From 332f8840f7095d294f9bb066b175a100bcde214c Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 15 Nov 2007 22:36:07 +0800 Subject: [CRYPTO] ablkcipher: Add distinct ABLKCIPHER type Up until now we have ablkcipher algorithms have been identified as type BLKCIPHER with the ASYNC bit set. This is suboptimal because ablkcipher refers to two things. On the one hand it refers to the top-level ablkcipher interface with requests. On the other hand it refers to and algorithm type underneath. As it is you cannot request a synchronous block cipher algorithm with the ablkcipher interface on top. This is a problem because we want to be able to eventually phase out the blkcipher top-level interface. This patch fixes this by making ABLKCIPHER its own type, just as we have distinct types for HASH and DIGEST. The type it associated with the algorithm implementation only. Which top-level interface is used for synchronous block ciphers is then determined by the mask that's used. If it's a specific mask then the old blkcipher interface is given, otherwise we go with the new ablkcipher interface. Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 126a529b496d..bc4e608ca841 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -292,7 +292,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) goto out_put_auth; enc = crypto_attr_alg(tb[3], CRYPTO_ALG_TYPE_BLKCIPHER, - CRYPTO_ALG_TYPE_MASK); + CRYPTO_ALG_TYPE_BLKCIPHER_MASK); inst = ERR_PTR(PTR_ERR(enc)); if (IS_ERR(enc)) goto out_put_auth; -- cgit v1.2.3 From e29bc6ad0e84e3157e0f49130a15b278cb232c72 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 22 Nov 2007 22:46:40 +0800 Subject: [CRYPTO] authenc: Use or instead of max on alignment masks Since alignment masks are always one less than a power of two, we can use binary or to find their maximum. Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index bc4e608ca841..66fb2aa5c325 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -333,7 +333,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC; inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority; inst->alg.cra_blocksize = enc->cra_blocksize; - inst->alg.cra_alignmask = max(auth->cra_alignmask, enc->cra_alignmask); + inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask; inst->alg.cra_type = &crypto_aead_type; inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize; -- cgit v1.2.3 From 7ba683a6deba70251756aa5a021cdaa5c875a7a2 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 2 Dec 2007 18:49:21 +1100 Subject: [CRYPTO] aead: Make authsize a run-time parameter As it is authsize is an algorithm paramter which cannot be changed at run-time. This is inconvenient because hardware that implements such algorithms would have to register each authsize that they support separately. Since authsize is a property common to all AEAD algorithms, we can add a function setauthsize that sets it at run-time, just like setkey. This patch does exactly that and also changes authenc so that authsize is no longer a parameter of its template. Signed-off-by: Herbert Xu --- crypto/authenc.c | 39 ++++++++++++--------------------------- 1 file changed, 12 insertions(+), 27 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 66fb2aa5c325..5df5fb169cbe 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -24,7 +24,6 @@ struct authenc_instance_ctx { struct crypto_spawn auth; struct crypto_spawn enc; - unsigned int authsize; unsigned int enckeylen; }; @@ -76,8 +75,6 @@ out: static int crypto_authenc_hash(struct aead_request *req) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); - struct authenc_instance_ctx *ictx = - crypto_instance_ctx(crypto_aead_alg_instance(authenc)); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct crypto_hash *auth = ctx->auth; struct hash_desc desc = { @@ -111,7 +108,8 @@ auth_unlock: if (err) return err; - scatterwalk_map_and_copy(hash, dst, cryptlen, ictx->authsize, 1); + scatterwalk_map_and_copy(hash, dst, cryptlen, + crypto_aead_authsize(authenc), 1); return 0; } @@ -147,8 +145,6 @@ static int crypto_authenc_encrypt(struct aead_request *req) static int crypto_authenc_verify(struct aead_request *req) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); - struct authenc_instance_ctx *ictx = - crypto_instance_ctx(crypto_aead_alg_instance(authenc)); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct crypto_hash *auth = ctx->auth; struct hash_desc desc = { @@ -186,7 +182,7 @@ auth_unlock: if (err) return err; - authsize = ictx->authsize; + authsize = crypto_aead_authsize(authenc); scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); return memcmp(ihash, ohash, authsize) ? -EINVAL : 0; } @@ -224,18 +220,12 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); struct crypto_hash *auth; struct crypto_ablkcipher *enc; - unsigned int digestsize; int err; auth = crypto_spawn_hash(&ictx->auth); if (IS_ERR(auth)) return PTR_ERR(auth); - err = -EINVAL; - digestsize = crypto_hash_digestsize(auth); - if (ictx->authsize > digestsize) - goto err_free_hash; - enc = crypto_spawn_ablkcipher(&ictx->enc); err = PTR_ERR(enc); if (IS_ERR(enc)) @@ -246,7 +236,7 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) tfm->crt_aead.reqsize = max_t(unsigned int, (crypto_hash_alignmask(auth) & ~(crypto_tfm_ctx_alignment() - 1)) + - digestsize * 2, + crypto_hash_digestsize(auth) * 2, sizeof(struct ablkcipher_request) + crypto_ablkcipher_reqsize(enc)); @@ -273,7 +263,6 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) struct crypto_alg *auth; struct crypto_alg *enc; struct authenc_instance_ctx *ctx; - unsigned int authsize; unsigned int enckeylen; int err; @@ -286,18 +275,13 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) if (IS_ERR(auth)) return ERR_PTR(PTR_ERR(auth)); - err = crypto_attr_u32(tb[2], &authsize); - inst = ERR_PTR(err); - if (err) - goto out_put_auth; - - enc = crypto_attr_alg(tb[3], CRYPTO_ALG_TYPE_BLKCIPHER, + enc = crypto_attr_alg(tb[2], CRYPTO_ALG_TYPE_BLKCIPHER, CRYPTO_ALG_TYPE_BLKCIPHER_MASK); inst = ERR_PTR(PTR_ERR(enc)); if (IS_ERR(enc)) goto out_put_auth; - err = crypto_attr_u32(tb[4], &enckeylen); + err = crypto_attr_u32(tb[3], &enckeylen); if (err) goto out_put_enc; @@ -308,18 +292,17 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) err = -ENAMETOOLONG; if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%u,%s,%u)", auth->cra_name, authsize, + "authenc(%s,%s,%u)", auth->cra_name, enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME) goto err_free_inst; if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%u,%s,%u)", auth->cra_driver_name, - authsize, enc->cra_driver_name, enckeylen) >= + "authenc(%s,%s,%u)", auth->cra_driver_name, + enc->cra_driver_name, enckeylen) >= CRYPTO_MAX_ALG_NAME) goto err_free_inst; ctx = crypto_instance_ctx(inst); - ctx->authsize = authsize; ctx->enckeylen = enckeylen; err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK); @@ -337,7 +320,9 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) inst->alg.cra_type = &crypto_aead_type; inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize; - inst->alg.cra_aead.authsize = authsize; + inst->alg.cra_aead.maxauthsize = auth->cra_type == &crypto_hash_type ? + auth->cra_hash.digestsize : + auth->cra_digest.dia_digestsize; inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx); -- cgit v1.2.3 From e236d4a89a2ffbc8aa18064161f4f159c4d89b4a Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 22 Nov 2007 23:11:53 +0800 Subject: [CRYPTO] authenc: Move enckeylen into key itself Having enckeylen as a template parameter makes it a pain for hardware devices that implement ciphers with many key sizes since each one would have to be registered separately. Since the authenc algorithm is mainly used for legacy purposes where its key is going to be constructed out of two separate keys, we can in fact embed this value into the key itself. This patch does this by prepending an rtnetlink header to the key that contains the encryption key length. Signed-off-by: Herbert Xu --- crypto/authenc.c | 49 +++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 5df5fb169cbe..a61dea1c2fe6 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -11,10 +11,12 @@ */ #include +#include #include #include #include #include +#include #include #include @@ -23,8 +25,6 @@ struct authenc_instance_ctx { struct crypto_spawn auth; struct crypto_spawn enc; - - unsigned int enckeylen; }; struct crypto_authenc_ctx { @@ -36,19 +36,31 @@ struct crypto_authenc_ctx { static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, unsigned int keylen) { - struct authenc_instance_ctx *ictx = - crypto_instance_ctx(crypto_aead_alg_instance(authenc)); - unsigned int enckeylen = ictx->enckeylen; unsigned int authkeylen; + unsigned int enckeylen; struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct crypto_hash *auth = ctx->auth; struct crypto_ablkcipher *enc = ctx->enc; + struct rtattr *rta = (void *)key; + struct crypto_authenc_key_param *param; int err = -EINVAL; - if (keylen < enckeylen) { - crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); - goto out; - } + if (keylen < sizeof(*rta)) + goto badkey; + if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) + goto badkey; + if (RTA_PAYLOAD(rta) < sizeof(*param)) + goto badkey; + + param = RTA_DATA(rta); + enckeylen = be32_to_cpu(param->enckeylen); + + key += RTA_ALIGN(rta->rta_len); + keylen -= RTA_ALIGN(rta->rta_len); + + if (keylen < enckeylen) + goto badkey; + authkeylen = keylen - enckeylen; crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); @@ -70,6 +82,10 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, out: return err; + +badkey: + crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); + goto out; } static int crypto_authenc_hash(struct aead_request *req) @@ -263,7 +279,6 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) struct crypto_alg *auth; struct crypto_alg *enc; struct authenc_instance_ctx *ctx; - unsigned int enckeylen; int err; err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD); @@ -281,10 +296,6 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) if (IS_ERR(enc)) goto out_put_auth; - err = crypto_attr_u32(tb[3], &enckeylen); - if (err) - goto out_put_enc; - inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); err = -ENOMEM; if (!inst) @@ -292,18 +303,16 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) err = -ENAMETOOLONG; if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%s,%u)", auth->cra_name, - enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME) + "authenc(%s,%s)", auth->cra_name, enc->cra_name) >= + CRYPTO_MAX_ALG_NAME) goto err_free_inst; if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%s,%u)", auth->cra_driver_name, - enc->cra_driver_name, enckeylen) >= - CRYPTO_MAX_ALG_NAME) + "authenc(%s,%s)", auth->cra_driver_name, + enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) goto err_free_inst; ctx = crypto_instance_ctx(inst); - ctx->enckeylen = enckeylen; err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK); if (err) -- cgit v1.2.3 From 481f34ae752ac74c4cbd88a9954dd4ed10e84f81 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 4 Dec 2007 20:04:21 +1100 Subject: [CRYPTO] authenc: Fix hash verification The previous code incorrectly included the hash in the verification which also meant that we'd crash and burn when it comes to actually verifying the hash since we'd go past the end of the SG list. This patch fixes that by subtracting authsize from cryptlen at the start. Signed-off-by: Herbert Xu --- crypto/authenc.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index a61dea1c2fe6..82e03ffa6245 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -158,7 +158,8 @@ static int crypto_authenc_encrypt(struct aead_request *req) return crypto_authenc_hash(req); } -static int crypto_authenc_verify(struct aead_request *req) +static int crypto_authenc_verify(struct aead_request *req, + unsigned int cryptlen) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); @@ -170,7 +171,6 @@ static int crypto_authenc_verify(struct aead_request *req) u8 *ohash = aead_request_ctx(req); u8 *ihash; struct scatterlist *src = req->src; - unsigned int cryptlen = req->cryptlen; unsigned int authsize; int err; @@ -214,16 +214,22 @@ static int crypto_authenc_decrypt(struct aead_request *req) struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct ablkcipher_request *abreq = aead_request_ctx(req); + unsigned int cryptlen = req->cryptlen; + unsigned int authsize = crypto_aead_authsize(authenc); int err; - err = crypto_authenc_verify(req); + if (cryptlen < authsize) + return -EINVAL; + cryptlen -= authsize; + + err = crypto_authenc_verify(req, cryptlen); if (err) return err; ablkcipher_request_set_tfm(abreq, ctx->enc); ablkcipher_request_set_callback(abreq, aead_request_flags(req), crypto_authenc_decrypt_done, req); - ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen, + ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen, req->iv); return crypto_ablkcipher_decrypt(abreq); -- cgit v1.2.3 From fe70f5dfe1a7b5caab96531089dac3d8728c0ebd Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 4 Dec 2007 20:07:27 +1100 Subject: [CRYPTO] aead: Return EBADMSG for ICV mismatch This patch changes gcm/authenc to return EBADMSG instead of EINVAL for ICV mismatches. This convention has already been adopted by IPsec. Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 82e03ffa6245..6c9104ebf2f4 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -200,7 +200,7 @@ auth_unlock: authsize = crypto_aead_authsize(authenc); scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); - return memcmp(ihash, ohash, authsize) ? -EINVAL : 0; + return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0; } static void crypto_authenc_decrypt_done(struct crypto_async_request *req, -- cgit v1.2.3 From 42c271c6c538857cb13c5ead5184d264d745f675 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Fri, 7 Dec 2007 18:52:49 +0800 Subject: [CRYPTO] scatterwalk: Move scatterwalk.h to linux/crypto The scatterwalk infrastructure is used by algorithms so it needs to move out of crypto for future users that may live in drivers/crypto or asm/*/crypto. Signed-off-by: Herbert Xu --- crypto/authenc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 6c9104ebf2f4..fbbc2b505a21 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -12,6 +12,7 @@ #include #include +#include #include #include #include @@ -20,8 +21,6 @@ #include #include -#include "scatterwalk.h" - struct authenc_instance_ctx { struct crypto_spawn auth; struct crypto_spawn enc; -- cgit v1.2.3 From c2c61f513db395ddd8d67690bf3301ebe1e8155a Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Dec 2007 10:54:44 +0800 Subject: [CRYPTO] authenc: Fix typo in ivsize The ivsize should be fetched from ablkcipher, not blkcipher. Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index fbbc2b505a21..80d9d0b18c13 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -333,7 +333,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask; inst->alg.cra_type = &crypto_aead_type; - inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize; + inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize; inst->alg.cra_aead.maxauthsize = auth->cra_type == &crypto_hash_type ? auth->cra_hash.digestsize : auth->cra_digest.dia_digestsize; -- cgit v1.2.3 From 12dc5e62b4f93f1d399fd81e35be3f9ea0027712 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Dec 2007 10:55:21 +0800 Subject: [CRYPTO] authenc: Use RTA_OK to check length This patch changes setkey to use RTA_OK to check the validity of the setkey request. Signed-off-by: Herbert Xu --- crypto/authenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 80d9d0b18c13..aa442dea5c43 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -44,7 +44,7 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, struct crypto_authenc_key_param *param; int err = -EINVAL; - if (keylen < sizeof(*rta)) + if (!RTA_OK(rta, keylen)) goto badkey; if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) goto badkey; -- cgit v1.2.3 From 7c3d703fa81db42f9766325cebd6bfc1c5eac838 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Dec 2007 16:15:41 +0800 Subject: [CRYPTO] authenc: Merge common hashing code This patch merges the common hashing code between encryption and decryption. Signed-off-by: Herbert Xu --- crypto/authenc.c | 66 ++++++++++++++++++++++++-------------------------------- 1 file changed, 28 insertions(+), 38 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index aa442dea5c43..394e73308e31 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -87,17 +87,18 @@ badkey: goto out; } -static int crypto_authenc_hash(struct aead_request *req) +static u8 *crypto_authenc_hash(struct aead_request *req, unsigned int flags, + struct scatterlist *cipher, + unsigned int cryptlen) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct crypto_hash *auth = ctx->auth; struct hash_desc desc = { .tfm = auth, + .flags = aead_request_flags(req) & flags, }; u8 *hash = aead_request_ctx(req); - struct scatterlist *dst = req->dst; - unsigned int cryptlen = req->cryptlen; int err; hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth), @@ -112,7 +113,7 @@ static int crypto_authenc_hash(struct aead_request *req) if (err) goto auth_unlock; - err = crypto_hash_update(&desc, dst, cryptlen); + err = crypto_hash_update(&desc, cipher, cryptlen); if (err) goto auth_unlock; @@ -121,7 +122,21 @@ auth_unlock: spin_unlock_bh(&ctx->auth_lock); if (err) - return err; + return ERR_PTR(err); + + return hash; +} + +static int crypto_authenc_genicv(struct aead_request *req, unsigned int flags) +{ + struct crypto_aead *authenc = crypto_aead_reqtfm(req); + struct scatterlist *dst = req->dst; + unsigned int cryptlen = req->cryptlen; + u8 *hash; + + hash = crypto_authenc_hash(req, flags, dst, cryptlen); + if (IS_ERR(hash)) + return PTR_ERR(hash); scatterwalk_map_and_copy(hash, dst, cryptlen, crypto_aead_authsize(authenc), 1); @@ -132,7 +147,7 @@ static void crypto_authenc_encrypt_done(struct crypto_async_request *req, int err) { if (!err) - err = crypto_authenc_hash(req->data); + err = crypto_authenc_genicv(req->data, 0); aead_request_complete(req->data, err); } @@ -154,50 +169,25 @@ static int crypto_authenc_encrypt(struct aead_request *req) if (err) return err; - return crypto_authenc_hash(req); + return crypto_authenc_genicv(req, CRYPTO_TFM_REQ_MAY_SLEEP); } static int crypto_authenc_verify(struct aead_request *req, unsigned int cryptlen) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); - struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); - struct crypto_hash *auth = ctx->auth; - struct hash_desc desc = { - .tfm = auth, - .flags = aead_request_flags(req), - }; - u8 *ohash = aead_request_ctx(req); + u8 *ohash; u8 *ihash; struct scatterlist *src = req->src; unsigned int authsize; - int err; - ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth), - crypto_hash_alignmask(auth) + 1); - ihash = ohash + crypto_hash_digestsize(auth); - - spin_lock_bh(&ctx->auth_lock); - err = crypto_hash_init(&desc); - if (err) - goto auth_unlock; - - err = crypto_hash_update(&desc, req->assoc, req->assoclen); - if (err) - goto auth_unlock; - - err = crypto_hash_update(&desc, src, cryptlen); - if (err) - goto auth_unlock; - - err = crypto_hash_final(&desc, ohash); -auth_unlock: - spin_unlock_bh(&ctx->auth_lock); - - if (err) - return err; + ohash = crypto_authenc_hash(req, CRYPTO_TFM_REQ_MAY_SLEEP, src, + cryptlen); + if (IS_ERR(ohash)) + return PTR_ERR(ohash); authsize = crypto_aead_authsize(authenc); + ihash = ohash + authsize; scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0; } -- cgit v1.2.3 From 9ffde35a8edd3486cd7c80af931c15cec99a1a0d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 17 Dec 2007 20:12:49 +0800 Subject: [CRYPTO] authenc: Use crypto_grab_skcipher This patch converts the authenc algorithm over to crypto_grab_skcipher which is a prerequisite for IV generation. This patch also changes authenc to set its ASYNC status depending on the ASYNC status of the underlying skcipher. Signed-off-by: Herbert Xu --- crypto/authenc.c | 65 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 27 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 394e73308e31..2d609b72f5be 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -10,7 +10,7 @@ * */ -#include +#include #include #include #include @@ -23,7 +23,7 @@ struct authenc_instance_ctx { struct crypto_spawn auth; - struct crypto_spawn enc; + struct crypto_skcipher_spawn enc; }; struct crypto_authenc_ctx { @@ -237,7 +237,7 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) if (IS_ERR(auth)) return PTR_ERR(auth); - enc = crypto_spawn_ablkcipher(&ictx->enc); + enc = crypto_spawn_skcipher(&ictx->enc); err = PTR_ERR(enc); if (IS_ERR(enc)) goto err_free_hash; @@ -270,42 +270,36 @@ static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm) static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) { + struct crypto_attr_type *algt; struct crypto_instance *inst; struct crypto_alg *auth; struct crypto_alg *enc; struct authenc_instance_ctx *ctx; + const char *enc_name; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD); - if (err) + algt = crypto_get_attr_type(tb); + err = PTR_ERR(algt); + if (IS_ERR(algt)) return ERR_PTR(err); + if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) + return ERR_PTR(-EINVAL); + auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, CRYPTO_ALG_TYPE_HASH_MASK); if (IS_ERR(auth)) return ERR_PTR(PTR_ERR(auth)); - enc = crypto_attr_alg(tb[2], CRYPTO_ALG_TYPE_BLKCIPHER, - CRYPTO_ALG_TYPE_BLKCIPHER_MASK); - inst = ERR_PTR(PTR_ERR(enc)); - if (IS_ERR(enc)) + enc_name = crypto_attr_alg_name(tb[2]); + err = PTR_ERR(enc_name); + if (IS_ERR(enc_name)) goto out_put_auth; inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); err = -ENOMEM; if (!inst) - goto out_put_enc; - - err = -ENAMETOOLONG; - if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%s)", auth->cra_name, enc->cra_name) >= - CRYPTO_MAX_ALG_NAME) - goto err_free_inst; - - if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, - "authenc(%s,%s)", auth->cra_driver_name, - enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) - goto err_free_inst; + goto out_put_auth; ctx = crypto_instance_ctx(inst); @@ -313,11 +307,28 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) if (err) goto err_free_inst; - err = crypto_init_spawn(&ctx->enc, enc, inst, CRYPTO_ALG_TYPE_MASK); + crypto_set_skcipher_spawn(&ctx->enc, inst); + err = crypto_grab_skcipher(&ctx->enc, enc_name, 0, + crypto_requires_sync(algt->type, + algt->mask)); if (err) goto err_drop_auth; - inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC; + enc = crypto_skcipher_spawn_alg(&ctx->enc); + + err = -ENAMETOOLONG; + if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, + "authenc(%s,%s)", auth->cra_name, enc->cra_name) >= + CRYPTO_MAX_ALG_NAME) + goto err_drop_enc; + + if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, + "authenc(%s,%s)", auth->cra_driver_name, + enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) + goto err_drop_enc; + + inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; + inst->alg.cra_flags |= enc->cra_flags & CRYPTO_ALG_ASYNC; inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority; inst->alg.cra_blocksize = enc->cra_blocksize; inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask; @@ -338,16 +349,16 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) inst->alg.cra_aead.decrypt = crypto_authenc_decrypt; out: - crypto_mod_put(enc); -out_put_auth: crypto_mod_put(auth); return inst; +err_drop_enc: + crypto_drop_skcipher(&ctx->enc); err_drop_auth: crypto_drop_spawn(&ctx->auth); err_free_inst: kfree(inst); -out_put_enc: +out_put_auth: inst = ERR_PTR(err); goto out; } @@ -356,7 +367,7 @@ static void crypto_authenc_free(struct crypto_instance *inst) { struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst); - crypto_drop_spawn(&ctx->enc); + crypto_drop_skcipher(&ctx->enc); crypto_drop_spawn(&ctx->auth); kfree(inst); } -- cgit v1.2.3 From e56dd56418fcc024683d1638564a494d9e9aab85 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Dec 2007 16:20:24 +0800 Subject: [CRYPTO] authenc: Add givencrypt operation This patch implements the givencrypt function for authenc. It simply calls the givencrypt operation on the underlying cipher instead of encrypt. Signed-off-by: Herbert Xu --- crypto/authenc.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 114 insertions(+), 22 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index 2d609b72f5be..ed8ac5a6fa5f 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -10,6 +10,7 @@ * */ +#include #include #include #include @@ -87,6 +88,20 @@ badkey: goto out; } +static void authenc_chain(struct scatterlist *head, struct scatterlist *sg, + int chain) +{ + if (chain) { + head->length += sg->length; + sg = scatterwalk_sg_next(sg); + } + + if (sg) + scatterwalk_sg_chain(head, 2, sg); + else + sg_mark_end(head); +} + static u8 *crypto_authenc_hash(struct aead_request *req, unsigned int flags, struct scatterlist *cipher, unsigned int cryptlen) @@ -127,18 +142,31 @@ auth_unlock: return hash; } -static int crypto_authenc_genicv(struct aead_request *req, unsigned int flags) +static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, + unsigned int flags) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct scatterlist *dst = req->dst; - unsigned int cryptlen = req->cryptlen; + struct scatterlist cipher[2]; + struct page *dstp; + unsigned int ivsize = crypto_aead_ivsize(authenc); + unsigned int cryptlen; + u8 *vdst; u8 *hash; - hash = crypto_authenc_hash(req, flags, dst, cryptlen); + dstp = sg_page(dst); + vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; + + sg_init_table(cipher, 2); + sg_set_buf(cipher, iv, ivsize); + authenc_chain(cipher, dst, vdst == iv + ivsize); + + cryptlen = req->cryptlen + ivsize; + hash = crypto_authenc_hash(req, flags, cipher, cryptlen); if (IS_ERR(hash)) return PTR_ERR(hash); - scatterwalk_map_and_copy(hash, dst, cryptlen, + scatterwalk_map_and_copy(hash, cipher, cryptlen, crypto_aead_authsize(authenc), 1); return 0; } @@ -146,8 +174,16 @@ static int crypto_authenc_genicv(struct aead_request *req, unsigned int flags) static void crypto_authenc_encrypt_done(struct crypto_async_request *req, int err) { - if (!err) - err = crypto_authenc_genicv(req->data, 0); + if (!err) { + struct aead_request *areq = req->data; + struct crypto_aead *authenc = crypto_aead_reqtfm(areq); + struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); + struct ablkcipher_request *abreq = aead_request_ctx(areq); + u8 *iv = (u8 *)(abreq + 1) + + crypto_ablkcipher_reqsize(ctx->enc); + + err = crypto_authenc_genicv(areq, iv, 0); + } aead_request_complete(req->data, err); } @@ -157,45 +193,99 @@ static int crypto_authenc_encrypt(struct aead_request *req) struct crypto_aead *authenc = crypto_aead_reqtfm(req); struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); struct ablkcipher_request *abreq = aead_request_ctx(req); + struct crypto_ablkcipher *enc = ctx->enc; + struct scatterlist *dst = req->dst; + unsigned int cryptlen = req->cryptlen; + u8 *iv = (u8 *)(abreq + 1) + crypto_ablkcipher_reqsize(enc); int err; - ablkcipher_request_set_tfm(abreq, ctx->enc); + ablkcipher_request_set_tfm(abreq, enc); ablkcipher_request_set_callback(abreq, aead_request_flags(req), crypto_authenc_encrypt_done, req); - ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen, - req->iv); + ablkcipher_request_set_crypt(abreq, req->src, dst, cryptlen, req->iv); + + memcpy(iv, req->iv, crypto_aead_ivsize(authenc)); err = crypto_ablkcipher_encrypt(abreq); if (err) return err; - return crypto_authenc_genicv(req, CRYPTO_TFM_REQ_MAY_SLEEP); + return crypto_authenc_genicv(req, iv, CRYPTO_TFM_REQ_MAY_SLEEP); +} + +static void crypto_authenc_givencrypt_done(struct crypto_async_request *req, + int err) +{ + if (!err) { + struct aead_givcrypt_request *greq = req->data; + + err = crypto_authenc_genicv(&greq->areq, greq->giv, 0); + } + + aead_request_complete(req->data, err); +} + +static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req) +{ + struct crypto_aead *authenc = aead_givcrypt_reqtfm(req); + struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); + struct aead_request *areq = &req->areq; + struct skcipher_givcrypt_request *greq = aead_request_ctx(areq); + u8 *iv = req->giv; + int err; + + skcipher_givcrypt_set_tfm(greq, ctx->enc); + skcipher_givcrypt_set_callback(greq, aead_request_flags(areq), + crypto_authenc_givencrypt_done, areq); + skcipher_givcrypt_set_crypt(greq, areq->src, areq->dst, areq->cryptlen, + areq->iv); + skcipher_givcrypt_set_giv(greq, iv, req->seq); + + err = crypto_skcipher_givencrypt(greq); + if (err) + return err; + + return crypto_authenc_genicv(areq, iv, CRYPTO_TFM_REQ_MAY_SLEEP); } static int crypto_authenc_verify(struct aead_request *req, + struct scatterlist *cipher, unsigned int cryptlen) { struct crypto_aead *authenc = crypto_aead_reqtfm(req); u8 *ohash; u8 *ihash; - struct scatterlist *src = req->src; unsigned int authsize; - ohash = crypto_authenc_hash(req, CRYPTO_TFM_REQ_MAY_SLEEP, src, + ohash = crypto_authenc_hash(req, CRYPTO_TFM_REQ_MAY_SLEEP, cipher, cryptlen); if (IS_ERR(ohash)) return PTR_ERR(ohash); authsize = crypto_aead_authsize(authenc); ihash = ohash + authsize; - scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0); + scatterwalk_map_and_copy(ihash, cipher, cryptlen, authsize, 0); return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0; } -static void crypto_authenc_decrypt_done(struct crypto_async_request *req, - int err) +static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, + unsigned int cryptlen) { - aead_request_complete(req->data, err); + struct crypto_aead *authenc = crypto_aead_reqtfm(req); + struct scatterlist *src = req->src; + struct scatterlist cipher[2]; + struct page *srcp; + unsigned int ivsize = crypto_aead_ivsize(authenc); + u8 *vsrc; + + srcp = sg_page(src); + vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset; + + sg_init_table(cipher, 2); + sg_set_buf(cipher, iv, ivsize); + authenc_chain(cipher, src, vsrc == iv + ivsize); + + return crypto_authenc_verify(req, cipher, cryptlen + ivsize); } static int crypto_authenc_decrypt(struct aead_request *req) @@ -205,21 +295,21 @@ static int crypto_authenc_decrypt(struct aead_request *req) struct ablkcipher_request *abreq = aead_request_ctx(req); unsigned int cryptlen = req->cryptlen; unsigned int authsize = crypto_aead_authsize(authenc); + u8 *iv = req->iv; int err; if (cryptlen < authsize) return -EINVAL; cryptlen -= authsize; - err = crypto_authenc_verify(req, cryptlen); + err = crypto_authenc_iverify(req, iv, cryptlen); if (err) return err; ablkcipher_request_set_tfm(abreq, ctx->enc); ablkcipher_request_set_callback(abreq, aead_request_flags(req), - crypto_authenc_decrypt_done, req); - ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen, - req->iv); + req->base.complete, req->base.data); + ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen, iv); return crypto_ablkcipher_decrypt(abreq); } @@ -248,8 +338,9 @@ static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) (crypto_hash_alignmask(auth) & ~(crypto_tfm_ctx_alignment() - 1)) + crypto_hash_digestsize(auth) * 2, - sizeof(struct ablkcipher_request) + - crypto_ablkcipher_reqsize(enc)); + sizeof(struct skcipher_givcrypt_request) + + crypto_ablkcipher_reqsize(enc) + + crypto_ablkcipher_ivsize(enc)); spin_lock_init(&ctx->auth_lock); @@ -347,6 +438,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) inst->alg.cra_aead.setkey = crypto_authenc_setkey; inst->alg.cra_aead.encrypt = crypto_authenc_encrypt; inst->alg.cra_aead.decrypt = crypto_authenc_decrypt; + inst->alg.cra_aead.givencrypt = crypto_authenc_givencrypt; out: crypto_mod_put(auth); -- cgit v1.2.3