// SPDX-License-Identifier: GPL-2.0-or-later

  /*
   * seqiv: Sequence Number IV Generator
   *
   * This generator generates an IV based on a sequence number by xoring it
   * with a salt.  This algorithm is mainly useful for CTR and similar modes.
   *
   * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>

   */

  #include <crypto/internal/geniv.h>

  #include <crypto/scatterwalk.h>

  #include <crypto/skcipher.h>

  #include <linux/err.h>
  #include <linux/init.h>
  #include <linux/kernel.h>
  #include <linux/module.h>

  #include <linux/slab.h>

  #include <linux/string.h>

  static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)
  {
  	struct aead_request *subreq = aead_request_ctx(req);
  	struct crypto_aead *geniv;
  
  	if (err == -EINPROGRESS)
  		return;
  
  	if (err)
  		goto out;
  
  	geniv = crypto_aead_reqtfm(req);
  	memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv));
  
  out:

  	kfree_sensitive(subreq->iv);

  }
  
  static void seqiv_aead_encrypt_complete(struct crypto_async_request *base,
  					int err)
  {
  	struct aead_request *req = base->data;
  
  	seqiv_aead_encrypt_complete2(req, err);
  	aead_request_complete(req, err);
  }

  static int seqiv_aead_encrypt(struct aead_request *req)
  {
  	struct crypto_aead *geniv = crypto_aead_reqtfm(req);

  	struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);

  	struct aead_request *subreq = aead_request_ctx(req);
  	crypto_completion_t compl;
  	void *data;
  	u8 *info;

  	unsigned int ivsize = 8;

  	int err;

  	if (req->cryptlen < ivsize)
  		return -EINVAL;

  	aead_request_set_tfm(subreq, ctx->child);

  
  	compl = req->base.complete;
  	data = req->base.data;
  	info = req->iv;

  	if (req->src != req->dst) {

  		SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);

  		skcipher_request_set_sync_tfm(nreq, ctx->sknull);

  		skcipher_request_set_callback(nreq, req->base.flags,
  					      NULL, NULL);
  		skcipher_request_set_crypt(nreq, req->src, req->dst,
  					   req->assoclen + req->cryptlen,
  					   NULL);
  
  		err = crypto_skcipher_encrypt(nreq);

  		if (err)
  			return err;
  	}
  
  	if (unlikely(!IS_ALIGNED((unsigned long)info,
  				 crypto_aead_alignmask(geniv) + 1))) {

  		info = kmemdup(req->iv, ivsize, req->base.flags &
  			       CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
  			       GFP_ATOMIC);

  		if (!info)
  			return -ENOMEM;

  		compl = seqiv_aead_encrypt_complete;
  		data = req;
  	}
  
  	aead_request_set_callback(subreq, req->base.flags, compl, data);
  	aead_request_set_crypt(subreq, req->dst, req->dst,
  			       req->cryptlen - ivsize, info);

  	aead_request_set_ad(subreq, req->assoclen + ivsize);

  
  	crypto_xor(info, ctx->salt, ivsize);
  	scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
  
  	err = crypto_aead_encrypt(subreq);
  	if (unlikely(info != req->iv))
  		seqiv_aead_encrypt_complete2(req, err);
  	return err;
  }

  static int seqiv_aead_decrypt(struct aead_request *req)
  {
  	struct crypto_aead *geniv = crypto_aead_reqtfm(req);

  	struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);

  	struct aead_request *subreq = aead_request_ctx(req);
  	crypto_completion_t compl;
  	void *data;

  	unsigned int ivsize = 8;
  
  	if (req->cryptlen < ivsize + crypto_aead_authsize(geniv))
  		return -EINVAL;

  	aead_request_set_tfm(subreq, ctx->child);

  
  	compl = req->base.complete;
  	data = req->base.data;

  	aead_request_set_callback(subreq, req->base.flags, compl, data);
  	aead_request_set_crypt(subreq, req->src, req->dst,
  			       req->cryptlen - ivsize, req->iv);

  	aead_request_set_ad(subreq, req->assoclen + ivsize);

  
  	scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0);

  
  	return crypto_aead_decrypt(subreq);
  }

  static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)

  {

  	struct aead_instance *inst;

  	int err;

  	inst = aead_geniv_alloc(tmpl, tb);

  
  	if (IS_ERR(inst))

  		return PTR_ERR(inst);

  	err = -EINVAL;

  	if (inst->alg.ivsize != sizeof(u64))

  		goto free_inst;

  	inst->alg.encrypt = seqiv_aead_encrypt;

  	inst->alg.decrypt = seqiv_aead_decrypt;

  	inst->alg.init = aead_init_geniv;
  	inst->alg.exit = aead_exit_geniv;

  	inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);

  	inst->alg.base.cra_ctxsize += inst->alg.ivsize;

  	err = aead_register_instance(tmpl, inst);

  	if (err) {

  free_inst:

  		inst->free(inst);
  	}
  	return err;

  }

  static struct crypto_template seqiv_tmpl = {
  	.name = "seqiv",

  	.create = seqiv_aead_create,

  	.module = THIS_MODULE,
  };
  
  static int __init seqiv_module_init(void)
  {

  	return crypto_register_template(&seqiv_tmpl);

  }
  
  static void __exit seqiv_module_exit(void)
  {
  	crypto_unregister_template(&seqiv_tmpl);
  }

  subsys_initcall(seqiv_module_init);

  module_exit(seqiv_module_exit);
  
  MODULE_LICENSE("GPL");
  MODULE_DESCRIPTION("Sequence Number IV Generator");

  MODULE_ALIAS_CRYPTO("seqiv");