search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'mips_fixes_5.2_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips...
[linux/fpc-iii.git] / crypto / morus640.c
blobae5aa9482cb45860cae83c500b70c62194cd07fe
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * The MORUS-640 Authenticated-Encryption Algorithm
4 *
5 * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
6 * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
7 */
8
9 #include <asm/unaligned.h>
10 #include <crypto/algapi.h>
11 #include <crypto/internal/aead.h>
12 #include <crypto/internal/skcipher.h>
13 #include <crypto/morus_common.h>
14 #include <crypto/scatterwalk.h>
15 #include <linux/err.h>
16 #include <linux/init.h>
17 #include <linux/kernel.h>
18 #include <linux/module.h>
19 #include <linux/scatterlist.h>
20
21 #define MORUS640_WORD_SIZE 4
22 #define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE)
23 #define MORUS640_BLOCK_ALIGN (__alignof__(__le32))
24 #define MORUS640_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS640_BLOCK_ALIGN)
25
26 struct morus640_block {
27 u32 words[MORUS_BLOCK_WORDS];
28 };
29
30 union morus640_block_in {
31 __le32 words[MORUS_BLOCK_WORDS];
32 u8 bytes[MORUS640_BLOCK_SIZE];
33 };
34
35 struct morus640_state {
36 struct morus640_block s[MORUS_STATE_BLOCKS];
37 };
38
39 struct morus640_ctx {
40 struct morus640_block key;
41 };
42
43 struct morus640_ops {
44 int (*skcipher_walk_init)(struct skcipher_walk *walk,
45 struct aead_request *req, bool atomic);
46
47 void (*crypt_chunk)(struct morus640_state *state,
48 u8 *dst, const u8 *src, unsigned int size);
49 };
50
51 static const struct morus640_block crypto_morus640_const[2] = {
52 { .words = {
53 U32_C(0x02010100),
54 U32_C(0x0d080503),
55 U32_C(0x59372215),
56 U32_C(0x6279e990),
57 } },
58 { .words = {
59 U32_C(0x55183ddb),
60 U32_C(0xf12fc26d),
61 U32_C(0x42311120),
62 U32_C(0xdd28b573),
63 } },
64 };
65
66 static void crypto_morus640_round(struct morus640_block *b0,
67 struct morus640_block *b1,
68 struct morus640_block *b2,
69 struct morus640_block *b3,
70 struct morus640_block *b4,
71 const struct morus640_block *m,
72 unsigned int b, unsigned int w)
73 {
74 unsigned int i;
75 struct morus640_block tmp;
76
77 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
78 b0->words[i] ^= b1->words[i] & b2->words[i];
79 b0->words[i] ^= b3->words[i];
80 b0->words[i] ^= m->words[i];
81 b0->words[i] = rol32(b0->words[i], b);
82 }
83
84 tmp = *b3;
85 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
86 b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
87 }
88
89 static void crypto_morus640_update(struct morus640_state *state,
90 const struct morus640_block *m)
91 {
92 static const struct morus640_block z = {};
93
94 struct morus640_block *s = state->s;
95
96 crypto_morus640_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 5, 1);
97 crypto_morus640_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 31, 2);
98 crypto_morus640_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 7, 3);
99 crypto_morus640_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 22, 2);
100 crypto_morus640_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 13, 1);
101 }
102
103 static void crypto_morus640_load_a(struct morus640_block *dst, const u8 *src)
104 {
105 unsigned int i;
106 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
107 dst->words[i] = le32_to_cpu(*(const __le32 *)src);
108 src += MORUS640_WORD_SIZE;
109 }
110 }
111
112 static void crypto_morus640_load_u(struct morus640_block *dst, const u8 *src)
113 {
114 unsigned int i;
115 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
116 dst->words[i] = get_unaligned_le32(src);
117 src += MORUS640_WORD_SIZE;
118 }
119 }
120
121 static void crypto_morus640_load(struct morus640_block *dst, const u8 *src)
122 {
123 if (MORUS640_ALIGNED(src))
124 crypto_morus640_load_a(dst, src);
125 else
126 crypto_morus640_load_u(dst, src);
127 }
128
129 static void crypto_morus640_store_a(u8 *dst, const struct morus640_block *src)
130 {
131 unsigned int i;
132 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
133 *(__le32 *)dst = cpu_to_le32(src->words[i]);
134 dst += MORUS640_WORD_SIZE;
135 }
136 }
137
138 static void crypto_morus640_store_u(u8 *dst, const struct morus640_block *src)
139 {
140 unsigned int i;
141 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
142 put_unaligned_le32(src->words[i], dst);
143 dst += MORUS640_WORD_SIZE;
144 }
145 }
146
147 static void crypto_morus640_store(u8 *dst, const struct morus640_block *src)
148 {
149 if (MORUS640_ALIGNED(dst))
150 crypto_morus640_store_a(dst, src);
151 else
152 crypto_morus640_store_u(dst, src);
153 }
154
155 static void crypto_morus640_ad(struct morus640_state *state, const u8 *src,
156 unsigned int size)
157 {
158 struct morus640_block m;
159
160 if (MORUS640_ALIGNED(src)) {
161 while (size >= MORUS640_BLOCK_SIZE) {
162 crypto_morus640_load_a(&m, src);
163 crypto_morus640_update(state, &m);
164
165 size -= MORUS640_BLOCK_SIZE;
166 src += MORUS640_BLOCK_SIZE;
167 }
168 } else {
169 while (size >= MORUS640_BLOCK_SIZE) {
170 crypto_morus640_load_u(&m, src);
171 crypto_morus640_update(state, &m);
172
173 size -= MORUS640_BLOCK_SIZE;
174 src += MORUS640_BLOCK_SIZE;
175 }
176 }
177 }
178
179 static void crypto_morus640_core(const struct morus640_state *state,
180 struct morus640_block *blk)
181 {
182 unsigned int i;
183
184 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
185 blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
186
187 for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
188 blk->words[i] ^= state->s[0].words[i];
189 blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
190 }
191 }
192
193 static void crypto_morus640_encrypt_chunk(struct morus640_state *state, u8 *dst,
194 const u8 *src, unsigned int size)
195 {
196 struct morus640_block c, m;
197
198 if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
199 while (size >= MORUS640_BLOCK_SIZE) {
200 crypto_morus640_load_a(&m, src);
201 c = m;
202 crypto_morus640_core(state, &c);
203 crypto_morus640_store_a(dst, &c);
204 crypto_morus640_update(state, &m);
205
206 src += MORUS640_BLOCK_SIZE;
207 dst += MORUS640_BLOCK_SIZE;
208 size -= MORUS640_BLOCK_SIZE;
209 }
210 } else {
211 while (size >= MORUS640_BLOCK_SIZE) {
212 crypto_morus640_load_u(&m, src);
213 c = m;
214 crypto_morus640_core(state, &c);
215 crypto_morus640_store_u(dst, &c);
216 crypto_morus640_update(state, &m);
217
218 src += MORUS640_BLOCK_SIZE;
219 dst += MORUS640_BLOCK_SIZE;
220 size -= MORUS640_BLOCK_SIZE;
221 }
222 }
223
224 if (size > 0) {
225 union morus640_block_in tail;
226
227 memcpy(tail.bytes, src, size);
228 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
229
230 crypto_morus640_load_a(&m, tail.bytes);
231 c = m;
232 crypto_morus640_core(state, &c);
233 crypto_morus640_store_a(tail.bytes, &c);
234 crypto_morus640_update(state, &m);
235
236 memcpy(dst, tail.bytes, size);
237 }
238 }
239
240 static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst,
241 const u8 *src, unsigned int size)
242 {
243 struct morus640_block m;
244
245 if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
246 while (size >= MORUS640_BLOCK_SIZE) {
247 crypto_morus640_load_a(&m, src);
248 crypto_morus640_core(state, &m);
249 crypto_morus640_store_a(dst, &m);
250 crypto_morus640_update(state, &m);
251
252 src += MORUS640_BLOCK_SIZE;
253 dst += MORUS640_BLOCK_SIZE;
254 size -= MORUS640_BLOCK_SIZE;
255 }
256 } else {
257 while (size >= MORUS640_BLOCK_SIZE) {
258 crypto_morus640_load_u(&m, src);
259 crypto_morus640_core(state, &m);
260 crypto_morus640_store_u(dst, &m);
261 crypto_morus640_update(state, &m);
262
263 src += MORUS640_BLOCK_SIZE;
264 dst += MORUS640_BLOCK_SIZE;
265 size -= MORUS640_BLOCK_SIZE;
266 }
267 }
268
269 if (size > 0) {
270 union morus640_block_in tail;
271
272 memcpy(tail.bytes, src, size);
273 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
274
275 crypto_morus640_load_a(&m, tail.bytes);
276 crypto_morus640_core(state, &m);
277 crypto_morus640_store_a(tail.bytes, &m);
278 memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
279 crypto_morus640_load_a(&m, tail.bytes);
280 crypto_morus640_update(state, &m);
281
282 memcpy(dst, tail.bytes, size);
283 }
284 }
285
286 static void crypto_morus640_init(struct morus640_state *state,
287 const struct morus640_block *key,
288 const u8 *iv)
289 {
290 static const struct morus640_block z = {};
291
292 unsigned int i;
293
294 crypto_morus640_load(&state->s[0], iv);
295 state->s[1] = *key;
296 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
297 state->s[2].words[i] = U32_C(0xFFFFFFFF);
298 state->s[3] = crypto_morus640_const[0];
299 state->s[4] = crypto_morus640_const[1];
300
301 for (i = 0; i < 16; i++)
302 crypto_morus640_update(state, &z);
303
304 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
305 state->s[1].words[i] ^= key->words[i];
306 }
307
308 static void crypto_morus640_process_ad(struct morus640_state *state,
309 struct scatterlist *sg_src,
310 unsigned int assoclen)
311 {
312 struct scatter_walk walk;
313 struct morus640_block m;
314 union morus640_block_in buf;
315 unsigned int pos = 0;
316
317 scatterwalk_start(&walk, sg_src);
318 while (assoclen != 0) {
319 unsigned int size = scatterwalk_clamp(&walk, assoclen);
320 unsigned int left = size;
321 void *mapped = scatterwalk_map(&walk);
322 const u8 *src = (const u8 *)mapped;
323
324 if (pos + size >= MORUS640_BLOCK_SIZE) {
325 if (pos > 0) {
326 unsigned int fill = MORUS640_BLOCK_SIZE - pos;
327 memcpy(buf.bytes + pos, src, fill);
328
329 crypto_morus640_load_a(&m, buf.bytes);
330 crypto_morus640_update(state, &m);
331
332 pos = 0;
333 left -= fill;
334 src += fill;
335 }
336
337 crypto_morus640_ad(state, src, left);
338 src += left & ~(MORUS640_BLOCK_SIZE - 1);
339 left &= MORUS640_BLOCK_SIZE - 1;
340 }
341
342 memcpy(buf.bytes + pos, src, left);
343
344 pos += left;
345 assoclen -= size;
346 scatterwalk_unmap(mapped);
347 scatterwalk_advance(&walk, size);
348 scatterwalk_done(&walk, 0, assoclen);
349 }
350
351 if (pos > 0) {
352 memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
353
354 crypto_morus640_load_a(&m, buf.bytes);
355 crypto_morus640_update(state, &m);
356 }
357 }
358
359 static void crypto_morus640_process_crypt(struct morus640_state *state,
360 struct aead_request *req,
361 const struct morus640_ops *ops)
362 {
363 struct skcipher_walk walk;
364
365 ops->skcipher_walk_init(&walk, req, false);
366
367 while (walk.nbytes) {
368 unsigned int nbytes = walk.nbytes;
369
370 if (nbytes < walk.total)
371 nbytes = round_down(nbytes, walk.stride);
372
373 ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
374 nbytes);
375
376 skcipher_walk_done(&walk, walk.nbytes - nbytes);
377 }
378 }
379
380 static void crypto_morus640_final(struct morus640_state *state,
381 struct morus640_block *tag_xor,
382 u64 assoclen, u64 cryptlen)
383 {
384 struct morus640_block tmp;
385 unsigned int i;
386
387 tmp.words[0] = lower_32_bits(assoclen * 8);
388 tmp.words[1] = upper_32_bits(assoclen * 8);
389 tmp.words[2] = lower_32_bits(cryptlen * 8);
390 tmp.words[3] = upper_32_bits(cryptlen * 8);
391
392 for (i = 0; i < MORUS_BLOCK_WORDS; i++)
393 state->s[4].words[i] ^= state->s[0].words[i];
394
395 for (i = 0; i < 10; i++)
396 crypto_morus640_update(state, &tmp);
397
398 crypto_morus640_core(state, tag_xor);
399 }
400
401 static int crypto_morus640_setkey(struct crypto_aead *aead, const u8 *key,
402 unsigned int keylen)
403 {
404 struct morus640_ctx *ctx = crypto_aead_ctx(aead);
405
406 if (keylen != MORUS640_BLOCK_SIZE) {
407 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
408 return -EINVAL;
409 }
410
411 crypto_morus640_load(&ctx->key, key);
412 return 0;
413 }
414
415 static int crypto_morus640_setauthsize(struct crypto_aead *tfm,
416 unsigned int authsize)
417 {
418 return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
419 }
420
421 static void crypto_morus640_crypt(struct aead_request *req,
422 struct morus640_block *tag_xor,
423 unsigned int cryptlen,
424 const struct morus640_ops *ops)
425 {
426 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
427 struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
428 struct morus640_state state;
429
430 crypto_morus640_init(&state, &ctx->key, req->iv);
431 crypto_morus640_process_ad(&state, req->src, req->assoclen);
432 crypto_morus640_process_crypt(&state, req, ops);
433 crypto_morus640_final(&state, tag_xor, req->assoclen, cryptlen);
434 }
435
436 static int crypto_morus640_encrypt(struct aead_request *req)
437 {
438 static const struct morus640_ops ops = {
439 .skcipher_walk_init = skcipher_walk_aead_encrypt,
440 .crypt_chunk = crypto_morus640_encrypt_chunk,
441 };
442
443 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
444 struct morus640_block tag = {};
445 union morus640_block_in tag_out;
446 unsigned int authsize = crypto_aead_authsize(tfm);
447 unsigned int cryptlen = req->cryptlen;
448
449 crypto_morus640_crypt(req, &tag, cryptlen, &ops);
450 crypto_morus640_store(tag_out.bytes, &tag);
451
452 scatterwalk_map_and_copy(tag_out.bytes, req->dst,
453 req->assoclen + cryptlen, authsize, 1);
454 return 0;
455 }
456
457 static int crypto_morus640_decrypt(struct aead_request *req)
458 {
459 static const struct morus640_ops ops = {
460 .skcipher_walk_init = skcipher_walk_aead_decrypt,
461 .crypt_chunk = crypto_morus640_decrypt_chunk,
462 };
463 static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
464
465 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
466 union morus640_block_in tag_in;
467 struct morus640_block tag;
468 unsigned int authsize = crypto_aead_authsize(tfm);
469 unsigned int cryptlen = req->cryptlen - authsize;
470
471 scatterwalk_map_and_copy(tag_in.bytes, req->src,
472 req->assoclen + cryptlen, authsize, 0);
473
474 crypto_morus640_load(&tag, tag_in.bytes);
475 crypto_morus640_crypt(req, &tag, cryptlen, &ops);
476 crypto_morus640_store(tag_in.bytes, &tag);
477
478 return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
479 }
480
481 static int crypto_morus640_init_tfm(struct crypto_aead *tfm)
482 {
483 return 0;
484 }
485
486 static void crypto_morus640_exit_tfm(struct crypto_aead *tfm)
487 {
488 }
489
490 static struct aead_alg crypto_morus640_alg = {
491 .setkey = crypto_morus640_setkey,
492 .setauthsize = crypto_morus640_setauthsize,
493 .encrypt = crypto_morus640_encrypt,
494 .decrypt = crypto_morus640_decrypt,
495 .init = crypto_morus640_init_tfm,
496 .exit = crypto_morus640_exit_tfm,
497
498 .ivsize = MORUS_NONCE_SIZE,
499 .maxauthsize = MORUS_MAX_AUTH_SIZE,
500 .chunksize = MORUS640_BLOCK_SIZE,
501
502 .base = {
503 .cra_blocksize = 1,
504 .cra_ctxsize = sizeof(struct morus640_ctx),
505 .cra_alignmask = 0,
506
507 .cra_priority = 100,
508
509 .cra_name = "morus640",
510 .cra_driver_name = "morus640-generic",
511
512 .cra_module = THIS_MODULE,
513 }
514 };
515
516 static int __init crypto_morus640_module_init(void)
517 {
518 return crypto_register_aead(&crypto_morus640_alg);
519 }
520
521 static void __exit crypto_morus640_module_exit(void)
522 {
523 crypto_unregister_aead(&crypto_morus640_alg);
524 }
525
526 subsys_initcall(crypto_morus640_module_init);
527 module_exit(crypto_morus640_module_exit);
528
529 MODULE_LICENSE("GPL");
530 MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
531 MODULE_DESCRIPTION("MORUS-640 AEAD algorithm");
532 MODULE_ALIAS_CRYPTO("morus640");
533 MODULE_ALIAS_CRYPTO("morus640-generic");
Linux with added FPC-III support