Commit | Line | Data |
---|---|---|
1ae97820 HX |
1 | /* |
2 | * AEAD: Authenticated Encryption with Associated Data | |
3922538f | 3 | * |
1ae97820 HX |
4 | * This file provides API support for AEAD algorithms. |
5 | * | |
6 | * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the Free | |
3922538f | 10 | * Software Foundation; either version 2 of the License, or (at your option) |
1ae97820 HX |
11 | * any later version. |
12 | * | |
13 | */ | |
14 | ||
6350449f | 15 | #include <crypto/internal/geniv.h> |
996d98d8 | 16 | #include <crypto/scatterwalk.h> |
5b6d2d7f | 17 | #include <linux/err.h> |
1ae97820 HX |
18 | #include <linux/init.h> |
19 | #include <linux/kernel.h> | |
20 | #include <linux/module.h> | |
d29ce988 | 21 | #include <linux/rtnetlink.h> |
d43c36dc | 22 | #include <linux/sched.h> |
1ae97820 HX |
23 | #include <linux/slab.h> |
24 | #include <linux/seq_file.h> | |
6ad414fe SK |
25 | #include <linux/cryptouser.h> |
26 | #include <net/netlink.h> | |
1ae97820 | 27 | |
5b6d2d7f HX |
28 | #include "internal.h" |
29 | ||
6350449f HX |
30 | struct compat_request_ctx { |
31 | struct scatterlist src[2]; | |
32 | struct scatterlist dst[2]; | |
33 | struct scatterlist ivbuf[2]; | |
34 | struct scatterlist *ivsg; | |
35 | struct aead_givcrypt_request subreq; | |
36 | }; | |
37 | ||
5d1d65f8 HX |
38 | static int aead_null_givencrypt(struct aead_givcrypt_request *req); |
39 | static int aead_null_givdecrypt(struct aead_givcrypt_request *req); | |
40 | ||
1ae97820 HX |
41 | static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, |
42 | unsigned int keylen) | |
43 | { | |
1ae97820 HX |
44 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
45 | int ret; | |
46 | u8 *buffer, *alignbuffer; | |
47 | unsigned long absize; | |
48 | ||
49 | absize = keylen + alignmask; | |
50 | buffer = kmalloc(absize, GFP_ATOMIC); | |
51 | if (!buffer) | |
52 | return -ENOMEM; | |
53 | ||
54 | alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | |
55 | memcpy(alignbuffer, key, keylen); | |
63293c61 | 56 | ret = tfm->setkey(tfm, alignbuffer, keylen); |
1ae97820 HX |
57 | memset(alignbuffer, 0, keylen); |
58 | kfree(buffer); | |
59 | return ret; | |
60 | } | |
61 | ||
5d1d65f8 HX |
62 | int crypto_aead_setkey(struct crypto_aead *tfm, |
63 | const u8 *key, unsigned int keylen) | |
1ae97820 | 64 | { |
1ae97820 HX |
65 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
66 | ||
5d1d65f8 HX |
67 | tfm = tfm->child; |
68 | ||
1ae97820 HX |
69 | if ((unsigned long)key & alignmask) |
70 | return setkey_unaligned(tfm, key, keylen); | |
71 | ||
63293c61 | 72 | return tfm->setkey(tfm, key, keylen); |
1ae97820 | 73 | } |
5d1d65f8 | 74 | EXPORT_SYMBOL_GPL(crypto_aead_setkey); |
1ae97820 | 75 | |
7ba683a6 HX |
76 | int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) |
77 | { | |
78 | int err; | |
79 | ||
30e4c010 | 80 | if (authsize > crypto_aead_maxauthsize(tfm)) |
7ba683a6 HX |
81 | return -EINVAL; |
82 | ||
63293c61 HX |
83 | if (tfm->setauthsize) { |
84 | err = tfm->setauthsize(tfm->child, authsize); | |
7ba683a6 HX |
85 | if (err) |
86 | return err; | |
87 | } | |
88 | ||
5d1d65f8 HX |
89 | tfm->child->authsize = authsize; |
90 | tfm->authsize = authsize; | |
7ba683a6 HX |
91 | return 0; |
92 | } | |
93 | EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); | |
94 | ||
996d98d8 HX |
95 | struct aead_old_request { |
96 | struct scatterlist srcbuf[2]; | |
97 | struct scatterlist dstbuf[2]; | |
98 | struct aead_request subreq; | |
99 | }; | |
100 | ||
101 | unsigned int crypto_aead_reqsize(struct crypto_aead *tfm) | |
102 | { | |
103 | return tfm->reqsize + sizeof(struct aead_old_request); | |
104 | } | |
105 | EXPORT_SYMBOL_GPL(crypto_aead_reqsize); | |
106 | ||
107 | static int old_crypt(struct aead_request *req, | |
108 | int (*crypt)(struct aead_request *req)) | |
109 | { | |
110 | struct aead_old_request *nreq = aead_request_ctx(req); | |
111 | struct crypto_aead *aead = crypto_aead_reqtfm(req); | |
112 | struct scatterlist *src, *dst; | |
113 | ||
114 | if (req->old) | |
115 | return crypt(req); | |
116 | ||
374d4ad1 | 117 | src = scatterwalk_ffwd(nreq->srcbuf, req->src, req->assoclen); |
b455eb80 HX |
118 | dst = req->src == req->dst ? |
119 | src : scatterwalk_ffwd(nreq->dstbuf, req->dst, req->assoclen); | |
996d98d8 HX |
120 | |
121 | aead_request_set_tfm(&nreq->subreq, aead); | |
122 | aead_request_set_callback(&nreq->subreq, aead_request_flags(req), | |
123 | req->base.complete, req->base.data); | |
124 | aead_request_set_crypt(&nreq->subreq, src, dst, req->cryptlen, | |
125 | req->iv); | |
126 | aead_request_set_assoc(&nreq->subreq, req->src, req->assoclen); | |
127 | ||
128 | return crypt(&nreq->subreq); | |
129 | } | |
130 | ||
131 | static int old_encrypt(struct aead_request *req) | |
132 | { | |
133 | struct crypto_aead *aead = crypto_aead_reqtfm(req); | |
2d0f230f | 134 | struct old_aead_alg *alg = crypto_old_aead_alg(aead); |
996d98d8 HX |
135 | |
136 | return old_crypt(req, alg->encrypt); | |
137 | } | |
138 | ||
139 | static int old_decrypt(struct aead_request *req) | |
140 | { | |
141 | struct crypto_aead *aead = crypto_aead_reqtfm(req); | |
2d0f230f | 142 | struct old_aead_alg *alg = crypto_old_aead_alg(aead); |
996d98d8 HX |
143 | |
144 | return old_crypt(req, alg->decrypt); | |
145 | } | |
146 | ||
aedb30dc | 147 | static int no_givcrypt(struct aead_givcrypt_request *req) |
743edf57 HX |
148 | { |
149 | return -ENOSYS; | |
150 | } | |
151 | ||
63293c61 | 152 | static int crypto_old_aead_init_tfm(struct crypto_tfm *tfm) |
1ae97820 | 153 | { |
2d0f230f | 154 | struct old_aead_alg *alg = &tfm->__crt_alg->cra_aead; |
5d1d65f8 | 155 | struct crypto_aead *crt = __crypto_aead_cast(tfm); |
1ae97820 | 156 | |
7ba683a6 | 157 | if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8) |
1ae97820 HX |
158 | return -EINVAL; |
159 | ||
63293c61 HX |
160 | crt->setkey = alg->setkey; |
161 | crt->setauthsize = alg->setauthsize; | |
996d98d8 HX |
162 | crt->encrypt = old_encrypt; |
163 | crt->decrypt = old_decrypt; | |
5d1d65f8 HX |
164 | if (alg->ivsize) { |
165 | crt->givencrypt = alg->givencrypt ?: no_givcrypt; | |
166 | crt->givdecrypt = alg->givdecrypt ?: no_givcrypt; | |
167 | } else { | |
168 | crt->givencrypt = aead_null_givencrypt; | |
169 | crt->givdecrypt = aead_null_givdecrypt; | |
170 | } | |
171 | crt->child = __crypto_aead_cast(tfm); | |
7ba683a6 | 172 | crt->authsize = alg->maxauthsize; |
1ae97820 HX |
173 | |
174 | return 0; | |
175 | } | |
176 | ||
63293c61 HX |
177 | static int crypto_aead_init_tfm(struct crypto_tfm *tfm) |
178 | { | |
179 | struct crypto_aead *aead = __crypto_aead_cast(tfm); | |
180 | struct aead_alg *alg = crypto_aead_alg(aead); | |
181 | ||
182 | if (crypto_old_aead_alg(aead)->encrypt) | |
183 | return crypto_old_aead_init_tfm(tfm); | |
184 | ||
185 | aead->setkey = alg->setkey; | |
186 | aead->setauthsize = alg->setauthsize; | |
187 | aead->encrypt = alg->encrypt; | |
188 | aead->decrypt = alg->decrypt; | |
189 | aead->child = __crypto_aead_cast(tfm); | |
63293c61 HX |
190 | aead->authsize = alg->maxauthsize; |
191 | ||
192 | return 0; | |
193 | } | |
194 | ||
3acc8473 | 195 | #ifdef CONFIG_NET |
63293c61 | 196 | static int crypto_old_aead_report(struct sk_buff *skb, struct crypto_alg *alg) |
6ad414fe SK |
197 | { |
198 | struct crypto_report_aead raead; | |
2d0f230f | 199 | struct old_aead_alg *aead = &alg->cra_aead; |
6ad414fe | 200 | |
9a5467bf MK |
201 | strncpy(raead.type, "aead", sizeof(raead.type)); |
202 | strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv)); | |
6ad414fe SK |
203 | |
204 | raead.blocksize = alg->cra_blocksize; | |
205 | raead.maxauthsize = aead->maxauthsize; | |
206 | raead.ivsize = aead->ivsize; | |
207 | ||
6662df33 DM |
208 | if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, |
209 | sizeof(struct crypto_report_aead), &raead)) | |
210 | goto nla_put_failure; | |
6ad414fe SK |
211 | return 0; |
212 | ||
213 | nla_put_failure: | |
214 | return -EMSGSIZE; | |
215 | } | |
3acc8473 | 216 | #else |
63293c61 | 217 | static int crypto_old_aead_report(struct sk_buff *skb, struct crypto_alg *alg) |
3acc8473 HX |
218 | { |
219 | return -ENOSYS; | |
220 | } | |
221 | #endif | |
6ad414fe | 222 | |
63293c61 | 223 | static void crypto_old_aead_show(struct seq_file *m, struct crypto_alg *alg) |
1ae97820 | 224 | __attribute__ ((unused)); |
63293c61 | 225 | static void crypto_old_aead_show(struct seq_file *m, struct crypto_alg *alg) |
1ae97820 | 226 | { |
2d0f230f | 227 | struct old_aead_alg *aead = &alg->cra_aead; |
1ae97820 HX |
228 | |
229 | seq_printf(m, "type : aead\n"); | |
189ed66e HX |
230 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? |
231 | "yes" : "no"); | |
1ae97820 HX |
232 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
233 | seq_printf(m, "ivsize : %u\n", aead->ivsize); | |
7ba683a6 | 234 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); |
5b6d2d7f | 235 | seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>"); |
1ae97820 HX |
236 | } |
237 | ||
238 | const struct crypto_type crypto_aead_type = { | |
5d1d65f8 HX |
239 | .extsize = crypto_alg_extsize, |
240 | .init_tfm = crypto_aead_init_tfm, | |
1ae97820 | 241 | #ifdef CONFIG_PROC_FS |
63293c61 | 242 | .show = crypto_old_aead_show, |
1ae97820 | 243 | #endif |
63293c61 | 244 | .report = crypto_old_aead_report, |
5d1d65f8 HX |
245 | .lookup = crypto_lookup_aead, |
246 | .maskclear = ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV), | |
247 | .maskset = CRYPTO_ALG_TYPE_MASK, | |
248 | .type = CRYPTO_ALG_TYPE_AEAD, | |
249 | .tfmsize = offsetof(struct crypto_aead, base), | |
1ae97820 HX |
250 | }; |
251 | EXPORT_SYMBOL_GPL(crypto_aead_type); | |
252 | ||
63293c61 HX |
253 | #ifdef CONFIG_NET |
254 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) | |
255 | { | |
256 | struct crypto_report_aead raead; | |
257 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); | |
258 | ||
259 | strncpy(raead.type, "aead", sizeof(raead.type)); | |
260 | strncpy(raead.geniv, "<none>", sizeof(raead.geniv)); | |
261 | ||
262 | raead.blocksize = alg->cra_blocksize; | |
263 | raead.maxauthsize = aead->maxauthsize; | |
264 | raead.ivsize = aead->ivsize; | |
265 | ||
266 | if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, | |
267 | sizeof(struct crypto_report_aead), &raead)) | |
268 | goto nla_put_failure; | |
269 | return 0; | |
270 | ||
271 | nla_put_failure: | |
272 | return -EMSGSIZE; | |
273 | } | |
274 | #else | |
275 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) | |
276 | { | |
277 | return -ENOSYS; | |
278 | } | |
279 | #endif | |
280 | ||
281 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) | |
282 | __attribute__ ((unused)); | |
283 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) | |
284 | { | |
285 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); | |
286 | ||
287 | seq_printf(m, "type : aead\n"); | |
288 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? | |
289 | "yes" : "no"); | |
290 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); | |
291 | seq_printf(m, "ivsize : %u\n", aead->ivsize); | |
292 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); | |
293 | seq_printf(m, "geniv : <none>\n"); | |
294 | } | |
295 | ||
296 | static const struct crypto_type crypto_new_aead_type = { | |
297 | .extsize = crypto_alg_extsize, | |
298 | .init_tfm = crypto_aead_init_tfm, | |
299 | #ifdef CONFIG_PROC_FS | |
300 | .show = crypto_aead_show, | |
301 | #endif | |
302 | .report = crypto_aead_report, | |
303 | .maskclear = ~CRYPTO_ALG_TYPE_MASK, | |
304 | .maskset = CRYPTO_ALG_TYPE_MASK, | |
305 | .type = CRYPTO_ALG_TYPE_AEAD, | |
306 | .tfmsize = offsetof(struct crypto_aead, base), | |
307 | }; | |
308 | ||
5b6d2d7f HX |
309 | static int aead_null_givencrypt(struct aead_givcrypt_request *req) |
310 | { | |
311 | return crypto_aead_encrypt(&req->areq); | |
312 | } | |
313 | ||
314 | static int aead_null_givdecrypt(struct aead_givcrypt_request *req) | |
315 | { | |
316 | return crypto_aead_decrypt(&req->areq); | |
317 | } | |
318 | ||
3acc8473 | 319 | #ifdef CONFIG_NET |
b735d0a9 SK |
320 | static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) |
321 | { | |
322 | struct crypto_report_aead raead; | |
2d0f230f | 323 | struct old_aead_alg *aead = &alg->cra_aead; |
b735d0a9 | 324 | |
9a5467bf MK |
325 | strncpy(raead.type, "nivaead", sizeof(raead.type)); |
326 | strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv)); | |
b735d0a9 SK |
327 | |
328 | raead.blocksize = alg->cra_blocksize; | |
329 | raead.maxauthsize = aead->maxauthsize; | |
330 | raead.ivsize = aead->ivsize; | |
331 | ||
6662df33 DM |
332 | if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, |
333 | sizeof(struct crypto_report_aead), &raead)) | |
334 | goto nla_put_failure; | |
b735d0a9 SK |
335 | return 0; |
336 | ||
337 | nla_put_failure: | |
338 | return -EMSGSIZE; | |
339 | } | |
3acc8473 HX |
340 | #else |
341 | static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) | |
342 | { | |
343 | return -ENOSYS; | |
344 | } | |
345 | #endif | |
b735d0a9 SK |
346 | |
347 | ||
5b6d2d7f HX |
348 | static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) |
349 | __attribute__ ((unused)); | |
350 | static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) | |
351 | { | |
2d0f230f | 352 | struct old_aead_alg *aead = &alg->cra_aead; |
5b6d2d7f HX |
353 | |
354 | seq_printf(m, "type : nivaead\n"); | |
189ed66e HX |
355 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? |
356 | "yes" : "no"); | |
5b6d2d7f HX |
357 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
358 | seq_printf(m, "ivsize : %u\n", aead->ivsize); | |
359 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); | |
360 | seq_printf(m, "geniv : %s\n", aead->geniv); | |
361 | } | |
362 | ||
363 | const struct crypto_type crypto_nivaead_type = { | |
5d1d65f8 HX |
364 | .extsize = crypto_alg_extsize, |
365 | .init_tfm = crypto_aead_init_tfm, | |
5b6d2d7f HX |
366 | #ifdef CONFIG_PROC_FS |
367 | .show = crypto_nivaead_show, | |
368 | #endif | |
b735d0a9 | 369 | .report = crypto_nivaead_report, |
5d1d65f8 HX |
370 | .maskclear = ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV), |
371 | .maskset = CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV, | |
372 | .type = CRYPTO_ALG_TYPE_AEAD, | |
373 | .tfmsize = offsetof(struct crypto_aead, base), | |
5b6d2d7f HX |
374 | }; |
375 | EXPORT_SYMBOL_GPL(crypto_nivaead_type); | |
376 | ||
377 | static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn, | |
378 | const char *name, u32 type, u32 mask) | |
379 | { | |
5d1d65f8 HX |
380 | spawn->base.frontend = &crypto_nivaead_type; |
381 | return crypto_grab_spawn(&spawn->base, name, type, mask); | |
5b6d2d7f HX |
382 | } |
383 | ||
6350449f HX |
384 | static int aead_geniv_setkey(struct crypto_aead *tfm, |
385 | const u8 *key, unsigned int keylen) | |
386 | { | |
387 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); | |
388 | ||
389 | return crypto_aead_setkey(ctx->child, key, keylen); | |
390 | } | |
391 | ||
392 | static int aead_geniv_setauthsize(struct crypto_aead *tfm, | |
393 | unsigned int authsize) | |
394 | { | |
395 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); | |
396 | ||
397 | return crypto_aead_setauthsize(ctx->child, authsize); | |
398 | } | |
399 | ||
400 | static void compat_encrypt_complete2(struct aead_request *req, int err) | |
401 | { | |
402 | struct compat_request_ctx *rctx = aead_request_ctx(req); | |
403 | struct aead_givcrypt_request *subreq = &rctx->subreq; | |
404 | struct crypto_aead *geniv; | |
405 | ||
406 | if (err == -EINPROGRESS) | |
407 | return; | |
408 | ||
409 | if (err) | |
410 | goto out; | |
411 | ||
412 | geniv = crypto_aead_reqtfm(req); | |
413 | scatterwalk_map_and_copy(subreq->giv, rctx->ivsg, 0, | |
414 | crypto_aead_ivsize(geniv), 1); | |
415 | ||
416 | out: | |
417 | kzfree(subreq->giv); | |
418 | } | |
419 | ||
420 | static void compat_encrypt_complete(struct crypto_async_request *base, int err) | |
421 | { | |
422 | struct aead_request *req = base->data; | |
423 | ||
424 | compat_encrypt_complete2(req, err); | |
425 | aead_request_complete(req, err); | |
426 | } | |
427 | ||
428 | static int compat_encrypt(struct aead_request *req) | |
429 | { | |
430 | struct crypto_aead *geniv = crypto_aead_reqtfm(req); | |
431 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); | |
432 | struct compat_request_ctx *rctx = aead_request_ctx(req); | |
433 | struct aead_givcrypt_request *subreq = &rctx->subreq; | |
434 | unsigned int ivsize = crypto_aead_ivsize(geniv); | |
435 | struct scatterlist *src, *dst; | |
436 | crypto_completion_t compl; | |
437 | void *data; | |
438 | u8 *info; | |
439 | __be64 seq; | |
440 | int err; | |
441 | ||
442 | if (req->cryptlen < ivsize) | |
443 | return -EINVAL; | |
444 | ||
445 | compl = req->base.complete; | |
446 | data = req->base.data; | |
447 | ||
448 | rctx->ivsg = scatterwalk_ffwd(rctx->ivbuf, req->dst, req->assoclen); | |
449 | info = PageHighMem(sg_page(rctx->ivsg)) ? NULL : sg_virt(rctx->ivsg); | |
450 | ||
451 | if (!info) { | |
452 | info = kmalloc(ivsize, req->base.flags & | |
453 | CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL: | |
454 | GFP_ATOMIC); | |
455 | if (!info) | |
456 | return -ENOMEM; | |
457 | ||
458 | compl = compat_encrypt_complete; | |
459 | data = req; | |
460 | } | |
461 | ||
462 | memcpy(&seq, req->iv + ivsize - sizeof(seq), sizeof(seq)); | |
463 | ||
464 | src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen + ivsize); | |
465 | dst = req->src == req->dst ? | |
466 | src : scatterwalk_ffwd(rctx->dst, rctx->ivsg, ivsize); | |
467 | ||
468 | aead_givcrypt_set_tfm(subreq, ctx->child); | |
469 | aead_givcrypt_set_callback(subreq, req->base.flags, | |
470 | req->base.complete, req->base.data); | |
471 | aead_givcrypt_set_crypt(subreq, src, dst, | |
472 | req->cryptlen - ivsize, req->iv); | |
473 | aead_givcrypt_set_assoc(subreq, req->src, req->assoclen); | |
474 | aead_givcrypt_set_giv(subreq, info, be64_to_cpu(seq)); | |
475 | ||
476 | err = crypto_aead_givencrypt(subreq); | |
477 | if (unlikely(PageHighMem(sg_page(rctx->ivsg)))) | |
478 | compat_encrypt_complete2(req, err); | |
479 | return err; | |
480 | } | |
481 | ||
482 | static int compat_decrypt(struct aead_request *req) | |
483 | { | |
484 | struct crypto_aead *geniv = crypto_aead_reqtfm(req); | |
485 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); | |
486 | struct compat_request_ctx *rctx = aead_request_ctx(req); | |
487 | struct aead_request *subreq = &rctx->subreq.areq; | |
488 | unsigned int ivsize = crypto_aead_ivsize(geniv); | |
489 | struct scatterlist *src, *dst; | |
490 | crypto_completion_t compl; | |
491 | void *data; | |
492 | ||
493 | if (req->cryptlen < ivsize) | |
494 | return -EINVAL; | |
495 | ||
496 | aead_request_set_tfm(subreq, ctx->child); | |
497 | ||
498 | compl = req->base.complete; | |
499 | data = req->base.data; | |
500 | ||
501 | src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen + ivsize); | |
502 | dst = req->src == req->dst ? | |
503 | src : scatterwalk_ffwd(rctx->dst, req->dst, | |
504 | req->assoclen + ivsize); | |
505 | ||
506 | aead_request_set_callback(subreq, req->base.flags, compl, data); | |
507 | aead_request_set_crypt(subreq, src, dst, | |
508 | req->cryptlen - ivsize, req->iv); | |
509 | aead_request_set_assoc(subreq, req->src, req->assoclen); | |
510 | ||
511 | scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0); | |
512 | ||
513 | return crypto_aead_decrypt(subreq); | |
514 | } | |
515 | ||
516 | static int compat_encrypt_first(struct aead_request *req) | |
517 | { | |
518 | struct crypto_aead *geniv = crypto_aead_reqtfm(req); | |
519 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); | |
520 | int err = 0; | |
521 | ||
522 | spin_lock_bh(&ctx->lock); | |
523 | if (geniv->encrypt != compat_encrypt_first) | |
524 | goto unlock; | |
525 | ||
526 | geniv->encrypt = compat_encrypt; | |
527 | ||
528 | unlock: | |
529 | spin_unlock_bh(&ctx->lock); | |
530 | ||
531 | if (err) | |
532 | return err; | |
533 | ||
534 | return compat_encrypt(req); | |
535 | } | |
536 | ||
537 | static int aead_geniv_init_compat(struct crypto_tfm *tfm) | |
538 | { | |
539 | struct crypto_aead *geniv = __crypto_aead_cast(tfm); | |
540 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); | |
541 | int err; | |
542 | ||
543 | spin_lock_init(&ctx->lock); | |
544 | ||
545 | crypto_aead_set_reqsize(geniv, sizeof(struct compat_request_ctx)); | |
546 | ||
547 | err = aead_geniv_init(tfm); | |
548 | ||
549 | ctx->child = geniv->child; | |
550 | geniv->child = geniv; | |
551 | ||
552 | return err; | |
553 | } | |
554 | ||
555 | static void aead_geniv_exit_compat(struct crypto_tfm *tfm) | |
556 | { | |
557 | struct crypto_aead *geniv = __crypto_aead_cast(tfm); | |
558 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); | |
559 | ||
560 | crypto_free_aead(ctx->child); | |
561 | } | |
562 | ||
856e3f40 HX |
563 | struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, |
564 | struct rtattr **tb, u32 type, u32 mask) | |
5b6d2d7f HX |
565 | { |
566 | const char *name; | |
567 | struct crypto_aead_spawn *spawn; | |
568 | struct crypto_attr_type *algt; | |
856e3f40 HX |
569 | struct aead_instance *inst; |
570 | struct aead_alg *alg; | |
571 | unsigned int ivsize; | |
572 | unsigned int maxauthsize; | |
5b6d2d7f HX |
573 | int err; |
574 | ||
575 | algt = crypto_get_attr_type(tb); | |
5b6d2d7f | 576 | if (IS_ERR(algt)) |
3e8afe35 | 577 | return ERR_CAST(algt); |
5b6d2d7f HX |
578 | |
579 | if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) & | |
580 | algt->mask) | |
581 | return ERR_PTR(-EINVAL); | |
582 | ||
583 | name = crypto_attr_alg_name(tb[1]); | |
5b6d2d7f | 584 | if (IS_ERR(name)) |
3e8afe35 | 585 | return ERR_CAST(name); |
5b6d2d7f HX |
586 | |
587 | inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); | |
588 | if (!inst) | |
589 | return ERR_PTR(-ENOMEM); | |
590 | ||
856e3f40 | 591 | spawn = aead_instance_ctx(inst); |
5b6d2d7f HX |
592 | |
593 | /* Ignore async algorithms if necessary. */ | |
594 | mask |= crypto_requires_sync(algt->type, algt->mask); | |
595 | ||
856e3f40 | 596 | crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); |
6350449f HX |
597 | err = (algt->mask & CRYPTO_ALG_GENIV) ? |
598 | crypto_grab_nivaead(spawn, name, type, mask) : | |
599 | crypto_grab_aead(spawn, name, type, mask); | |
5b6d2d7f HX |
600 | if (err) |
601 | goto err_free_inst; | |
602 | ||
856e3f40 HX |
603 | alg = crypto_spawn_aead_alg(spawn); |
604 | ||
30e4c010 HX |
605 | ivsize = crypto_aead_alg_ivsize(alg); |
606 | maxauthsize = crypto_aead_alg_maxauthsize(alg); | |
5b6d2d7f HX |
607 | |
608 | err = -EINVAL; | |
6350449f | 609 | if (ivsize < sizeof(u64)) |
5b6d2d7f HX |
610 | goto err_drop_alg; |
611 | ||
612 | /* | |
613 | * This is only true if we're constructing an algorithm with its | |
614 | * default IV generator. For the default generator we elide the | |
615 | * template name and double-check the IV generator. | |
616 | */ | |
617 | if (algt->mask & CRYPTO_ALG_GENIV) { | |
856e3f40 HX |
618 | if (!alg->base.cra_aead.encrypt) |
619 | goto err_drop_alg; | |
620 | if (strcmp(tmpl->name, alg->base.cra_aead.geniv)) | |
5b6d2d7f HX |
621 | goto err_drop_alg; |
622 | ||
856e3f40 | 623 | memcpy(inst->alg.base.cra_name, alg->base.cra_name, |
5b6d2d7f | 624 | CRYPTO_MAX_ALG_NAME); |
856e3f40 HX |
625 | memcpy(inst->alg.base.cra_driver_name, |
626 | alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME); | |
627 | ||
628 | inst->alg.base.cra_flags = CRYPTO_ALG_TYPE_AEAD | | |
629 | CRYPTO_ALG_GENIV; | |
630 | inst->alg.base.cra_flags |= alg->base.cra_flags & | |
631 | CRYPTO_ALG_ASYNC; | |
632 | inst->alg.base.cra_priority = alg->base.cra_priority; | |
633 | inst->alg.base.cra_blocksize = alg->base.cra_blocksize; | |
634 | inst->alg.base.cra_alignmask = alg->base.cra_alignmask; | |
635 | inst->alg.base.cra_type = &crypto_aead_type; | |
636 | ||
637 | inst->alg.base.cra_aead.ivsize = ivsize; | |
638 | inst->alg.base.cra_aead.maxauthsize = maxauthsize; | |
639 | ||
640 | inst->alg.base.cra_aead.setkey = alg->base.cra_aead.setkey; | |
641 | inst->alg.base.cra_aead.setauthsize = | |
642 | alg->base.cra_aead.setauthsize; | |
643 | inst->alg.base.cra_aead.encrypt = alg->base.cra_aead.encrypt; | |
644 | inst->alg.base.cra_aead.decrypt = alg->base.cra_aead.decrypt; | |
645 | ||
646 | goto out; | |
5b6d2d7f HX |
647 | } |
648 | ||
856e3f40 HX |
649 | err = -ENAMETOOLONG; |
650 | if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, | |
651 | "%s(%s)", tmpl->name, alg->base.cra_name) >= | |
652 | CRYPTO_MAX_ALG_NAME) | |
653 | goto err_drop_alg; | |
654 | if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, | |
655 | "%s(%s)", tmpl->name, alg->base.cra_driver_name) >= | |
656 | CRYPTO_MAX_ALG_NAME) | |
657 | goto err_drop_alg; | |
5b6d2d7f | 658 | |
d1ee1f02 | 659 | inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; |
856e3f40 HX |
660 | inst->alg.base.cra_priority = alg->base.cra_priority; |
661 | inst->alg.base.cra_blocksize = alg->base.cra_blocksize; | |
662 | inst->alg.base.cra_alignmask = alg->base.cra_alignmask; | |
6350449f HX |
663 | inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); |
664 | ||
665 | inst->alg.setkey = aead_geniv_setkey; | |
666 | inst->alg.setauthsize = aead_geniv_setauthsize; | |
5b6d2d7f | 667 | |
856e3f40 HX |
668 | inst->alg.ivsize = ivsize; |
669 | inst->alg.maxauthsize = maxauthsize; | |
5b6d2d7f | 670 | |
6350449f HX |
671 | inst->alg.encrypt = compat_encrypt_first; |
672 | inst->alg.decrypt = compat_decrypt; | |
673 | ||
674 | inst->alg.base.cra_init = aead_geniv_init_compat; | |
675 | inst->alg.base.cra_exit = aead_geniv_exit_compat; | |
676 | ||
5b6d2d7f HX |
677 | out: |
678 | return inst; | |
679 | ||
680 | err_drop_alg: | |
681 | crypto_drop_aead(spawn); | |
682 | err_free_inst: | |
683 | kfree(inst); | |
684 | inst = ERR_PTR(err); | |
685 | goto out; | |
686 | } | |
687 | EXPORT_SYMBOL_GPL(aead_geniv_alloc); | |
688 | ||
856e3f40 | 689 | void aead_geniv_free(struct aead_instance *inst) |
5b6d2d7f | 690 | { |
856e3f40 | 691 | crypto_drop_aead(aead_instance_ctx(inst)); |
5b6d2d7f HX |
692 | kfree(inst); |
693 | } | |
694 | EXPORT_SYMBOL_GPL(aead_geniv_free); | |
695 | ||
696 | int aead_geniv_init(struct crypto_tfm *tfm) | |
697 | { | |
698 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | |
5d1d65f8 | 699 | struct crypto_aead *child; |
5b6d2d7f HX |
700 | struct crypto_aead *aead; |
701 | ||
5d1d65f8 | 702 | aead = __crypto_aead_cast(tfm); |
5b6d2d7f | 703 | |
5d1d65f8 HX |
704 | child = crypto_spawn_aead(crypto_instance_ctx(inst)); |
705 | if (IS_ERR(child)) | |
706 | return PTR_ERR(child); | |
707 | ||
708 | aead->child = child; | |
709 | aead->reqsize += crypto_aead_reqsize(child); | |
5b6d2d7f HX |
710 | |
711 | return 0; | |
712 | } | |
713 | EXPORT_SYMBOL_GPL(aead_geniv_init); | |
714 | ||
715 | void aead_geniv_exit(struct crypto_tfm *tfm) | |
716 | { | |
5d1d65f8 | 717 | crypto_free_aead(__crypto_aead_cast(tfm)->child); |
5b6d2d7f HX |
718 | } |
719 | EXPORT_SYMBOL_GPL(aead_geniv_exit); | |
720 | ||
d29ce988 HX |
721 | static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask) |
722 | { | |
723 | struct rtattr *tb[3]; | |
724 | struct { | |
725 | struct rtattr attr; | |
726 | struct crypto_attr_type data; | |
727 | } ptype; | |
728 | struct { | |
729 | struct rtattr attr; | |
730 | struct crypto_attr_alg data; | |
731 | } palg; | |
732 | struct crypto_template *tmpl; | |
733 | struct crypto_instance *inst; | |
734 | struct crypto_alg *larval; | |
735 | const char *geniv; | |
736 | int err; | |
737 | ||
738 | larval = crypto_larval_lookup(alg->cra_driver_name, | |
739 | CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV, | |
740 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); | |
741 | err = PTR_ERR(larval); | |
742 | if (IS_ERR(larval)) | |
743 | goto out; | |
744 | ||
745 | err = -EAGAIN; | |
746 | if (!crypto_is_larval(larval)) | |
747 | goto drop_larval; | |
748 | ||
749 | ptype.attr.rta_len = sizeof(ptype); | |
750 | ptype.attr.rta_type = CRYPTOA_TYPE; | |
751 | ptype.data.type = type | CRYPTO_ALG_GENIV; | |
752 | /* GENIV tells the template that we're making a default geniv. */ | |
753 | ptype.data.mask = mask | CRYPTO_ALG_GENIV; | |
754 | tb[0] = &ptype.attr; | |
755 | ||
756 | palg.attr.rta_len = sizeof(palg); | |
757 | palg.attr.rta_type = CRYPTOA_ALG; | |
758 | /* Must use the exact name to locate ourselves. */ | |
759 | memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME); | |
760 | tb[1] = &palg.attr; | |
761 | ||
762 | tb[2] = NULL; | |
763 | ||
764 | geniv = alg->cra_aead.geniv; | |
765 | ||
766 | tmpl = crypto_lookup_template(geniv); | |
767 | err = -ENOENT; | |
768 | if (!tmpl) | |
769 | goto kill_larval; | |
770 | ||
72af865d HX |
771 | if (tmpl->create) { |
772 | err = tmpl->create(tmpl, tb); | |
773 | if (err) | |
774 | goto put_tmpl; | |
775 | goto ok; | |
776 | } | |
777 | ||
d29ce988 HX |
778 | inst = tmpl->alloc(tb); |
779 | err = PTR_ERR(inst); | |
780 | if (IS_ERR(inst)) | |
781 | goto put_tmpl; | |
782 | ||
4fad478a JJ |
783 | err = crypto_register_instance(tmpl, inst); |
784 | if (err) { | |
d29ce988 HX |
785 | tmpl->free(inst); |
786 | goto put_tmpl; | |
787 | } | |
788 | ||
72af865d | 789 | ok: |
d29ce988 HX |
790 | /* Redo the lookup to use the instance we just registered. */ |
791 | err = -EAGAIN; | |
792 | ||
793 | put_tmpl: | |
794 | crypto_tmpl_put(tmpl); | |
795 | kill_larval: | |
796 | crypto_larval_kill(larval); | |
797 | drop_larval: | |
798 | crypto_mod_put(larval); | |
799 | out: | |
800 | crypto_mod_put(alg); | |
801 | return err; | |
802 | } | |
803 | ||
1e122994 | 804 | struct crypto_alg *crypto_lookup_aead(const char *name, u32 type, u32 mask) |
d29ce988 HX |
805 | { |
806 | struct crypto_alg *alg; | |
807 | ||
808 | alg = crypto_alg_mod_lookup(name, type, mask); | |
809 | if (IS_ERR(alg)) | |
810 | return alg; | |
811 | ||
812 | if (alg->cra_type == &crypto_aead_type) | |
813 | return alg; | |
814 | ||
815 | if (!alg->cra_aead.ivsize) | |
816 | return alg; | |
817 | ||
5852ae42 HX |
818 | crypto_mod_put(alg); |
819 | alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED, | |
820 | mask & ~CRYPTO_ALG_TESTED); | |
821 | if (IS_ERR(alg)) | |
822 | return alg; | |
823 | ||
824 | if (alg->cra_type == &crypto_aead_type) { | |
80f7b355 | 825 | if (~alg->cra_flags & (type ^ ~mask) & CRYPTO_ALG_TESTED) { |
5852ae42 HX |
826 | crypto_mod_put(alg); |
827 | alg = ERR_PTR(-ENOENT); | |
828 | } | |
829 | return alg; | |
830 | } | |
831 | ||
832 | BUG_ON(!alg->cra_aead.ivsize); | |
833 | ||
d29ce988 HX |
834 | return ERR_PTR(crypto_nivaead_default(alg, type, mask)); |
835 | } | |
1e122994 | 836 | EXPORT_SYMBOL_GPL(crypto_lookup_aead); |
d29ce988 HX |
837 | |
838 | int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name, | |
839 | u32 type, u32 mask) | |
840 | { | |
5d1d65f8 HX |
841 | spawn->base.frontend = &crypto_aead_type; |
842 | return crypto_grab_spawn(&spawn->base, name, type, mask); | |
d29ce988 HX |
843 | } |
844 | EXPORT_SYMBOL_GPL(crypto_grab_aead); | |
845 | ||
846 | struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) | |
847 | { | |
5d1d65f8 | 848 | return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); |
d29ce988 HX |
849 | } |
850 | EXPORT_SYMBOL_GPL(crypto_alloc_aead); | |
851 | ||
63293c61 HX |
852 | static int aead_prepare_alg(struct aead_alg *alg) |
853 | { | |
854 | struct crypto_alg *base = &alg->base; | |
855 | ||
856 | if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8) | |
857 | return -EINVAL; | |
858 | ||
859 | base->cra_type = &crypto_new_aead_type; | |
860 | base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; | |
861 | base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; | |
862 | ||
863 | return 0; | |
864 | } | |
865 | ||
866 | int crypto_register_aead(struct aead_alg *alg) | |
867 | { | |
868 | struct crypto_alg *base = &alg->base; | |
869 | int err; | |
870 | ||
871 | err = aead_prepare_alg(alg); | |
872 | if (err) | |
873 | return err; | |
874 | ||
875 | return crypto_register_alg(base); | |
876 | } | |
877 | EXPORT_SYMBOL_GPL(crypto_register_aead); | |
878 | ||
879 | int crypto_unregister_aead(struct aead_alg *alg) | |
880 | { | |
881 | return crypto_unregister_alg(&alg->base); | |
882 | } | |
883 | EXPORT_SYMBOL_GPL(crypto_unregister_aead); | |
884 | ||
885 | int aead_register_instance(struct crypto_template *tmpl, | |
886 | struct aead_instance *inst) | |
887 | { | |
888 | int err; | |
889 | ||
890 | err = aead_prepare_alg(&inst->alg); | |
891 | if (err) | |
892 | return err; | |
893 | ||
894 | return crypto_register_instance(tmpl, aead_crypto_instance(inst)); | |
895 | } | |
896 | EXPORT_SYMBOL_GPL(aead_register_instance); | |
897 | ||
1ae97820 HX |
898 | MODULE_LICENSE("GPL"); |
899 | MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); |