1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Linear symmetric key cipher operations.
5 * Generic encrypt/decrypt wrapper for ciphers.
7 * Copyright (c) 2023 Herbert Xu <herbert@gondor.apana.org.au>
10 #include <linux/cryptouser.h>
11 #include <linux/err.h>
12 #include <linux/export.h>
13 #include <linux/kernel.h>
14 #include <linux/seq_file.h>
15 #include <linux/slab.h>
16 #include <linux/string.h>
17 #include <net/netlink.h>
20 static inline struct crypto_lskcipher
*__crypto_lskcipher_cast(
21 struct crypto_tfm
*tfm
)
23 return container_of(tfm
, struct crypto_lskcipher
, base
);
26 static inline struct lskcipher_alg
*__crypto_lskcipher_alg(
27 struct crypto_alg
*alg
)
29 return container_of(alg
, struct lskcipher_alg
, co
.base
);
32 static int lskcipher_setkey_unaligned(struct crypto_lskcipher
*tfm
,
33 const u8
*key
, unsigned int keylen
)
35 unsigned long alignmask
= crypto_lskcipher_alignmask(tfm
);
36 struct lskcipher_alg
*cipher
= crypto_lskcipher_alg(tfm
);
37 u8
*buffer
, *alignbuffer
;
41 absize
= keylen
+ alignmask
;
42 buffer
= kmalloc(absize
, GFP_ATOMIC
);
46 alignbuffer
= (u8
*)ALIGN((unsigned long)buffer
, alignmask
+ 1);
47 memcpy(alignbuffer
, key
, keylen
);
48 ret
= cipher
->setkey(tfm
, alignbuffer
, keylen
);
49 kfree_sensitive(buffer
);
53 int crypto_lskcipher_setkey(struct crypto_lskcipher
*tfm
, const u8
*key
,
56 unsigned long alignmask
= crypto_lskcipher_alignmask(tfm
);
57 struct lskcipher_alg
*cipher
= crypto_lskcipher_alg(tfm
);
59 if (keylen
< cipher
->co
.min_keysize
|| keylen
> cipher
->co
.max_keysize
)
62 if ((unsigned long)key
& alignmask
)
63 return lskcipher_setkey_unaligned(tfm
, key
, keylen
);
65 return cipher
->setkey(tfm
, key
, keylen
);
67 EXPORT_SYMBOL_GPL(crypto_lskcipher_setkey
);
69 static int crypto_lskcipher_crypt_unaligned(
70 struct crypto_lskcipher
*tfm
, const u8
*src
, u8
*dst
, unsigned len
,
71 u8
*iv
, int (*crypt
)(struct crypto_lskcipher
*tfm
, const u8
*src
,
72 u8
*dst
, unsigned len
, u8
*iv
, u32 flags
))
74 unsigned statesize
= crypto_lskcipher_statesize(tfm
);
75 unsigned ivsize
= crypto_lskcipher_ivsize(tfm
);
76 unsigned bs
= crypto_lskcipher_blocksize(tfm
);
77 unsigned cs
= crypto_lskcipher_chunksize(tfm
);
82 BUILD_BUG_ON(MAX_CIPHER_BLOCKSIZE
> PAGE_SIZE
||
83 MAX_CIPHER_ALIGNMASK
>= PAGE_SIZE
);
85 tiv
= kmalloc(PAGE_SIZE
, GFP_ATOMIC
);
89 memcpy(tiv
, iv
, ivsize
+ statesize
);
91 p
= kmalloc(PAGE_SIZE
, GFP_ATOMIC
);
97 unsigned chunk
= min((unsigned)PAGE_SIZE
, len
);
103 memcpy(p
, src
, chunk
);
104 err
= crypt(tfm
, p
, p
, chunk
, tiv
, CRYPTO_LSKCIPHER_FLAG_FINAL
);
108 memcpy(dst
, p
, chunk
);
114 err
= len
? -EINVAL
: 0;
117 memcpy(iv
, tiv
, ivsize
+ statesize
);
119 kfree_sensitive(tiv
);
123 static int crypto_lskcipher_crypt(struct crypto_lskcipher
*tfm
, const u8
*src
,
124 u8
*dst
, unsigned len
, u8
*iv
,
125 int (*crypt
)(struct crypto_lskcipher
*tfm
,
126 const u8
*src
, u8
*dst
,
127 unsigned len
, u8
*iv
,
130 unsigned long alignmask
= crypto_lskcipher_alignmask(tfm
);
132 if (((unsigned long)src
| (unsigned long)dst
| (unsigned long)iv
) &
134 return crypto_lskcipher_crypt_unaligned(tfm
, src
, dst
, len
, iv
,
137 return crypt(tfm
, src
, dst
, len
, iv
, CRYPTO_LSKCIPHER_FLAG_FINAL
);
140 int crypto_lskcipher_encrypt(struct crypto_lskcipher
*tfm
, const u8
*src
,
141 u8
*dst
, unsigned len
, u8
*iv
)
143 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(tfm
);
145 return crypto_lskcipher_crypt(tfm
, src
, dst
, len
, iv
, alg
->encrypt
);
147 EXPORT_SYMBOL_GPL(crypto_lskcipher_encrypt
);
149 int crypto_lskcipher_decrypt(struct crypto_lskcipher
*tfm
, const u8
*src
,
150 u8
*dst
, unsigned len
, u8
*iv
)
152 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(tfm
);
154 return crypto_lskcipher_crypt(tfm
, src
, dst
, len
, iv
, alg
->decrypt
);
156 EXPORT_SYMBOL_GPL(crypto_lskcipher_decrypt
);
158 static int crypto_lskcipher_crypt_sg(struct skcipher_request
*req
,
159 int (*crypt
)(struct crypto_lskcipher
*tfm
,
160 const u8
*src
, u8
*dst
,
161 unsigned len
, u8
*ivs
,
164 struct crypto_skcipher
*skcipher
= crypto_skcipher_reqtfm(req
);
165 struct crypto_lskcipher
**ctx
= crypto_skcipher_ctx(skcipher
);
166 u8
*ivs
= skcipher_request_ctx(req
);
167 struct crypto_lskcipher
*tfm
= *ctx
;
168 struct skcipher_walk walk
;
173 ivsize
= crypto_lskcipher_ivsize(tfm
);
174 ivs
= PTR_ALIGN(ivs
, crypto_skcipher_alignmask(skcipher
) + 1);
176 flags
= req
->base
.flags
& CRYPTO_TFM_REQ_MAY_SLEEP
;
178 if (req
->base
.flags
& CRYPTO_SKCIPHER_REQ_CONT
)
179 flags
|= CRYPTO_LSKCIPHER_FLAG_CONT
;
181 memcpy(ivs
, req
->iv
, ivsize
);
183 if (!(req
->base
.flags
& CRYPTO_SKCIPHER_REQ_NOTFINAL
))
184 flags
|= CRYPTO_LSKCIPHER_FLAG_FINAL
;
186 err
= skcipher_walk_virt(&walk
, req
, false);
188 while (walk
.nbytes
) {
189 err
= crypt(tfm
, walk
.src
.virt
.addr
, walk
.dst
.virt
.addr
,
191 flags
& ~(walk
.nbytes
== walk
.total
?
192 0 : CRYPTO_LSKCIPHER_FLAG_FINAL
));
193 err
= skcipher_walk_done(&walk
, err
);
194 flags
|= CRYPTO_LSKCIPHER_FLAG_CONT
;
197 if (flags
& CRYPTO_LSKCIPHER_FLAG_FINAL
)
198 memcpy(req
->iv
, ivs
, ivsize
);
203 int crypto_lskcipher_encrypt_sg(struct skcipher_request
*req
)
205 struct crypto_skcipher
*skcipher
= crypto_skcipher_reqtfm(req
);
206 struct crypto_lskcipher
**ctx
= crypto_skcipher_ctx(skcipher
);
207 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(*ctx
);
209 return crypto_lskcipher_crypt_sg(req
, alg
->encrypt
);
212 int crypto_lskcipher_decrypt_sg(struct skcipher_request
*req
)
214 struct crypto_skcipher
*skcipher
= crypto_skcipher_reqtfm(req
);
215 struct crypto_lskcipher
**ctx
= crypto_skcipher_ctx(skcipher
);
216 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(*ctx
);
218 return crypto_lskcipher_crypt_sg(req
, alg
->decrypt
);
221 static void crypto_lskcipher_exit_tfm(struct crypto_tfm
*tfm
)
223 struct crypto_lskcipher
*skcipher
= __crypto_lskcipher_cast(tfm
);
224 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(skcipher
);
229 static int crypto_lskcipher_init_tfm(struct crypto_tfm
*tfm
)
231 struct crypto_lskcipher
*skcipher
= __crypto_lskcipher_cast(tfm
);
232 struct lskcipher_alg
*alg
= crypto_lskcipher_alg(skcipher
);
235 skcipher
->base
.exit
= crypto_lskcipher_exit_tfm
;
238 return alg
->init(skcipher
);
243 static void crypto_lskcipher_free_instance(struct crypto_instance
*inst
)
245 struct lskcipher_instance
*skcipher
=
246 container_of(inst
, struct lskcipher_instance
, s
.base
);
248 skcipher
->free(skcipher
);
251 static void __maybe_unused
crypto_lskcipher_show(
252 struct seq_file
*m
, struct crypto_alg
*alg
)
254 struct lskcipher_alg
*skcipher
= __crypto_lskcipher_alg(alg
);
256 seq_printf(m
, "type : lskcipher\n");
257 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
258 seq_printf(m
, "min keysize : %u\n", skcipher
->co
.min_keysize
);
259 seq_printf(m
, "max keysize : %u\n", skcipher
->co
.max_keysize
);
260 seq_printf(m
, "ivsize : %u\n", skcipher
->co
.ivsize
);
261 seq_printf(m
, "chunksize : %u\n", skcipher
->co
.chunksize
);
262 seq_printf(m
, "statesize : %u\n", skcipher
->co
.statesize
);
265 static int __maybe_unused
crypto_lskcipher_report(
266 struct sk_buff
*skb
, struct crypto_alg
*alg
)
268 struct lskcipher_alg
*skcipher
= __crypto_lskcipher_alg(alg
);
269 struct crypto_report_blkcipher rblkcipher
;
271 memset(&rblkcipher
, 0, sizeof(rblkcipher
));
273 strscpy(rblkcipher
.type
, "lskcipher", sizeof(rblkcipher
.type
));
274 strscpy(rblkcipher
.geniv
, "<none>", sizeof(rblkcipher
.geniv
));
276 rblkcipher
.blocksize
= alg
->cra_blocksize
;
277 rblkcipher
.min_keysize
= skcipher
->co
.min_keysize
;
278 rblkcipher
.max_keysize
= skcipher
->co
.max_keysize
;
279 rblkcipher
.ivsize
= skcipher
->co
.ivsize
;
281 return nla_put(skb
, CRYPTOCFGA_REPORT_BLKCIPHER
,
282 sizeof(rblkcipher
), &rblkcipher
);
285 static const struct crypto_type crypto_lskcipher_type
= {
286 .extsize
= crypto_alg_extsize
,
287 .init_tfm
= crypto_lskcipher_init_tfm
,
288 .free
= crypto_lskcipher_free_instance
,
289 #ifdef CONFIG_PROC_FS
290 .show
= crypto_lskcipher_show
,
292 #if IS_ENABLED(CONFIG_CRYPTO_USER)
293 .report
= crypto_lskcipher_report
,
295 .maskclear
= ~CRYPTO_ALG_TYPE_MASK
,
296 .maskset
= CRYPTO_ALG_TYPE_MASK
,
297 .type
= CRYPTO_ALG_TYPE_LSKCIPHER
,
298 .tfmsize
= offsetof(struct crypto_lskcipher
, base
),
301 static void crypto_lskcipher_exit_tfm_sg(struct crypto_tfm
*tfm
)
303 struct crypto_lskcipher
**ctx
= crypto_tfm_ctx(tfm
);
305 crypto_free_lskcipher(*ctx
);
308 int crypto_init_lskcipher_ops_sg(struct crypto_tfm
*tfm
)
310 struct crypto_lskcipher
**ctx
= crypto_tfm_ctx(tfm
);
311 struct crypto_alg
*calg
= tfm
->__crt_alg
;
312 struct crypto_lskcipher
*skcipher
;
314 if (!crypto_mod_get(calg
))
317 skcipher
= crypto_create_tfm(calg
, &crypto_lskcipher_type
);
318 if (IS_ERR(skcipher
)) {
319 crypto_mod_put(calg
);
320 return PTR_ERR(skcipher
);
324 tfm
->exit
= crypto_lskcipher_exit_tfm_sg
;
329 int crypto_grab_lskcipher(struct crypto_lskcipher_spawn
*spawn
,
330 struct crypto_instance
*inst
,
331 const char *name
, u32 type
, u32 mask
)
333 spawn
->base
.frontend
= &crypto_lskcipher_type
;
334 return crypto_grab_spawn(&spawn
->base
, inst
, name
, type
, mask
);
336 EXPORT_SYMBOL_GPL(crypto_grab_lskcipher
);
338 struct crypto_lskcipher
*crypto_alloc_lskcipher(const char *alg_name
,
341 return crypto_alloc_tfm(alg_name
, &crypto_lskcipher_type
, type
, mask
);
343 EXPORT_SYMBOL_GPL(crypto_alloc_lskcipher
);
345 static int lskcipher_prepare_alg(struct lskcipher_alg
*alg
)
347 struct crypto_alg
*base
= &alg
->co
.base
;
350 err
= skcipher_prepare_alg_common(&alg
->co
);
354 if (alg
->co
.chunksize
& (alg
->co
.chunksize
- 1))
357 base
->cra_type
= &crypto_lskcipher_type
;
358 base
->cra_flags
|= CRYPTO_ALG_TYPE_LSKCIPHER
;
363 int crypto_register_lskcipher(struct lskcipher_alg
*alg
)
365 struct crypto_alg
*base
= &alg
->co
.base
;
368 err
= lskcipher_prepare_alg(alg
);
372 return crypto_register_alg(base
);
374 EXPORT_SYMBOL_GPL(crypto_register_lskcipher
);
376 void crypto_unregister_lskcipher(struct lskcipher_alg
*alg
)
378 crypto_unregister_alg(&alg
->co
.base
);
380 EXPORT_SYMBOL_GPL(crypto_unregister_lskcipher
);
382 int crypto_register_lskciphers(struct lskcipher_alg
*algs
, int count
)
386 for (i
= 0; i
< count
; i
++) {
387 ret
= crypto_register_lskcipher(&algs
[i
]);
395 for (--i
; i
>= 0; --i
)
396 crypto_unregister_lskcipher(&algs
[i
]);
400 EXPORT_SYMBOL_GPL(crypto_register_lskciphers
);
402 void crypto_unregister_lskciphers(struct lskcipher_alg
*algs
, int count
)
406 for (i
= count
- 1; i
>= 0; --i
)
407 crypto_unregister_lskcipher(&algs
[i
]);
409 EXPORT_SYMBOL_GPL(crypto_unregister_lskciphers
);
411 int lskcipher_register_instance(struct crypto_template
*tmpl
,
412 struct lskcipher_instance
*inst
)
416 if (WARN_ON(!inst
->free
))
419 err
= lskcipher_prepare_alg(&inst
->alg
);
423 return crypto_register_instance(tmpl
, lskcipher_crypto_instance(inst
));
425 EXPORT_SYMBOL_GPL(lskcipher_register_instance
);
427 static int lskcipher_setkey_simple(struct crypto_lskcipher
*tfm
, const u8
*key
,
430 struct crypto_lskcipher
*cipher
= lskcipher_cipher_simple(tfm
);
432 crypto_lskcipher_clear_flags(cipher
, CRYPTO_TFM_REQ_MASK
);
433 crypto_lskcipher_set_flags(cipher
, crypto_lskcipher_get_flags(tfm
) &
434 CRYPTO_TFM_REQ_MASK
);
435 return crypto_lskcipher_setkey(cipher
, key
, keylen
);
438 static int lskcipher_init_tfm_simple(struct crypto_lskcipher
*tfm
)
440 struct lskcipher_instance
*inst
= lskcipher_alg_instance(tfm
);
441 struct crypto_lskcipher
**ctx
= crypto_lskcipher_ctx(tfm
);
442 struct crypto_lskcipher_spawn
*spawn
;
443 struct crypto_lskcipher
*cipher
;
445 spawn
= lskcipher_instance_ctx(inst
);
446 cipher
= crypto_spawn_lskcipher(spawn
);
448 return PTR_ERR(cipher
);
454 static void lskcipher_exit_tfm_simple(struct crypto_lskcipher
*tfm
)
456 struct crypto_lskcipher
**ctx
= crypto_lskcipher_ctx(tfm
);
458 crypto_free_lskcipher(*ctx
);
461 static void lskcipher_free_instance_simple(struct lskcipher_instance
*inst
)
463 crypto_drop_lskcipher(lskcipher_instance_ctx(inst
));
468 * lskcipher_alloc_instance_simple - allocate instance of simple block cipher
470 * Allocate an lskcipher_instance for a simple block cipher mode of operation,
471 * e.g. cbc or ecb. The instance context will have just a single crypto_spawn,
472 * that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize,
473 * alignmask, and priority are set from the underlying cipher but can be
474 * overridden if needed. The tfm context defaults to
475 * struct crypto_lskcipher *, and default ->setkey(), ->init(), and
476 * ->exit() methods are installed.
478 * @tmpl: the template being instantiated
479 * @tb: the template parameters
481 * Return: a pointer to the new instance, or an ERR_PTR(). The caller still
482 * needs to register the instance.
484 struct lskcipher_instance
*lskcipher_alloc_instance_simple(
485 struct crypto_template
*tmpl
, struct rtattr
**tb
)
488 struct lskcipher_instance
*inst
;
489 struct crypto_lskcipher_spawn
*spawn
;
490 char ecb_name
[CRYPTO_MAX_ALG_NAME
];
491 struct lskcipher_alg
*cipher_alg
;
492 const char *cipher_name
;
495 err
= crypto_check_attr_type(tb
, CRYPTO_ALG_TYPE_LSKCIPHER
, &mask
);
499 cipher_name
= crypto_attr_alg_name(tb
[1]);
500 if (IS_ERR(cipher_name
))
501 return ERR_CAST(cipher_name
);
503 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
505 return ERR_PTR(-ENOMEM
);
507 spawn
= lskcipher_instance_ctx(inst
);
508 err
= crypto_grab_lskcipher(spawn
,
509 lskcipher_crypto_instance(inst
),
510 cipher_name
, 0, mask
);
513 if (err
== -ENOENT
&& !!memcmp(tmpl
->name
, "ecb", 4)) {
515 if (snprintf(ecb_name
, CRYPTO_MAX_ALG_NAME
, "ecb(%s)",
516 cipher_name
) >= CRYPTO_MAX_ALG_NAME
)
519 err
= crypto_grab_lskcipher(spawn
,
520 lskcipher_crypto_instance(inst
),
527 cipher_alg
= crypto_lskcipher_spawn_alg(spawn
);
529 err
= crypto_inst_setname(lskcipher_crypto_instance(inst
), tmpl
->name
,
530 &cipher_alg
->co
.base
);
538 len
= strscpy(ecb_name
, &cipher_alg
->co
.base
.cra_name
[4],
543 if (ecb_name
[len
- 1] != ')')
546 ecb_name
[len
- 1] = 0;
549 if (snprintf(inst
->alg
.co
.base
.cra_name
, CRYPTO_MAX_ALG_NAME
,
550 "%s(%s)", tmpl
->name
, ecb_name
) >=
554 if (strcmp(ecb_name
, cipher_name
) &&
555 snprintf(inst
->alg
.co
.base
.cra_driver_name
,
557 "%s(%s)", tmpl
->name
, cipher_name
) >=
561 /* Don't allow nesting. */
563 if ((cipher_alg
->co
.base
.cra_flags
& CRYPTO_ALG_INSTANCE
))
568 if (cipher_alg
->co
.ivsize
)
571 inst
->free
= lskcipher_free_instance_simple
;
573 /* Default algorithm properties, can be overridden */
574 inst
->alg
.co
.base
.cra_blocksize
= cipher_alg
->co
.base
.cra_blocksize
;
575 inst
->alg
.co
.base
.cra_alignmask
= cipher_alg
->co
.base
.cra_alignmask
;
576 inst
->alg
.co
.base
.cra_priority
= cipher_alg
->co
.base
.cra_priority
;
577 inst
->alg
.co
.min_keysize
= cipher_alg
->co
.min_keysize
;
578 inst
->alg
.co
.max_keysize
= cipher_alg
->co
.max_keysize
;
579 inst
->alg
.co
.ivsize
= cipher_alg
->co
.base
.cra_blocksize
;
580 inst
->alg
.co
.statesize
= cipher_alg
->co
.statesize
;
582 /* Use struct crypto_lskcipher * by default, can be overridden */
583 inst
->alg
.co
.base
.cra_ctxsize
= sizeof(struct crypto_lskcipher
*);
584 inst
->alg
.setkey
= lskcipher_setkey_simple
;
585 inst
->alg
.init
= lskcipher_init_tfm_simple
;
586 inst
->alg
.exit
= lskcipher_exit_tfm_simple
;
591 lskcipher_free_instance_simple(inst
);
594 EXPORT_SYMBOL_GPL(lskcipher_alloc_instance_simple
);