xref: /openbmc/linux/crypto/xcbc.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  * Copyright (C)2006 USAGI/WIDE Project
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17  *
18  * Author:
19  * 	Kazunori Miyazawa <miyazawa@linux-ipv6.org>
20  */
21 
22 #include <linux/crypto.h>
23 #include <linux/err.h>
24 #include <linux/hardirq.h>
25 #include <linux/kernel.h>
26 #include <linux/mm.h>
27 #include <linux/rtnetlink.h>
28 #include <linux/slab.h>
29 #include <linux/scatterlist.h>
30 #include "internal.h"
31 
32 static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
33 			   0x02020202, 0x02020202, 0x02020202, 0x02020202,
34 			   0x03030303, 0x03030303, 0x03030303, 0x03030303};
35 /*
36  * +------------------------
37  * | <parent tfm>
38  * +------------------------
39  * | crypto_xcbc_ctx
40  * +------------------------
41  * | odds (block size)
42  * +------------------------
43  * | prev (block size)
44  * +------------------------
45  * | key (block size)
46  * +------------------------
47  * | consts (block size * 3)
48  * +------------------------
49  */
50 struct crypto_xcbc_ctx {
51 	struct crypto_cipher *child;
52 	u8 *odds;
53 	u8 *prev;
54 	u8 *key;
55 	u8 *consts;
56 	void (*xor)(u8 *a, const u8 *b, unsigned int bs);
57 	unsigned int keylen;
58 	unsigned int len;
59 };
60 
61 static void xor_128(u8 *a, const u8 *b, unsigned int bs)
62 {
63 	((u32 *)a)[0] ^= ((u32 *)b)[0];
64 	((u32 *)a)[1] ^= ((u32 *)b)[1];
65 	((u32 *)a)[2] ^= ((u32 *)b)[2];
66 	((u32 *)a)[3] ^= ((u32 *)b)[3];
67 }
68 
69 static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
70 				      struct crypto_xcbc_ctx *ctx)
71 {
72 	int bs = crypto_hash_blocksize(parent);
73 	int err = 0;
74 	u8 key1[bs];
75 
76 	if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen)))
77 	    return err;
78 
79 	crypto_cipher_encrypt_one(ctx->child, key1, ctx->consts);
80 
81 	return crypto_cipher_setkey(ctx->child, key1, bs);
82 }
83 
84 static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
85 				     const u8 *inkey, unsigned int keylen)
86 {
87 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
88 
89 	if (keylen != crypto_cipher_blocksize(ctx->child))
90 		return -EINVAL;
91 
92 	ctx->keylen = keylen;
93 	memcpy(ctx->key, inkey, keylen);
94 	ctx->consts = (u8*)ks;
95 
96 	return _crypto_xcbc_digest_setkey(parent, ctx);
97 }
98 
99 static int crypto_xcbc_digest_init(struct hash_desc *pdesc)
100 {
101 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm);
102 	int bs = crypto_hash_blocksize(pdesc->tfm);
103 
104 	ctx->len = 0;
105 	memset(ctx->odds, 0, bs);
106 	memset(ctx->prev, 0, bs);
107 
108 	return 0;
109 }
110 
111 static int crypto_xcbc_digest_update2(struct hash_desc *pdesc,
112 				      struct scatterlist *sg,
113 				      unsigned int nbytes)
114 {
115 	struct crypto_hash *parent = pdesc->tfm;
116 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
117 	struct crypto_cipher *tfm = ctx->child;
118 	int bs = crypto_hash_blocksize(parent);
119 	unsigned int i = 0;
120 
121 	do {
122 
123 		struct page *pg = sg[i].page;
124 		unsigned int offset = sg[i].offset;
125 		unsigned int slen = sg[i].length;
126 
127 		while (slen > 0) {
128 			unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
129 			char *p = crypto_kmap(pg, 0) + offset;
130 
131 			/* checking the data can fill the block */
132 			if ((ctx->len + len) <= bs) {
133 				memcpy(ctx->odds + ctx->len, p, len);
134 				ctx->len += len;
135 				slen -= len;
136 
137 				/* checking the rest of the page */
138 				if (len + offset >= PAGE_SIZE) {
139 					offset = 0;
140 					pg++;
141 				} else
142 					offset += len;
143 
144 				crypto_kunmap(p, 0);
145 				crypto_yield(pdesc->flags);
146 				continue;
147 			}
148 
149 			/* filling odds with new data and encrypting it */
150 			memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
151 			len -= bs - ctx->len;
152 			p += bs - ctx->len;
153 
154 			ctx->xor(ctx->prev, ctx->odds, bs);
155 			crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev);
156 
157 			/* clearing the length */
158 			ctx->len = 0;
159 
160 			/* encrypting the rest of data */
161 			while (len > bs) {
162 				ctx->xor(ctx->prev, p, bs);
163 				crypto_cipher_encrypt_one(tfm, ctx->prev,
164 							  ctx->prev);
165 				p += bs;
166 				len -= bs;
167 			}
168 
169 			/* keeping the surplus of blocksize */
170 			if (len) {
171 				memcpy(ctx->odds, p, len);
172 				ctx->len = len;
173 			}
174 			crypto_kunmap(p, 0);
175 			crypto_yield(pdesc->flags);
176 			slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
177 			offset = 0;
178 			pg++;
179 		}
180 		nbytes-=sg[i].length;
181 		i++;
182 	} while (nbytes>0);
183 
184 	return 0;
185 }
186 
187 static int crypto_xcbc_digest_update(struct hash_desc *pdesc,
188 				     struct scatterlist *sg,
189 				     unsigned int nbytes)
190 {
191 	if (WARN_ON_ONCE(in_irq()))
192 		return -EDEADLK;
193 	return crypto_xcbc_digest_update2(pdesc, sg, nbytes);
194 }
195 
196 static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
197 {
198 	struct crypto_hash *parent = pdesc->tfm;
199 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
200 	struct crypto_cipher *tfm = ctx->child;
201 	int bs = crypto_hash_blocksize(parent);
202 	int err = 0;
203 
204 	if (ctx->len == bs) {
205 		u8 key2[bs];
206 
207 		if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
208 			return err;
209 
210 		crypto_cipher_encrypt_one(tfm, key2,
211 					  (u8 *)(ctx->consts + bs));
212 
213 		ctx->xor(ctx->prev, ctx->odds, bs);
214 		ctx->xor(ctx->prev, key2, bs);
215 		_crypto_xcbc_digest_setkey(parent, ctx);
216 
217 		crypto_cipher_encrypt_one(tfm, out, ctx->prev);
218 	} else {
219 		u8 key3[bs];
220 		unsigned int rlen;
221 		u8 *p = ctx->odds + ctx->len;
222 		*p = 0x80;
223 		p++;
224 
225 		rlen = bs - ctx->len -1;
226 		if (rlen)
227 			memset(p, 0, rlen);
228 
229 		if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
230 			return err;
231 
232 		crypto_cipher_encrypt_one(tfm, key3,
233 					  (u8 *)(ctx->consts + bs * 2));
234 
235 		ctx->xor(ctx->prev, ctx->odds, bs);
236 		ctx->xor(ctx->prev, key3, bs);
237 
238 		_crypto_xcbc_digest_setkey(parent, ctx);
239 
240 		crypto_cipher_encrypt_one(tfm, out, ctx->prev);
241 	}
242 
243 	return 0;
244 }
245 
246 static int crypto_xcbc_digest(struct hash_desc *pdesc,
247 		  struct scatterlist *sg, unsigned int nbytes, u8 *out)
248 {
249 	if (WARN_ON_ONCE(in_irq()))
250 		return -EDEADLK;
251 
252 	crypto_xcbc_digest_init(pdesc);
253 	crypto_xcbc_digest_update2(pdesc, sg, nbytes);
254 	return crypto_xcbc_digest_final(pdesc, out);
255 }
256 
257 static int xcbc_init_tfm(struct crypto_tfm *tfm)
258 {
259 	struct crypto_cipher *cipher;
260 	struct crypto_instance *inst = (void *)tfm->__crt_alg;
261 	struct crypto_spawn *spawn = crypto_instance_ctx(inst);
262 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
263 	int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
264 
265 	cipher = crypto_spawn_cipher(spawn);
266 	if (IS_ERR(cipher))
267 		return PTR_ERR(cipher);
268 
269 	switch(bs) {
270 	case 16:
271 		ctx->xor = xor_128;
272 		break;
273 	default:
274 		return -EINVAL;
275 	}
276 
277 	ctx->child = cipher;
278 	ctx->odds = (u8*)(ctx+1);
279 	ctx->prev = ctx->odds + bs;
280 	ctx->key = ctx->prev + bs;
281 
282 	return 0;
283 };
284 
285 static void xcbc_exit_tfm(struct crypto_tfm *tfm)
286 {
287 	struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
288 	crypto_free_cipher(ctx->child);
289 }
290 
291 static struct crypto_instance *xcbc_alloc(struct rtattr **tb)
292 {
293 	struct crypto_instance *inst;
294 	struct crypto_alg *alg;
295 	int err;
296 
297 	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH);
298 	if (err)
299 		return ERR_PTR(err);
300 
301 	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
302 				  CRYPTO_ALG_TYPE_MASK);
303 	if (IS_ERR(alg))
304 		return ERR_PTR(PTR_ERR(alg));
305 
306 	switch(alg->cra_blocksize) {
307 	case 16:
308 		break;
309 	default:
310 		return ERR_PTR(PTR_ERR(alg));
311 	}
312 
313 	inst = crypto_alloc_instance("xcbc", alg);
314 	if (IS_ERR(inst))
315 		goto out_put_alg;
316 
317 	inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
318 	inst->alg.cra_priority = alg->cra_priority;
319 	inst->alg.cra_blocksize = alg->cra_blocksize;
320 	inst->alg.cra_alignmask = alg->cra_alignmask;
321 	inst->alg.cra_type = &crypto_hash_type;
322 
323 	inst->alg.cra_hash.digestsize =
324 		(alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
325 		CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
326 				       alg->cra_blocksize;
327 	inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
328 				ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
329 	inst->alg.cra_init = xcbc_init_tfm;
330 	inst->alg.cra_exit = xcbc_exit_tfm;
331 
332 	inst->alg.cra_hash.init = crypto_xcbc_digest_init;
333 	inst->alg.cra_hash.update = crypto_xcbc_digest_update;
334 	inst->alg.cra_hash.final = crypto_xcbc_digest_final;
335 	inst->alg.cra_hash.digest = crypto_xcbc_digest;
336 	inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey;
337 
338 out_put_alg:
339 	crypto_mod_put(alg);
340 	return inst;
341 }
342 
343 static void xcbc_free(struct crypto_instance *inst)
344 {
345 	crypto_drop_spawn(crypto_instance_ctx(inst));
346 	kfree(inst);
347 }
348 
349 static struct crypto_template crypto_xcbc_tmpl = {
350 	.name = "xcbc",
351 	.alloc = xcbc_alloc,
352 	.free = xcbc_free,
353 	.module = THIS_MODULE,
354 };
355 
356 static int __init crypto_xcbc_module_init(void)
357 {
358 	return crypto_register_template(&crypto_xcbc_tmpl);
359 }
360 
361 static void __exit crypto_xcbc_module_exit(void)
362 {
363 	crypto_unregister_template(&crypto_xcbc_tmpl);
364 }
365 
366 module_init(crypto_xcbc_module_init);
367 module_exit(crypto_xcbc_module_exit);
368 
369 MODULE_LICENSE("GPL");
370 MODULE_DESCRIPTION("XCBC keyed hash algorithm");
371