[linux.git] / crypto / cfb.c

//SPDX-License-Identifier: GPL-2.0
/*
 * CFB: Cipher FeedBack mode
 *
 * Copyright (c) 2018 [email protected]
 *
 * CFB is a stream cipher mode which is layered on to a block
 * encryption scheme.  It works very much like a one time pad where
 * the pad is generated initially from the encrypted IV and then
 * subsequently from the encrypted previous block of ciphertext.  The
 * pad is XOR'd into the plain text to get the final ciphertext.
 *
 * The scheme of CFB is best described by wikipedia:
 *
 * https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB
 *
 * Note that since the pad for both encryption and decryption is
 * generated by an encryption operation, CFB never uses the block
 * decryption function.
 */

#include <crypto/algapi.h>
#include <crypto/internal/cipher.h>
#include <crypto/internal/skcipher.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/string.h>

static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm)
{
	return crypto_cipher_blocksize(skcipher_cipher_simple(tfm));
}

static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm,
					  const u8 *src, u8 *dst)
{
	crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src);
}

/* final encrypt and decrypt is the same */
static void crypto_cfb_final(struct skcipher_walk *walk,
			     struct crypto_skcipher *tfm)
{
	const unsigned long alignmask = crypto_skcipher_alignmask(tfm);
	u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK];
	u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1);
	u8 *src = walk->src.virt.addr;
	u8 *dst = walk->dst.virt.addr;
	u8 *iv = walk->iv;
	unsigned int nbytes = walk->nbytes;

	crypto_cfb_encrypt_one(tfm, iv, stream);
	crypto_xor_cpy(dst, stream, src, nbytes);
}

static int crypto_cfb_encrypt_segment(struct skcipher_walk *walk,
				      struct crypto_skcipher *tfm)
{
	const unsigned int bsize = crypto_cfb_bsize(tfm);
	unsigned int nbytes = walk->nbytes;
	u8 *src = walk->src.virt.addr;
	u8 *dst = walk->dst.virt.addr;
	u8 *iv = walk->iv;

	do {
		crypto_cfb_encrypt_one(tfm, iv, dst);
		crypto_xor(dst, src, bsize);
		iv = dst;

		src += bsize;
		dst += bsize;
	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;
}

static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk,
				      struct crypto_skcipher *tfm)
{
	const unsigned int bsize = crypto_cfb_bsize(tfm);
	unsigned int nbytes = walk->nbytes;
	u8 *src = walk->src.virt.addr;
	u8 *iv = walk->iv;
	u8 tmp[MAX_CIPHER_BLOCKSIZE];

	do {
		crypto_cfb_encrypt_one(tfm, iv, tmp);
		crypto_xor(src, tmp, bsize);
		iv = src;

		src += bsize;
	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;
}

static int crypto_cfb_encrypt(struct skcipher_request *req)
{
	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
	struct skcipher_walk walk;
	unsigned int bsize = crypto_cfb_bsize(tfm);
	int err;

	err = skcipher_walk_virt(&walk, req, false);

	while (walk.nbytes >= bsize) {
		if (walk.src.virt.addr == walk.dst.virt.addr)
			err = crypto_cfb_encrypt_inplace(&walk, tfm);
		else
			err = crypto_cfb_encrypt_segment(&walk, tfm);
		err = skcipher_walk_done(&walk, err);
	}

	if (walk.nbytes) {
		crypto_cfb_final(&walk, tfm);
		err = skcipher_walk_done(&walk, 0);
	}

	return err;
}

static int crypto_cfb_decrypt_segment(struct skcipher_walk *walk,
				      struct crypto_skcipher *tfm)
{
	const unsigned int bsize = crypto_cfb_bsize(tfm);
	unsigned int nbytes = walk->nbytes;
	u8 *src = walk->src.virt.addr;
	u8 *dst = walk->dst.virt.addr;
	u8 *iv = walk->iv;

	do {
		crypto_cfb_encrypt_one(tfm, iv, dst);
		crypto_xor(dst, src, bsize);
		iv = src;

		src += bsize;
		dst += bsize;
	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;
}

static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk,
				      struct crypto_skcipher *tfm)
{
	const unsigned int bsize = crypto_cfb_bsize(tfm);
	unsigned int nbytes = walk->nbytes;
	u8 *src = walk->src.virt.addr;
	u8 * const iv = walk->iv;
	u8 tmp[MAX_CIPHER_BLOCKSIZE];

	do {
		crypto_cfb_encrypt_one(tfm, iv, tmp);
		memcpy(iv, src, bsize);
		crypto_xor(src, tmp, bsize);
		src += bsize;
	} while ((nbytes -= bsize) >= bsize);

	return nbytes;
}

static int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk,
				     struct crypto_skcipher *tfm)
{
	if (walk->src.virt.addr == walk->dst.virt.addr)
		return crypto_cfb_decrypt_inplace(walk, tfm);
	else
		return crypto_cfb_decrypt_segment(walk, tfm);
}

static int crypto_cfb_decrypt(struct skcipher_request *req)
{
	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
	struct skcipher_walk walk;
	const unsigned int bsize = crypto_cfb_bsize(tfm);
	int err;

	err = skcipher_walk_virt(&walk, req, false);

	while (walk.nbytes >= bsize) {
		err = crypto_cfb_decrypt_blocks(&walk, tfm);
		err = skcipher_walk_done(&walk, err);
	}

	if (walk.nbytes) {
		crypto_cfb_final(&walk, tfm);
		err = skcipher_walk_done(&walk, 0);
	}

	return err;
}

static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb)
{
	struct skcipher_instance *inst;
	struct crypto_alg *alg;
	int err;

	inst = skcipher_alloc_instance_simple(tmpl, tb);
	if (IS_ERR(inst))
		return PTR_ERR(inst);

	alg = skcipher_ialg_simple(inst);

	/* CFB mode is a stream cipher. */
	inst->alg.base.cra_blocksize = 1;

	/*
	 * To simplify the implementation, configure the skcipher walk to only
	 * give a partial block at the very end, never earlier.
	 */
	inst->alg.chunksize = alg->cra_blocksize;

	inst->alg.encrypt = crypto_cfb_encrypt;
	inst->alg.decrypt = crypto_cfb_decrypt;

	err = skcipher_register_instance(tmpl, inst);
	if (err)
		inst->free(inst);

	return err;
}

static struct crypto_template crypto_cfb_tmpl = {
	.name = "cfb",
	.create = crypto_cfb_create,
	.module = THIS_MODULE,
};

static int __init crypto_cfb_module_init(void)
{
	return crypto_register_template(&crypto_cfb_tmpl);
}

static void __exit crypto_cfb_module_exit(void)
{
	crypto_unregister_template(&crypto_cfb_tmpl);
}

subsys_initcall(crypto_cfb_module_init);
module_exit(crypto_cfb_module_exit);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("CFB block cipher mode of operation");
MODULE_ALIAS_CRYPTO("cfb");
MODULE_IMPORT_NS(CRYPTO_INTERNAL);
Commit	Line	Data
a7d85e06 JB	1	//SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* CFB: Cipher FeedBack mode
	4	*
	5	* Copyright (c) 2018 [email protected]
	6	*
	7	* CFB is a stream cipher mode which is layered on to a block
	8	* encryption scheme. It works very much like a one time pad where
	9	* the pad is generated initially from the encrypted IV and then
	10	* subsequently from the encrypted previous block of ciphertext. The
	11	* pad is XOR'd into the plain text to get the final ciphertext.
	12	*
	13	* The scheme of CFB is best described by wikipedia:
	14	*
	15	* https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB
	16	*
	17	* Note that since the pad for both encryption and decryption is
	18	* generated by an encryption operation, CFB never uses the block
	19	* decryption function.
	20	*/
	21
	22	#include <crypto/algapi.h>
0eb76ba2	23	#include <crypto/internal/cipher.h>
a7d85e06 JB	24	#include <crypto/internal/skcipher.h>
	25	#include <linux/err.h>
	26	#include <linux/init.h>
	27	#include <linux/kernel.h>
	28	#include <linux/module.h>
a7d85e06	29	#include <linux/string.h>
a7d85e06 JB	30
	31	static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm)
	32	{
03b8302d	33	return crypto_cipher_blocksize(skcipher_cipher_simple(tfm));
a7d85e06 JB	34	}
	35
	36	static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm,
	37	const u8 src, u8 dst)
	38	{
03b8302d	39	crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src);
a7d85e06 JB	40	}
	41
	42	/* final encrypt and decrypt is the same */
	43	static void crypto_cfb_final(struct skcipher_walk *walk,
	44	struct crypto_skcipher *tfm)
	45	{
a7d85e06	46	const unsigned long alignmask = crypto_skcipher_alignmask(tfm);
6650c4de	47	u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK];
a7d85e06 JB	48	u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1);
	49	u8 *src = walk->src.virt.addr;
	50	u8 *dst = walk->dst.virt.addr;
	51	u8 *iv = walk->iv;
	52	unsigned int nbytes = walk->nbytes;
	53
	54	crypto_cfb_encrypt_one(tfm, iv, stream);
	55	crypto_xor_cpy(dst, stream, src, nbytes);
	56	}
	57
	58	static int crypto_cfb_encrypt_segment(struct skcipher_walk *walk,
	59	struct crypto_skcipher *tfm)
	60	{
	61	const unsigned int bsize = crypto_cfb_bsize(tfm);
	62	unsigned int nbytes = walk->nbytes;
	63	u8 *src = walk->src.virt.addr;
	64	u8 *dst = walk->dst.virt.addr;
	65	u8 *iv = walk->iv;
	66
	67	do {
	68	crypto_cfb_encrypt_one(tfm, iv, dst);
	69	crypto_xor(dst, src, bsize);
6c2e322b	70	iv = dst;
a7d85e06 JB	71
	72	src += bsize;
	73	dst += bsize;
	74	} while ((nbytes -= bsize) >= bsize);
	75
6c2e322b EB	76	memcpy(walk->iv, iv, bsize);
6c2e322b EB	77
a7d85e06 JB	78	return nbytes;
	79	}
	80
	81	static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk,
	82	struct crypto_skcipher *tfm)
	83	{
	84	const unsigned int bsize = crypto_cfb_bsize(tfm);
	85	unsigned int nbytes = walk->nbytes;
	86	u8 *src = walk->src.virt.addr;
	87	u8 *iv = walk->iv;
6650c4de	88	u8 tmp[MAX_CIPHER_BLOCKSIZE];
a7d85e06 JB	89
	90	do {
	91	crypto_cfb_encrypt_one(tfm, iv, tmp);
	92	crypto_xor(src, tmp, bsize);
	93	iv = src;
	94
	95	src += bsize;
	96	} while ((nbytes -= bsize) >= bsize);
	97
	98	memcpy(walk->iv, iv, bsize);
	99
	100	return nbytes;
	101	}
	102
	103	static int crypto_cfb_encrypt(struct skcipher_request *req)
	104	{
	105	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
	106	struct skcipher_walk walk;
	107	unsigned int bsize = crypto_cfb_bsize(tfm);
	108	int err;
	109
	110	err = skcipher_walk_virt(&walk, req, false);
	111
	112	while (walk.nbytes >= bsize) {
	113	if (walk.src.virt.addr == walk.dst.virt.addr)
	114	err = crypto_cfb_encrypt_inplace(&walk, tfm);
	115	else
	116	err = crypto_cfb_encrypt_segment(&walk, tfm);
	117	err = skcipher_walk_done(&walk, err);
	118	}
	119
	120	if (walk.nbytes) {
	121	crypto_cfb_final(&walk, tfm);
	122	err = skcipher_walk_done(&walk, 0);
	123	}
	124
	125	return err;
	126	}
	127
	128	static int crypto_cfb_decrypt_segment(struct skcipher_walk *walk,
	129	struct crypto_skcipher *tfm)
	130	{
	131	const unsigned int bsize = crypto_cfb_bsize(tfm);
	132	unsigned int nbytes = walk->nbytes;
	133	u8 *src = walk->src.virt.addr;
	134	u8 *dst = walk->dst.virt.addr;
	135	u8 *iv = walk->iv;
	136
	137	do {
	138	crypto_cfb_encrypt_one(tfm, iv, dst);
fa460073	139	crypto_xor(dst, src, bsize);
a7d85e06 JB	140	iv = src;
	141
	142	src += bsize;
	143	dst += bsize;
	144	} while ((nbytes -= bsize) >= bsize);
	145
	146	memcpy(walk->iv, iv, bsize);
	147
	148	return nbytes;
	149	}
	150
	151	static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk,
	152	struct crypto_skcipher *tfm)
	153	{
	154	const unsigned int bsize = crypto_cfb_bsize(tfm);
	155	unsigned int nbytes = walk->nbytes;
	156	u8 *src = walk->src.virt.addr;
6c2e322b	157	u8 * const iv = walk->iv;
6650c4de	158	u8 tmp[MAX_CIPHER_BLOCKSIZE];
a7d85e06 JB	159
	160	do {
	161	crypto_cfb_encrypt_one(tfm, iv, tmp);
	162	memcpy(iv, src, bsize);
	163	crypto_xor(src, tmp, bsize);
	164	src += bsize;
	165	} while ((nbytes -= bsize) >= bsize);
	166
a7d85e06 JB	167	return nbytes;
	168	}
	169
	170	static int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk,
	171	struct crypto_skcipher *tfm)
	172	{
	173	if (walk->src.virt.addr == walk->dst.virt.addr)
	174	return crypto_cfb_decrypt_inplace(walk, tfm);
	175	else
	176	return crypto_cfb_decrypt_segment(walk, tfm);
	177	}
	178
a7d85e06 JB	179	static int crypto_cfb_decrypt(struct skcipher_request *req)
	180	{
	181	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
	182	struct skcipher_walk walk;
	183	const unsigned int bsize = crypto_cfb_bsize(tfm);
	184	int err;
	185
	186	err = skcipher_walk_virt(&walk, req, false);
	187
	188	while (walk.nbytes >= bsize) {
	189	err = crypto_cfb_decrypt_blocks(&walk, tfm);
	190	err = skcipher_walk_done(&walk, err);
	191	}
	192
	193	if (walk.nbytes) {
	194	crypto_cfb_final(&walk, tfm);
	195	err = skcipher_walk_done(&walk, 0);
	196	}
	197
	198	return err;
	199	}
	200
a7d85e06 JB	201	static int crypto_cfb_create(struct crypto_template tmpl, struct rtattr *tb)
	202	{
	203	struct skcipher_instance *inst;
a7d85e06	204	struct crypto_alg *alg;
a7d85e06 JB	205	int err;
a7d85e06 JB	206
b3c16bfc	207	inst = skcipher_alloc_instance_simple(tmpl, tb);
03b8302d EB	208	if (IS_ERR(inst))
03b8302d EB	209	return PTR_ERR(inst);
a7d85e06	210
b3c16bfc HX	211	alg = skcipher_ialg_simple(inst);
b3c16bfc HX	212
03b8302d	213	/* CFB mode is a stream cipher. */
a7d85e06	214	inst->alg.base.cra_blocksize = 1;
a7d85e06	215
394a9e04 EB	216	/*
	217	* To simplify the implementation, configure the skcipher walk to only
	218	* give a partial block at the very end, never earlier.
	219	*/
	220	inst->alg.chunksize = alg->cra_blocksize;
	221
a7d85e06 JB	222	inst->alg.encrypt = crypto_cfb_encrypt;
	223	inst->alg.decrypt = crypto_cfb_decrypt;
	224
a7d85e06 JB	225	err = skcipher_register_instance(tmpl, inst);
a7d85e06 JB	226	if (err)
03b8302d	227	inst->free(inst);
a7d85e06	228
03b8302d	229	return err;
a7d85e06 JB	230	}
	231
	232	static struct crypto_template crypto_cfb_tmpl = {
	233	.name = "cfb",
	234	.create = crypto_cfb_create,
	235	.module = THIS_MODULE,
	236	};
	237
	238	static int __init crypto_cfb_module_init(void)
	239	{
	240	return crypto_register_template(&crypto_cfb_tmpl);
	241	}
	242
	243	static void __exit crypto_cfb_module_exit(void)
	244	{
	245	crypto_unregister_template(&crypto_cfb_tmpl);
	246	}
	247
c4741b23	248	subsys_initcall(crypto_cfb_module_init);
a7d85e06 JB	249	module_exit(crypto_cfb_module_exit);
	250
	251	MODULE_LICENSE("GPL");
03b8302d	252	MODULE_DESCRIPTION("CFB block cipher mode of operation");
a7d85e06	253	MODULE_ALIAS_CRYPTO("cfb");
0eb76ba2	254	MODULE_IMPORT_NS(CRYPTO_INTERNAL);