1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Symmetric key cipher operations.
4 *
5 * Generic encrypt/decrypt wrapper for ciphers, handles operations across
6 * multiple page boundaries by using temporary blocks. In user context,
7 * the kernel is given a chance to schedule us once per page.
8 *
9 * Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
10 */
11
12 #include <crypto/internal/aead.h>
13 #include <crypto/internal/cipher.h>
14 #include <crypto/internal/skcipher.h>
15 #include <crypto/scatterwalk.h>
16 #include <linux/bug.h>
17 #include <linux/cryptouser.h>
18 #include <linux/err.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/module.h>
23 #include <linux/seq_file.h>
24 #include <linux/slab.h>
25 #include <linux/string.h>
26 #include <net/netlink.h>
27 #include "skcipher.h"
28
29 #define CRYPTO_ALG_TYPE_SKCIPHER_MASK 0x0000000e
30
31 enum {
32 SKCIPHER_WALK_PHYS = 1 << 0,
33 SKCIPHER_WALK_SLOW = 1 << 1,
34 SKCIPHER_WALK_COPY = 1 << 2,
35 SKCIPHER_WALK_DIFF = 1 << 3,
36 SKCIPHER_WALK_SLEEP = 1 << 4,
37 };
38
39 struct skcipher_walk_buffer {
40 struct list_head entry;
41 struct scatter_walk dst;
42 unsigned int len;
43 u8 *data;
44 u8 buffer[];
45 };
46
47 static const struct crypto_type crypto_skcipher_type;
48
49 static int skcipher_walk_next(struct skcipher_walk *walk);
50
skcipher_map_src(struct skcipher_walk * walk)51 static inline void skcipher_map_src(struct skcipher_walk *walk)
52 {
53 walk->src.virt.addr = scatterwalk_map(&walk->in);
54 }
55
skcipher_map_dst(struct skcipher_walk * walk)56 static inline void skcipher_map_dst(struct skcipher_walk *walk)
57 {
58 walk->dst.virt.addr = scatterwalk_map(&walk->out);
59 }
60
skcipher_unmap_src(struct skcipher_walk * walk)61 static inline void skcipher_unmap_src(struct skcipher_walk *walk)
62 {
63 scatterwalk_unmap(walk->src.virt.addr);
64 }
65
skcipher_unmap_dst(struct skcipher_walk * walk)66 static inline void skcipher_unmap_dst(struct skcipher_walk *walk)
67 {
68 scatterwalk_unmap(walk->dst.virt.addr);
69 }
70
skcipher_walk_gfp(struct skcipher_walk * walk)71 static inline gfp_t skcipher_walk_gfp(struct skcipher_walk *walk)
72 {
73 return walk->flags & SKCIPHER_WALK_SLEEP ? GFP_KERNEL : GFP_ATOMIC;
74 }
75
76 /* Get a spot of the specified length that does not straddle a page.
77 * The caller needs to ensure that there is enough space for this operation.
78 */
skcipher_get_spot(u8 * start,unsigned int len)79 static inline u8 *skcipher_get_spot(u8 *start, unsigned int len)
80 {
81 u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
82
83 return max(start, end_page);
84 }
85
__crypto_skcipher_alg(struct crypto_alg * alg)86 static inline struct skcipher_alg *__crypto_skcipher_alg(
87 struct crypto_alg *alg)
88 {
89 return container_of(alg, struct skcipher_alg, base);
90 }
91
skcipher_done_slow(struct skcipher_walk * walk,unsigned int bsize)92 static int skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
93 {
94 u8 *addr;
95
96 addr = (u8 *)ALIGN((unsigned long)walk->buffer, walk->alignmask + 1);
97 addr = skcipher_get_spot(addr, bsize);
98 scatterwalk_copychunks(addr, &walk->out, bsize,
99 (walk->flags & SKCIPHER_WALK_PHYS) ? 2 : 1);
100 return 0;
101 }
102
skcipher_walk_done(struct skcipher_walk * walk,int err)103 int skcipher_walk_done(struct skcipher_walk *walk, int err)
104 {
105 unsigned int n = walk->nbytes;
106 unsigned int nbytes = 0;
107
108 if (!n)
109 goto finish;
110
111 if (likely(err >= 0)) {
112 n -= err;
113 nbytes = walk->total - n;
114 }
115
116 if (likely(!(walk->flags & (SKCIPHER_WALK_PHYS |
117 SKCIPHER_WALK_SLOW |
118 SKCIPHER_WALK_COPY |
119 SKCIPHER_WALK_DIFF)))) {
120 unmap_src:
121 skcipher_unmap_src(walk);
122 } else if (walk->flags & SKCIPHER_WALK_DIFF) {
123 skcipher_unmap_dst(walk);
124 goto unmap_src;
125 } else if (walk->flags & SKCIPHER_WALK_COPY) {
126 skcipher_map_dst(walk);
127 memcpy(walk->dst.virt.addr, walk->page, n);
128 skcipher_unmap_dst(walk);
129 } else if (unlikely(walk->flags & SKCIPHER_WALK_SLOW)) {
130 if (err > 0) {
131 /*
132 * Didn't process all bytes. Either the algorithm is
133 * broken, or this was the last step and it turned out
134 * the message wasn't evenly divisible into blocks but
135 * the algorithm requires it.
136 */
137 err = -EINVAL;
138 nbytes = 0;
139 } else
140 n = skcipher_done_slow(walk, n);
141 }
142
143 if (err > 0)
144 err = 0;
145
146 walk->total = nbytes;
147 walk->nbytes = 0;
148
149 scatterwalk_advance(&walk->in, n);
150 scatterwalk_advance(&walk->out, n);
151 scatterwalk_done(&walk->in, 0, nbytes);
152 scatterwalk_done(&walk->out, 1, nbytes);
153
154 if (nbytes) {
155 crypto_yield(walk->flags & SKCIPHER_WALK_SLEEP ?
156 CRYPTO_TFM_REQ_MAY_SLEEP : 0);
157 return skcipher_walk_next(walk);
158 }
159
160 finish:
161 /* Short-circuit for the common/fast path. */
162 if (!((unsigned long)walk->buffer | (unsigned long)walk->page))
163 goto out;
164
165 if (walk->flags & SKCIPHER_WALK_PHYS)
166 goto out;
167
168 if (walk->iv != walk->oiv)
169 memcpy(walk->oiv, walk->iv, walk->ivsize);
170 if (walk->buffer != walk->page)
171 kfree(walk->buffer);
172 if (walk->page)
173 free_page((unsigned long)walk->page);
174
175 out:
176 return err;
177 }
178 EXPORT_SYMBOL_GPL(skcipher_walk_done);
179
skcipher_walk_complete(struct skcipher_walk * walk,int err)180 void skcipher_walk_complete(struct skcipher_walk *walk, int err)
181 {
182 struct skcipher_walk_buffer *p, *tmp;
183
184 list_for_each_entry_safe(p, tmp, &walk->buffers, entry) {
185 u8 *data;
186
187 if (err)
188 goto done;
189
190 data = p->data;
191 if (!data) {
192 data = PTR_ALIGN(&p->buffer[0], walk->alignmask + 1);
193 data = skcipher_get_spot(data, walk->stride);
194 }
195
196 scatterwalk_copychunks(data, &p->dst, p->len, 1);
197
198 if (offset_in_page(p->data) + p->len + walk->stride >
199 PAGE_SIZE)
200 free_page((unsigned long)p->data);
201
202 done:
203 list_del(&p->entry);
204 kfree(p);
205 }
206
207 if (!err && walk->iv != walk->oiv)
208 memcpy(walk->oiv, walk->iv, walk->ivsize);
209 if (walk->buffer != walk->page)
210 kfree(walk->buffer);
211 if (walk->page)
212 free_page((unsigned long)walk->page);
213 }
214 EXPORT_SYMBOL_GPL(skcipher_walk_complete);
215
skcipher_queue_write(struct skcipher_walk * walk,struct skcipher_walk_buffer * p)216 static void skcipher_queue_write(struct skcipher_walk *walk,
217 struct skcipher_walk_buffer *p)
218 {
219 p->dst = walk->out;
220 list_add_tail(&p->entry, &walk->buffers);
221 }
222
skcipher_next_slow(struct skcipher_walk * walk,unsigned int bsize)223 static int skcipher_next_slow(struct skcipher_walk *walk, unsigned int bsize)
224 {
225 bool phys = walk->flags & SKCIPHER_WALK_PHYS;
226 unsigned alignmask = walk->alignmask;
227 struct skcipher_walk_buffer *p;
228 unsigned a;
229 unsigned n;
230 u8 *buffer;
231 void *v;
232
233 if (!phys) {
234 if (!walk->buffer)
235 walk->buffer = walk->page;
236 buffer = walk->buffer;
237 if (buffer)
238 goto ok;
239 }
240
241 /* Start with the minimum alignment of kmalloc. */
242 a = crypto_tfm_ctx_alignment() - 1;
243 n = bsize;
244
245 if (phys) {
246 /* Calculate the minimum alignment of p->buffer. */
247 a &= (sizeof(*p) ^ (sizeof(*p) - 1)) >> 1;
248 n += sizeof(*p);
249 }
250
251 /* Minimum size to align p->buffer by alignmask. */
252 n += alignmask & ~a;
253
254 /* Minimum size to ensure p->buffer does not straddle a page. */
255 n += (bsize - 1) & ~(alignmask | a);
256
257 v = kzalloc(n, skcipher_walk_gfp(walk));
258 if (!v)
259 return skcipher_walk_done(walk, -ENOMEM);
260
261 if (phys) {
262 p = v;
263 p->len = bsize;
264 skcipher_queue_write(walk, p);
265 buffer = p->buffer;
266 } else {
267 walk->buffer = v;
268 buffer = v;
269 }
270
271 ok:
272 walk->dst.virt.addr = PTR_ALIGN(buffer, alignmask + 1);
273 walk->dst.virt.addr = skcipher_get_spot(walk->dst.virt.addr, bsize);
274 walk->src.virt.addr = walk->dst.virt.addr;
275
276 scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0);
277
278 walk->nbytes = bsize;
279 walk->flags |= SKCIPHER_WALK_SLOW;
280
281 return 0;
282 }
283
skcipher_next_copy(struct skcipher_walk * walk)284 static int skcipher_next_copy(struct skcipher_walk *walk)
285 {
286 struct skcipher_walk_buffer *p;
287 u8 *tmp = walk->page;
288
289 skcipher_map_src(walk);
290 memcpy(tmp, walk->src.virt.addr, walk->nbytes);
291 skcipher_unmap_src(walk);
292
293 walk->src.virt.addr = tmp;
294 walk->dst.virt.addr = tmp;
295
296 if (!(walk->flags & SKCIPHER_WALK_PHYS))
297 return 0;
298
299 p = kmalloc(sizeof(*p), skcipher_walk_gfp(walk));
300 if (!p)
301 return -ENOMEM;
302
303 p->data = walk->page;
304 p->len = walk->nbytes;
305 skcipher_queue_write(walk, p);
306
307 if (offset_in_page(walk->page) + walk->nbytes + walk->stride >
308 PAGE_SIZE)
309 walk->page = NULL;
310 else
311 walk->page += walk->nbytes;
312
313 return 0;
314 }
315
skcipher_next_fast(struct skcipher_walk * walk)316 static int skcipher_next_fast(struct skcipher_walk *walk)
317 {
318 unsigned long diff;
319
320 walk->src.phys.page = scatterwalk_page(&walk->in);
321 walk->src.phys.offset = offset_in_page(walk->in.offset);
322 walk->dst.phys.page = scatterwalk_page(&walk->out);
323 walk->dst.phys.offset = offset_in_page(walk->out.offset);
324
325 if (walk->flags & SKCIPHER_WALK_PHYS)
326 return 0;
327
328 diff = walk->src.phys.offset - walk->dst.phys.offset;
329 diff |= walk->src.virt.page - walk->dst.virt.page;
330
331 skcipher_map_src(walk);
332 walk->dst.virt.addr = walk->src.virt.addr;
333
334 if (diff) {
335 walk->flags |= SKCIPHER_WALK_DIFF;
336 skcipher_map_dst(walk);
337 }
338
339 return 0;
340 }
341
skcipher_walk_next(struct skcipher_walk * walk)342 static int skcipher_walk_next(struct skcipher_walk *walk)
343 {
344 unsigned int bsize;
345 unsigned int n;
346 int err;
347
348 walk->flags &= ~(SKCIPHER_WALK_SLOW | SKCIPHER_WALK_COPY |
349 SKCIPHER_WALK_DIFF);
350
351 n = walk->total;
352 bsize = min(walk->stride, max(n, walk->blocksize));
353 n = scatterwalk_clamp(&walk->in, n);
354 n = scatterwalk_clamp(&walk->out, n);
355
356 if (unlikely(n < bsize)) {
357 if (unlikely(walk->total < walk->blocksize))
358 return skcipher_walk_done(walk, -EINVAL);
359
360 slow_path:
361 err = skcipher_next_slow(walk, bsize);
362 goto set_phys_lowmem;
363 }
364
365 if (unlikely((walk->in.offset | walk->out.offset) & walk->alignmask)) {
366 if (!walk->page) {
367 gfp_t gfp = skcipher_walk_gfp(walk);
368
369 walk->page = (void *)__get_free_page(gfp);
370 if (!walk->page)
371 goto slow_path;
372 }
373
374 walk->nbytes = min_t(unsigned, n,
375 PAGE_SIZE - offset_in_page(walk->page));
376 walk->flags |= SKCIPHER_WALK_COPY;
377 err = skcipher_next_copy(walk);
378 goto set_phys_lowmem;
379 }
380
381 walk->nbytes = n;
382
383 return skcipher_next_fast(walk);
384
385 set_phys_lowmem:
386 if (!err && (walk->flags & SKCIPHER_WALK_PHYS)) {
387 walk->src.phys.page = virt_to_page(walk->src.virt.addr);
388 walk->dst.phys.page = virt_to_page(walk->dst.virt.addr);
389 walk->src.phys.offset &= PAGE_SIZE - 1;
390 walk->dst.phys.offset &= PAGE_SIZE - 1;
391 }
392 return err;
393 }
394
skcipher_copy_iv(struct skcipher_walk * walk)395 static int skcipher_copy_iv(struct skcipher_walk *walk)
396 {
397 unsigned a = crypto_tfm_ctx_alignment() - 1;
398 unsigned alignmask = walk->alignmask;
399 unsigned ivsize = walk->ivsize;
400 unsigned bs = walk->stride;
401 unsigned aligned_bs;
402 unsigned size;
403 u8 *iv;
404
405 aligned_bs = ALIGN(bs, alignmask + 1);
406
407 /* Minimum size to align buffer by alignmask. */
408 size = alignmask & ~a;
409
410 if (walk->flags & SKCIPHER_WALK_PHYS)
411 size += ivsize;
412 else {
413 size += aligned_bs + ivsize;
414
415 /* Minimum size to ensure buffer does not straddle a page. */
416 size += (bs - 1) & ~(alignmask | a);
417 }
418
419 walk->buffer = kmalloc(size, skcipher_walk_gfp(walk));
420 if (!walk->buffer)
421 return -ENOMEM;
422
423 iv = PTR_ALIGN(walk->buffer, alignmask + 1);
424 iv = skcipher_get_spot(iv, bs) + aligned_bs;
425
426 walk->iv = memcpy(iv, walk->iv, walk->ivsize);
427 return 0;
428 }
429
skcipher_walk_first(struct skcipher_walk * walk)430 static int skcipher_walk_first(struct skcipher_walk *walk)
431 {
432 if (WARN_ON_ONCE(in_hardirq()))
433 return -EDEADLK;
434
435 walk->buffer = NULL;
436 if (unlikely(((unsigned long)walk->iv & walk->alignmask))) {
437 int err = skcipher_copy_iv(walk);
438 if (err)
439 return err;
440 }
441
442 walk->page = NULL;
443
444 return skcipher_walk_next(walk);
445 }
446
skcipher_walk_skcipher(struct skcipher_walk * walk,struct skcipher_request * req)447 static int skcipher_walk_skcipher(struct skcipher_walk *walk,
448 struct skcipher_request *req)
449 {
450 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
451 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
452
453 walk->total = req->cryptlen;
454 walk->nbytes = 0;
455 walk->iv = req->iv;
456 walk->oiv = req->iv;
457
458 if (unlikely(!walk->total))
459 return 0;
460
461 scatterwalk_start(&walk->in, req->src);
462 scatterwalk_start(&walk->out, req->dst);
463
464 walk->flags &= ~SKCIPHER_WALK_SLEEP;
465 walk->flags |= req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
466 SKCIPHER_WALK_SLEEP : 0;
467
468 walk->blocksize = crypto_skcipher_blocksize(tfm);
469 walk->ivsize = crypto_skcipher_ivsize(tfm);
470 walk->alignmask = crypto_skcipher_alignmask(tfm);
471
472 if (alg->co.base.cra_type != &crypto_skcipher_type)
473 walk->stride = alg->co.chunksize;
474 else
475 walk->stride = alg->walksize;
476
477 return skcipher_walk_first(walk);
478 }
479
skcipher_walk_virt(struct skcipher_walk * walk,struct skcipher_request * req,bool atomic)480 int skcipher_walk_virt(struct skcipher_walk *walk,
481 struct skcipher_request *req, bool atomic)
482 {
483 int err;
484
485 might_sleep_if(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
486
487 walk->flags &= ~SKCIPHER_WALK_PHYS;
488
489 err = skcipher_walk_skcipher(walk, req);
490
491 walk->flags &= atomic ? ~SKCIPHER_WALK_SLEEP : ~0;
492
493 return err;
494 }
495 EXPORT_SYMBOL_GPL(skcipher_walk_virt);
496
skcipher_walk_async(struct skcipher_walk * walk,struct skcipher_request * req)497 int skcipher_walk_async(struct skcipher_walk *walk,
498 struct skcipher_request *req)
499 {
500 walk->flags |= SKCIPHER_WALK_PHYS;
501
502 INIT_LIST_HEAD(&walk->buffers);
503
504 return skcipher_walk_skcipher(walk, req);
505 }
506 EXPORT_SYMBOL_GPL(skcipher_walk_async);
507
skcipher_walk_aead_common(struct skcipher_walk * walk,struct aead_request * req,bool atomic)508 static int skcipher_walk_aead_common(struct skcipher_walk *walk,
509 struct aead_request *req, bool atomic)
510 {
511 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
512 int err;
513
514 walk->nbytes = 0;
515 walk->iv = req->iv;
516 walk->oiv = req->iv;
517
518 if (unlikely(!walk->total))
519 return 0;
520
521 walk->flags &= ~SKCIPHER_WALK_PHYS;
522
523 scatterwalk_start(&walk->in, req->src);
524 scatterwalk_start(&walk->out, req->dst);
525
526 scatterwalk_copychunks(NULL, &walk->in, req->assoclen, 2);
527 scatterwalk_copychunks(NULL, &walk->out, req->assoclen, 2);
528
529 scatterwalk_done(&walk->in, 0, walk->total);
530 scatterwalk_done(&walk->out, 0, walk->total);
531
532 if (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP)
533 walk->flags |= SKCIPHER_WALK_SLEEP;
534 else
535 walk->flags &= ~SKCIPHER_WALK_SLEEP;
536
537 walk->blocksize = crypto_aead_blocksize(tfm);
538 walk->stride = crypto_aead_chunksize(tfm);
539 walk->ivsize = crypto_aead_ivsize(tfm);
540 walk->alignmask = crypto_aead_alignmask(tfm);
541
542 err = skcipher_walk_first(walk);
543
544 if (atomic)
545 walk->flags &= ~SKCIPHER_WALK_SLEEP;
546
547 return err;
548 }
549
skcipher_walk_aead_encrypt(struct skcipher_walk * walk,struct aead_request * req,bool atomic)550 int skcipher_walk_aead_encrypt(struct skcipher_walk *walk,
551 struct aead_request *req, bool atomic)
552 {
553 walk->total = req->cryptlen;
554
555 return skcipher_walk_aead_common(walk, req, atomic);
556 }
557 EXPORT_SYMBOL_GPL(skcipher_walk_aead_encrypt);
558
skcipher_walk_aead_decrypt(struct skcipher_walk * walk,struct aead_request * req,bool atomic)559 int skcipher_walk_aead_decrypt(struct skcipher_walk *walk,
560 struct aead_request *req, bool atomic)
561 {
562 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
563
564 walk->total = req->cryptlen - crypto_aead_authsize(tfm);
565
566 return skcipher_walk_aead_common(walk, req, atomic);
567 }
568 EXPORT_SYMBOL_GPL(skcipher_walk_aead_decrypt);
569
skcipher_set_needkey(struct crypto_skcipher * tfm)570 static void skcipher_set_needkey(struct crypto_skcipher *tfm)
571 {
572 if (crypto_skcipher_max_keysize(tfm) != 0)
573 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
574 }
575
skcipher_setkey_unaligned(struct crypto_skcipher * tfm,const u8 * key,unsigned int keylen)576 static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
577 const u8 *key, unsigned int keylen)
578 {
579 unsigned long alignmask = crypto_skcipher_alignmask(tfm);
580 struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
581 u8 *buffer, *alignbuffer;
582 unsigned long absize;
583 int ret;
584
585 absize = keylen + alignmask;
586 buffer = kmalloc(absize, GFP_ATOMIC);
587 if (!buffer)
588 return -ENOMEM;
589
590 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
591 memcpy(alignbuffer, key, keylen);
592 ret = cipher->setkey(tfm, alignbuffer, keylen);
593 kfree_sensitive(buffer);
594 return ret;
595 }
596
crypto_skcipher_setkey(struct crypto_skcipher * tfm,const u8 * key,unsigned int keylen)597 int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
598 unsigned int keylen)
599 {
600 struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
601 unsigned long alignmask = crypto_skcipher_alignmask(tfm);
602 int err;
603
604 if (cipher->co.base.cra_type != &crypto_skcipher_type) {
605 struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
606
607 crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
608 crypto_lskcipher_set_flags(*ctx,
609 crypto_skcipher_get_flags(tfm) &
610 CRYPTO_TFM_REQ_MASK);
611 err = crypto_lskcipher_setkey(*ctx, key, keylen);
612 goto out;
613 }
614
615 if (keylen < cipher->min_keysize || keylen > cipher->max_keysize)
616 return -EINVAL;
617
618 if ((unsigned long)key & alignmask)
619 err = skcipher_setkey_unaligned(tfm, key, keylen);
620 else
621 err = cipher->setkey(tfm, key, keylen);
622
623 out:
624 if (unlikely(err)) {
625 skcipher_set_needkey(tfm);
626 return err;
627 }
628
629 crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
630 return 0;
631 }
632 EXPORT_SYMBOL_GPL(crypto_skcipher_setkey);
633
crypto_skcipher_encrypt(struct skcipher_request * req)634 int crypto_skcipher_encrypt(struct skcipher_request *req)
635 {
636 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
637 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
638
639 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
640 return -ENOKEY;
641 if (alg->co.base.cra_type != &crypto_skcipher_type)
642 return crypto_lskcipher_encrypt_sg(req);
643 return alg->encrypt(req);
644 }
645 EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
646
crypto_skcipher_decrypt(struct skcipher_request * req)647 int crypto_skcipher_decrypt(struct skcipher_request *req)
648 {
649 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
650 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
651
652 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
653 return -ENOKEY;
654 if (alg->co.base.cra_type != &crypto_skcipher_type)
655 return crypto_lskcipher_decrypt_sg(req);
656 return alg->decrypt(req);
657 }
658 EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
659
crypto_lskcipher_export(struct skcipher_request * req,void * out)660 static int crypto_lskcipher_export(struct skcipher_request *req, void *out)
661 {
662 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
663 u8 *ivs = skcipher_request_ctx(req);
664
665 ivs = PTR_ALIGN(ivs, crypto_skcipher_alignmask(tfm) + 1);
666
667 memcpy(out, ivs + crypto_skcipher_ivsize(tfm),
668 crypto_skcipher_statesize(tfm));
669
670 return 0;
671 }
672
crypto_lskcipher_import(struct skcipher_request * req,const void * in)673 static int crypto_lskcipher_import(struct skcipher_request *req, const void *in)
674 {
675 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
676 u8 *ivs = skcipher_request_ctx(req);
677
678 ivs = PTR_ALIGN(ivs, crypto_skcipher_alignmask(tfm) + 1);
679
680 memcpy(ivs + crypto_skcipher_ivsize(tfm), in,
681 crypto_skcipher_statesize(tfm));
682
683 return 0;
684 }
685
skcipher_noexport(struct skcipher_request * req,void * out)686 static int skcipher_noexport(struct skcipher_request *req, void *out)
687 {
688 return 0;
689 }
690
skcipher_noimport(struct skcipher_request * req,const void * in)691 static int skcipher_noimport(struct skcipher_request *req, const void *in)
692 {
693 return 0;
694 }
695
crypto_skcipher_export(struct skcipher_request * req,void * out)696 int crypto_skcipher_export(struct skcipher_request *req, void *out)
697 {
698 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
699 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
700
701 if (alg->co.base.cra_type != &crypto_skcipher_type)
702 return crypto_lskcipher_export(req, out);
703 return alg->export(req, out);
704 }
705 EXPORT_SYMBOL_GPL(crypto_skcipher_export);
706
crypto_skcipher_import(struct skcipher_request * req,const void * in)707 int crypto_skcipher_import(struct skcipher_request *req, const void *in)
708 {
709 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
710 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
711
712 if (alg->co.base.cra_type != &crypto_skcipher_type)
713 return crypto_lskcipher_import(req, in);
714 return alg->import(req, in);
715 }
716 EXPORT_SYMBOL_GPL(crypto_skcipher_import);
717
crypto_skcipher_exit_tfm(struct crypto_tfm * tfm)718 static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
719 {
720 struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
721 struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
722
723 alg->exit(skcipher);
724 }
725
crypto_skcipher_init_tfm(struct crypto_tfm * tfm)726 static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
727 {
728 struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
729 struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
730
731 skcipher_set_needkey(skcipher);
732
733 if (tfm->__crt_alg->cra_type != &crypto_skcipher_type) {
734 unsigned am = crypto_skcipher_alignmask(skcipher);
735 unsigned reqsize;
736
737 reqsize = am & ~(crypto_tfm_ctx_alignment() - 1);
738 reqsize += crypto_skcipher_ivsize(skcipher);
739 reqsize += crypto_skcipher_statesize(skcipher);
740 crypto_skcipher_set_reqsize(skcipher, reqsize);
741
742 return crypto_init_lskcipher_ops_sg(tfm);
743 }
744
745 if (alg->exit)
746 skcipher->base.exit = crypto_skcipher_exit_tfm;
747
748 if (alg->init)
749 return alg->init(skcipher);
750
751 return 0;
752 }
753
crypto_skcipher_extsize(struct crypto_alg * alg)754 static unsigned int crypto_skcipher_extsize(struct crypto_alg *alg)
755 {
756 if (alg->cra_type != &crypto_skcipher_type)
757 return sizeof(struct crypto_lskcipher *);
758
759 return crypto_alg_extsize(alg);
760 }
761
crypto_skcipher_free_instance(struct crypto_instance * inst)762 static void crypto_skcipher_free_instance(struct crypto_instance *inst)
763 {
764 struct skcipher_instance *skcipher =
765 container_of(inst, struct skcipher_instance, s.base);
766
767 skcipher->free(skcipher);
768 }
769
770 static void crypto_skcipher_show(struct seq_file *m, struct crypto_alg *alg)
771 __maybe_unused;
crypto_skcipher_show(struct seq_file * m,struct crypto_alg * alg)772 static void crypto_skcipher_show(struct seq_file *m, struct crypto_alg *alg)
773 {
774 struct skcipher_alg *skcipher = __crypto_skcipher_alg(alg);
775
776 seq_printf(m, "type : skcipher\n");
777 seq_printf(m, "async : %s\n",
778 alg->cra_flags & CRYPTO_ALG_ASYNC ? "yes" : "no");
779 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
780 seq_printf(m, "min keysize : %u\n", skcipher->min_keysize);
781 seq_printf(m, "max keysize : %u\n", skcipher->max_keysize);
782 seq_printf(m, "ivsize : %u\n", skcipher->ivsize);
783 seq_printf(m, "chunksize : %u\n", skcipher->chunksize);
784 seq_printf(m, "walksize : %u\n", skcipher->walksize);
785 seq_printf(m, "statesize : %u\n", skcipher->statesize);
786 }
787
crypto_skcipher_report(struct sk_buff * skb,struct crypto_alg * alg)788 static int __maybe_unused crypto_skcipher_report(
789 struct sk_buff *skb, struct crypto_alg *alg)
790 {
791 struct skcipher_alg *skcipher = __crypto_skcipher_alg(alg);
792 struct crypto_report_blkcipher rblkcipher;
793
794 memset(&rblkcipher, 0, sizeof(rblkcipher));
795
796 strscpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type));
797 strscpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv));
798
799 rblkcipher.blocksize = alg->cra_blocksize;
800 rblkcipher.min_keysize = skcipher->min_keysize;
801 rblkcipher.max_keysize = skcipher->max_keysize;
802 rblkcipher.ivsize = skcipher->ivsize;
803
804 return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
805 sizeof(rblkcipher), &rblkcipher);
806 }
807
808 static const struct crypto_type crypto_skcipher_type = {
809 .extsize = crypto_skcipher_extsize,
810 .init_tfm = crypto_skcipher_init_tfm,
811 .free = crypto_skcipher_free_instance,
812 #ifdef CONFIG_PROC_FS
813 .show = crypto_skcipher_show,
814 #endif
815 #if IS_ENABLED(CONFIG_CRYPTO_USER)
816 .report = crypto_skcipher_report,
817 #endif
818 .maskclear = ~CRYPTO_ALG_TYPE_MASK,
819 .maskset = CRYPTO_ALG_TYPE_SKCIPHER_MASK,
820 .type = CRYPTO_ALG_TYPE_SKCIPHER,
821 .tfmsize = offsetof(struct crypto_skcipher, base),
822 };
823
crypto_grab_skcipher(struct crypto_skcipher_spawn * spawn,struct crypto_instance * inst,const char * name,u32 type,u32 mask)824 int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
825 struct crypto_instance *inst,
826 const char *name, u32 type, u32 mask)
827 {
828 spawn->base.frontend = &crypto_skcipher_type;
829 return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
830 }
831 EXPORT_SYMBOL_GPL(crypto_grab_skcipher);
832
crypto_alloc_skcipher(const char * alg_name,u32 type,u32 mask)833 struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
834 u32 type, u32 mask)
835 {
836 return crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
837 }
838 EXPORT_SYMBOL_GPL(crypto_alloc_skcipher);
839
crypto_alloc_sync_skcipher(const char * alg_name,u32 type,u32 mask)840 struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
841 const char *alg_name, u32 type, u32 mask)
842 {
843 struct crypto_skcipher *tfm;
844
845 /* Only sync algorithms allowed. */
846 mask |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE;
847
848 tfm = crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
849
850 /*
851 * Make sure we do not allocate something that might get used with
852 * an on-stack request: check the request size.
853 */
854 if (!IS_ERR(tfm) && WARN_ON(crypto_skcipher_reqsize(tfm) >
855 MAX_SYNC_SKCIPHER_REQSIZE)) {
856 crypto_free_skcipher(tfm);
857 return ERR_PTR(-EINVAL);
858 }
859
860 return (struct crypto_sync_skcipher *)tfm;
861 }
862 EXPORT_SYMBOL_GPL(crypto_alloc_sync_skcipher);
863
crypto_has_skcipher(const char * alg_name,u32 type,u32 mask)864 int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask)
865 {
866 return crypto_type_has_alg(alg_name, &crypto_skcipher_type, type, mask);
867 }
868 EXPORT_SYMBOL_GPL(crypto_has_skcipher);
869
skcipher_prepare_alg_common(struct skcipher_alg_common * alg)870 int skcipher_prepare_alg_common(struct skcipher_alg_common *alg)
871 {
872 struct crypto_alg *base = &alg->base;
873
874 if (alg->ivsize > PAGE_SIZE / 8 || alg->chunksize > PAGE_SIZE / 8 ||
875 alg->statesize > PAGE_SIZE / 2 ||
876 (alg->ivsize + alg->statesize) > PAGE_SIZE / 2)
877 return -EINVAL;
878
879 if (!alg->chunksize)
880 alg->chunksize = base->cra_blocksize;
881
882 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
883
884 return 0;
885 }
886
skcipher_prepare_alg(struct skcipher_alg * alg)887 static int skcipher_prepare_alg(struct skcipher_alg *alg)
888 {
889 struct crypto_alg *base = &alg->base;
890 int err;
891
892 err = skcipher_prepare_alg_common(&alg->co);
893 if (err)
894 return err;
895
896 if (alg->walksize > PAGE_SIZE / 8)
897 return -EINVAL;
898
899 if (!alg->walksize)
900 alg->walksize = alg->chunksize;
901
902 if (!alg->statesize) {
903 alg->import = skcipher_noimport;
904 alg->export = skcipher_noexport;
905 } else if (!(alg->import && alg->export))
906 return -EINVAL;
907
908 base->cra_type = &crypto_skcipher_type;
909 base->cra_flags |= CRYPTO_ALG_TYPE_SKCIPHER;
910
911 return 0;
912 }
913
crypto_register_skcipher(struct skcipher_alg * alg)914 int crypto_register_skcipher(struct skcipher_alg *alg)
915 {
916 struct crypto_alg *base = &alg->base;
917 int err;
918
919 err = skcipher_prepare_alg(alg);
920 if (err)
921 return err;
922
923 return crypto_register_alg(base);
924 }
925 EXPORT_SYMBOL_GPL(crypto_register_skcipher);
926
crypto_unregister_skcipher(struct skcipher_alg * alg)927 void crypto_unregister_skcipher(struct skcipher_alg *alg)
928 {
929 crypto_unregister_alg(&alg->base);
930 }
931 EXPORT_SYMBOL_GPL(crypto_unregister_skcipher);
932
crypto_register_skciphers(struct skcipher_alg * algs,int count)933 int crypto_register_skciphers(struct skcipher_alg *algs, int count)
934 {
935 int i, ret;
936
937 for (i = 0; i < count; i++) {
938 ret = crypto_register_skcipher(&algs[i]);
939 if (ret)
940 goto err;
941 }
942
943 return 0;
944
945 err:
946 for (--i; i >= 0; --i)
947 crypto_unregister_skcipher(&algs[i]);
948
949 return ret;
950 }
951 EXPORT_SYMBOL_GPL(crypto_register_skciphers);
952
crypto_unregister_skciphers(struct skcipher_alg * algs,int count)953 void crypto_unregister_skciphers(struct skcipher_alg *algs, int count)
954 {
955 int i;
956
957 for (i = count - 1; i >= 0; --i)
958 crypto_unregister_skcipher(&algs[i]);
959 }
960 EXPORT_SYMBOL_GPL(crypto_unregister_skciphers);
961
skcipher_register_instance(struct crypto_template * tmpl,struct skcipher_instance * inst)962 int skcipher_register_instance(struct crypto_template *tmpl,
963 struct skcipher_instance *inst)
964 {
965 int err;
966
967 if (WARN_ON(!inst->free))
968 return -EINVAL;
969
970 err = skcipher_prepare_alg(&inst->alg);
971 if (err)
972 return err;
973
974 return crypto_register_instance(tmpl, skcipher_crypto_instance(inst));
975 }
976 EXPORT_SYMBOL_GPL(skcipher_register_instance);
977
skcipher_setkey_simple(struct crypto_skcipher * tfm,const u8 * key,unsigned int keylen)978 static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key,
979 unsigned int keylen)
980 {
981 struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
982
983 crypto_cipher_clear_flags(cipher, CRYPTO_TFM_REQ_MASK);
984 crypto_cipher_set_flags(cipher, crypto_skcipher_get_flags(tfm) &
985 CRYPTO_TFM_REQ_MASK);
986 return crypto_cipher_setkey(cipher, key, keylen);
987 }
988
skcipher_init_tfm_simple(struct crypto_skcipher * tfm)989 static int skcipher_init_tfm_simple(struct crypto_skcipher *tfm)
990 {
991 struct skcipher_instance *inst = skcipher_alg_instance(tfm);
992 struct crypto_cipher_spawn *spawn = skcipher_instance_ctx(inst);
993 struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
994 struct crypto_cipher *cipher;
995
996 cipher = crypto_spawn_cipher(spawn);
997 if (IS_ERR(cipher))
998 return PTR_ERR(cipher);
999
1000 ctx->cipher = cipher;
1001 return 0;
1002 }
1003
skcipher_exit_tfm_simple(struct crypto_skcipher * tfm)1004 static void skcipher_exit_tfm_simple(struct crypto_skcipher *tfm)
1005 {
1006 struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
1007
1008 crypto_free_cipher(ctx->cipher);
1009 }
1010
skcipher_free_instance_simple(struct skcipher_instance * inst)1011 static void skcipher_free_instance_simple(struct skcipher_instance *inst)
1012 {
1013 crypto_drop_cipher(skcipher_instance_ctx(inst));
1014 kfree(inst);
1015 }
1016
1017 /**
1018 * skcipher_alloc_instance_simple - allocate instance of simple block cipher mode
1019 *
1020 * Allocate an skcipher_instance for a simple block cipher mode of operation,
1021 * e.g. cbc or ecb. The instance context will have just a single crypto_spawn,
1022 * that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize,
1023 * alignmask, and priority are set from the underlying cipher but can be
1024 * overridden if needed. The tfm context defaults to skcipher_ctx_simple, and
1025 * default ->setkey(), ->init(), and ->exit() methods are installed.
1026 *
1027 * @tmpl: the template being instantiated
1028 * @tb: the template parameters
1029 *
1030 * Return: a pointer to the new instance, or an ERR_PTR(). The caller still
1031 * needs to register the instance.
1032 */
skcipher_alloc_instance_simple(struct crypto_template * tmpl,struct rtattr ** tb)1033 struct skcipher_instance *skcipher_alloc_instance_simple(
1034 struct crypto_template *tmpl, struct rtattr **tb)
1035 {
1036 u32 mask;
1037 struct skcipher_instance *inst;
1038 struct crypto_cipher_spawn *spawn;
1039 struct crypto_alg *cipher_alg;
1040 int err;
1041
1042 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER, &mask);
1043 if (err)
1044 return ERR_PTR(err);
1045
1046 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
1047 if (!inst)
1048 return ERR_PTR(-ENOMEM);
1049 spawn = skcipher_instance_ctx(inst);
1050
1051 err = crypto_grab_cipher(spawn, skcipher_crypto_instance(inst),
1052 crypto_attr_alg_name(tb[1]), 0, mask);
1053 if (err)
1054 goto err_free_inst;
1055 cipher_alg = crypto_spawn_cipher_alg(spawn);
1056
1057 err = crypto_inst_setname(skcipher_crypto_instance(inst), tmpl->name,
1058 cipher_alg);
1059 if (err)
1060 goto err_free_inst;
1061
1062 inst->free = skcipher_free_instance_simple;
1063
1064 /* Default algorithm properties, can be overridden */
1065 inst->alg.base.cra_blocksize = cipher_alg->cra_blocksize;
1066 inst->alg.base.cra_alignmask = cipher_alg->cra_alignmask;
1067 inst->alg.base.cra_priority = cipher_alg->cra_priority;
1068 inst->alg.min_keysize = cipher_alg->cra_cipher.cia_min_keysize;
1069 inst->alg.max_keysize = cipher_alg->cra_cipher.cia_max_keysize;
1070 inst->alg.ivsize = cipher_alg->cra_blocksize;
1071
1072 /* Use skcipher_ctx_simple by default, can be overridden */
1073 inst->alg.base.cra_ctxsize = sizeof(struct skcipher_ctx_simple);
1074 inst->alg.setkey = skcipher_setkey_simple;
1075 inst->alg.init = skcipher_init_tfm_simple;
1076 inst->alg.exit = skcipher_exit_tfm_simple;
1077
1078 return inst;
1079
1080 err_free_inst:
1081 skcipher_free_instance_simple(inst);
1082 return ERR_PTR(err);
1083 }
1084 EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple);
1085
1086 MODULE_LICENSE("GPL");
1087 MODULE_DESCRIPTION("Symmetric key cipher type");
1088 MODULE_IMPORT_NS(CRYPTO_INTERNAL);
1089