crypto/cipher.c

   1 /*
   2  * Cryptographic API.
   3  *
   4  * Cipher operations.
   5  *
   6  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
   7  * Copyright (c) 2005 Herbert Xu <herbert@gondor.apana.org.au>
   8  *
   9  * This program is free software; you can redistribute it and/or modify it
  10  * under the terms of the GNU General Public License as published by the Free
  11  * Software Foundation; either version 2 of the License, or (at your option)
  12  * any later version.
  13  *
  14  */
  15 #include <linux/compiler.h>
  16 #include <linux/kernel.h>
  17 #include <linux/crypto.h>
  18 #include <linux/errno.h>
  19 #include <linux/mm.h>
  20 #include <linux/slab.h>
  21 #include <linux/string.h>
  22 #include <asm/scatterlist.h>
  23 #include "internal.h"
  24 #include "scatterwalk.h"
  25
  26 static inline void xor_64(u8 *a, const u8 *b)
  27 {
  28         ((u32 *)a)[0] ^= ((u32 *)b)[0];
  29         ((u32 *)a)[1] ^= ((u32 *)b)[1];
  30 }
  31
  32 static inline void xor_128(u8 *a, const u8 *b)
  33 {
  34         ((u32 *)a)[0] ^= ((u32 *)b)[0];
  35         ((u32 *)a)[1] ^= ((u32 *)b)[1];
  36         ((u32 *)a)[2] ^= ((u32 *)b)[2];
  37         ((u32 *)a)[3] ^= ((u32 *)b)[3];
  38 }
  39
  40 static unsigned int crypt_slow(const struct cipher_desc *desc,
  41                                struct scatter_walk *in,
  42                                struct scatter_walk *out, unsigned int bsize)
  43 {
  44         u8 src[bsize];
  45         u8 dst[bsize];
  46         unsigned int n;
  47
  48         n = scatterwalk_copychunks(src, in, bsize, 0);
  49         scatterwalk_advance(in, n);
  50
  51         desc->prfn(desc, dst, src, bsize);
  52
  53         n = scatterwalk_copychunks(dst, out, bsize, 1);
  54         scatterwalk_advance(out, n);
  55
  56         return bsize;
  57 }
  58
  59 static inline unsigned int crypt_fast(const struct cipher_desc *desc,
  60                                       struct scatter_walk *in,
  61                                       struct scatter_walk *out,
  62                                       unsigned int nbytes)
  63 {
  64         u8 *src, *dst;
  65
  66         src = in->data;
  67         dst = scatterwalk_samebuf(in, out) ? src : out->data;
  68
  69         nbytes = desc->prfn(desc, dst, src, nbytes);
  70
  71         scatterwalk_advance(in, nbytes);
  72         scatterwalk_advance(out, nbytes);
  73
  74         return nbytes;
  75 }
  76
  77 /*
  78  * Generic encrypt/decrypt wrapper for ciphers, handles operations across
  79  * multiple page boundaries by using temporary blocks.  In user context,
  80  * the kernel is given a chance to schedule us once per page.
  81  */
  82 static int crypt(const struct cipher_desc *desc,
  83                  struct scatterlist *dst,
  84                  struct scatterlist *src,
  85                  unsigned int nbytes)
  86 {
  87         struct scatter_walk walk_in, walk_out;
  88         struct crypto_tfm *tfm = desc->tfm;
  89         const unsigned int bsize = crypto_tfm_alg_blocksize(tfm);
  90
  91         if (!nbytes)
  92                 return 0;
  93
  94         if (nbytes % bsize) {
  95                 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
  96                 return -EINVAL;
  97         }
  98
  99         scatterwalk_start(&walk_in, src);
 100         scatterwalk_start(&walk_out, dst);
 101
 102         for(;;) {
 103                 unsigned int n;
 104
 105                 scatterwalk_map(&walk_in, 0);
 106                 scatterwalk_map(&walk_out, 1);
 107
 108                 n = scatterwalk_clamp(&walk_in, nbytes);
 109                 n = scatterwalk_clamp(&walk_out, n);
 110
 111                 if (likely(n >= bsize))
 112                         n = crypt_fast(desc, &walk_in, &walk_out, n);
 113                 else
 114                         n = crypt_slow(desc, &walk_in, &walk_out, bsize);
 115
 116                 nbytes -= n;
 117
 118                 scatterwalk_done(&walk_in, 0, nbytes);
 119                 scatterwalk_done(&walk_out, 1, nbytes);
 120
 121                 if (!nbytes)
 122                         return 0;
 123
 124                 crypto_yield(tfm);
 125         }
 126 }
 127
 128 static unsigned int cbc_process_encrypt(const struct cipher_desc *desc,
 129                                         u8 *dst, const u8 *src,
 130                                         unsigned int nbytes)
 131 {
 132         struct crypto_tfm *tfm = desc->tfm;
 133         void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block;
 134         int bsize = crypto_tfm_alg_blocksize(tfm);
 135
 136         void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
 137         u8 *iv = desc->info;
 138         unsigned int done = 0;
 139
 140         do {
 141                 xor(iv, src);
 142                 fn(crypto_tfm_ctx(tfm), dst, iv);
 143                 memcpy(iv, dst, bsize);
 144
 145                 src += bsize;
 146                 dst += bsize;
 147         } while ((done += bsize) < nbytes);
 148
 149         return done;
 150 }
 151
 152 static unsigned int cbc_process_decrypt(const struct cipher_desc *desc,
 153                                         u8 *dst, const u8 *src,
 154                                         unsigned int nbytes)
 155 {
 156         struct crypto_tfm *tfm = desc->tfm;
 157         void (*xor)(u8 *, const u8 *) = tfm->crt_u.cipher.cit_xor_block;
 158         int bsize = crypto_tfm_alg_blocksize(tfm);
 159
 160         u8 stack[src == dst ? bsize : 0];
 161         u8 *buf = stack;
 162         u8 **dst_p = src == dst ? &buf : &dst;
 163
 164         void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
 165         u8 *iv = desc->info;
 166         unsigned int done = 0;
 167
 168         do {
 169                 u8 *tmp_dst = *dst_p;
 170
 171                 fn(crypto_tfm_ctx(tfm), tmp_dst, src);
 172                 xor(tmp_dst, iv);
 173                 memcpy(iv, src, bsize);
 174                 if (tmp_dst != dst)
 175                         memcpy(dst, tmp_dst, bsize);
 176
 177                 src += bsize;
 178                 dst += bsize;
 179         } while ((done += bsize) < nbytes);
 180
 181         return done;
 182 }
 183
 184 static unsigned int ecb_process(const struct cipher_desc *desc, u8 *dst,
 185                                 const u8 *src, unsigned int nbytes)
 186 {
 187         struct crypto_tfm *tfm = desc->tfm;
 188         int bsize = crypto_tfm_alg_blocksize(tfm);
 189         void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
 190         unsigned int done = 0;
 191
 192         do {
 193                 fn(crypto_tfm_ctx(tfm), dst, src);
 194
 195                 src += bsize;
 196                 dst += bsize;
 197         } while ((done += bsize) < nbytes);
 198
 199         return done;
 200 }
 201
 202 static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
 203 {
 204         struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
 205
 206         if (keylen < cia->cia_min_keysize || keylen > cia->cia_max_keysize) {
 207                 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
 208                 return -EINVAL;
 209         } else
 210                 return cia->cia_setkey(crypto_tfm_ctx(tfm), key, keylen,
 211                                        &tfm->crt_flags);
 212 }
 213
 214 static int ecb_encrypt(struct crypto_tfm *tfm,
 215                        struct scatterlist *dst,
 216                        struct scatterlist *src, unsigned int nbytes)
 217 {
 218         struct cipher_desc desc;
 219         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 220
 221         desc.tfm = tfm;
 222         desc.crfn = cipher->cia_encrypt;
 223         desc.prfn = cipher->cia_encrypt_ecb ?: ecb_process;
 224
 225         return crypt(&desc, dst, src, nbytes);
 226 }
 227
 228 static int ecb_decrypt(struct crypto_tfm *tfm,
 229                        struct scatterlist *dst,
 230                        struct scatterlist *src,
 231                        unsigned int nbytes)
 232 {
 233         struct cipher_desc desc;
 234         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 235
 236         desc.tfm = tfm;
 237         desc.crfn = cipher->cia_decrypt;
 238         desc.prfn = cipher->cia_decrypt_ecb ?: ecb_process;
 239
 240         return crypt(&desc, dst, src, nbytes);
 241 }
 242
 243 static int cbc_encrypt(struct crypto_tfm *tfm,
 244                        struct scatterlist *dst,
 245                        struct scatterlist *src,
 246                        unsigned int nbytes)
 247 {
 248         struct cipher_desc desc;
 249         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 250
 251         desc.tfm = tfm;
 252         desc.crfn = cipher->cia_encrypt;
 253         desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt;
 254         desc.info = tfm->crt_cipher.cit_iv;
 255
 256         return crypt(&desc, dst, src, nbytes);
 257 }
 258
 259 static int cbc_encrypt_iv(struct crypto_tfm *tfm,
 260                           struct scatterlist *dst,
 261                           struct scatterlist *src,
 262                           unsigned int nbytes, u8 *iv)
 263 {
 264         struct cipher_desc desc;
 265         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 266
 267         desc.tfm = tfm;
 268         desc.crfn = cipher->cia_encrypt;
 269         desc.prfn = cipher->cia_encrypt_cbc ?: cbc_process_encrypt;
 270         desc.info = iv;
 271
 272         return crypt(&desc, dst, src, nbytes);
 273 }
 274
 275 static int cbc_decrypt(struct crypto_tfm *tfm,
 276                        struct scatterlist *dst,
 277                        struct scatterlist *src,
 278                        unsigned int nbytes)
 279 {
 280         struct cipher_desc desc;
 281         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 282
 283         desc.tfm = tfm;
 284         desc.crfn = cipher->cia_decrypt;
 285         desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt;
 286         desc.info = tfm->crt_cipher.cit_iv;
 287
 288         return crypt(&desc, dst, src, nbytes);
 289 }
 290
 291 static int cbc_decrypt_iv(struct crypto_tfm *tfm,
 292                           struct scatterlist *dst,
 293                           struct scatterlist *src,
 294                           unsigned int nbytes, u8 *iv)
 295 {
 296         struct cipher_desc desc;
 297         struct cipher_alg *cipher = &tfm->__crt_alg->cra_cipher;
 298
 299         desc.tfm = tfm;
 300         desc.crfn = cipher->cia_decrypt;
 301         desc.prfn = cipher->cia_decrypt_cbc ?: cbc_process_decrypt;
 302         desc.info = iv;
 303
 304         return crypt(&desc, dst, src, nbytes);
 305 }
 306
 307 static int nocrypt(struct crypto_tfm *tfm,
 308                    struct scatterlist *dst,
 309                    struct scatterlist *src,
 310                    unsigned int nbytes)
 311 {
 312         return -ENOSYS;
 313 }
 314
 315 static int nocrypt_iv(struct crypto_tfm *tfm,
 316                       struct scatterlist *dst,
 317                       struct scatterlist *src,
 318                       unsigned int nbytes, u8 *iv)
 319 {
 320         return -ENOSYS;
 321 }
 322
 323 int crypto_init_cipher_flags(struct crypto_tfm *tfm, u32 flags)
 324 {
 325         u32 mode = flags & CRYPTO_TFM_MODE_MASK;
 326
 327         tfm->crt_cipher.cit_mode = mode ? mode : CRYPTO_TFM_MODE_ECB;
 328         if (flags & CRYPTO_TFM_REQ_WEAK_KEY)
 329                 tfm->crt_flags = CRYPTO_TFM_REQ_WEAK_KEY;
 330
 331         return 0;
 332 }
 333
 334 int crypto_init_cipher_ops(struct crypto_tfm *tfm)
 335 {
 336         int ret = 0;
 337         struct cipher_tfm *ops = &tfm->crt_cipher;
 338
 339         ops->cit_setkey = setkey;
 340
 341         switch (tfm->crt_cipher.cit_mode) {
 342         case CRYPTO_TFM_MODE_ECB:
 343                 ops->cit_encrypt = ecb_encrypt;
 344                 ops->cit_decrypt = ecb_decrypt;
 345                 break;
 346
 347         case CRYPTO_TFM_MODE_CBC:
 348                 ops->cit_encrypt = cbc_encrypt;
 349                 ops->cit_decrypt = cbc_decrypt;
 350                 ops->cit_encrypt_iv = cbc_encrypt_iv;
 351                 ops->cit_decrypt_iv = cbc_decrypt_iv;
 352                 break;
 353
 354         case CRYPTO_TFM_MODE_CFB:
 355                 ops->cit_encrypt = nocrypt;
 356                 ops->cit_decrypt = nocrypt;
 357                 ops->cit_encrypt_iv = nocrypt_iv;
 358                 ops->cit_decrypt_iv = nocrypt_iv;
 359                 break;
 360
 361         case CRYPTO_TFM_MODE_CTR:
 362                 ops->cit_encrypt = nocrypt;
 363                 ops->cit_decrypt = nocrypt;
 364                 ops->cit_encrypt_iv = nocrypt_iv;
 365                 ops->cit_decrypt_iv = nocrypt_iv;
 366                 break;
 367
 368         default:
 369                 BUG();
 370         }
 371
 372         if (ops->cit_mode == CRYPTO_TFM_MODE_CBC) {
 373
 374                 switch (crypto_tfm_alg_blocksize(tfm)) {
 375                 case 8:
 376                         ops->cit_xor_block = xor_64;
 377                         break;
 378
 379                 case 16:
 380                         ops->cit_xor_block = xor_128;
 381                         break;
 382
 383                 default:
 384                         printk(KERN_WARNING "%s: block size %u not supported\n",
 385                                crypto_tfm_alg_name(tfm),
 386                                crypto_tfm_alg_blocksize(tfm));
 387                         ret = -EINVAL;
 388                         goto out;
 389                 }
 390
 391                 ops->cit_ivsize = crypto_tfm_alg_blocksize(tfm);
 392                 ops->cit_iv = kmalloc(ops->cit_ivsize, GFP_KERNEL);
 393                 if (ops->cit_iv == NULL)
 394                         ret = -ENOMEM;
 395         }
 396
 397 out:
 398         return ret;
 399 }
 400
 401 void crypto_exit_cipher_ops(struct crypto_tfm *tfm)
 402 {
 403         kfree(tfm->crt_cipher.cit_iv);
 404 }