1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* 3 * Symmetric key ciphers. 4 * 5 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8 #ifndef _CRYPTO_SKCIPHER_H 9 #define _CRYPTO_SKCIPHER_H 10 11 #include <linux/container_of.h> 12 #include <linux/crypto.h> 13 #include <linux/slab.h> 14 #include <linux/string.h> 15 #include <linux/types.h> 16 17 struct scatterlist; 18 19 /** 20 * struct skcipher_request - Symmetric key cipher request 21 * @cryptlen: Number of bytes to encrypt or decrypt 22 * @iv: Initialisation Vector 23 * @src: Source SG list 24 * @dst: Destination SG list 25 * @base: Underlying async request 26 * @__ctx: Start of private context data 27 */ 28 struct skcipher_request { 29 unsigned int cryptlen; 30 31 u8 *iv; 32 33 struct scatterlist *src; 34 struct scatterlist *dst; 35 36 struct crypto_async_request base; 37 38 void *__ctx[] CRYPTO_MINALIGN_ATTR; 39 }; 40 41 struct crypto_skcipher { 42 unsigned int reqsize; 43 44 struct crypto_tfm base; 45 }; 46 47 struct crypto_sync_skcipher { 48 struct crypto_skcipher base; 49 }; 50 51 /** 52 * struct skcipher_alg - symmetric key cipher definition 53 * @min_keysize: Minimum key size supported by the transformation. This is the 54 * smallest key length supported by this transformation algorithm. 55 * This must be set to one of the pre-defined values as this is 56 * not hardware specific. Possible values for this field can be 57 * found via git grep "_MIN_KEY_SIZE" include/crypto/ 58 * @max_keysize: Maximum key size supported by the transformation. This is the 59 * largest key length supported by this transformation algorithm. 60 * This must be set to one of the pre-defined values as this is 61 * not hardware specific. Possible values for this field can be 62 * found via git grep "_MAX_KEY_SIZE" include/crypto/ 63 * @setkey: Set key for the transformation. This function is used to either 64 * program a supplied key into the hardware or store the key in the 65 * transformation context for programming it later. Note that this 66 * function does modify the transformation context. This function can 67 * be called multiple times during the existence of the transformation 68 * object, so one must make sure the key is properly reprogrammed into 69 * the hardware. This function is also responsible for checking the key 70 * length for validity. In case a software fallback was put in place in 71 * the @cra_init call, this function might need to use the fallback if 72 * the algorithm doesn't support all of the key sizes. 73 * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt 74 * the supplied scatterlist containing the blocks of data. The crypto 75 * API consumer is responsible for aligning the entries of the 76 * scatterlist properly and making sure the chunks are correctly 77 * sized. In case a software fallback was put in place in the 78 * @cra_init call, this function might need to use the fallback if 79 * the algorithm doesn't support all of the key sizes. In case the 80 * key was stored in transformation context, the key might need to be 81 * re-programmed into the hardware in this function. This function 82 * shall not modify the transformation context, as this function may 83 * be called in parallel with the same transformation object. 84 * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt 85 * and the conditions are exactly the same. 86 * @init: Initialize the cryptographic transformation object. This function 87 * is used to initialize the cryptographic transformation object. 88 * This function is called only once at the instantiation time, right 89 * after the transformation context was allocated. In case the 90 * cryptographic hardware has some special requirements which need to 91 * be handled by software, this function shall check for the precise 92 * requirement of the transformation and put any software fallbacks 93 * in place. 94 * @exit: Deinitialize the cryptographic transformation object. This is a 95 * counterpart to @init, used to remove various changes set in 96 * @init. 97 * @ivsize: IV size applicable for transformation. The consumer must provide an 98 * IV of exactly that size to perform the encrypt or decrypt operation. 99 * @chunksize: Equal to the block size except for stream ciphers such as 100 * CTR where it is set to the underlying block size. 101 * @walksize: Equal to the chunk size except in cases where the algorithm is 102 * considerably more efficient if it can operate on multiple chunks 103 * in parallel. Should be a multiple of chunksize. 104 * @base: Definition of a generic crypto algorithm. 105 * 106 * All fields except @ivsize are mandatory and must be filled. 107 */ 108 struct skcipher_alg { 109 int (*setkey)(struct crypto_skcipher *tfm, const u8 *key, 110 unsigned int keylen); 111 int (*encrypt)(struct skcipher_request *req); 112 int (*decrypt)(struct skcipher_request *req); 113 int (*init)(struct crypto_skcipher *tfm); 114 void (*exit)(struct crypto_skcipher *tfm); 115 116 unsigned int min_keysize; 117 unsigned int max_keysize; 118 unsigned int ivsize; 119 unsigned int chunksize; 120 unsigned int walksize; 121 122 struct crypto_alg base; 123 }; 124 125 #define MAX_SYNC_SKCIPHER_REQSIZE 384 126 /* 127 * This performs a type-check against the "tfm" argument to make sure 128 * all users have the correct skcipher tfm for doing on-stack requests. 129 */ 130 #define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \ 131 char __##name##_desc[sizeof(struct skcipher_request) + \ 132 MAX_SYNC_SKCIPHER_REQSIZE + \ 133 (!(sizeof((struct crypto_sync_skcipher *)1 == \ 134 (typeof(tfm))1))) \ 135 ] CRYPTO_MINALIGN_ATTR; \ 136 struct skcipher_request *name = (void *)__##name##_desc 137 138 /** 139 * DOC: Symmetric Key Cipher API 140 * 141 * Symmetric key cipher API is used with the ciphers of type 142 * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto). 143 * 144 * Asynchronous cipher operations imply that the function invocation for a 145 * cipher request returns immediately before the completion of the operation. 146 * The cipher request is scheduled as a separate kernel thread and therefore 147 * load-balanced on the different CPUs via the process scheduler. To allow 148 * the kernel crypto API to inform the caller about the completion of a cipher 149 * request, the caller must provide a callback function. That function is 150 * invoked with the cipher handle when the request completes. 151 * 152 * To support the asynchronous operation, additional information than just the 153 * cipher handle must be supplied to the kernel crypto API. That additional 154 * information is given by filling in the skcipher_request data structure. 155 * 156 * For the symmetric key cipher API, the state is maintained with the tfm 157 * cipher handle. A single tfm can be used across multiple calls and in 158 * parallel. For asynchronous block cipher calls, context data supplied and 159 * only used by the caller can be referenced the request data structure in 160 * addition to the IV used for the cipher request. The maintenance of such 161 * state information would be important for a crypto driver implementer to 162 * have, because when calling the callback function upon completion of the 163 * cipher operation, that callback function may need some information about 164 * which operation just finished if it invoked multiple in parallel. This 165 * state information is unused by the kernel crypto API. 166 */ 167 168 static inline struct crypto_skcipher *__crypto_skcipher_cast( 169 struct crypto_tfm *tfm) 170 { 171 return container_of(tfm, struct crypto_skcipher, base); 172 } 173 174 /** 175 * crypto_alloc_skcipher() - allocate symmetric key cipher handle 176 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 177 * skcipher cipher 178 * @type: specifies the type of the cipher 179 * @mask: specifies the mask for the cipher 180 * 181 * Allocate a cipher handle for an skcipher. The returned struct 182 * crypto_skcipher is the cipher handle that is required for any subsequent 183 * API invocation for that skcipher. 184 * 185 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 186 * of an error, PTR_ERR() returns the error code. 187 */ 188 struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name, 189 u32 type, u32 mask); 190 191 struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, 192 u32 type, u32 mask); 193 194 static inline struct crypto_tfm *crypto_skcipher_tfm( 195 struct crypto_skcipher *tfm) 196 { 197 return &tfm->base; 198 } 199 200 /** 201 * crypto_free_skcipher() - zeroize and free cipher handle 202 * @tfm: cipher handle to be freed 203 * 204 * If @tfm is a NULL or error pointer, this function does nothing. 205 */ 206 static inline void crypto_free_skcipher(struct crypto_skcipher *tfm) 207 { 208 crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm)); 209 } 210 211 static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm) 212 { 213 crypto_free_skcipher(&tfm->base); 214 } 215 216 /** 217 * crypto_has_skcipher() - Search for the availability of an skcipher. 218 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 219 * skcipher 220 * @type: specifies the type of the skcipher 221 * @mask: specifies the mask for the skcipher 222 * 223 * Return: true when the skcipher is known to the kernel crypto API; false 224 * otherwise 225 */ 226 int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask); 227 228 static inline const char *crypto_skcipher_driver_name( 229 struct crypto_skcipher *tfm) 230 { 231 return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); 232 } 233 234 static inline struct skcipher_alg *crypto_skcipher_alg( 235 struct crypto_skcipher *tfm) 236 { 237 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 238 struct skcipher_alg, base); 239 } 240 241 static inline unsigned int crypto_skcipher_alg_ivsize(struct skcipher_alg *alg) 242 { 243 return alg->ivsize; 244 } 245 246 /** 247 * crypto_skcipher_ivsize() - obtain IV size 248 * @tfm: cipher handle 249 * 250 * The size of the IV for the skcipher referenced by the cipher handle is 251 * returned. This IV size may be zero if the cipher does not need an IV. 252 * 253 * Return: IV size in bytes 254 */ 255 static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm) 256 { 257 return crypto_skcipher_alg(tfm)->ivsize; 258 } 259 260 static inline unsigned int crypto_sync_skcipher_ivsize( 261 struct crypto_sync_skcipher *tfm) 262 { 263 return crypto_skcipher_ivsize(&tfm->base); 264 } 265 266 /** 267 * crypto_skcipher_blocksize() - obtain block size of cipher 268 * @tfm: cipher handle 269 * 270 * The block size for the skcipher referenced with the cipher handle is 271 * returned. The caller may use that information to allocate appropriate 272 * memory for the data returned by the encryption or decryption operation 273 * 274 * Return: block size of cipher 275 */ 276 static inline unsigned int crypto_skcipher_blocksize( 277 struct crypto_skcipher *tfm) 278 { 279 return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm)); 280 } 281 282 static inline unsigned int crypto_skcipher_alg_chunksize( 283 struct skcipher_alg *alg) 284 { 285 return alg->chunksize; 286 } 287 288 /** 289 * crypto_skcipher_chunksize() - obtain chunk size 290 * @tfm: cipher handle 291 * 292 * The block size is set to one for ciphers such as CTR. However, 293 * you still need to provide incremental updates in multiples of 294 * the underlying block size as the IV does not have sub-block 295 * granularity. This is known in this API as the chunk size. 296 * 297 * Return: chunk size in bytes 298 */ 299 static inline unsigned int crypto_skcipher_chunksize( 300 struct crypto_skcipher *tfm) 301 { 302 return crypto_skcipher_alg_chunksize(crypto_skcipher_alg(tfm)); 303 } 304 305 static inline unsigned int crypto_sync_skcipher_blocksize( 306 struct crypto_sync_skcipher *tfm) 307 { 308 return crypto_skcipher_blocksize(&tfm->base); 309 } 310 311 static inline unsigned int crypto_skcipher_alignmask( 312 struct crypto_skcipher *tfm) 313 { 314 return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm)); 315 } 316 317 static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm) 318 { 319 return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm)); 320 } 321 322 static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm, 323 u32 flags) 324 { 325 crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags); 326 } 327 328 static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm, 329 u32 flags) 330 { 331 crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags); 332 } 333 334 static inline u32 crypto_sync_skcipher_get_flags( 335 struct crypto_sync_skcipher *tfm) 336 { 337 return crypto_skcipher_get_flags(&tfm->base); 338 } 339 340 static inline void crypto_sync_skcipher_set_flags( 341 struct crypto_sync_skcipher *tfm, u32 flags) 342 { 343 crypto_skcipher_set_flags(&tfm->base, flags); 344 } 345 346 static inline void crypto_sync_skcipher_clear_flags( 347 struct crypto_sync_skcipher *tfm, u32 flags) 348 { 349 crypto_skcipher_clear_flags(&tfm->base, flags); 350 } 351 352 /** 353 * crypto_skcipher_setkey() - set key for cipher 354 * @tfm: cipher handle 355 * @key: buffer holding the key 356 * @keylen: length of the key in bytes 357 * 358 * The caller provided key is set for the skcipher referenced by the cipher 359 * handle. 360 * 361 * Note, the key length determines the cipher type. Many block ciphers implement 362 * different cipher modes depending on the key size, such as AES-128 vs AES-192 363 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 364 * is performed. 365 * 366 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 367 */ 368 int crypto_skcipher_setkey(struct crypto_skcipher *tfm, 369 const u8 *key, unsigned int keylen); 370 371 static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, 372 const u8 *key, unsigned int keylen) 373 { 374 return crypto_skcipher_setkey(&tfm->base, key, keylen); 375 } 376 377 static inline unsigned int crypto_skcipher_min_keysize( 378 struct crypto_skcipher *tfm) 379 { 380 return crypto_skcipher_alg(tfm)->min_keysize; 381 } 382 383 static inline unsigned int crypto_skcipher_max_keysize( 384 struct crypto_skcipher *tfm) 385 { 386 return crypto_skcipher_alg(tfm)->max_keysize; 387 } 388 389 /** 390 * crypto_skcipher_reqtfm() - obtain cipher handle from request 391 * @req: skcipher_request out of which the cipher handle is to be obtained 392 * 393 * Return the crypto_skcipher handle when furnishing an skcipher_request 394 * data structure. 395 * 396 * Return: crypto_skcipher handle 397 */ 398 static inline struct crypto_skcipher *crypto_skcipher_reqtfm( 399 struct skcipher_request *req) 400 { 401 return __crypto_skcipher_cast(req->base.tfm); 402 } 403 404 static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm( 405 struct skcipher_request *req) 406 { 407 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 408 409 return container_of(tfm, struct crypto_sync_skcipher, base); 410 } 411 412 /** 413 * crypto_skcipher_encrypt() - encrypt plaintext 414 * @req: reference to the skcipher_request handle that holds all information 415 * needed to perform the cipher operation 416 * 417 * Encrypt plaintext data using the skcipher_request handle. That data 418 * structure and how it is filled with data is discussed with the 419 * skcipher_request_* functions. 420 * 421 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 422 */ 423 int crypto_skcipher_encrypt(struct skcipher_request *req); 424 425 /** 426 * crypto_skcipher_decrypt() - decrypt ciphertext 427 * @req: reference to the skcipher_request handle that holds all information 428 * needed to perform the cipher operation 429 * 430 * Decrypt ciphertext data using the skcipher_request handle. That data 431 * structure and how it is filled with data is discussed with the 432 * skcipher_request_* functions. 433 * 434 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 435 */ 436 int crypto_skcipher_decrypt(struct skcipher_request *req); 437 438 /** 439 * DOC: Symmetric Key Cipher Request Handle 440 * 441 * The skcipher_request data structure contains all pointers to data 442 * required for the symmetric key cipher operation. This includes the cipher 443 * handle (which can be used by multiple skcipher_request instances), pointer 444 * to plaintext and ciphertext, asynchronous callback function, etc. It acts 445 * as a handle to the skcipher_request_* API calls in a similar way as 446 * skcipher handle to the crypto_skcipher_* API calls. 447 */ 448 449 /** 450 * crypto_skcipher_reqsize() - obtain size of the request data structure 451 * @tfm: cipher handle 452 * 453 * Return: number of bytes 454 */ 455 static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) 456 { 457 return tfm->reqsize; 458 } 459 460 /** 461 * skcipher_request_set_tfm() - update cipher handle reference in request 462 * @req: request handle to be modified 463 * @tfm: cipher handle that shall be added to the request handle 464 * 465 * Allow the caller to replace the existing skcipher handle in the request 466 * data structure with a different one. 467 */ 468 static inline void skcipher_request_set_tfm(struct skcipher_request *req, 469 struct crypto_skcipher *tfm) 470 { 471 req->base.tfm = crypto_skcipher_tfm(tfm); 472 } 473 474 static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req, 475 struct crypto_sync_skcipher *tfm) 476 { 477 skcipher_request_set_tfm(req, &tfm->base); 478 } 479 480 static inline struct skcipher_request *skcipher_request_cast( 481 struct crypto_async_request *req) 482 { 483 return container_of(req, struct skcipher_request, base); 484 } 485 486 /** 487 * skcipher_request_alloc() - allocate request data structure 488 * @tfm: cipher handle to be registered with the request 489 * @gfp: memory allocation flag that is handed to kmalloc by the API call. 490 * 491 * Allocate the request data structure that must be used with the skcipher 492 * encrypt and decrypt API calls. During the allocation, the provided skcipher 493 * handle is registered in the request data structure. 494 * 495 * Return: allocated request handle in case of success, or NULL if out of memory 496 */ 497 static inline struct skcipher_request *skcipher_request_alloc( 498 struct crypto_skcipher *tfm, gfp_t gfp) 499 { 500 struct skcipher_request *req; 501 502 req = kmalloc(sizeof(struct skcipher_request) + 503 crypto_skcipher_reqsize(tfm), gfp); 504 505 if (likely(req)) 506 skcipher_request_set_tfm(req, tfm); 507 508 return req; 509 } 510 511 /** 512 * skcipher_request_free() - zeroize and free request data structure 513 * @req: request data structure cipher handle to be freed 514 */ 515 static inline void skcipher_request_free(struct skcipher_request *req) 516 { 517 kfree_sensitive(req); 518 } 519 520 static inline void skcipher_request_zero(struct skcipher_request *req) 521 { 522 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 523 524 memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm)); 525 } 526 527 /** 528 * skcipher_request_set_callback() - set asynchronous callback function 529 * @req: request handle 530 * @flags: specify zero or an ORing of the flags 531 * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and 532 * increase the wait queue beyond the initial maximum size; 533 * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep 534 * @compl: callback function pointer to be registered with the request handle 535 * @data: The data pointer refers to memory that is not used by the kernel 536 * crypto API, but provided to the callback function for it to use. Here, 537 * the caller can provide a reference to memory the callback function can 538 * operate on. As the callback function is invoked asynchronously to the 539 * related functionality, it may need to access data structures of the 540 * related functionality which can be referenced using this pointer. The 541 * callback function can access the memory via the "data" field in the 542 * crypto_async_request data structure provided to the callback function. 543 * 544 * This function allows setting the callback function that is triggered once the 545 * cipher operation completes. 546 * 547 * The callback function is registered with the skcipher_request handle and 548 * must comply with the following template:: 549 * 550 * void callback_function(struct crypto_async_request *req, int error) 551 */ 552 static inline void skcipher_request_set_callback(struct skcipher_request *req, 553 u32 flags, 554 crypto_completion_t compl, 555 void *data) 556 { 557 req->base.complete = compl; 558 req->base.data = data; 559 req->base.flags = flags; 560 } 561 562 /** 563 * skcipher_request_set_crypt() - set data buffers 564 * @req: request handle 565 * @src: source scatter / gather list 566 * @dst: destination scatter / gather list 567 * @cryptlen: number of bytes to process from @src 568 * @iv: IV for the cipher operation which must comply with the IV size defined 569 * by crypto_skcipher_ivsize 570 * 571 * This function allows setting of the source data and destination data 572 * scatter / gather lists. 573 * 574 * For encryption, the source is treated as the plaintext and the 575 * destination is the ciphertext. For a decryption operation, the use is 576 * reversed - the source is the ciphertext and the destination is the plaintext. 577 */ 578 static inline void skcipher_request_set_crypt( 579 struct skcipher_request *req, 580 struct scatterlist *src, struct scatterlist *dst, 581 unsigned int cryptlen, void *iv) 582 { 583 req->src = src; 584 req->dst = dst; 585 req->cryptlen = cryptlen; 586 req->iv = iv; 587 } 588 589 #endif /* _CRYPTO_SKCIPHER_H */ 590 591