6.org>
GPG-FP  : 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: [PATCH 1/2] AES-XCBC-MAC

[Herbert Xu]

[-- Attachment #1: Type: text/plain, Size: 836 bytes --]

On Wed, Jun 14, 2006 at 12:44:00AM +0900, Kazunori MIYAZAWA wrote:
> This is preparation to introduce AES-XCBC-MAC.
> - introducing common interface "keyed hash"
> - making HMAC use the interface

I'm sorry guys, but this seems to duplicate what I've been doing as
generic parameterised algorithms.  I wish we'd discussed this more
so time didn't had to be wasted.

I've attached a sample HMAC implementation.  Things are still fluid
so it may not even compile (Actually, it definitely wouldn't compile
without the template stuff which I'll post soon :)

In any case, this is the model AES-XCBC-MAC should look like.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[-- Attachment #2: hmac.patch --]
[-- Type: text/plain, Size: 8825 bytes --]

diff --git a/crypto/Kconfig b/crypto/Kconfig
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -18,7 +18,7 @@ config CRYPTO_MANAGER
 	  cbc(aes).
 
 config CRYPTO_HMAC
-	bool "HMAC support"
+	tristate "HMAC support"
 	depends on CRYPTO
 	help
 	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
diff --git a/crypto/Makefile b/crypto/Makefile
diff --git a/crypto/hmac.c b/crypto/hmac.c
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -4,6 +4,7 @@
  * HMAC: Keyed-Hashing for Message Authentication (RFC2104).
  *
  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
+ * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
  *
  * The HMAC implementation is derived from USAGI.
  * Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI
@@ -21,84 +22,80 @@
 #include <linux/scatterlist.h>
 #include "internal.h"
 
-static void hash_key(struct crypto_tfm *tfm, u8 *key, unsigned int keylen)
-{
-	struct scatterlist tmp;
-	
-	sg_set_buf(&tmp, key, keylen);
-	crypto_digest_digest(tfm, &tmp, 1, key);
-}
-
-int crypto_alloc_hmac_block(struct crypto_tfm *tfm)
-{
-	int ret = 0;
-
-	BUG_ON(!crypto_tfm_alg_blocksize(tfm));
-	
-	tfm->crt_digest.dit_hmac_block = kmalloc(crypto_tfm_alg_blocksize(tfm),
-	                                         GFP_KERNEL);
-	if (tfm->crt_digest.dit_hmac_block == NULL)
-		ret = -ENOMEM;
+struct hmac_ctx {
+	struct crypto_tfm *child;
+};
+
+static void crypto_hmac_setkey(struct crypto_tfm *parent, u8 *inkey,
+			       unsigned int keylen, u32 *flags)
+{
+	int bs = crypto_tfm_alg_blocksize(parent);
+	char *key = crypto_tfm_ctx(parent);
+	char *pad = ctx_arg + bs;
+	struct hmac_ctx *ctx = pad + bs;
+	struct crypto_tfm *tfm = ctx->child;
+	
+	if (keylen > bs) {
+		struct scatterlist tmp;
+		sg_set_buf(&tmp, inkey, keylen);
+		crypto_digest_digest(child, &tmp, 1, pad);
+		inkey = pad;
+		keylen = crypto_tfm_alg_digestsize(tfm);
+	}
 
-	return ret;
-		
+	memcpy(key, inkey, keylen);
+	memset(key + keylen, 0, bs - keylen);
 }
 
-void crypto_free_hmac_block(struct crypto_tfm *tfm)
-{
-	kfree(tfm->crt_digest.dit_hmac_block);
-}
-
-void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen)
+static void crypto_hmac_init(struct crypto_tfm *parent)
 {
+	int bs = crypto_tfm_alg_blocksize(parent);
+	char *key = crypto_tfm_ctx(parent);
+	char *ipad = ctx_arg + bs;
+	struct hmac_ctx *ctx = ipad + bs;
+	struct crypto_tfm *tfm = ctx->child;
 	unsigned int i;
 	struct scatterlist tmp;
-	char *ipad = tfm->crt_digest.dit_hmac_block;
-	
-	if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
-		hash_key(tfm, key, *keylen);
-		*keylen = crypto_tfm_alg_digestsize(tfm);
-	}
 
-	memset(ipad, 0, crypto_tfm_alg_blocksize(tfm));
-	memcpy(ipad, key, *keylen);
+	memcpy(ipad, key, bs);
 
-	for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++)
+	for (i = 0; i < bs; i++)
 		ipad[i] ^= 0x36;
 
-	sg_set_buf(&tmp, ipad, crypto_tfm_alg_blocksize(tfm));
+	sg_set_buf(&tmp, ipad, bs);
 	
 	crypto_digest_init(tfm);
 	crypto_digest_update(tfm, &tmp, 1);
 }
 
-void crypto_hmac_update(struct crypto_tfm *tfm,
-                        struct scatterlist *sg, unsigned int nsg)
+static void crypto_hmac_update(struct crypto_tfm *parent,
+			       struct scatterlist *sg, unsigned int nsg)
 {
+	int bs = crypto_tfm_alg_blocksize(parent);
+	struct hmac_ctx *ctx = crypto_tfm_ctx(parent) + bs * 2;
+	struct crypto_tfm *tfm = ctx->child;
 	crypto_digest_update(tfm, sg, nsg);
 }
 
-void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
-                       unsigned int *keylen, u8 *out)
+static void crypto_hmac_final(struct crypto_tfm *parent, u8 *key,
+			      unsigned int *keylen, u8 *out)
 {
+	int bs = crypto_tfm_alg_blocksize(parent);
+	char *key = crypto_tfm_ctx(parent);
+	char *opad = ctx_arg + bs;
+	struct hmac_ctx *ctx = opad + bs;
+	struct crypto_tfm *tfm = ctx->child;
 	unsigned int i;
 	struct scatterlist tmp;
-	char *opad = tfm->crt_digest.dit_hmac_block;
 	
-	if (*keylen > crypto_tfm_alg_blocksize(tfm)) {
-		hash_key(tfm, key, *keylen);
-		*keylen = crypto_tfm_alg_digestsize(tfm);
-	}
-
 	crypto_digest_final(tfm, out);
 
-	memset(opad, 0, crypto_tfm_alg_blocksize(tfm));
-	memcpy(opad, key, *keylen);
+	memcpy(opad, key, bs);
 		
-	for (i = 0; i < crypto_tfm_alg_blocksize(tfm); i++)
+	for (i = 0; i < bs; i++)
 		opad[i] ^= 0x5c;
 
-	sg_set_buf(&tmp, opad, crypto_tfm_alg_blocksize(tfm));
+	sg_set_buf(&tmp, opad, bs);
 
 	crypto_digest_init(tfm);
 	crypto_digest_update(tfm, &tmp, 1);
@@ -109,16 +106,109 @@ void crypto_hmac_final(struct crypto_tfm
 	crypto_digest_final(tfm, out);
 }
 
-void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
-                 struct scatterlist *sg, unsigned int nsg, u8 *out)
+static int hmac_init_tfm(struct crypto_tfm *tfm)
+{
+	struct crypto_instance *inst = (void *)tfm->__crt_alg;
+	struct crypto_spawn **spawn = crypto_instance_param(inst);
+	struct hmac_ctx *ctx = crypto_tfm_ctx(tfm);
+
+	ctx->child = crypto_spawn_tfm(*spawn, 0);
+	if (!ctx->child)
+		return -ENOMEM;
+
+	return 0;
+}
+
+static struct crypto_instance *hmac_init_alg(void *param, unsigned int len)
+{
+	struct rtattr *rta = param;
+	struct crypto_attr_base *base;
+	struct crypto_attr_alg *alg;
+	struct crypto_instance *inst;
+	struct crypto_spawn *spawn;
+	struct crypto_spawn **inst_param;
+	int err;
+
+	if (!RTA_OK(rta, len))
+		return ERR_PTR(-EBADR);
+	if (rta->rta_type != CRYPTOA_BASE || RTA_PAYLOAD(rta) < sizeof(*base))
+		return ERR_PTR(-EINVAL);
+
+	base = RTA_DATA(rta);
+
+	rta = RTA_NEXT(rta, len);
+	if (!RTA_OK(rta, len))
+		return ERR_PTR(-EBADR);
+	if (rta->rta_type != CRYPTOA_ALG || RTA_PAYLOAD(rta) < sizeof(*alg))
+		return ERR_PTR(-EINVAL);
+
+	alg = RTA_DATA(rta);
+
+	inst = kzalloc(sizeof(*inst) + sizeof(spawn));
+	if (!inst)
+		return ERR_PTR(-ENOMEM);
+
+	spawn = crypto_alloc_spawn(alg->name);
+	if (IS_ERR(spawn)) {
+		err = PTR_ERR(spawn);
+		goto err_spawn;
+	}
+
+	strlcpy(inst->alg.cra_name, base->type.name, CRYPTO_MAX_ALG_NAME);
+	strlcpy(inst->alg.cra_driver_name, base->driver.name,
+		CRYPTO_MAX_ALG_NAME);
+
+	inst_param = crypto_instance_param(inst);
+	*inst_param = spawn;
+
+	inst->alg.cra_priority = base->priority;
+	inst->alg.cra_flags = CRYPTO_ALG_TYPE_DIGEST;
+	inst->alg.cra_blocksize = spawn->alg->cra_blocksize;
+
+	/* XXX Check alignment once we have drivers with alignmask > 16. */
+	inst->alg.cra_ctxsize = sizeof(struct hmac_ctx) +
+				inst->alg.cra_blocksize * 2;
+
+	inst->alg.cra_module = THIS_MODULE;
+	inst->alg.cra_init = hmac_init_tfm;
+
+	inst->alg.cra_u.digest.dia_init = crypto_hmac_init;
+	inst->alg.cra_u.digest.dia_update = crypto_hmac_update;
+	inst->alg.cra_u.digest.dia_final = crypto_hmac_final;
+	inst->alg.cra_u.digest.dia_setkey = crypto_hmac_setkey;
+	return inst;
+
+err_spawn:
+	kfree(inst);
+	return ERR_PTR(err);
+}
+
+static void hmac_destroy_alg(struct crypto_instance *inst)
+{
+	struct crypto_spawn **spawn = crypto_instance_param(inst);
+	crypto_free_spawn(*spawn);
+	kfree(inst);
+}
+
+static struct crypto_template hmac_tmpl = {
+	.name = "hmac",
+	.base_type = CRYPTO_ALG_TYPE_DIGEST,
+	.init = hmac_init_alg,
+	.destroy = hmac_destroy_alg,
+};
+
+static int __init hmac_init(void)
+{
+	return crypto_register_template(&hmac_tmpl);
+}
+
+static void __exit hmac_exit(void)
 {
-	crypto_hmac_init(tfm, key, keylen);
-	crypto_hmac_update(tfm, sg, nsg);
-	crypto_hmac_final(tfm, key, keylen, out);
+	crypto_unregister_template(&hmac_tmpl);
 }
 
-EXPORT_SYMBOL_GPL(crypto_hmac_init);
-EXPORT_SYMBOL_GPL(crypto_hmac_update);
-EXPORT_SYMBOL_GPL(crypto_hmac_final);
-EXPORT_SYMBOL_GPL(crypto_hmac);
+module_init(hmac_init);
+module_exit(hmac_exit);
 
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("HMAC digest algorithm");
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -209,9 +209,6 @@ struct digest_tfm {
 	                   unsigned int nsg, u8 *out);
 	int (*dit_setkey)(struct crypto_tfm *tfm,
 	                  const u8 *key, unsigned int keylen);
-#ifdef CONFIG_CRYPTO_HMAC
-	void *dit_hmac_block;
-#endif
 };
 
 struct compress_tfm {
@@ -452,18 +449,5 @@ static inline int crypto_comp_decompress
 	return tfm->crt_compress.cot_decompress(tfm, src, slen, dst, dlen);
 }
 
-/*
- * HMAC support.
- */
-#ifdef CONFIG_CRYPTO_HMAC
-void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen);
-void crypto_hmac_update(struct crypto_tfm *tfm,
-                        struct scatterlist *sg, unsigned int nsg);
-void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
-                       unsigned int *keylen, u8 *out);
-void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
-                 struct scatterlist *sg, unsigned int nsg, u8 *out);
-#endif	/* CONFIG_CRYPTO_HMAC */
-
 #endif	/* _LINUX_CRYPTO_H */