Eric Lee / smarc-fsl-linux-kernel

Blame view

crypto/cmac.c 7.5 KB

2874c5fd2 Thomas Gleixner treewide: Replace...	1	// SPDX-License-Identifier: GPL-2.0-or-later
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	2 3 4 5 6 7 8 9 10 11	/* * CMAC: Cipher Block Mode for Authentication * * Copyright © 2013 Jussi Kivilinna <jussi.kivilinna@iki.fi> * * Based on work by: * Copyright © 2013 Tom St Denis <tstdenis@elliptictech.com> * Based on crypto/xcbc.c: * Copyright © 2006 USAGI/WIDE Project, * Author: Kazunori Miyazawa <miyazawa@linux-ipv6.org>
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54	/ #include <crypto/internal/hash.h> #include <linux/err.h> #include <linux/kernel.h> #include <linux/module.h> / * +------------------------ * \| <parent tfm> * +------------------------ * \| cmac_tfm_ctx * +------------------------ * \| consts (block size * 2) * +------------------------ / struct cmac_tfm_ctx { struct crypto_cipher child; u8 ctx[]; }; /* * +------------------------ * \| <shash desc> * +------------------------ * \| cmac_desc_ctx * +------------------------ * \| odds (block size) * +------------------------ * \| prev (block size) * +------------------------ / struct cmac_desc_ctx { unsigned int len; u8 ctx[]; }; static int crypto_cmac_digest_setkey(struct crypto_shash parent, const u8 inkey, unsigned int keylen) { unsigned long alignmask = crypto_shash_alignmask(parent); struct cmac_tfm_ctx ctx = crypto_shash_ctx(parent); unsigned int bs = crypto_shash_blocksize(parent);
f16743e0c Eric Biggers crypto: cmac - fi...	55 56	__be64 consts = PTR_ALIGN((void )ctx->ctx, (alignmask \| (__alignof__(__be64) - 1)) + 1);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171	u64 _const[2]; int i, err = 0; u8 msb_mask, gfmask; err = crypto_cipher_setkey(ctx->child, inkey, keylen); if (err) return err; /* encrypt the zero block / memset(consts, 0, bs); crypto_cipher_encrypt_one(ctx->child, (u8 )consts, (u8 )consts); switch (bs) { case 16: gfmask = 0x87; _const[0] = be64_to_cpu(consts[1]); _const[1] = be64_to_cpu(consts[0]); / gf(2^128) multiply zero-ciphertext with u and u^2 / for (i = 0; i < 4; i += 2) { msb_mask = ((s64)_const[1] >> 63) & gfmask; _const[1] = (_const[1] << 1) \| (_const[0] >> 63); _const[0] = (_const[0] << 1) ^ msb_mask; consts[i + 0] = cpu_to_be64(_const[1]); consts[i + 1] = cpu_to_be64(_const[0]); } break; case 8: gfmask = 0x1B; _const[0] = be64_to_cpu(consts[0]); / gf(2^64) multiply zero-ciphertext with u and u^2 / for (i = 0; i < 2; i++) { msb_mask = ((s64)_const[0] >> 63) & gfmask; _const[0] = (_const[0] << 1) ^ msb_mask; consts[i] = cpu_to_be64(_const[0]); } break; } return 0; } static int crypto_cmac_digest_init(struct shash_desc pdesc) { unsigned long alignmask = crypto_shash_alignmask(pdesc->tfm); struct cmac_desc_ctx ctx = shash_desc_ctx(pdesc); int bs = crypto_shash_blocksize(pdesc->tfm); u8 prev = PTR_ALIGN((void )ctx->ctx, alignmask + 1) + bs; ctx->len = 0; memset(prev, 0, bs); return 0; } static int crypto_cmac_digest_update(struct shash_desc pdesc, const u8 p, unsigned int len) { struct crypto_shash parent = pdesc->tfm; unsigned long alignmask = crypto_shash_alignmask(parent); struct cmac_tfm_ctx tctx = crypto_shash_ctx(parent); struct cmac_desc_ctx ctx = shash_desc_ctx(pdesc); struct crypto_cipher tfm = tctx->child; int bs = crypto_shash_blocksize(parent); u8 odds = PTR_ALIGN((void )ctx->ctx, alignmask + 1); u8 prev = odds + bs; /* checking the data can fill the block / if ((ctx->len + len) <= bs) { memcpy(odds + ctx->len, p, len); ctx->len += len; return 0; } / filling odds with new data and encrypting it / memcpy(odds + ctx->len, p, bs - ctx->len); len -= bs - ctx->len; p += bs - ctx->len; crypto_xor(prev, odds, bs); crypto_cipher_encrypt_one(tfm, prev, prev); / clearing the length / ctx->len = 0; / encrypting the rest of data / while (len > bs) { crypto_xor(prev, p, bs); crypto_cipher_encrypt_one(tfm, prev, prev); p += bs; len -= bs; } / keeping the surplus of blocksize / if (len) { memcpy(odds, p, len); ctx->len = len; } return 0; } static int crypto_cmac_digest_final(struct shash_desc pdesc, u8 out) { struct crypto_shash parent = pdesc->tfm; unsigned long alignmask = crypto_shash_alignmask(parent); struct cmac_tfm_ctx tctx = crypto_shash_ctx(parent); struct cmac_desc_ctx ctx = shash_desc_ctx(pdesc); struct crypto_cipher *tfm = tctx->child; int bs = crypto_shash_blocksize(parent);
f16743e0c Eric Biggers crypto: cmac - fi...	172 173	u8 consts = PTR_ALIGN((void )tctx->ctx, (alignmask \| (__alignof__(__be64) - 1)) + 1);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203	u8 odds = PTR_ALIGN((void )ctx->ctx, alignmask + 1); u8 prev = odds + bs; unsigned int offset = 0; if (ctx->len != bs) { unsigned int rlen; u8 p = odds + ctx->len; p = 0x80; p++; rlen = bs - ctx->len - 1; if (rlen) memset(p, 0, rlen); offset += bs; } crypto_xor(prev, odds, bs); crypto_xor(prev, consts + offset, bs); crypto_cipher_encrypt_one(tfm, out, prev); return 0; } static int cmac_init_tfm(struct crypto_tfm tfm) { struct crypto_cipher cipher; struct crypto_instance inst = (void *)tfm->__crt_alg;
d5ed3b65f Eric Biggers crypto: cipher - ...	204	struct crypto_cipher_spawn *spawn = crypto_instance_ctx(inst);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224	struct cmac_tfm_ctx ctx = crypto_tfm_ctx(tfm); cipher = crypto_spawn_cipher(spawn); if (IS_ERR(cipher)) return PTR_ERR(cipher); ctx->child = cipher; return 0; }; static void cmac_exit_tfm(struct crypto_tfm tfm) { struct cmac_tfm_ctx ctx = crypto_tfm_ctx(tfm); crypto_free_cipher(ctx->child); } static int cmac_create(struct crypto_template tmpl, struct rtattr *tb) { struct shash_instance inst;
1d0459cd8 Eric Biggers crypto: cmac - us...	225	struct crypto_cipher_spawn *spawn;
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	226 227 228 229 230 231 232	struct crypto_alg *alg; unsigned long alignmask; int err; err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH); if (err) return err;
1d0459cd8 Eric Biggers crypto: cmac - us...	233 234 235 236 237 238 239 240 241 242	inst = kzalloc(sizeof(inst) + sizeof(spawn), GFP_KERNEL); if (!inst) return -ENOMEM; spawn = shash_instance_ctx(inst); err = crypto_grab_cipher(spawn, shash_crypto_instance(inst), crypto_attr_alg_name(tb[1]), 0, 0); if (err) goto err_free_inst; alg = crypto_spawn_cipher_alg(spawn);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	243 244 245 246 247 248	switch (alg->cra_blocksize) { case 16: case 8: break; default:
48ee41bf5 Eric Biggers crypto: cmac - re...	249	err = -EINVAL;
1d0459cd8 Eric Biggers crypto: cmac - us...	250	goto err_free_inst;
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	251	}
1d0459cd8 Eric Biggers crypto: cmac - us...	252	err = crypto_inst_setname(shash_crypto_instance(inst), tmpl->name, alg);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	253	if (err)
1d0459cd8 Eric Biggers crypto: cmac - us...	254	goto err_free_inst;
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	255
db91af0fb Ard Biesheuvel crypto: algapi - ...	256	alignmask = alg->cra_alignmask;
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	257 258 259 260 261 262 263 264 265 266 267	inst->alg.base.cra_alignmask = alignmask; inst->alg.base.cra_priority = alg->cra_priority; inst->alg.base.cra_blocksize = alg->cra_blocksize; inst->alg.digestsize = alg->cra_blocksize; inst->alg.descsize = ALIGN(sizeof(struct cmac_desc_ctx), crypto_tfm_ctx_alignment()) + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)) + alg->cra_blocksize * 2; inst->alg.base.cra_ctxsize =
f16743e0c Eric Biggers crypto: cmac - fi...	268 269 270	ALIGN(sizeof(struct cmac_tfm_ctx), crypto_tfm_ctx_alignment()) + ((alignmask \| (__alignof__(__be64) - 1)) & ~(crypto_tfm_ctx_alignment() - 1))
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	271 272 273 274 275 276 277 278 279	+ alg->cra_blocksize * 2; inst->alg.base.cra_init = cmac_init_tfm; inst->alg.base.cra_exit = cmac_exit_tfm; inst->alg.init = crypto_cmac_digest_init; inst->alg.update = crypto_cmac_digest_update; inst->alg.final = crypto_cmac_digest_final; inst->alg.setkey = crypto_cmac_digest_setkey;
a39c66cc2 Eric Biggers crypto: shash - c...	280	inst->free = shash_free_singlespawn_instance;
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	281 282	err = shash_register_instance(tmpl, inst); if (err) {
1d0459cd8 Eric Biggers crypto: cmac - us...	283	err_free_inst:
a39c66cc2 Eric Biggers crypto: shash - c...	284	shash_free_singlespawn_instance(inst);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	285	}
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	286 287 288 289 290 291	return err; } static struct crypto_template crypto_cmac_tmpl = { .name = "cmac", .create = cmac_create,
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	292 293 294 295 296 297 298 299 300 301 302 303	.module = THIS_MODULE, }; static int __init crypto_cmac_module_init(void) { return crypto_register_template(&crypto_cmac_tmpl); } static void __exit crypto_cmac_module_exit(void) { crypto_unregister_template(&crypto_cmac_tmpl); }
c4741b230 Eric Biggers crypto: run initc...	304	subsys_initcall(crypto_cmac_module_init);
93b5e86a6 Jussi Kivilinna crypto: add CMAC ...	305 306 307 308	module_exit(crypto_cmac_module_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("CMAC keyed hash algorithm");
4943ba16b Kees Cook crypto: include c...	309	MODULE_ALIAS_CRYPTO("cmac");