1 /* 2 * AEAD: Authenticated Encryption with Associated Data 3 * 4 * This file provides API support for AEAD algorithms. 5 * 6 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms of the GNU General Public License as published by the Free 10 * Software Foundation; either version 2 of the License, or (at your option) 11 * any later version. 12 * 13 */ 14 15 #include <crypto/internal/geniv.h> 16 #include <crypto/internal/rng.h> 17 #include <crypto/null.h> 18 #include <crypto/scatterwalk.h> 19 #include <linux/err.h> 20 #include <linux/init.h> 21 #include <linux/kernel.h> 22 #include <linux/module.h> 23 #include <linux/rtnetlink.h> 24 #include <linux/slab.h> 25 #include <linux/seq_file.h> 26 #include <linux/cryptouser.h> 27 #include <linux/compiler.h> 28 #include <net/netlink.h> 29 30 #include "internal.h" 31 32 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 33 unsigned int keylen) 34 { 35 unsigned long alignmask = crypto_aead_alignmask(tfm); 36 int ret; 37 u8 *buffer, *alignbuffer; 38 unsigned long absize; 39 40 absize = keylen + alignmask; 41 buffer = kmalloc(absize, GFP_ATOMIC); 42 if (!buffer) 43 return -ENOMEM; 44 45 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 46 memcpy(alignbuffer, key, keylen); 47 ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); 48 memset(alignbuffer, 0, keylen); 49 kfree(buffer); 50 return ret; 51 } 52 53 int crypto_aead_setkey(struct crypto_aead *tfm, 54 const u8 *key, unsigned int keylen) 55 { 56 unsigned long alignmask = crypto_aead_alignmask(tfm); 57 int err; 58 59 if ((unsigned long)key & alignmask) 60 err = setkey_unaligned(tfm, key, keylen); 61 else 62 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); 63 64 if (err) 65 return err; 66 67 crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 68 return 0; 69 } 70 EXPORT_SYMBOL_GPL(crypto_aead_setkey); 71 72 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 73 { 74 int err; 75 76 if (authsize > crypto_aead_maxauthsize(tfm)) 77 return -EINVAL; 78 79 if (crypto_aead_alg(tfm)->setauthsize) { 80 err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); 81 if (err) 82 return err; 83 } 84 85 tfm->authsize = authsize; 86 return 0; 87 } 88 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); 89 90 static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) 91 { 92 struct crypto_aead *aead = __crypto_aead_cast(tfm); 93 struct aead_alg *alg = crypto_aead_alg(aead); 94 95 alg->exit(aead); 96 } 97 98 static int crypto_aead_init_tfm(struct crypto_tfm *tfm) 99 { 100 struct crypto_aead *aead = __crypto_aead_cast(tfm); 101 struct aead_alg *alg = crypto_aead_alg(aead); 102 103 crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY); 104 105 aead->authsize = alg->maxauthsize; 106 107 if (alg->exit) 108 aead->base.exit = crypto_aead_exit_tfm; 109 110 if (alg->init) 111 return alg->init(aead); 112 113 return 0; 114 } 115 116 #ifdef CONFIG_NET 117 static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) 118 { 119 struct crypto_report_aead raead; 120 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 121 122 memset(&raead, 0, sizeof(raead)); 123 124 strscpy(raead.type, "aead", sizeof(raead.type)); 125 strscpy(raead.geniv, "<none>", sizeof(raead.geniv)); 126 127 raead.blocksize = alg->cra_blocksize; 128 raead.maxauthsize = aead->maxauthsize; 129 raead.ivsize = aead->ivsize; 130 131 return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead); 132 } 133 #else 134 static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) 135 { 136 return -ENOSYS; 137 } 138 #endif 139 140 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 141 __maybe_unused; 142 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 143 { 144 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 145 146 seq_printf(m, "type : aead\n"); 147 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? 148 "yes" : "no"); 149 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 150 seq_printf(m, "ivsize : %u\n", aead->ivsize); 151 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); 152 seq_printf(m, "geniv : <none>\n"); 153 } 154 155 static void crypto_aead_free_instance(struct crypto_instance *inst) 156 { 157 struct aead_instance *aead = aead_instance(inst); 158 159 if (!aead->free) { 160 inst->tmpl->free(inst); 161 return; 162 } 163 164 aead->free(aead); 165 } 166 167 static const struct crypto_type crypto_aead_type = { 168 .extsize = crypto_alg_extsize, 169 .init_tfm = crypto_aead_init_tfm, 170 .free = crypto_aead_free_instance, 171 #ifdef CONFIG_PROC_FS 172 .show = crypto_aead_show, 173 #endif 174 .report = crypto_aead_report, 175 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 176 .maskset = CRYPTO_ALG_TYPE_MASK, 177 .type = CRYPTO_ALG_TYPE_AEAD, 178 .tfmsize = offsetof(struct crypto_aead, base), 179 }; 180 181 static int aead_geniv_setkey(struct crypto_aead *tfm, 182 const u8 *key, unsigned int keylen) 183 { 184 struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); 185 186 return crypto_aead_setkey(ctx->child, key, keylen); 187 } 188 189 static int aead_geniv_setauthsize(struct crypto_aead *tfm, 190 unsigned int authsize) 191 { 192 struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); 193 194 return crypto_aead_setauthsize(ctx->child, authsize); 195 } 196 197 struct aead_instance *aead_geniv_alloc(struct crypto_template *tmpl, 198 struct rtattr **tb, u32 type, u32 mask) 199 { 200 const char *name; 201 struct crypto_aead_spawn *spawn; 202 struct crypto_attr_type *algt; 203 struct aead_instance *inst; 204 struct aead_alg *alg; 205 unsigned int ivsize; 206 unsigned int maxauthsize; 207 int err; 208 209 algt = crypto_get_attr_type(tb); 210 if (IS_ERR(algt)) 211 return ERR_CAST(algt); 212 213 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 214 return ERR_PTR(-EINVAL); 215 216 name = crypto_attr_alg_name(tb[1]); 217 if (IS_ERR(name)) 218 return ERR_CAST(name); 219 220 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 221 if (!inst) 222 return ERR_PTR(-ENOMEM); 223 224 spawn = aead_instance_ctx(inst); 225 226 /* Ignore async algorithms if necessary. */ 227 mask |= crypto_requires_sync(algt->type, algt->mask); 228 229 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 230 err = crypto_grab_aead(spawn, name, type, mask); 231 if (err) 232 goto err_free_inst; 233 234 alg = crypto_spawn_aead_alg(spawn); 235 236 ivsize = crypto_aead_alg_ivsize(alg); 237 maxauthsize = crypto_aead_alg_maxauthsize(alg); 238 239 err = -EINVAL; 240 if (ivsize < sizeof(u64)) 241 goto err_drop_alg; 242 243 err = -ENAMETOOLONG; 244 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 245 "%s(%s)", tmpl->name, alg->base.cra_name) >= 246 CRYPTO_MAX_ALG_NAME) 247 goto err_drop_alg; 248 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 249 "%s(%s)", tmpl->name, alg->base.cra_driver_name) >= 250 CRYPTO_MAX_ALG_NAME) 251 goto err_drop_alg; 252 253 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 254 inst->alg.base.cra_priority = alg->base.cra_priority; 255 inst->alg.base.cra_blocksize = alg->base.cra_blocksize; 256 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 257 inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); 258 259 inst->alg.setkey = aead_geniv_setkey; 260 inst->alg.setauthsize = aead_geniv_setauthsize; 261 262 inst->alg.ivsize = ivsize; 263 inst->alg.maxauthsize = maxauthsize; 264 265 out: 266 return inst; 267 268 err_drop_alg: 269 crypto_drop_aead(spawn); 270 err_free_inst: 271 kfree(inst); 272 inst = ERR_PTR(err); 273 goto out; 274 } 275 EXPORT_SYMBOL_GPL(aead_geniv_alloc); 276 277 void aead_geniv_free(struct aead_instance *inst) 278 { 279 crypto_drop_aead(aead_instance_ctx(inst)); 280 kfree(inst); 281 } 282 EXPORT_SYMBOL_GPL(aead_geniv_free); 283 284 int aead_init_geniv(struct crypto_aead *aead) 285 { 286 struct aead_geniv_ctx *ctx = crypto_aead_ctx(aead); 287 struct aead_instance *inst = aead_alg_instance(aead); 288 struct crypto_aead *child; 289 int err; 290 291 spin_lock_init(&ctx->lock); 292 293 err = crypto_get_default_rng(); 294 if (err) 295 goto out; 296 297 err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, 298 crypto_aead_ivsize(aead)); 299 crypto_put_default_rng(); 300 if (err) 301 goto out; 302 303 ctx->sknull = crypto_get_default_null_skcipher(); 304 err = PTR_ERR(ctx->sknull); 305 if (IS_ERR(ctx->sknull)) 306 goto out; 307 308 child = crypto_spawn_aead(aead_instance_ctx(inst)); 309 err = PTR_ERR(child); 310 if (IS_ERR(child)) 311 goto drop_null; 312 313 ctx->child = child; 314 crypto_aead_set_reqsize(aead, crypto_aead_reqsize(child) + 315 sizeof(struct aead_request)); 316 317 err = 0; 318 319 out: 320 return err; 321 322 drop_null: 323 crypto_put_default_null_skcipher(); 324 goto out; 325 } 326 EXPORT_SYMBOL_GPL(aead_init_geniv); 327 328 void aead_exit_geniv(struct crypto_aead *tfm) 329 { 330 struct aead_geniv_ctx *ctx = crypto_aead_ctx(tfm); 331 332 crypto_free_aead(ctx->child); 333 crypto_put_default_null_skcipher(); 334 } 335 EXPORT_SYMBOL_GPL(aead_exit_geniv); 336 337 int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name, 338 u32 type, u32 mask) 339 { 340 spawn->base.frontend = &crypto_aead_type; 341 return crypto_grab_spawn(&spawn->base, name, type, mask); 342 } 343 EXPORT_SYMBOL_GPL(crypto_grab_aead); 344 345 struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) 346 { 347 return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); 348 } 349 EXPORT_SYMBOL_GPL(crypto_alloc_aead); 350 351 static int aead_prepare_alg(struct aead_alg *alg) 352 { 353 struct crypto_alg *base = &alg->base; 354 355 if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > 356 PAGE_SIZE / 8) 357 return -EINVAL; 358 359 if (!alg->chunksize) 360 alg->chunksize = base->cra_blocksize; 361 362 base->cra_type = &crypto_aead_type; 363 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 364 base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; 365 366 return 0; 367 } 368 369 int crypto_register_aead(struct aead_alg *alg) 370 { 371 struct crypto_alg *base = &alg->base; 372 int err; 373 374 err = aead_prepare_alg(alg); 375 if (err) 376 return err; 377 378 return crypto_register_alg(base); 379 } 380 EXPORT_SYMBOL_GPL(crypto_register_aead); 381 382 void crypto_unregister_aead(struct aead_alg *alg) 383 { 384 crypto_unregister_alg(&alg->base); 385 } 386 EXPORT_SYMBOL_GPL(crypto_unregister_aead); 387 388 int crypto_register_aeads(struct aead_alg *algs, int count) 389 { 390 int i, ret; 391 392 for (i = 0; i < count; i++) { 393 ret = crypto_register_aead(&algs[i]); 394 if (ret) 395 goto err; 396 } 397 398 return 0; 399 400 err: 401 for (--i; i >= 0; --i) 402 crypto_unregister_aead(&algs[i]); 403 404 return ret; 405 } 406 EXPORT_SYMBOL_GPL(crypto_register_aeads); 407 408 void crypto_unregister_aeads(struct aead_alg *algs, int count) 409 { 410 int i; 411 412 for (i = count - 1; i >= 0; --i) 413 crypto_unregister_aead(&algs[i]); 414 } 415 EXPORT_SYMBOL_GPL(crypto_unregister_aeads); 416 417 int aead_register_instance(struct crypto_template *tmpl, 418 struct aead_instance *inst) 419 { 420 int err; 421 422 err = aead_prepare_alg(&inst->alg); 423 if (err) 424 return err; 425 426 return crypto_register_instance(tmpl, aead_crypto_instance(inst)); 427 } 428 EXPORT_SYMBOL_GPL(aead_register_instance); 429 430 MODULE_LICENSE("GPL"); 431 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); 432