blob: 3f5c5ff004abc2a8e8c6739f93cbdab9c88c37c5
1 | /* |
2 | * AEAD: Authenticated Encryption with Associated Data |
3 | * |
4 | * This file provides API support for AEAD algorithms. |
5 | * |
6 | * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify it |
9 | * under the terms of the GNU General Public License as published by the Free |
10 | * Software Foundation; either version 2 of the License, or (at your option) |
11 | * any later version. |
12 | * |
13 | */ |
14 | |
15 | #include <crypto/internal/geniv.h> |
16 | #include <crypto/internal/rng.h> |
17 | #include <crypto/null.h> |
18 | #include <crypto/scatterwalk.h> |
19 | #include <linux/err.h> |
20 | #include <linux/init.h> |
21 | #include <linux/kernel.h> |
22 | #include <linux/module.h> |
23 | #include <linux/rtnetlink.h> |
24 | #include <linux/slab.h> |
25 | #include <linux/seq_file.h> |
26 | #include <linux/cryptouser.h> |
27 | #include <net/netlink.h> |
28 | |
29 | #include "internal.h" |
30 | |
31 | static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, |
32 | unsigned int keylen) |
33 | { |
34 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
35 | int ret; |
36 | u8 *buffer, *alignbuffer; |
37 | unsigned long absize; |
38 | |
39 | absize = keylen + alignmask; |
40 | buffer = kmalloc(absize, GFP_ATOMIC); |
41 | if (!buffer) |
42 | return -ENOMEM; |
43 | |
44 | alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); |
45 | memcpy(alignbuffer, key, keylen); |
46 | ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); |
47 | memset(alignbuffer, 0, keylen); |
48 | kfree(buffer); |
49 | return ret; |
50 | } |
51 | |
52 | int crypto_aead_setkey(struct crypto_aead *tfm, |
53 | const u8 *key, unsigned int keylen) |
54 | { |
55 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
56 | |
57 | if ((unsigned long)key & alignmask) |
58 | return setkey_unaligned(tfm, key, keylen); |
59 | |
60 | return crypto_aead_alg(tfm)->setkey(tfm, key, keylen); |
61 | } |
62 | EXPORT_SYMBOL_GPL(crypto_aead_setkey); |
63 | |
64 | int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) |
65 | { |
66 | int err; |
67 | |
68 | if (authsize > crypto_aead_maxauthsize(tfm)) |
69 | return -EINVAL; |
70 | |
71 | if (crypto_aead_alg(tfm)->setauthsize) { |
72 | err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); |
73 | if (err) |
74 | return err; |
75 | } |
76 | |
77 | tfm->authsize = authsize; |
78 | return 0; |
79 | } |
80 | EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); |
81 | |
82 | static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) |
83 | { |
84 | struct crypto_aead *aead = __crypto_aead_cast(tfm); |
85 | struct aead_alg *alg = crypto_aead_alg(aead); |
86 | |
87 | alg->exit(aead); |
88 | } |
89 | |
90 | static int crypto_aead_init_tfm(struct crypto_tfm *tfm) |
91 | { |
92 | struct crypto_aead *aead = __crypto_aead_cast(tfm); |
93 | struct aead_alg *alg = crypto_aead_alg(aead); |
94 | |
95 | aead->authsize = alg->maxauthsize; |
96 | |
97 | if (alg->exit) |
98 | aead->base.exit = crypto_aead_exit_tfm; |
99 | |
100 | if (alg->init) |
101 | return alg->init(aead); |
102 | |
103 | return 0; |
104 | } |
105 | |
106 | #ifdef CONFIG_NET |
107 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) |
108 | { |
109 | struct crypto_report_aead raead; |
110 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); |
111 | |
112 | strncpy(raead.type, "aead", sizeof(raead.type)); |
113 | strncpy(raead.geniv, "<none>", sizeof(raead.geniv)); |
114 | |
115 | raead.blocksize = alg->cra_blocksize; |
116 | raead.maxauthsize = aead->maxauthsize; |
117 | raead.ivsize = aead->ivsize; |
118 | |
119 | if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, |
120 | sizeof(struct crypto_report_aead), &raead)) |
121 | goto nla_put_failure; |
122 | return 0; |
123 | |
124 | nla_put_failure: |
125 | return -EMSGSIZE; |
126 | } |
127 | #else |
128 | static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) |
129 | { |
130 | return -ENOSYS; |
131 | } |
132 | #endif |
133 | |
134 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) |
135 | __attribute__ ((unused)); |
136 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) |
137 | { |
138 | struct aead_alg *aead = container_of(alg, struct aead_alg, base); |
139 | |
140 | seq_printf(m, "type : aead\n"); |
141 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? |
142 | "yes" : "no"); |
143 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
144 | seq_printf(m, "ivsize : %u\n", aead->ivsize); |
145 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); |
146 | seq_printf(m, "geniv : <none>\n"); |
147 | } |
148 | |
149 | static void crypto_aead_free_instance(struct crypto_instance *inst) |
150 | { |
151 | struct aead_instance *aead = aead_instance(inst); |
152 | |
153 | if (!aead->free) { |
154 | inst->tmpl->free(inst); |
155 | return; |
156 | } |
157 | |
158 | aead->free(aead); |
159 | } |
160 | |
161 | static const struct crypto_type crypto_aead_type = { |
162 | .extsize = crypto_alg_extsize, |
163 | .init_tfm = crypto_aead_init_tfm, |
164 | .free = crypto_aead_free_instance, |
165 | #ifdef CONFIG_PROC_FS |
166 | .show = crypto_aead_show, |
167 | #endif |
168 | .report = crypto_aead_report, |
169 | .maskclear = ~CRYPTO_ALG_TYPE_MASK, |
170 | .maskset = CRYPTO_ALG_TYPE_MASK, |
171 | .type = CRYPTO_ALG_TYPE_AEAD, |
172 | .tfmsize = offsetof(struct crypto_aead, base), |
173 | }; |
174 | |
175 | static int aead_geniv_setkey(struct crypto_aead *tfm, |
176 | const u8 *key, unsigned int keylen) |
177 | { |
178 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); |
179 | |
180 | return crypto_aead_setkey(ctx->child, key, keylen); |
181 | } |
182 | |
183 | static int aead_geniv_setauthsize(struct crypto_aead *tfm, |
184 | unsigned int authsize) |
185 | { |
186 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); |
187 | |
188 | return crypto_aead_setauthsize(ctx->child, authsize); |
189 | } |
190 | |
191 | struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, |
192 | struct rtattr **tb, u32 type, u32 mask) |
193 | { |
194 | const char *name; |
195 | struct crypto_aead_spawn *spawn; |
196 | struct crypto_attr_type *algt; |
197 | struct aead_instance *inst; |
198 | struct aead_alg *alg; |
199 | unsigned int ivsize; |
200 | unsigned int maxauthsize; |
201 | int err; |
202 | |
203 | algt = crypto_get_attr_type(tb); |
204 | if (IS_ERR(algt)) |
205 | return ERR_CAST(algt); |
206 | |
207 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) |
208 | return ERR_PTR(-EINVAL); |
209 | |
210 | name = crypto_attr_alg_name(tb[1]); |
211 | if (IS_ERR(name)) |
212 | return ERR_CAST(name); |
213 | |
214 | inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); |
215 | if (!inst) |
216 | return ERR_PTR(-ENOMEM); |
217 | |
218 | spawn = aead_instance_ctx(inst); |
219 | |
220 | /* Ignore async algorithms if necessary. */ |
221 | mask |= crypto_requires_sync(algt->type, algt->mask); |
222 | |
223 | crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); |
224 | err = crypto_grab_aead(spawn, name, type, mask); |
225 | if (err) |
226 | goto err_free_inst; |
227 | |
228 | alg = crypto_spawn_aead_alg(spawn); |
229 | |
230 | ivsize = crypto_aead_alg_ivsize(alg); |
231 | maxauthsize = crypto_aead_alg_maxauthsize(alg); |
232 | |
233 | err = -EINVAL; |
234 | if (ivsize < sizeof(u64)) |
235 | goto err_drop_alg; |
236 | |
237 | err = -ENAMETOOLONG; |
238 | if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, |
239 | "%s(%s)", tmpl->name, alg->base.cra_name) >= |
240 | CRYPTO_MAX_ALG_NAME) |
241 | goto err_drop_alg; |
242 | if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, |
243 | "%s(%s)", tmpl->name, alg->base.cra_driver_name) >= |
244 | CRYPTO_MAX_ALG_NAME) |
245 | goto err_drop_alg; |
246 | |
247 | inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; |
248 | inst->alg.base.cra_priority = alg->base.cra_priority; |
249 | inst->alg.base.cra_blocksize = alg->base.cra_blocksize; |
250 | inst->alg.base.cra_alignmask = alg->base.cra_alignmask; |
251 | inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); |
252 | |
253 | inst->alg.setkey = aead_geniv_setkey; |
254 | inst->alg.setauthsize = aead_geniv_setauthsize; |
255 | |
256 | inst->alg.ivsize = ivsize; |
257 | inst->alg.maxauthsize = maxauthsize; |
258 | |
259 | out: |
260 | return inst; |
261 | |
262 | err_drop_alg: |
263 | crypto_drop_aead(spawn); |
264 | err_free_inst: |
265 | kfree(inst); |
266 | inst = ERR_PTR(err); |
267 | goto out; |
268 | } |
269 | EXPORT_SYMBOL_GPL(aead_geniv_alloc); |
270 | |
271 | void aead_geniv_free(struct aead_instance *inst) |
272 | { |
273 | crypto_drop_aead(aead_instance_ctx(inst)); |
274 | kfree(inst); |
275 | } |
276 | EXPORT_SYMBOL_GPL(aead_geniv_free); |
277 | |
278 | int aead_init_geniv(struct crypto_aead *aead) |
279 | { |
280 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead); |
281 | struct aead_instance *inst = aead_alg_instance(aead); |
282 | struct crypto_aead *child; |
283 | int err; |
284 | |
285 | spin_lock_init(&ctx->lock); |
286 | |
287 | err = crypto_get_default_rng(); |
288 | if (err) |
289 | goto out; |
290 | |
291 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, |
292 | crypto_aead_ivsize(aead)); |
293 | crypto_put_default_rng(); |
294 | if (err) |
295 | goto out; |
296 | |
297 | ctx->sknull = crypto_get_default_null_skcipher2(); |
298 | err = PTR_ERR(ctx->sknull); |
299 | if (IS_ERR(ctx->sknull)) |
300 | goto out; |
301 | |
302 | child = crypto_spawn_aead(aead_instance_ctx(inst)); |
303 | err = PTR_ERR(child); |
304 | if (IS_ERR(child)) |
305 | goto drop_null; |
306 | |
307 | ctx->child = child; |
308 | crypto_aead_set_reqsize(aead, crypto_aead_reqsize(child) + |
309 | sizeof(struct aead_request)); |
310 | |
311 | err = 0; |
312 | |
313 | out: |
314 | return err; |
315 | |
316 | drop_null: |
317 | crypto_put_default_null_skcipher2(); |
318 | goto out; |
319 | } |
320 | EXPORT_SYMBOL_GPL(aead_init_geniv); |
321 | |
322 | void aead_exit_geniv(struct crypto_aead *tfm) |
323 | { |
324 | struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); |
325 | |
326 | crypto_free_aead(ctx->child); |
327 | crypto_put_default_null_skcipher2(); |
328 | } |
329 | EXPORT_SYMBOL_GPL(aead_exit_geniv); |
330 | |
331 | int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name, |
332 | u32 type, u32 mask) |
333 | { |
334 | spawn->base.frontend = &crypto_aead_type; |
335 | return crypto_grab_spawn(&spawn->base, name, type, mask); |
336 | } |
337 | EXPORT_SYMBOL_GPL(crypto_grab_aead); |
338 | |
339 | struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) |
340 | { |
341 | return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); |
342 | } |
343 | EXPORT_SYMBOL_GPL(crypto_alloc_aead); |
344 | |
345 | static int aead_prepare_alg(struct aead_alg *alg) |
346 | { |
347 | struct crypto_alg *base = &alg->base; |
348 | |
349 | if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > |
350 | PAGE_SIZE / 8) |
351 | return -EINVAL; |
352 | |
353 | if (!alg->chunksize) |
354 | alg->chunksize = base->cra_blocksize; |
355 | |
356 | base->cra_type = &crypto_aead_type; |
357 | base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; |
358 | base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; |
359 | |
360 | return 0; |
361 | } |
362 | |
363 | int crypto_register_aead(struct aead_alg *alg) |
364 | { |
365 | struct crypto_alg *base = &alg->base; |
366 | int err; |
367 | |
368 | err = aead_prepare_alg(alg); |
369 | if (err) |
370 | return err; |
371 | |
372 | return crypto_register_alg(base); |
373 | } |
374 | EXPORT_SYMBOL_GPL(crypto_register_aead); |
375 | |
376 | void crypto_unregister_aead(struct aead_alg *alg) |
377 | { |
378 | crypto_unregister_alg(&alg->base); |
379 | } |
380 | EXPORT_SYMBOL_GPL(crypto_unregister_aead); |
381 | |
382 | int crypto_register_aeads(struct aead_alg *algs, int count) |
383 | { |
384 | int i, ret; |
385 | |
386 | for (i = 0; i < count; i++) { |
387 | ret = crypto_register_aead(&algs[i]); |
388 | if (ret) |
389 | goto err; |
390 | } |
391 | |
392 | return 0; |
393 | |
394 | err: |
395 | for (--i; i >= 0; --i) |
396 | crypto_unregister_aead(&algs[i]); |
397 | |
398 | return ret; |
399 | } |
400 | EXPORT_SYMBOL_GPL(crypto_register_aeads); |
401 | |
402 | void crypto_unregister_aeads(struct aead_alg *algs, int count) |
403 | { |
404 | int i; |
405 | |
406 | for (i = count - 1; i >= 0; --i) |
407 | crypto_unregister_aead(&algs[i]); |
408 | } |
409 | EXPORT_SYMBOL_GPL(crypto_unregister_aeads); |
410 | |
411 | int aead_register_instance(struct crypto_template *tmpl, |
412 | struct aead_instance *inst) |
413 | { |
414 | int err; |
415 | |
416 | err = aead_prepare_alg(&inst->alg); |
417 | if (err) |
418 | return err; |
419 | |
420 | return crypto_register_instance(tmpl, aead_crypto_instance(inst)); |
421 | } |
422 | EXPORT_SYMBOL_GPL(aead_register_instance); |
423 | |
424 | MODULE_LICENSE("GPL"); |
425 | MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); |
426 |