]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * AEAD: Authenticated Encryption with Associated Data | |
3 | * | |
4 | * This file provides API support for AEAD algorithms. | |
5 | * | |
6 | * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the Free | |
10 | * Software Foundation; either version 2 of the License, or (at your option) | |
11 | * any later version. | |
12 | * | |
13 | */ | |
14 | ||
15 | #include <crypto/internal/geniv.h> | |
16 | #include <crypto/internal/rng.h> | |
17 | #include <crypto/null.h> | |
18 | #include <crypto/scatterwalk.h> | |
19 | #include <linux/err.h> | |
20 | #include <linux/init.h> | |
21 | #include <linux/kernel.h> | |
22 | #include <linux/module.h> | |
23 | #include <linux/rtnetlink.h> | |
24 | #include <linux/slab.h> | |
25 | #include <linux/seq_file.h> | |
26 | #include <linux/cryptouser.h> | |
27 | #include <net/netlink.h> | |
28 | ||
29 | #include "internal.h" | |
30 | ||
31 | static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, | |
32 | unsigned int keylen) | |
33 | { | |
34 | unsigned long alignmask = crypto_aead_alignmask(tfm); | |
35 | int ret; | |
36 | u8 *buffer, *alignbuffer; | |
37 | unsigned long absize; | |
38 | ||
39 | absize = keylen + alignmask; | |
40 | buffer = kmalloc(absize, GFP_ATOMIC); | |
41 | if (!buffer) | |
42 | return -ENOMEM; | |
43 | ||
44 | alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); | |
45 | memcpy(alignbuffer, key, keylen); | |
46 | ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); | |
47 | memset(alignbuffer, 0, keylen); | |
48 | kfree(buffer); | |
49 | return ret; | |
50 | } | |
51 | ||
52 | int crypto_aead_setkey(struct crypto_aead *tfm, | |
53 | const u8 *key, unsigned int keylen) | |
54 | { | |
55 | unsigned long alignmask = crypto_aead_alignmask(tfm); | |
56 | ||
57 | if ((unsigned long)key & alignmask) | |
58 | return setkey_unaligned(tfm, key, keylen); | |
59 | ||
60 | return crypto_aead_alg(tfm)->setkey(tfm, key, keylen); | |
61 | } | |
62 | EXPORT_SYMBOL_GPL(crypto_aead_setkey); | |
63 | ||
64 | int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) | |
65 | { | |
66 | int err; | |
67 | ||
68 | if (authsize > crypto_aead_maxauthsize(tfm)) | |
69 | return -EINVAL; | |
70 | ||
71 | if (crypto_aead_alg(tfm)->setauthsize) { | |
72 | err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); | |
73 | if (err) | |
74 | return err; | |
75 | } | |
76 | ||
77 | tfm->authsize = authsize; | |
78 | return 0; | |
79 | } | |
80 | EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); | |
81 | ||
82 | static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) | |
83 | { | |
84 | struct crypto_aead *aead = __crypto_aead_cast(tfm); | |
85 | struct aead_alg *alg = crypto_aead_alg(aead); | |
86 | ||
87 | alg->exit(aead); | |
88 | } | |
89 | ||
90 | static int crypto_aead_init_tfm(struct crypto_tfm *tfm) | |
91 | { | |
92 | struct crypto_aead *aead = __crypto_aead_cast(tfm); | |
93 | struct aead_alg *alg = crypto_aead_alg(aead); | |
94 | ||
95 | aead->authsize = alg->maxauthsize; | |
96 | ||
97 | if (alg->exit) | |
98 | aead->base.exit = crypto_aead_exit_tfm; | |
99 | ||
100 | if (alg->init) | |
101 | return alg->init(aead); | |
102 | ||
103 | return 0; | |
104 | } | |
105 | ||
106 | #ifdef CONFIG_NET | |
107 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) | |
108 | { | |
109 | struct crypto_report_aead raead; | |
110 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); | |
111 | ||
112 | strncpy(raead.type, "aead", sizeof(raead.type)); | |
113 | strncpy(raead.geniv, "<none>", sizeof(raead.geniv)); | |
114 | ||
115 | raead.blocksize = alg->cra_blocksize; | |
116 | raead.maxauthsize = aead->maxauthsize; | |
117 | raead.ivsize = aead->ivsize; | |
118 | ||
119 | if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, | |
120 | sizeof(struct crypto_report_aead), &raead)) | |
121 | goto nla_put_failure; | |
122 | return 0; | |
123 | ||
124 | nla_put_failure: | |
125 | return -EMSGSIZE; | |
126 | } | |
127 | #else | |
128 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) | |
129 | { | |
130 | return -ENOSYS; | |
131 | } | |
132 | #endif | |
133 | ||
134 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) | |
135 | __attribute__ ((unused)); | |
136 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) | |
137 | { | |
138 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); | |
139 | ||
140 | seq_printf(m, "type : aead\n"); | |
141 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? | |
142 | "yes" : "no"); | |
143 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); | |
144 | seq_printf(m, "ivsize : %u\n", aead->ivsize); | |
145 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); | |
146 | seq_printf(m, "geniv : <none>\n"); | |
147 | } | |
148 | ||
149 | static void crypto_aead_free_instance(struct crypto_instance *inst) | |
150 | { | |
151 | struct aead_instance *aead = aead_instance(inst); | |
152 | ||
153 | if (!aead->free) { | |
154 | inst->tmpl->free(inst); | |
155 | return; | |
156 | } | |
157 | ||
158 | aead->free(aead); | |
159 | } | |
160 | ||
161 | static const struct crypto_type crypto_aead_type = { | |
162 | .extsize = crypto_alg_extsize, | |
163 | .init_tfm = crypto_aead_init_tfm, | |
164 | .free = crypto_aead_free_instance, | |
165 | #ifdef CONFIG_PROC_FS | |
166 | .show = crypto_aead_show, | |
167 | #endif | |
168 | .report = crypto_aead_report, | |
169 | .maskclear = ~CRYPTO_ALG_TYPE_MASK, | |
170 | .maskset = CRYPTO_ALG_TYPE_MASK, | |
171 | .type = CRYPTO_ALG_TYPE_AEAD, | |
172 | .tfmsize = offsetof(struct crypto_aead, base), | |
173 | }; | |
174 | ||
175 | static int aead_geniv_setkey(struct crypto_aead *tfm, | |
176 | const u8 *key, unsigned int keylen) | |
177 | { | |
178 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); | |
179 | ||
180 | return crypto_aead_setkey(ctx->child, key, keylen); | |
181 | } | |
182 | ||
183 | static int aead_geniv_setauthsize(struct crypto_aead *tfm, | |
184 | unsigned int authsize) | |
185 | { | |
186 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); | |
187 | ||
188 | return crypto_aead_setauthsize(ctx->child, authsize); | |
189 | } | |
190 | ||
191 | struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, | |
192 | struct rtattr **tb, u32 type, u32 mask) | |
193 | { | |
194 | const char *name; | |
195 | struct crypto_aead_spawn *spawn; | |
196 | struct crypto_attr_type *algt; | |
197 | struct aead_instance *inst; | |
198 | struct aead_alg *alg; | |
199 | unsigned int ivsize; | |
200 | unsigned int maxauthsize; | |
201 | int err; | |
202 | ||
203 | algt = crypto_get_attr_type(tb); | |
204 | if (IS_ERR(algt)) | |
205 | return ERR_CAST(algt); | |
206 | ||
207 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) | |
208 | return ERR_PTR(-EINVAL); | |
209 | ||
210 | name = crypto_attr_alg_name(tb[1]); | |
211 | if (IS_ERR(name)) | |
212 | return ERR_CAST(name); | |
213 | ||
214 | inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); | |
215 | if (!inst) | |
216 | return ERR_PTR(-ENOMEM); | |
217 | ||
218 | spawn = aead_instance_ctx(inst); | |
219 | ||
220 | /* Ignore async algorithms if necessary. */ | |
221 | mask |= crypto_requires_sync(algt->type, algt->mask); | |
222 | ||
223 | crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); | |
224 | err = crypto_grab_aead(spawn, name, type, mask); | |
225 | if (err) | |
226 | goto err_free_inst; | |
227 | ||
228 | alg = crypto_spawn_aead_alg(spawn); | |
229 | ||
230 | ivsize = crypto_aead_alg_ivsize(alg); | |
231 | maxauthsize = crypto_aead_alg_maxauthsize(alg); | |
232 | ||
233 | err = -EINVAL; | |
234 | if (ivsize < sizeof(u64)) | |
235 | goto err_drop_alg; | |
236 | ||
237 | err = -ENAMETOOLONG; | |
238 | if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, | |
239 | "%s(%s)", tmpl->name, alg->base.cra_name) >= | |
240 | CRYPTO_MAX_ALG_NAME) | |
241 | goto err_drop_alg; | |
242 | if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, | |
243 | "%s(%s)", tmpl->name, alg->base.cra_driver_name) >= | |
244 | CRYPTO_MAX_ALG_NAME) | |
245 | goto err_drop_alg; | |
246 | ||
247 | inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; | |
248 | inst->alg.base.cra_priority = alg->base.cra_priority; | |
249 | inst->alg.base.cra_blocksize = alg->base.cra_blocksize; | |
250 | inst->alg.base.cra_alignmask = alg->base.cra_alignmask; | |
251 | inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); | |
252 | ||
253 | inst->alg.setkey = aead_geniv_setkey; | |
254 | inst->alg.setauthsize = aead_geniv_setauthsize; | |
255 | ||
256 | inst->alg.ivsize = ivsize; | |
257 | inst->alg.maxauthsize = maxauthsize; | |
258 | ||
259 | out: | |
260 | return inst; | |
261 | ||
262 | err_drop_alg: | |
263 | crypto_drop_aead(spawn); | |
264 | err_free_inst: | |
265 | kfree(inst); | |
266 | inst = ERR_PTR(err); | |
267 | goto out; | |
268 | } | |
269 | EXPORT_SYMBOL_GPL(aead_geniv_alloc); | |
270 | ||
271 | void aead_geniv_free(struct aead_instance *inst) | |
272 | { | |
273 | crypto_drop_aead(aead_instance_ctx(inst)); | |
274 | kfree(inst); | |
275 | } | |
276 | EXPORT_SYMBOL_GPL(aead_geniv_free); | |
277 | ||
278 | int aead_init_geniv(struct crypto_aead *aead) | |
279 | { | |
280 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead); | |
281 | struct aead_instance *inst = aead_alg_instance(aead); | |
282 | struct crypto_aead *child; | |
283 | int err; | |
284 | ||
285 | spin_lock_init(&ctx->lock); | |
286 | ||
287 | err = crypto_get_default_rng(); | |
288 | if (err) | |
289 | goto out; | |
290 | ||
291 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, | |
292 | crypto_aead_ivsize(aead)); | |
293 | crypto_put_default_rng(); | |
294 | if (err) | |
295 | goto out; | |
296 | ||
297 | ctx->sknull = crypto_get_default_null_skcipher2(); | |
298 | err = PTR_ERR(ctx->sknull); | |
299 | if (IS_ERR(ctx->sknull)) | |
300 | goto out; | |
301 | ||
302 | child = crypto_spawn_aead(aead_instance_ctx(inst)); | |
303 | err = PTR_ERR(child); | |
304 | if (IS_ERR(child)) | |
305 | goto drop_null; | |
306 | ||
307 | ctx->child = child; | |
308 | crypto_aead_set_reqsize(aead, crypto_aead_reqsize(child) + | |
309 | sizeof(struct aead_request)); | |
310 | ||
311 | err = 0; | |
312 | ||
313 | out: | |
314 | return err; | |
315 | ||
316 | drop_null: | |
317 | crypto_put_default_null_skcipher2(); | |
318 | goto out; | |
319 | } | |
320 | EXPORT_SYMBOL_GPL(aead_init_geniv); | |
321 | ||
322 | void aead_exit_geniv(struct crypto_aead *tfm) | |
323 | { | |
324 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); | |
325 | ||
326 | crypto_free_aead(ctx->child); | |
327 | crypto_put_default_null_skcipher2(); | |
328 | } | |
329 | EXPORT_SYMBOL_GPL(aead_exit_geniv); | |
330 | ||
331 | int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name, | |
332 | u32 type, u32 mask) | |
333 | { | |
334 | spawn->base.frontend = &crypto_aead_type; | |
335 | return crypto_grab_spawn(&spawn->base, name, type, mask); | |
336 | } | |
337 | EXPORT_SYMBOL_GPL(crypto_grab_aead); | |
338 | ||
339 | struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) | |
340 | { | |
341 | return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); | |
342 | } | |
343 | EXPORT_SYMBOL_GPL(crypto_alloc_aead); | |
344 | ||
345 | static int aead_prepare_alg(struct aead_alg *alg) | |
346 | { | |
347 | struct crypto_alg *base = &alg->base; | |
348 | ||
349 | if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > | |
350 | PAGE_SIZE / 8) | |
351 | return -EINVAL; | |
352 | ||
353 | if (!alg->chunksize) | |
354 | alg->chunksize = base->cra_blocksize; | |
355 | ||
356 | base->cra_type = &crypto_aead_type; | |
357 | base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; | |
358 | base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; | |
359 | ||
360 | return 0; | |
361 | } | |
362 | ||
363 | int crypto_register_aead(struct aead_alg *alg) | |
364 | { | |
365 | struct crypto_alg *base = &alg->base; | |
366 | int err; | |
367 | ||
368 | err = aead_prepare_alg(alg); | |
369 | if (err) | |
370 | return err; | |
371 | ||
372 | return crypto_register_alg(base); | |
373 | } | |
374 | EXPORT_SYMBOL_GPL(crypto_register_aead); | |
375 | ||
376 | void crypto_unregister_aead(struct aead_alg *alg) | |
377 | { | |
378 | crypto_unregister_alg(&alg->base); | |
379 | } | |
380 | EXPORT_SYMBOL_GPL(crypto_unregister_aead); | |
381 | ||
382 | int crypto_register_aeads(struct aead_alg *algs, int count) | |
383 | { | |
384 | int i, ret; | |
385 | ||
386 | for (i = 0; i < count; i++) { | |
387 | ret = crypto_register_aead(&algs[i]); | |
388 | if (ret) | |
389 | goto err; | |
390 | } | |
391 | ||
392 | return 0; | |
393 | ||
394 | err: | |
395 | for (--i; i >= 0; --i) | |
396 | crypto_unregister_aead(&algs[i]); | |
397 | ||
398 | return ret; | |
399 | } | |
400 | EXPORT_SYMBOL_GPL(crypto_register_aeads); | |
401 | ||
402 | void crypto_unregister_aeads(struct aead_alg *algs, int count) | |
403 | { | |
404 | int i; | |
405 | ||
406 | for (i = count - 1; i >= 0; --i) | |
407 | crypto_unregister_aead(&algs[i]); | |
408 | } | |
409 | EXPORT_SYMBOL_GPL(crypto_unregister_aeads); | |
410 | ||
411 | int aead_register_instance(struct crypto_template *tmpl, | |
412 | struct aead_instance *inst) | |
413 | { | |
414 | int err; | |
415 | ||
416 | err = aead_prepare_alg(&inst->alg); | |
417 | if (err) | |
418 | return err; | |
419 | ||
420 | return crypto_register_instance(tmpl, aead_crypto_instance(inst)); | |
421 | } | |
422 | EXPORT_SYMBOL_GPL(aead_register_instance); | |
423 | ||
424 | MODULE_LICENSE("GPL"); | |
425 | MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); |