Commit ecfc43292f68566c144afca966b46b371c26d56c
1 parent
927eead52c
Exists in
master
and in
20 other branches
[CRYPTO] skcipher: Add skcipher_geniv_alloc/skcipher_geniv_free
This patch creates the infrastructure to help the construction of givcipher templates that wrap around existing blkcipher/ablkcipher algorithms by adding an IV generator to them. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 4 changed files with 225 additions and 6 deletions Side-by-side Diff
crypto/ablkcipher.c
| ... | ... | @@ -80,6 +80,7 @@ |
| 80 | 80 | crt->setkey = setkey; |
| 81 | 81 | crt->encrypt = alg->encrypt; |
| 82 | 82 | crt->decrypt = alg->decrypt; |
| 83 | + crt->base = __crypto_ablkcipher_cast(tfm); | |
| 83 | 84 | crt->ivsize = alg->ivsize; |
| 84 | 85 | |
| 85 | 86 | return 0; |
| 86 | 87 | |
| ... | ... | @@ -122,11 +123,13 @@ |
| 122 | 123 | if (alg->ivsize > PAGE_SIZE / 8) |
| 123 | 124 | return -EINVAL; |
| 124 | 125 | |
| 125 | - crt->setkey = setkey; | |
| 126 | + crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ? | |
| 127 | + alg->setkey : setkey; | |
| 126 | 128 | crt->encrypt = alg->encrypt; |
| 127 | 129 | crt->decrypt = alg->decrypt; |
| 128 | 130 | crt->givencrypt = alg->givencrypt; |
| 129 | 131 | crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt; |
| 132 | + crt->base = __crypto_ablkcipher_cast(tfm); | |
| 130 | 133 | crt->ivsize = alg->ivsize; |
| 131 | 134 | |
| 132 | 135 | return 0; |
| ... | ... | @@ -154,6 +157,11 @@ |
| 154 | 157 | #endif |
| 155 | 158 | }; |
| 156 | 159 | EXPORT_SYMBOL_GPL(crypto_givcipher_type); |
| 160 | + | |
| 161 | +const char *crypto_default_geniv(const struct crypto_alg *alg) | |
| 162 | +{ | |
| 163 | + return alg->cra_flags & CRYPTO_ALG_ASYNC ? "eseqiv" : "chainiv"; | |
| 164 | +} | |
| 157 | 165 | |
| 158 | 166 | int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn, const char *name, |
| 159 | 167 | u32 type, u32 mask) |
crypto/blkcipher.c
| ... | ... | @@ -14,8 +14,8 @@ |
| 14 | 14 | * |
| 15 | 15 | */ |
| 16 | 16 | |
| 17 | +#include <crypto/internal/skcipher.h> | |
| 17 | 18 | #include <crypto/scatterwalk.h> |
| 18 | -#include <linux/crypto.h> | |
| 19 | 19 | #include <linux/errno.h> |
| 20 | 20 | #include <linux/hardirq.h> |
| 21 | 21 | #include <linux/kernel.h> |
| ... | ... | @@ -450,6 +450,7 @@ |
| 450 | 450 | crt->setkey = async_setkey; |
| 451 | 451 | crt->encrypt = async_encrypt; |
| 452 | 452 | crt->decrypt = async_decrypt; |
| 453 | + crt->base = __crypto_ablkcipher_cast(tfm); | |
| 453 | 454 | crt->ivsize = alg->ivsize; |
| 454 | 455 | |
| 455 | 456 | return 0; |
| ... | ... | @@ -508,6 +509,188 @@ |
| 508 | 509 | #endif |
| 509 | 510 | }; |
| 510 | 511 | EXPORT_SYMBOL_GPL(crypto_blkcipher_type); |
| 512 | + | |
| 513 | +static int crypto_grab_nivcipher(struct crypto_skcipher_spawn *spawn, | |
| 514 | + const char *name, u32 type, u32 mask) | |
| 515 | +{ | |
| 516 | + struct crypto_alg *alg; | |
| 517 | + int err; | |
| 518 | + | |
| 519 | + type = crypto_skcipher_type(type); | |
| 520 | + mask = crypto_skcipher_mask(mask) | CRYPTO_ALG_GENIV; | |
| 521 | + | |
| 522 | + alg = crypto_alg_mod_lookup(name, type, mask); | |
| 523 | + if (IS_ERR(alg)) | |
| 524 | + return PTR_ERR(alg); | |
| 525 | + | |
| 526 | + err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask); | |
| 527 | + crypto_mod_put(alg); | |
| 528 | + return err; | |
| 529 | +} | |
| 530 | + | |
| 531 | +struct crypto_instance *skcipher_geniv_alloc(struct crypto_template *tmpl, | |
| 532 | + struct rtattr **tb, u32 type, | |
| 533 | + u32 mask) | |
| 534 | +{ | |
| 535 | + struct { | |
| 536 | + int (*setkey)(struct crypto_ablkcipher *tfm, const u8 *key, | |
| 537 | + unsigned int keylen); | |
| 538 | + int (*encrypt)(struct ablkcipher_request *req); | |
| 539 | + int (*decrypt)(struct ablkcipher_request *req); | |
| 540 | + | |
| 541 | + unsigned int min_keysize; | |
| 542 | + unsigned int max_keysize; | |
| 543 | + unsigned int ivsize; | |
| 544 | + | |
| 545 | + const char *geniv; | |
| 546 | + } balg; | |
| 547 | + const char *name; | |
| 548 | + struct crypto_skcipher_spawn *spawn; | |
| 549 | + struct crypto_attr_type *algt; | |
| 550 | + struct crypto_instance *inst; | |
| 551 | + struct crypto_alg *alg; | |
| 552 | + int err; | |
| 553 | + | |
| 554 | + algt = crypto_get_attr_type(tb); | |
| 555 | + err = PTR_ERR(algt); | |
| 556 | + if (IS_ERR(algt)) | |
| 557 | + return ERR_PTR(err); | |
| 558 | + | |
| 559 | + if ((algt->type ^ (CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_GENIV)) & | |
| 560 | + algt->mask) | |
| 561 | + return ERR_PTR(-EINVAL); | |
| 562 | + | |
| 563 | + name = crypto_attr_alg_name(tb[1]); | |
| 564 | + err = PTR_ERR(name); | |
| 565 | + if (IS_ERR(name)) | |
| 566 | + return ERR_PTR(err); | |
| 567 | + | |
| 568 | + inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); | |
| 569 | + if (!inst) | |
| 570 | + return ERR_PTR(-ENOMEM); | |
| 571 | + | |
| 572 | + spawn = crypto_instance_ctx(inst); | |
| 573 | + | |
| 574 | + /* Ignore async algorithms if necessary. */ | |
| 575 | + mask |= crypto_requires_sync(algt->type, algt->mask); | |
| 576 | + | |
| 577 | + crypto_set_skcipher_spawn(spawn, inst); | |
| 578 | + err = crypto_grab_nivcipher(spawn, name, type, mask); | |
| 579 | + if (err) | |
| 580 | + goto err_free_inst; | |
| 581 | + | |
| 582 | + alg = crypto_skcipher_spawn_alg(spawn); | |
| 583 | + | |
| 584 | + if ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == | |
| 585 | + CRYPTO_ALG_TYPE_BLKCIPHER) { | |
| 586 | + balg.ivsize = alg->cra_blkcipher.ivsize; | |
| 587 | + balg.min_keysize = alg->cra_blkcipher.min_keysize; | |
| 588 | + balg.max_keysize = alg->cra_blkcipher.max_keysize; | |
| 589 | + | |
| 590 | + balg.setkey = async_setkey; | |
| 591 | + balg.encrypt = async_encrypt; | |
| 592 | + balg.decrypt = async_decrypt; | |
| 593 | + | |
| 594 | + balg.geniv = alg->cra_blkcipher.geniv; | |
| 595 | + } else { | |
| 596 | + balg.ivsize = alg->cra_ablkcipher.ivsize; | |
| 597 | + balg.min_keysize = alg->cra_ablkcipher.min_keysize; | |
| 598 | + balg.max_keysize = alg->cra_ablkcipher.max_keysize; | |
| 599 | + | |
| 600 | + balg.setkey = alg->cra_ablkcipher.setkey; | |
| 601 | + balg.encrypt = alg->cra_ablkcipher.encrypt; | |
| 602 | + balg.decrypt = alg->cra_ablkcipher.decrypt; | |
| 603 | + | |
| 604 | + balg.geniv = alg->cra_ablkcipher.geniv; | |
| 605 | + } | |
| 606 | + | |
| 607 | + err = -EINVAL; | |
| 608 | + if (!balg.ivsize) | |
| 609 | + goto err_drop_alg; | |
| 610 | + | |
| 611 | + /* | |
| 612 | + * This is only true if we're constructing an algorithm with its | |
| 613 | + * default IV generator. For the default generator we elide the | |
| 614 | + * template name and double-check the IV generator. | |
| 615 | + */ | |
| 616 | + if (algt->mask & CRYPTO_ALG_GENIV) { | |
| 617 | + if (!balg.geniv) | |
| 618 | + balg.geniv = crypto_default_geniv(alg); | |
| 619 | + err = -EAGAIN; | |
| 620 | + if (strcmp(tmpl->name, balg.geniv)) | |
| 621 | + goto err_drop_alg; | |
| 622 | + | |
| 623 | + memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME); | |
| 624 | + memcpy(inst->alg.cra_driver_name, alg->cra_driver_name, | |
| 625 | + CRYPTO_MAX_ALG_NAME); | |
| 626 | + } else { | |
| 627 | + err = -ENAMETOOLONG; | |
| 628 | + if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, | |
| 629 | + "%s(%s)", tmpl->name, alg->cra_name) >= | |
| 630 | + CRYPTO_MAX_ALG_NAME) | |
| 631 | + goto err_drop_alg; | |
| 632 | + if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, | |
| 633 | + "%s(%s)", tmpl->name, alg->cra_driver_name) >= | |
| 634 | + CRYPTO_MAX_ALG_NAME) | |
| 635 | + goto err_drop_alg; | |
| 636 | + } | |
| 637 | + | |
| 638 | + inst->alg.cra_flags = CRYPTO_ALG_TYPE_GIVCIPHER | CRYPTO_ALG_GENIV; | |
| 639 | + inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; | |
| 640 | + inst->alg.cra_priority = alg->cra_priority; | |
| 641 | + inst->alg.cra_blocksize = alg->cra_blocksize; | |
| 642 | + inst->alg.cra_alignmask = alg->cra_alignmask; | |
| 643 | + inst->alg.cra_type = &crypto_givcipher_type; | |
| 644 | + | |
| 645 | + inst->alg.cra_ablkcipher.ivsize = balg.ivsize; | |
| 646 | + inst->alg.cra_ablkcipher.min_keysize = balg.min_keysize; | |
| 647 | + inst->alg.cra_ablkcipher.max_keysize = balg.max_keysize; | |
| 648 | + inst->alg.cra_ablkcipher.geniv = balg.geniv; | |
| 649 | + | |
| 650 | + inst->alg.cra_ablkcipher.setkey = balg.setkey; | |
| 651 | + inst->alg.cra_ablkcipher.encrypt = balg.encrypt; | |
| 652 | + inst->alg.cra_ablkcipher.decrypt = balg.decrypt; | |
| 653 | + | |
| 654 | +out: | |
| 655 | + return inst; | |
| 656 | + | |
| 657 | +err_drop_alg: | |
| 658 | + crypto_drop_skcipher(spawn); | |
| 659 | +err_free_inst: | |
| 660 | + kfree(inst); | |
| 661 | + inst = ERR_PTR(err); | |
| 662 | + goto out; | |
| 663 | +} | |
| 664 | +EXPORT_SYMBOL_GPL(skcipher_geniv_alloc); | |
| 665 | + | |
| 666 | +void skcipher_geniv_free(struct crypto_instance *inst) | |
| 667 | +{ | |
| 668 | + crypto_drop_skcipher(crypto_instance_ctx(inst)); | |
| 669 | + kfree(inst); | |
| 670 | +} | |
| 671 | +EXPORT_SYMBOL_GPL(skcipher_geniv_free); | |
| 672 | + | |
| 673 | +int skcipher_geniv_init(struct crypto_tfm *tfm) | |
| 674 | +{ | |
| 675 | + struct crypto_instance *inst = (void *)tfm->__crt_alg; | |
| 676 | + struct crypto_ablkcipher *cipher; | |
| 677 | + | |
| 678 | + cipher = crypto_spawn_skcipher(crypto_instance_ctx(inst)); | |
| 679 | + if (IS_ERR(cipher)) | |
| 680 | + return PTR_ERR(cipher); | |
| 681 | + | |
| 682 | + tfm->crt_ablkcipher.base = cipher; | |
| 683 | + tfm->crt_ablkcipher.reqsize += crypto_ablkcipher_reqsize(cipher); | |
| 684 | + | |
| 685 | + return 0; | |
| 686 | +} | |
| 687 | +EXPORT_SYMBOL_GPL(skcipher_geniv_init); | |
| 688 | + | |
| 689 | +void skcipher_geniv_exit(struct crypto_tfm *tfm) | |
| 690 | +{ | |
| 691 | + crypto_free_ablkcipher(tfm->crt_ablkcipher.base); | |
| 692 | +} | |
| 693 | +EXPORT_SYMBOL_GPL(skcipher_geniv_exit); | |
| 511 | 694 | |
| 512 | 695 | MODULE_LICENSE("GPL"); |
| 513 | 696 | MODULE_DESCRIPTION("Generic block chaining cipher type"); |
include/crypto/internal/skcipher.h
| ... | ... | @@ -15,7 +15,10 @@ |
| 15 | 15 | |
| 16 | 16 | #include <crypto/algapi.h> |
| 17 | 17 | #include <crypto/skcipher.h> |
| 18 | +#include <linux/types.h> | |
| 18 | 19 | |
| 20 | +struct rtattr; | |
| 21 | + | |
| 19 | 22 | struct crypto_skcipher_spawn { |
| 20 | 23 | struct crypto_spawn base; |
| 21 | 24 | }; |
| ... | ... | @@ -48,6 +51,21 @@ |
| 48 | 51 | return __crypto_ablkcipher_cast( |
| 49 | 52 | crypto_spawn_tfm(&spawn->base, crypto_skcipher_type(0), |
| 50 | 53 | crypto_skcipher_mask(0))); |
| 54 | +} | |
| 55 | + | |
| 56 | +const char *crypto_default_geniv(const struct crypto_alg *alg); | |
| 57 | + | |
| 58 | +struct crypto_instance *skcipher_geniv_alloc(struct crypto_template *tmpl, | |
| 59 | + struct rtattr **tb, u32 type, | |
| 60 | + u32 mask); | |
| 61 | +void skcipher_geniv_free(struct crypto_instance *inst); | |
| 62 | +int skcipher_geniv_init(struct crypto_tfm *tfm); | |
| 63 | +void skcipher_geniv_exit(struct crypto_tfm *tfm); | |
| 64 | + | |
| 65 | +static inline struct crypto_ablkcipher *skcipher_geniv_cipher( | |
| 66 | + struct crypto_ablkcipher *geniv) | |
| 67 | +{ | |
| 68 | + return crypto_ablkcipher_crt(geniv)->base; | |
| 51 | 69 | } |
| 52 | 70 | |
| 53 | 71 | static inline void *skcipher_givcrypt_reqctx( |
include/linux/crypto.h
| ... | ... | @@ -53,6 +53,12 @@ |
| 53 | 53 | #define CRYPTO_ALG_NEED_FALLBACK 0x00000100 |
| 54 | 54 | |
| 55 | 55 | /* |
| 56 | + * This bit is set for symmetric key ciphers that have already been wrapped | |
| 57 | + * with a generic IV generator to prevent them from being wrapped again. | |
| 58 | + */ | |
| 59 | +#define CRYPTO_ALG_GENIV 0x00000200 | |
| 60 | + | |
| 61 | +/* | |
| 56 | 62 | * Transform masks and values (for crt_flags). |
| 57 | 63 | */ |
| 58 | 64 | #define CRYPTO_TFM_REQ_MASK 0x000fff00 |
| ... | ... | @@ -331,6 +337,8 @@ |
| 331 | 337 | int (*givencrypt)(struct skcipher_givcrypt_request *req); |
| 332 | 338 | int (*givdecrypt)(struct skcipher_givcrypt_request *req); |
| 333 | 339 | |
| 340 | + struct crypto_ablkcipher *base; | |
| 341 | + | |
| 334 | 342 | unsigned int ivsize; |
| 335 | 343 | unsigned int reqsize; |
| 336 | 344 | }; |
| 337 | 345 | |
| ... | ... | @@ -541,14 +549,14 @@ |
| 541 | 549 | |
| 542 | 550 | static inline u32 crypto_skcipher_type(u32 type) |
| 543 | 551 | { |
| 544 | - type &= ~CRYPTO_ALG_TYPE_MASK; | |
| 552 | + type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); | |
| 545 | 553 | type |= CRYPTO_ALG_TYPE_BLKCIPHER; |
| 546 | 554 | return type; |
| 547 | 555 | } |
| 548 | 556 | |
| 549 | 557 | static inline u32 crypto_skcipher_mask(u32 mask) |
| 550 | 558 | { |
| 551 | - mask &= ~CRYPTO_ALG_TYPE_MASK; | |
| 559 | + mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); | |
| 552 | 560 | mask |= CRYPTO_ALG_TYPE_BLKCIPHER_MASK; |
| 553 | 561 | return mask; |
| 554 | 562 | } |
| ... | ... | @@ -623,7 +631,9 @@ |
| 623 | 631 | static inline int crypto_ablkcipher_setkey(struct crypto_ablkcipher *tfm, |
| 624 | 632 | const u8 *key, unsigned int keylen) |
| 625 | 633 | { |
| 626 | - return crypto_ablkcipher_crt(tfm)->setkey(tfm, key, keylen); | |
| 634 | + struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(tfm); | |
| 635 | + | |
| 636 | + return crt->setkey(crt->base, key, keylen); | |
| 627 | 637 | } |
| 628 | 638 | |
| 629 | 639 | static inline struct crypto_ablkcipher *crypto_ablkcipher_reqtfm( |
| ... | ... | @@ -655,7 +665,7 @@ |
| 655 | 665 | static inline void ablkcipher_request_set_tfm( |
| 656 | 666 | struct ablkcipher_request *req, struct crypto_ablkcipher *tfm) |
| 657 | 667 | { |
| 658 | - req->base.tfm = crypto_ablkcipher_tfm(tfm); | |
| 668 | + req->base.tfm = crypto_ablkcipher_tfm(crypto_ablkcipher_crt(tfm)->base); | |
| 659 | 669 | } |
| 660 | 670 | |
| 661 | 671 | static inline struct ablkcipher_request *ablkcipher_request_cast( |