search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hwmon: (adt7475) fan stall prevention
[linux/fpc-iii.git] / crypto / ctr.c
blob477d9226ccaac99c087bf0df5f51597a34518100
1 /*
2 * CTR: Counter mode
3 *
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13 #include <crypto/algapi.h>
14 #include <crypto/ctr.h>
15 #include <crypto/internal/skcipher.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/random.h>
21 #include <linux/scatterlist.h>
22 #include <linux/slab.h>
23
24 struct crypto_ctr_ctx {
25 struct crypto_cipher *child;
26 };
27
28 struct crypto_rfc3686_ctx {
29 struct crypto_skcipher *child;
30 u8 nonce[CTR_RFC3686_NONCE_SIZE];
31 };
32
33 struct crypto_rfc3686_req_ctx {
34 u8 iv[CTR_RFC3686_BLOCK_SIZE];
35 struct skcipher_request subreq CRYPTO_MINALIGN_ATTR;
36 };
37
38 static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key,
39 unsigned int keylen)
40 {
41 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent);
42 struct crypto_cipher *child = ctx->child;
43 int err;
44
45 crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
46 crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
47 CRYPTO_TFM_REQ_MASK);
48 err = crypto_cipher_setkey(child, key, keylen);
49 crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
50 CRYPTO_TFM_RES_MASK);
51
52 return err;
53 }
54
55 static void crypto_ctr_crypt_final(struct blkcipher_walk *walk,
56 struct crypto_cipher *tfm)
57 {
58 unsigned int bsize = crypto_cipher_blocksize(tfm);
59 unsigned long alignmask = crypto_cipher_alignmask(tfm);
60 u8 *ctrblk = walk->iv;
61 u8 tmp[bsize + alignmask];
62 u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
63 u8 *src = walk->src.virt.addr;
64 u8 *dst = walk->dst.virt.addr;
65 unsigned int nbytes = walk->nbytes;
66
67 crypto_cipher_encrypt_one(tfm, keystream, ctrblk);
68 crypto_xor(keystream, src, nbytes);
69 memcpy(dst, keystream, nbytes);
70
71 crypto_inc(ctrblk, bsize);
72 }
73
74 static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk,
75 struct crypto_cipher *tfm)
76 {
77 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
78 crypto_cipher_alg(tfm)->cia_encrypt;
79 unsigned int bsize = crypto_cipher_blocksize(tfm);
80 u8 *ctrblk = walk->iv;
81 u8 *src = walk->src.virt.addr;
82 u8 *dst = walk->dst.virt.addr;
83 unsigned int nbytes = walk->nbytes;
84
85 do {
86 /* create keystream */
87 fn(crypto_cipher_tfm(tfm), dst, ctrblk);
88 crypto_xor(dst, src, bsize);
89
90 /* increment counter in counterblock */
91 crypto_inc(ctrblk, bsize);
92
93 src += bsize;
94 dst += bsize;
95 } while ((nbytes -= bsize) >= bsize);
96
97 return nbytes;
98 }
99
100 static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk,
101 struct crypto_cipher *tfm)
102 {
103 void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
104 crypto_cipher_alg(tfm)->cia_encrypt;
105 unsigned int bsize = crypto_cipher_blocksize(tfm);
106 unsigned long alignmask = crypto_cipher_alignmask(tfm);
107 unsigned int nbytes = walk->nbytes;
108 u8 *ctrblk = walk->iv;
109 u8 *src = walk->src.virt.addr;
110 u8 tmp[bsize + alignmask];
111 u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1);
112
113 do {
114 /* create keystream */
115 fn(crypto_cipher_tfm(tfm), keystream, ctrblk);
116 crypto_xor(src, keystream, bsize);
117
118 /* increment counter in counterblock */
119 crypto_inc(ctrblk, bsize);
120
121 src += bsize;
122 } while ((nbytes -= bsize) >= bsize);
123
124 return nbytes;
125 }
126
127 static int crypto_ctr_crypt(struct blkcipher_desc *desc,
128 struct scatterlist *dst, struct scatterlist *src,
129 unsigned int nbytes)
130 {
131 struct blkcipher_walk walk;
132 struct crypto_blkcipher *tfm = desc->tfm;
133 struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm);
134 struct crypto_cipher *child = ctx->child;
135 unsigned int bsize = crypto_cipher_blocksize(child);
136 int err;
137
138 blkcipher_walk_init(&walk, dst, src, nbytes);
139 err = blkcipher_walk_virt_block(desc, &walk, bsize);
140
141 while (walk.nbytes >= bsize) {
142 if (walk.src.virt.addr == walk.dst.virt.addr)
143 nbytes = crypto_ctr_crypt_inplace(&walk, child);
144 else
145 nbytes = crypto_ctr_crypt_segment(&walk, child);
146
147 err = blkcipher_walk_done(desc, &walk, nbytes);
148 }
149
150 if (walk.nbytes) {
151 crypto_ctr_crypt_final(&walk, child);
152 err = blkcipher_walk_done(desc, &walk, 0);
153 }
154
155 return err;
156 }
157
158 static int crypto_ctr_init_tfm(struct crypto_tfm *tfm)
159 {
160 struct crypto_instance *inst = (void *)tfm->__crt_alg;
161 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
162 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
163 struct crypto_cipher *cipher;
164
165 cipher = crypto_spawn_cipher(spawn);
166 if (IS_ERR(cipher))
167 return PTR_ERR(cipher);
168
169 ctx->child = cipher;
170
171 return 0;
172 }
173
174 static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm)
175 {
176 struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
177
178 crypto_free_cipher(ctx->child);
179 }
180
181 static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
182 {
183 struct crypto_instance *inst;
184 struct crypto_attr_type *algt;
185 struct crypto_alg *alg;
186 u32 mask;
187 int err;
188
189 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
190 if (err)
191 return ERR_PTR(err);
192
193 algt = crypto_get_attr_type(tb);
194 if (IS_ERR(algt))
195 return ERR_CAST(algt);
196
197 mask = CRYPTO_ALG_TYPE_MASK |
198 crypto_requires_off(algt->type, algt->mask,
199 CRYPTO_ALG_NEED_FALLBACK);
200
201 alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER, mask);
202 if (IS_ERR(alg))
203 return ERR_CAST(alg);
204
205 /* Block size must be >= 4 bytes. */
206 err = -EINVAL;
207 if (alg->cra_blocksize < 4)
208 goto out_put_alg;
209
210 /* If this is false we'd fail the alignment of crypto_inc. */
211 if (alg->cra_blocksize % 4)
212 goto out_put_alg;
213
214 inst = crypto_alloc_instance("ctr", alg);
215 if (IS_ERR(inst))
216 goto out;
217
218 inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
219 inst->alg.cra_priority = alg->cra_priority;
220 inst->alg.cra_blocksize = 1;
221 inst->alg.cra_alignmask = alg->cra_alignmask;
222 inst->alg.cra_type = &crypto_blkcipher_type;
223
224 inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
225 inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
226 inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
227
228 inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx);
229
230 inst->alg.cra_init = crypto_ctr_init_tfm;
231 inst->alg.cra_exit = crypto_ctr_exit_tfm;
232
233 inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey;
234 inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt;
235 inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt;
236
237 inst->alg.cra_blkcipher.geniv = "chainiv";
238
239 out:
240 crypto_mod_put(alg);
241 return inst;
242
243 out_put_alg:
244 inst = ERR_PTR(err);
245 goto out;
246 }
247
248 static void crypto_ctr_free(struct crypto_instance *inst)
249 {
250 crypto_drop_spawn(crypto_instance_ctx(inst));
251 kfree(inst);
252 }
253
254 static struct crypto_template crypto_ctr_tmpl = {
255 .name = "ctr",
256 .alloc = crypto_ctr_alloc,
257 .free = crypto_ctr_free,
258 .module = THIS_MODULE,
259 };
260
261 static int crypto_rfc3686_setkey(struct crypto_skcipher *parent,
262 const u8 *key, unsigned int keylen)
263 {
264 struct crypto_rfc3686_ctx *ctx = crypto_skcipher_ctx(parent);
265 struct crypto_skcipher *child = ctx->child;
266 int err;
267
268 /* the nonce is stored in bytes at end of key */
269 if (keylen < CTR_RFC3686_NONCE_SIZE)
270 return -EINVAL;
271
272 memcpy(ctx->nonce, key + (keylen - CTR_RFC3686_NONCE_SIZE),
273 CTR_RFC3686_NONCE_SIZE);
274
275 keylen -= CTR_RFC3686_NONCE_SIZE;
276
277 crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
278 crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(parent) &
279 CRYPTO_TFM_REQ_MASK);
280 err = crypto_skcipher_setkey(child, key, keylen);
281 crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) &
282 CRYPTO_TFM_RES_MASK);
283
284 return err;
285 }
286
287 static int crypto_rfc3686_crypt(struct skcipher_request *req)
288 {
289 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
290 struct crypto_rfc3686_ctx *ctx = crypto_skcipher_ctx(tfm);
291 struct crypto_skcipher *child = ctx->child;
292 unsigned long align = crypto_skcipher_alignmask(tfm);
293 struct crypto_rfc3686_req_ctx *rctx =
294 (void *)PTR_ALIGN((u8 *)skcipher_request_ctx(req), align + 1);
295 struct skcipher_request *subreq = &rctx->subreq;
296 u8 *iv = rctx->iv;
297
298 /* set up counter block */
299 memcpy(iv, ctx->nonce, CTR_RFC3686_NONCE_SIZE);
300 memcpy(iv + CTR_RFC3686_NONCE_SIZE, req->iv, CTR_RFC3686_IV_SIZE);
301
302 /* initialize counter portion of counter block */
303 *(__be32 *)(iv + CTR_RFC3686_NONCE_SIZE + CTR_RFC3686_IV_SIZE) =
304 cpu_to_be32(1);
305
306 skcipher_request_set_tfm(subreq, child);
307 skcipher_request_set_callback(subreq, req->base.flags,
308 req->base.complete, req->base.data);
309 skcipher_request_set_crypt(subreq, req->src, req->dst,
310 req->cryptlen, iv);
311
312 return crypto_skcipher_encrypt(subreq);
313 }
314
315 static int crypto_rfc3686_init_tfm(struct crypto_skcipher *tfm)
316 {
317 struct skcipher_instance *inst = skcipher_alg_instance(tfm);
318 struct crypto_skcipher_spawn *spawn = skcipher_instance_ctx(inst);
319 struct crypto_rfc3686_ctx *ctx = crypto_skcipher_ctx(tfm);
320 struct crypto_skcipher *cipher;
321 unsigned long align;
322 unsigned int reqsize;
323
324 cipher = crypto_spawn_skcipher(spawn);
325 if (IS_ERR(cipher))
326 return PTR_ERR(cipher);
327
328 ctx->child = cipher;
329
330 align = crypto_skcipher_alignmask(tfm);
331 align &= ~(crypto_tfm_ctx_alignment() - 1);
332 reqsize = align + sizeof(struct crypto_rfc3686_req_ctx) +
333 crypto_skcipher_reqsize(cipher);
334 crypto_skcipher_set_reqsize(tfm, reqsize);
335
336 return 0;
337 }
338
339 static void crypto_rfc3686_exit_tfm(struct crypto_skcipher *tfm)
340 {
341 struct crypto_rfc3686_ctx *ctx = crypto_skcipher_ctx(tfm);
342
343 crypto_free_skcipher(ctx->child);
344 }
345
346 static void crypto_rfc3686_free(struct skcipher_instance *inst)
347 {
348 struct crypto_skcipher_spawn *spawn = skcipher_instance_ctx(inst);
349
350 crypto_drop_skcipher(spawn);
351 kfree(inst);
352 }
353
354 static int crypto_rfc3686_create(struct crypto_template *tmpl,
355 struct rtattr **tb)
356 {
357 struct crypto_attr_type *algt;
358 struct skcipher_instance *inst;
359 struct skcipher_alg *alg;
360 struct crypto_skcipher_spawn *spawn;
361 const char *cipher_name;
362 u32 mask;
363
364 int err;
365
366 algt = crypto_get_attr_type(tb);
367 if (IS_ERR(algt))
368 return PTR_ERR(algt);
369
370 if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask)
371 return -EINVAL;
372
373 cipher_name = crypto_attr_alg_name(tb[1]);
374 if (IS_ERR(cipher_name))
375 return PTR_ERR(cipher_name);
376
377 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
378 if (!inst)
379 return -ENOMEM;
380
381 mask = crypto_requires_sync(algt->type, algt->mask) |
382 crypto_requires_off(algt->type, algt->mask,
383 CRYPTO_ALG_NEED_FALLBACK);
384
385 spawn = skcipher_instance_ctx(inst);
386
387 crypto_set_skcipher_spawn(spawn, skcipher_crypto_instance(inst));
388 err = crypto_grab_skcipher(spawn, cipher_name, 0, mask);
389 if (err)
390 goto err_free_inst;
391
392 alg = crypto_spawn_skcipher_alg(spawn);
393
394 /* We only support 16-byte blocks. */
395 err = -EINVAL;
396 if (crypto_skcipher_alg_ivsize(alg) != CTR_RFC3686_BLOCK_SIZE)
397 goto err_drop_spawn;
398
399 /* Not a stream cipher? */
400 if (alg->base.cra_blocksize != 1)
401 goto err_drop_spawn;
402
403 err = -ENAMETOOLONG;
404 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
405 "rfc3686(%s)", alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
406 goto err_drop_spawn;
407 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
408 "rfc3686(%s)", alg->base.cra_driver_name) >=
409 CRYPTO_MAX_ALG_NAME)
410 goto err_drop_spawn;
411
412 inst->alg.base.cra_priority = alg->base.cra_priority;
413 inst->alg.base.cra_blocksize = 1;
414 inst->alg.base.cra_alignmask = alg->base.cra_alignmask;
415
416 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
417
418 inst->alg.ivsize = CTR_RFC3686_IV_SIZE;
419 inst->alg.chunksize = crypto_skcipher_alg_chunksize(alg);
420 inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(alg) +
421 CTR_RFC3686_NONCE_SIZE;
422 inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(alg) +
423 CTR_RFC3686_NONCE_SIZE;
424
425 inst->alg.setkey = crypto_rfc3686_setkey;
426 inst->alg.encrypt = crypto_rfc3686_crypt;
427 inst->alg.decrypt = crypto_rfc3686_crypt;
428
429 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc3686_ctx);
430
431 inst->alg.init = crypto_rfc3686_init_tfm;
432 inst->alg.exit = crypto_rfc3686_exit_tfm;
433
434 inst->free = crypto_rfc3686_free;
435
436 err = skcipher_register_instance(tmpl, inst);
437 if (err)
438 goto err_drop_spawn;
439
440 out:
441 return err;
442
443 err_drop_spawn:
444 crypto_drop_skcipher(spawn);
445 err_free_inst:
446 kfree(inst);
447 goto out;
448 }
449
450 static struct crypto_template crypto_rfc3686_tmpl = {
451 .name = "rfc3686",
452 .create = crypto_rfc3686_create,
453 .module = THIS_MODULE,
454 };
455
456 static int __init crypto_ctr_module_init(void)
457 {
458 int err;
459
460 err = crypto_register_template(&crypto_ctr_tmpl);
461 if (err)
462 goto out;
463
464 err = crypto_register_template(&crypto_rfc3686_tmpl);
465 if (err)
466 goto out_drop_ctr;
467
468 out:
469 return err;
470
471 out_drop_ctr:
472 crypto_unregister_template(&crypto_ctr_tmpl);
473 goto out;
474 }
475
476 static void __exit crypto_ctr_module_exit(void)
477 {
478 crypto_unregister_template(&crypto_rfc3686_tmpl);
479 crypto_unregister_template(&crypto_ctr_tmpl);
480 }
481
482 module_init(crypto_ctr_module_init);
483 module_exit(crypto_ctr_module_exit);
484
485 MODULE_LICENSE("GPL");
486 MODULE_DESCRIPTION("CTR Counter block mode");
487 MODULE_ALIAS_CRYPTO("rfc3686");
488 MODULE_ALIAS_CRYPTO("ctr");
Linux with added FPC-III support