crypto/aead.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * AEAD: Authenticated Encryption with Associated Data
   4  *
   5  * This file provides API support for AEAD algorithms.
   6  *
   7  * Copyright (c) 2007-2015 Herbert Xu <[email protected]>
   8  */
   9
  10 #include <crypto/internal/aead.h>
  11 #include <linux/cryptouser.h>
  12 #include <linux/errno.h>
  13 #include <linux/init.h>
  14 #include <linux/kernel.h>
  15 #include <linux/module.h>
  16 #include <linux/slab.h>
  17 #include <linux/seq_file.h>
  18 #include <linux/string.h>
  19 #include <net/netlink.h>
  20
  21 #include "internal.h"
  22
  23 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
  24                             unsigned int keylen)
  25 {
  26         unsigned long alignmask = crypto_aead_alignmask(tfm);
  27         int ret;
  28         u8 *buffer, *alignbuffer;
  29         unsigned long absize;
  30
  31         absize = keylen + alignmask;
  32         buffer = kmalloc(absize, GFP_ATOMIC);
  33         if (!buffer)
  34                 return -ENOMEM;
  35
  36         alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
  37         memcpy(alignbuffer, key, keylen);
  38         ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen);
  39         memset(alignbuffer, 0, keylen);
  40         kfree(buffer);
  41         return ret;
  42 }
  43
  44 int crypto_aead_setkey(struct crypto_aead *tfm,
  45                        const u8 *key, unsigned int keylen)
  46 {
  47         unsigned long alignmask = crypto_aead_alignmask(tfm);
  48         int err;
  49
  50         if ((unsigned long)key & alignmask)
  51                 err = setkey_unaligned(tfm, key, keylen);
  52         else
  53                 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
  54
  55         if (unlikely(err)) {
  56                 crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
  57                 return err;
  58         }
  59
  60         crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
  61         return 0;
  62 }
  63 EXPORT_SYMBOL_GPL(crypto_aead_setkey);
  64
  65 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
  66 {
  67         int err;
  68
  69         if ((!authsize && crypto_aead_maxauthsize(tfm)) ||
  70             authsize > crypto_aead_maxauthsize(tfm))
  71                 return -EINVAL;
  72
  73         if (crypto_aead_alg(tfm)->setauthsize) {
  74                 err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize);
  75                 if (err)
  76                         return err;
  77         }
  78
  79         tfm->authsize = authsize;
  80         return 0;
  81 }
  82 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
  83
  84 int crypto_aead_encrypt(struct aead_request *req)
  85 {
  86         struct crypto_aead *aead = crypto_aead_reqtfm(req);
  87
  88         if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
  89                 return -ENOKEY;
  90
  91         return crypto_aead_alg(aead)->encrypt(req);
  92 }
  93 EXPORT_SYMBOL_GPL(crypto_aead_encrypt);
  94
  95 int crypto_aead_decrypt(struct aead_request *req)
  96 {
  97         struct crypto_aead *aead = crypto_aead_reqtfm(req);
  98
  99         if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
 100                 return -ENOKEY;
 101
 102         if (req->cryptlen < crypto_aead_authsize(aead))
 103                 return -EINVAL;
 104
 105         return crypto_aead_alg(aead)->decrypt(req);
 106 }
 107 EXPORT_SYMBOL_GPL(crypto_aead_decrypt);
 108
 109 static void crypto_aead_exit_tfm(struct crypto_tfm *tfm)
 110 {
 111         struct crypto_aead *aead = __crypto_aead_cast(tfm);
 112         struct aead_alg *alg = crypto_aead_alg(aead);
 113
 114         alg->exit(aead);
 115 }
 116
 117 static int crypto_aead_init_tfm(struct crypto_tfm *tfm)
 118 {
 119         struct crypto_aead *aead = __crypto_aead_cast(tfm);
 120         struct aead_alg *alg = crypto_aead_alg(aead);
 121
 122         crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY);
 123
 124         aead->authsize = alg->maxauthsize;
 125
 126         if (alg->exit)
 127                 aead->base.exit = crypto_aead_exit_tfm;
 128
 129         if (alg->init)
 130                 return alg->init(aead);
 131
 132         return 0;
 133 }
 134
 135 static int __maybe_unused crypto_aead_report(
 136         struct sk_buff *skb, struct crypto_alg *alg)
 137 {
 138         struct crypto_report_aead raead;
 139         struct aead_alg *aead = container_of(alg, struct aead_alg, base);
 140
 141         memset(&raead, 0, sizeof(raead));
 142
 143         strscpy(raead.type, "aead", sizeof(raead.type));
 144         strscpy(raead.geniv, "<none>", sizeof(raead.geniv));
 145
 146         raead.blocksize = alg->cra_blocksize;
 147         raead.maxauthsize = aead->maxauthsize;
 148         raead.ivsize = aead->ivsize;
 149
 150         return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead);
 151 }
 152
 153 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
 154         __maybe_unused;
 155 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
 156 {
 157         struct aead_alg *aead = container_of(alg, struct aead_alg, base);
 158
 159         seq_printf(m, "type         : aead\n");
 160         seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
 161                                              "yes" : "no");
 162         seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
 163         seq_printf(m, "ivsize       : %u\n", aead->ivsize);
 164         seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
 165         seq_printf(m, "geniv        : <none>\n");
 166 }
 167
 168 static void crypto_aead_free_instance(struct crypto_instance *inst)
 169 {
 170         struct aead_instance *aead = aead_instance(inst);
 171
 172         aead->free(aead);
 173 }
 174
 175 static const struct crypto_type crypto_aead_type = {
 176         .extsize = crypto_alg_extsize,
 177         .init_tfm = crypto_aead_init_tfm,
 178         .free = crypto_aead_free_instance,
 179 #ifdef CONFIG_PROC_FS
 180         .show = crypto_aead_show,
 181 #endif
 182 #if IS_ENABLED(CONFIG_CRYPTO_USER)
 183         .report = crypto_aead_report,
 184 #endif
 185         .maskclear = ~CRYPTO_ALG_TYPE_MASK,
 186         .maskset = CRYPTO_ALG_TYPE_MASK,
 187         .type = CRYPTO_ALG_TYPE_AEAD,
 188         .tfmsize = offsetof(struct crypto_aead, base),
 189 };
 190
 191 int crypto_grab_aead(struct crypto_aead_spawn *spawn,
 192                      struct crypto_instance *inst,
 193                      const char *name, u32 type, u32 mask)
 194 {
 195         spawn->base.frontend = &crypto_aead_type;
 196         return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
 197 }
 198 EXPORT_SYMBOL_GPL(crypto_grab_aead);
 199
 200 struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
 201 {
 202         return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask);
 203 }
 204 EXPORT_SYMBOL_GPL(crypto_alloc_aead);
 205
 206 int crypto_has_aead(const char *alg_name, u32 type, u32 mask)
 207 {
 208         return crypto_type_has_alg(alg_name, &crypto_aead_type, type, mask);
 209 }
 210 EXPORT_SYMBOL_GPL(crypto_has_aead);
 211
 212 static int aead_prepare_alg(struct aead_alg *alg)
 213 {
 214         struct crypto_alg *base = &alg->base;
 215
 216         if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) >
 217             PAGE_SIZE / 8)
 218                 return -EINVAL;
 219
 220         if (!alg->chunksize)
 221                 alg->chunksize = base->cra_blocksize;
 222
 223         base->cra_type = &crypto_aead_type;
 224         base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
 225         base->cra_flags |= CRYPTO_ALG_TYPE_AEAD;
 226
 227         return 0;
 228 }
 229
 230 int crypto_register_aead(struct aead_alg *alg)
 231 {
 232         struct crypto_alg *base = &alg->base;
 233         int err;
 234
 235         err = aead_prepare_alg(alg);
 236         if (err)
 237                 return err;
 238
 239         return crypto_register_alg(base);
 240 }
 241 EXPORT_SYMBOL_GPL(crypto_register_aead);
 242
 243 void crypto_unregister_aead(struct aead_alg *alg)
 244 {
 245         crypto_unregister_alg(&alg->base);
 246 }
 247 EXPORT_SYMBOL_GPL(crypto_unregister_aead);
 248
 249 int crypto_register_aeads(struct aead_alg *algs, int count)
 250 {
 251         int i, ret;
 252
 253         for (i = 0; i < count; i++) {
 254                 ret = crypto_register_aead(&algs[i]);
 255                 if (ret)
 256                         goto err;
 257         }
 258
 259         return 0;
 260
 261 err:
 262         for (--i; i >= 0; --i)
 263                 crypto_unregister_aead(&algs[i]);
 264
 265         return ret;
 266 }
 267 EXPORT_SYMBOL_GPL(crypto_register_aeads);
 268
 269 void crypto_unregister_aeads(struct aead_alg *algs, int count)
 270 {
 271         int i;
 272
 273         for (i = count - 1; i >= 0; --i)
 274                 crypto_unregister_aead(&algs[i]);
 275 }
 276 EXPORT_SYMBOL_GPL(crypto_unregister_aeads);
 277
 278 int aead_register_instance(struct crypto_template *tmpl,
 279                            struct aead_instance *inst)
 280 {
 281         int err;
 282
 283         if (WARN_ON(!inst->free))
 284                 return -EINVAL;
 285
 286         err = aead_prepare_alg(&inst->alg);
 287         if (err)
 288                 return err;
 289
 290         return crypto_register_instance(tmpl, aead_crypto_instance(inst));
 291 }
 292 EXPORT_SYMBOL_GPL(aead_register_instance);
 293
 294 MODULE_LICENSE("GPL");
 295 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");