1 /* 2 * Copyright (C)2006 USAGI/WIDE Project 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 * 18 * Author: 19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org> 20 */ 21 22 #include <linux/crypto.h> 23 #include <linux/err.h> 24 #include <linux/hardirq.h> 25 #include <linux/kernel.h> 26 #include <linux/mm.h> 27 #include <linux/rtnetlink.h> 28 #include <linux/slab.h> 29 #include <linux/scatterlist.h> 30 #include "internal.h" 31 32 static u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101, 33 0x02020202, 0x02020202, 0x02020202, 0x02020202, 34 0x03030303, 0x03030303, 0x03030303, 0x03030303}; 35 /* 36 * +------------------------ 37 * | <parent tfm> 38 * +------------------------ 39 * | crypto_xcbc_ctx 40 * +------------------------ 41 * | odds (block size) 42 * +------------------------ 43 * | prev (block size) 44 * +------------------------ 45 * | key (block size) 46 * +------------------------ 47 * | consts (block size * 3) 48 * +------------------------ 49 */ 50 struct crypto_xcbc_ctx { 51 struct crypto_cipher *child; 52 u8 *odds; 53 u8 *prev; 54 u8 *key; 55 u8 *consts; 56 void (*xor)(u8 *a, const u8 *b, unsigned int bs); 57 unsigned int keylen; 58 unsigned int len; 59 }; 60 61 static void xor_128(u8 *a, const u8 *b, unsigned int bs) 62 { 63 ((u32 *)a)[0] ^= ((u32 *)b)[0]; 64 ((u32 *)a)[1] ^= ((u32 *)b)[1]; 65 ((u32 *)a)[2] ^= ((u32 *)b)[2]; 66 ((u32 *)a)[3] ^= ((u32 *)b)[3]; 67 } 68 69 static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent, 70 struct crypto_xcbc_ctx *ctx) 71 { 72 int bs = crypto_hash_blocksize(parent); 73 int err = 0; 74 u8 key1[bs]; 75 76 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen))) 77 return err; 78 79 crypto_cipher_encrypt_one(ctx->child, key1, ctx->consts); 80 81 return crypto_cipher_setkey(ctx->child, key1, bs); 82 } 83 84 static int crypto_xcbc_digest_setkey(struct crypto_hash *parent, 85 const u8 *inkey, unsigned int keylen) 86 { 87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 88 89 if (keylen != crypto_cipher_blocksize(ctx->child)) 90 return -EINVAL; 91 92 ctx->keylen = keylen; 93 memcpy(ctx->key, inkey, keylen); 94 ctx->consts = (u8*)ks; 95 96 return _crypto_xcbc_digest_setkey(parent, ctx); 97 } 98 99 static int crypto_xcbc_digest_init(struct hash_desc *pdesc) 100 { 101 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm); 102 int bs = crypto_hash_blocksize(pdesc->tfm); 103 104 ctx->len = 0; 105 memset(ctx->odds, 0, bs); 106 memset(ctx->prev, 0, bs); 107 108 return 0; 109 } 110 111 static int crypto_xcbc_digest_update2(struct hash_desc *pdesc, 112 struct scatterlist *sg, 113 unsigned int nbytes) 114 { 115 struct crypto_hash *parent = pdesc->tfm; 116 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 117 struct crypto_cipher *tfm = ctx->child; 118 int bs = crypto_hash_blocksize(parent); 119 unsigned int i = 0; 120 121 do { 122 123 struct page *pg = sg[i].page; 124 unsigned int offset = sg[i].offset; 125 unsigned int slen = sg[i].length; 126 127 while (slen > 0) { 128 unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset); 129 char *p = crypto_kmap(pg, 0) + offset; 130 131 /* checking the data can fill the block */ 132 if ((ctx->len + len) <= bs) { 133 memcpy(ctx->odds + ctx->len, p, len); 134 ctx->len += len; 135 slen -= len; 136 137 /* checking the rest of the page */ 138 if (len + offset >= PAGE_SIZE) { 139 offset = 0; 140 pg++; 141 } else 142 offset += len; 143 144 crypto_kunmap(p, 0); 145 crypto_yield(pdesc->flags); 146 continue; 147 } 148 149 /* filling odds with new data and encrypting it */ 150 memcpy(ctx->odds + ctx->len, p, bs - ctx->len); 151 len -= bs - ctx->len; 152 p += bs - ctx->len; 153 154 ctx->xor(ctx->prev, ctx->odds, bs); 155 crypto_cipher_encrypt_one(tfm, ctx->prev, ctx->prev); 156 157 /* clearing the length */ 158 ctx->len = 0; 159 160 /* encrypting the rest of data */ 161 while (len > bs) { 162 ctx->xor(ctx->prev, p, bs); 163 crypto_cipher_encrypt_one(tfm, ctx->prev, 164 ctx->prev); 165 p += bs; 166 len -= bs; 167 } 168 169 /* keeping the surplus of blocksize */ 170 if (len) { 171 memcpy(ctx->odds, p, len); 172 ctx->len = len; 173 } 174 crypto_kunmap(p, 0); 175 crypto_yield(pdesc->flags); 176 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset); 177 offset = 0; 178 pg++; 179 } 180 nbytes-=sg[i].length; 181 i++; 182 } while (nbytes>0); 183 184 return 0; 185 } 186 187 static int crypto_xcbc_digest_update(struct hash_desc *pdesc, 188 struct scatterlist *sg, 189 unsigned int nbytes) 190 { 191 if (WARN_ON_ONCE(in_irq())) 192 return -EDEADLK; 193 return crypto_xcbc_digest_update2(pdesc, sg, nbytes); 194 } 195 196 static int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out) 197 { 198 struct crypto_hash *parent = pdesc->tfm; 199 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); 200 struct crypto_cipher *tfm = ctx->child; 201 int bs = crypto_hash_blocksize(parent); 202 int err = 0; 203 204 if (ctx->len == bs) { 205 u8 key2[bs]; 206 207 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) 208 return err; 209 210 crypto_cipher_encrypt_one(tfm, key2, 211 (u8 *)(ctx->consts + bs)); 212 213 ctx->xor(ctx->prev, ctx->odds, bs); 214 ctx->xor(ctx->prev, key2, bs); 215 _crypto_xcbc_digest_setkey(parent, ctx); 216 217 crypto_cipher_encrypt_one(tfm, out, ctx->prev); 218 } else { 219 u8 key3[bs]; 220 unsigned int rlen; 221 u8 *p = ctx->odds + ctx->len; 222 *p = 0x80; 223 p++; 224 225 rlen = bs - ctx->len -1; 226 if (rlen) 227 memset(p, 0, rlen); 228 229 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0) 230 return err; 231 232 crypto_cipher_encrypt_one(tfm, key3, 233 (u8 *)(ctx->consts + bs * 2)); 234 235 ctx->xor(ctx->prev, ctx->odds, bs); 236 ctx->xor(ctx->prev, key3, bs); 237 238 _crypto_xcbc_digest_setkey(parent, ctx); 239 240 crypto_cipher_encrypt_one(tfm, out, ctx->prev); 241 } 242 243 return 0; 244 } 245 246 static int crypto_xcbc_digest(struct hash_desc *pdesc, 247 struct scatterlist *sg, unsigned int nbytes, u8 *out) 248 { 249 if (WARN_ON_ONCE(in_irq())) 250 return -EDEADLK; 251 252 crypto_xcbc_digest_init(pdesc); 253 crypto_xcbc_digest_update2(pdesc, sg, nbytes); 254 return crypto_xcbc_digest_final(pdesc, out); 255 } 256 257 static int xcbc_init_tfm(struct crypto_tfm *tfm) 258 { 259 struct crypto_cipher *cipher; 260 struct crypto_instance *inst = (void *)tfm->__crt_alg; 261 struct crypto_spawn *spawn = crypto_instance_ctx(inst); 262 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm)); 263 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm)); 264 265 cipher = crypto_spawn_cipher(spawn); 266 if (IS_ERR(cipher)) 267 return PTR_ERR(cipher); 268 269 switch(bs) { 270 case 16: 271 ctx->xor = xor_128; 272 break; 273 default: 274 return -EINVAL; 275 } 276 277 ctx->child = cipher; 278 ctx->odds = (u8*)(ctx+1); 279 ctx->prev = ctx->odds + bs; 280 ctx->key = ctx->prev + bs; 281 282 return 0; 283 }; 284 285 static void xcbc_exit_tfm(struct crypto_tfm *tfm) 286 { 287 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm)); 288 crypto_free_cipher(ctx->child); 289 } 290 291 static struct crypto_instance *xcbc_alloc(struct rtattr **tb) 292 { 293 struct crypto_instance *inst; 294 struct crypto_alg *alg; 295 int err; 296 297 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_HASH); 298 if (err) 299 return ERR_PTR(err); 300 301 alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, 302 CRYPTO_ALG_TYPE_MASK); 303 if (IS_ERR(alg)) 304 return ERR_PTR(PTR_ERR(alg)); 305 306 switch(alg->cra_blocksize) { 307 case 16: 308 break; 309 default: 310 return ERR_PTR(PTR_ERR(alg)); 311 } 312 313 inst = crypto_alloc_instance("xcbc", alg); 314 if (IS_ERR(inst)) 315 goto out_put_alg; 316 317 inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH; 318 inst->alg.cra_priority = alg->cra_priority; 319 inst->alg.cra_blocksize = alg->cra_blocksize; 320 inst->alg.cra_alignmask = alg->cra_alignmask; 321 inst->alg.cra_type = &crypto_hash_type; 322 323 inst->alg.cra_hash.digestsize = 324 (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == 325 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize : 326 alg->cra_blocksize; 327 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) + 328 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *)); 329 inst->alg.cra_init = xcbc_init_tfm; 330 inst->alg.cra_exit = xcbc_exit_tfm; 331 332 inst->alg.cra_hash.init = crypto_xcbc_digest_init; 333 inst->alg.cra_hash.update = crypto_xcbc_digest_update; 334 inst->alg.cra_hash.final = crypto_xcbc_digest_final; 335 inst->alg.cra_hash.digest = crypto_xcbc_digest; 336 inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey; 337 338 out_put_alg: 339 crypto_mod_put(alg); 340 return inst; 341 } 342 343 static void xcbc_free(struct crypto_instance *inst) 344 { 345 crypto_drop_spawn(crypto_instance_ctx(inst)); 346 kfree(inst); 347 } 348 349 static struct crypto_template crypto_xcbc_tmpl = { 350 .name = "xcbc", 351 .alloc = xcbc_alloc, 352 .free = xcbc_free, 353 .module = THIS_MODULE, 354 }; 355 356 static int __init crypto_xcbc_module_init(void) 357 { 358 return crypto_register_template(&crypto_xcbc_tmpl); 359 } 360 361 static void __exit crypto_xcbc_module_exit(void) 362 { 363 crypto_unregister_template(&crypto_xcbc_tmpl); 364 } 365 366 module_init(crypto_xcbc_module_init); 367 module_exit(crypto_xcbc_module_exit); 368 369 MODULE_LICENSE("GPL"); 370 MODULE_DESCRIPTION("XCBC keyed hash algorithm"); 371