1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * AEAD: Authenticated Encryption with Associated Data 4 * 5 * This file provides API support for AEAD algorithms. 6 * 7 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <crypto/internal/aead.h> 11 #include <linux/cryptouser.h> 12 #include <linux/errno.h> 13 #include <linux/init.h> 14 #include <linux/kernel.h> 15 #include <linux/module.h> 16 #include <linux/slab.h> 17 #include <linux/seq_file.h> 18 #include <linux/string.h> 19 #include <net/netlink.h> 20 21 #include "internal.h" 22 setkey_unaligned(struct crypto_aead * tfm,const u8 * key,unsigned int keylen)23 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 24 unsigned int keylen) 25 { 26 unsigned long alignmask = crypto_aead_alignmask(tfm); 27 int ret; 28 u8 *buffer, *alignbuffer; 29 unsigned long absize; 30 31 absize = keylen + alignmask; 32 buffer = kmalloc(absize, GFP_ATOMIC); 33 if (!buffer) 34 return -ENOMEM; 35 36 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 37 memcpy(alignbuffer, key, keylen); 38 ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); 39 kfree_sensitive(buffer); 40 return ret; 41 } 42 crypto_aead_setkey(struct crypto_aead * tfm,const u8 * key,unsigned int keylen)43 int crypto_aead_setkey(struct crypto_aead *tfm, 44 const u8 *key, unsigned int keylen) 45 { 46 unsigned long alignmask = crypto_aead_alignmask(tfm); 47 int err; 48 49 if ((unsigned long)key & alignmask) 50 err = setkey_unaligned(tfm, key, keylen); 51 else 52 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); 53 54 if (unlikely(err)) { 55 crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY); 56 return err; 57 } 58 59 crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 60 return 0; 61 } 62 EXPORT_SYMBOL_GPL(crypto_aead_setkey); 63 crypto_aead_setauthsize(struct crypto_aead * tfm,unsigned int authsize)64 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 65 { 66 int err; 67 68 if ((!authsize && crypto_aead_maxauthsize(tfm)) || 69 authsize > crypto_aead_maxauthsize(tfm)) 70 return -EINVAL; 71 72 if (crypto_aead_alg(tfm)->setauthsize) { 73 err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); 74 if (err) 75 return err; 76 } 77 78 tfm->authsize = authsize; 79 return 0; 80 } 81 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); 82 crypto_aead_encrypt(struct aead_request * req)83 int crypto_aead_encrypt(struct aead_request *req) 84 { 85 struct crypto_aead *aead = crypto_aead_reqtfm(req); 86 87 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 88 return -ENOKEY; 89 90 return crypto_aead_alg(aead)->encrypt(req); 91 } 92 EXPORT_SYMBOL_GPL(crypto_aead_encrypt); 93 crypto_aead_decrypt(struct aead_request * req)94 int crypto_aead_decrypt(struct aead_request *req) 95 { 96 struct crypto_aead *aead = crypto_aead_reqtfm(req); 97 98 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 99 return -ENOKEY; 100 101 if (req->cryptlen < crypto_aead_authsize(aead)) 102 return -EINVAL; 103 104 return crypto_aead_alg(aead)->decrypt(req); 105 } 106 EXPORT_SYMBOL_GPL(crypto_aead_decrypt); 107 crypto_aead_exit_tfm(struct crypto_tfm * tfm)108 static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) 109 { 110 struct crypto_aead *aead = __crypto_aead_cast(tfm); 111 struct aead_alg *alg = crypto_aead_alg(aead); 112 113 alg->exit(aead); 114 } 115 crypto_aead_init_tfm(struct crypto_tfm * tfm)116 static int crypto_aead_init_tfm(struct crypto_tfm *tfm) 117 { 118 struct crypto_aead *aead = __crypto_aead_cast(tfm); 119 struct aead_alg *alg = crypto_aead_alg(aead); 120 121 crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY); 122 123 aead->authsize = alg->maxauthsize; 124 125 if (alg->exit) 126 aead->base.exit = crypto_aead_exit_tfm; 127 128 if (alg->init) 129 return alg->init(aead); 130 131 return 0; 132 } 133 crypto_aead_report(struct sk_buff * skb,struct crypto_alg * alg)134 static int __maybe_unused crypto_aead_report( 135 struct sk_buff *skb, struct crypto_alg *alg) 136 { 137 struct crypto_report_aead raead; 138 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 139 140 memset(&raead, 0, sizeof(raead)); 141 142 strscpy(raead.type, "aead", sizeof(raead.type)); 143 strscpy(raead.geniv, "<none>", sizeof(raead.geniv)); 144 145 raead.blocksize = alg->cra_blocksize; 146 raead.maxauthsize = aead->maxauthsize; 147 raead.ivsize = aead->ivsize; 148 149 return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead); 150 } 151 152 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 153 __maybe_unused; crypto_aead_show(struct seq_file * m,struct crypto_alg * alg)154 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 155 { 156 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 157 158 seq_printf(m, "type : aead\n"); 159 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? 160 "yes" : "no"); 161 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 162 seq_printf(m, "ivsize : %u\n", aead->ivsize); 163 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); 164 seq_printf(m, "geniv : <none>\n"); 165 } 166 crypto_aead_free_instance(struct crypto_instance * inst)167 static void crypto_aead_free_instance(struct crypto_instance *inst) 168 { 169 struct aead_instance *aead = aead_instance(inst); 170 171 aead->free(aead); 172 } 173 174 static const struct crypto_type crypto_aead_type = { 175 .extsize = crypto_alg_extsize, 176 .init_tfm = crypto_aead_init_tfm, 177 .free = crypto_aead_free_instance, 178 #ifdef CONFIG_PROC_FS 179 .show = crypto_aead_show, 180 #endif 181 #if IS_ENABLED(CONFIG_CRYPTO_USER) 182 .report = crypto_aead_report, 183 #endif 184 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 185 .maskset = CRYPTO_ALG_TYPE_MASK, 186 .type = CRYPTO_ALG_TYPE_AEAD, 187 .tfmsize = offsetof(struct crypto_aead, base), 188 }; 189 crypto_grab_aead(struct crypto_aead_spawn * spawn,struct crypto_instance * inst,const char * name,u32 type,u32 mask)190 int crypto_grab_aead(struct crypto_aead_spawn *spawn, 191 struct crypto_instance *inst, 192 const char *name, u32 type, u32 mask) 193 { 194 spawn->base.frontend = &crypto_aead_type; 195 return crypto_grab_spawn(&spawn->base, inst, name, type, mask); 196 } 197 EXPORT_SYMBOL_GPL(crypto_grab_aead); 198 crypto_alloc_aead(const char * alg_name,u32 type,u32 mask)199 struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) 200 { 201 return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); 202 } 203 EXPORT_SYMBOL_GPL(crypto_alloc_aead); 204 crypto_has_aead(const char * alg_name,u32 type,u32 mask)205 int crypto_has_aead(const char *alg_name, u32 type, u32 mask) 206 { 207 return crypto_type_has_alg(alg_name, &crypto_aead_type, type, mask); 208 } 209 EXPORT_SYMBOL_GPL(crypto_has_aead); 210 aead_prepare_alg(struct aead_alg * alg)211 static int aead_prepare_alg(struct aead_alg *alg) 212 { 213 struct crypto_alg *base = &alg->base; 214 215 if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > 216 PAGE_SIZE / 8) 217 return -EINVAL; 218 219 if (!alg->chunksize) 220 alg->chunksize = base->cra_blocksize; 221 222 base->cra_type = &crypto_aead_type; 223 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 224 base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; 225 226 return 0; 227 } 228 crypto_register_aead(struct aead_alg * alg)229 int crypto_register_aead(struct aead_alg *alg) 230 { 231 struct crypto_alg *base = &alg->base; 232 int err; 233 234 err = aead_prepare_alg(alg); 235 if (err) 236 return err; 237 238 return crypto_register_alg(base); 239 } 240 EXPORT_SYMBOL_GPL(crypto_register_aead); 241 crypto_unregister_aead(struct aead_alg * alg)242 void crypto_unregister_aead(struct aead_alg *alg) 243 { 244 crypto_unregister_alg(&alg->base); 245 } 246 EXPORT_SYMBOL_GPL(crypto_unregister_aead); 247 crypto_register_aeads(struct aead_alg * algs,int count)248 int crypto_register_aeads(struct aead_alg *algs, int count) 249 { 250 int i, ret; 251 252 for (i = 0; i < count; i++) { 253 ret = crypto_register_aead(&algs[i]); 254 if (ret) 255 goto err; 256 } 257 258 return 0; 259 260 err: 261 for (--i; i >= 0; --i) 262 crypto_unregister_aead(&algs[i]); 263 264 return ret; 265 } 266 EXPORT_SYMBOL_GPL(crypto_register_aeads); 267 crypto_unregister_aeads(struct aead_alg * algs,int count)268 void crypto_unregister_aeads(struct aead_alg *algs, int count) 269 { 270 int i; 271 272 for (i = count - 1; i >= 0; --i) 273 crypto_unregister_aead(&algs[i]); 274 } 275 EXPORT_SYMBOL_GPL(crypto_unregister_aeads); 276 aead_register_instance(struct crypto_template * tmpl,struct aead_instance * inst)277 int aead_register_instance(struct crypto_template *tmpl, 278 struct aead_instance *inst) 279 { 280 int err; 281 282 if (WARN_ON(!inst->free)) 283 return -EINVAL; 284 285 err = aead_prepare_alg(&inst->alg); 286 if (err) 287 return err; 288 289 return crypto_register_instance(tmpl, aead_crypto_instance(inst)); 290 } 291 EXPORT_SYMBOL_GPL(aead_register_instance); 292 293 MODULE_LICENSE("GPL"); 294 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); 295