From 007d3cb800fd0e4b01be8a76f0cce2c795cfc89b Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 9 Oct 2022 15:14:41 +0100
Subject: [crypto] Simplify internal HMAC API

Simplify the internal HMAC API so that the key is provided only at the
point of calling hmac_init(), and the (potentially reduced) key is
stored as part of the context for later use by hmac_final().

This simplifies the calling code, and avoids the need for callers such
as TLS to allocate a potentially variable length block in order to
retain a copy of the unmodified key.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/hmac.h   | 40 +++++++++++++++++++++++++++++++---------
 src/include/ipxe/md4.h    |  3 +++
 src/include/ipxe/md5.h    |  3 +++
 src/include/ipxe/sha1.h   |  3 +++
 src/include/ipxe/sha256.h |  3 +++
 src/include/ipxe/sha512.h |  3 +++
 6 files changed, 46 insertions(+), 9 deletions(-)

(limited to 'src/include')

diff --git a/src/include/ipxe/hmac.h b/src/include/ipxe/hmac.h
index 09d3e273d..cf9d08677 100644
--- a/src/include/ipxe/hmac.h
+++ b/src/include/ipxe/hmac.h
@@ -10,23 +10,45 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
 #include <ipxe/crypto.h>
 
+/** HMAC context type */
+#define hmac_context_t( digest ) struct {				\
+		/** Digest context */					\
+		uint8_t ctx[ digest->ctxsize ];				\
+		/** HMAC input/output padding */			\
+		uint8_t pad[ digest->blocksize ];			\
+	} __attribute__ (( packed ))
+
+/**
+ * Calculate HMAC context size
+ *
+ * @v digest		Digest algorithm to use
+ * @ret len		HMAC context size
+ */
+static inline __attribute__ (( always_inline )) size_t
+hmac_ctxsize ( struct digest_algorithm *digest ) {
+	hmac_context_t ( digest ) *hctx;
+
+	return sizeof ( *hctx );
+}
+
 /**
  * Update HMAC
  *
  * @v digest		Digest algorithm to use
- * @v digest_ctx	Digest context
+ * @v ctx		HMAC context
  * @v data		Data
  * @v len		Length of data
  */
-static inline void hmac_update ( struct digest_algorithm *digest,
-				 void *digest_ctx, const void *data,
-				 size_t len ) {
-	digest_update ( digest, digest_ctx, data, len );
+static inline void hmac_update ( struct digest_algorithm *digest, void *ctx,
+				 const void *data, size_t len ) {
+	hmac_context_t ( digest ) *hctx = ctx;
+
+	digest_update ( digest, hctx->ctx, data, len );
 }
 
-extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
-			void *key, size_t *key_len );
-extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
-			 void *key, size_t *key_len, void *hmac );
+extern void hmac_init ( struct digest_algorithm *digest, void *ctx,
+			const void *key, size_t key_len );
+extern void hmac_final ( struct digest_algorithm *digest, void *ctx,
+			 void *hmac );
 
 #endif /* _IPXE_HMAC_H */
diff --git a/src/include/ipxe/md4.h b/src/include/ipxe/md4.h
index 8f172e626..9f6cb8a5f 100644
--- a/src/include/ipxe/md4.h
+++ b/src/include/ipxe/md4.h
@@ -65,6 +65,9 @@ struct md4_context {
 /** MD4 context size */
 #define MD4_CTX_SIZE sizeof ( struct md4_context )
 
+/** MD4 block size */
+#define MD4_BLOCK_SIZE sizeof ( union md4_block )
+
 /** MD4 digest size */
 #define MD4_DIGEST_SIZE sizeof ( struct md4_digest )
 
diff --git a/src/include/ipxe/md5.h b/src/include/ipxe/md5.h
index 05c3974c8..527ad3658 100644
--- a/src/include/ipxe/md5.h
+++ b/src/include/ipxe/md5.h
@@ -65,6 +65,9 @@ struct md5_context {
 /** MD5 context size */
 #define MD5_CTX_SIZE sizeof ( struct md5_context )
 
+/** MD5 block size */
+#define MD5_BLOCK_SIZE sizeof ( union md5_block )
+
 /** MD5 digest size */
 #define MD5_DIGEST_SIZE sizeof ( struct md5_digest )
 
diff --git a/src/include/ipxe/sha1.h b/src/include/ipxe/sha1.h
index a97035ec7..9cbbebdee 100644
--- a/src/include/ipxe/sha1.h
+++ b/src/include/ipxe/sha1.h
@@ -65,6 +65,9 @@ struct sha1_context {
 /** SHA-1 context size */
 #define SHA1_CTX_SIZE sizeof ( struct sha1_context )
 
+/** SHA-1 block size */
+#define SHA1_BLOCK_SIZE sizeof ( union sha1_block )
+
 /** SHA-1 digest size */
 #define SHA1_DIGEST_SIZE sizeof ( struct sha1_digest )
 
diff --git a/src/include/ipxe/sha256.h b/src/include/ipxe/sha256.h
index e234cce33..f226ad07b 100644
--- a/src/include/ipxe/sha256.h
+++ b/src/include/ipxe/sha256.h
@@ -70,6 +70,9 @@ struct sha256_context {
 /** SHA-256 context size */
 #define SHA256_CTX_SIZE sizeof ( struct sha256_context )
 
+/** SHA-256 block size */
+#define SHA256_BLOCK_SIZE sizeof ( union sha256_block )
+
 /** SHA-256 digest size */
 #define SHA256_DIGEST_SIZE sizeof ( struct sha256_digest )
 
diff --git a/src/include/ipxe/sha512.h b/src/include/ipxe/sha512.h
index 8e22d8357..82a9e4e69 100644
--- a/src/include/ipxe/sha512.h
+++ b/src/include/ipxe/sha512.h
@@ -72,6 +72,9 @@ struct sha512_context {
 /** SHA-512 context size */
 #define SHA512_CTX_SIZE sizeof ( struct sha512_context )
 
+/** SHA-512 block size */
+#define SHA512_BLOCK_SIZE sizeof ( union sha512_block )
+
 /** SHA-512 digest size */
 #define SHA512_DIGEST_SIZE sizeof ( struct sha512_digest )
 
-- 
cgit v1.2.3-55-g7522