18c2ecf20Sopenharmony_ci//SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * CFB: Cipher FeedBack mode 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright (c) 2018 James.Bottomley@HansenPartnership.com 68c2ecf20Sopenharmony_ci * 78c2ecf20Sopenharmony_ci * CFB is a stream cipher mode which is layered on to a block 88c2ecf20Sopenharmony_ci * encryption scheme. It works very much like a one time pad where 98c2ecf20Sopenharmony_ci * the pad is generated initially from the encrypted IV and then 108c2ecf20Sopenharmony_ci * subsequently from the encrypted previous block of ciphertext. The 118c2ecf20Sopenharmony_ci * pad is XOR'd into the plain text to get the final ciphertext. 128c2ecf20Sopenharmony_ci * 138c2ecf20Sopenharmony_ci * The scheme of CFB is best described by wikipedia: 148c2ecf20Sopenharmony_ci * 158c2ecf20Sopenharmony_ci * https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB 168c2ecf20Sopenharmony_ci * 178c2ecf20Sopenharmony_ci * Note that since the pad for both encryption and decryption is 188c2ecf20Sopenharmony_ci * generated by an encryption operation, CFB never uses the block 198c2ecf20Sopenharmony_ci * decryption function. 208c2ecf20Sopenharmony_ci */ 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci#include <crypto/algapi.h> 238c2ecf20Sopenharmony_ci#include <crypto/internal/skcipher.h> 248c2ecf20Sopenharmony_ci#include <linux/err.h> 258c2ecf20Sopenharmony_ci#include <linux/init.h> 268c2ecf20Sopenharmony_ci#include <linux/kernel.h> 278c2ecf20Sopenharmony_ci#include <linux/module.h> 288c2ecf20Sopenharmony_ci#include <linux/string.h> 298c2ecf20Sopenharmony_ci 308c2ecf20Sopenharmony_cistatic unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm) 318c2ecf20Sopenharmony_ci{ 328c2ecf20Sopenharmony_ci return crypto_cipher_blocksize(skcipher_cipher_simple(tfm)); 338c2ecf20Sopenharmony_ci} 348c2ecf20Sopenharmony_ci 358c2ecf20Sopenharmony_cistatic void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm, 368c2ecf20Sopenharmony_ci const u8 *src, u8 *dst) 378c2ecf20Sopenharmony_ci{ 388c2ecf20Sopenharmony_ci crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src); 398c2ecf20Sopenharmony_ci} 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci/* final encrypt and decrypt is the same */ 428c2ecf20Sopenharmony_cistatic void crypto_cfb_final(struct skcipher_walk *walk, 438c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 448c2ecf20Sopenharmony_ci{ 458c2ecf20Sopenharmony_ci const unsigned long alignmask = crypto_skcipher_alignmask(tfm); 468c2ecf20Sopenharmony_ci u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; 478c2ecf20Sopenharmony_ci u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1); 488c2ecf20Sopenharmony_ci u8 *src = walk->src.virt.addr; 498c2ecf20Sopenharmony_ci u8 *dst = walk->dst.virt.addr; 508c2ecf20Sopenharmony_ci u8 *iv = walk->iv; 518c2ecf20Sopenharmony_ci unsigned int nbytes = walk->nbytes; 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_ci crypto_cfb_encrypt_one(tfm, iv, stream); 548c2ecf20Sopenharmony_ci crypto_xor_cpy(dst, stream, src, nbytes); 558c2ecf20Sopenharmony_ci} 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_cistatic int crypto_cfb_encrypt_segment(struct skcipher_walk *walk, 588c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 598c2ecf20Sopenharmony_ci{ 608c2ecf20Sopenharmony_ci const unsigned int bsize = crypto_cfb_bsize(tfm); 618c2ecf20Sopenharmony_ci unsigned int nbytes = walk->nbytes; 628c2ecf20Sopenharmony_ci u8 *src = walk->src.virt.addr; 638c2ecf20Sopenharmony_ci u8 *dst = walk->dst.virt.addr; 648c2ecf20Sopenharmony_ci u8 *iv = walk->iv; 658c2ecf20Sopenharmony_ci 668c2ecf20Sopenharmony_ci do { 678c2ecf20Sopenharmony_ci crypto_cfb_encrypt_one(tfm, iv, dst); 688c2ecf20Sopenharmony_ci crypto_xor(dst, src, bsize); 698c2ecf20Sopenharmony_ci iv = dst; 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci src += bsize; 728c2ecf20Sopenharmony_ci dst += bsize; 738c2ecf20Sopenharmony_ci } while ((nbytes -= bsize) >= bsize); 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci memcpy(walk->iv, iv, bsize); 768c2ecf20Sopenharmony_ci 778c2ecf20Sopenharmony_ci return nbytes; 788c2ecf20Sopenharmony_ci} 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_cistatic int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk, 818c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 828c2ecf20Sopenharmony_ci{ 838c2ecf20Sopenharmony_ci const unsigned int bsize = crypto_cfb_bsize(tfm); 848c2ecf20Sopenharmony_ci unsigned int nbytes = walk->nbytes; 858c2ecf20Sopenharmony_ci u8 *src = walk->src.virt.addr; 868c2ecf20Sopenharmony_ci u8 *iv = walk->iv; 878c2ecf20Sopenharmony_ci u8 tmp[MAX_CIPHER_BLOCKSIZE]; 888c2ecf20Sopenharmony_ci 898c2ecf20Sopenharmony_ci do { 908c2ecf20Sopenharmony_ci crypto_cfb_encrypt_one(tfm, iv, tmp); 918c2ecf20Sopenharmony_ci crypto_xor(src, tmp, bsize); 928c2ecf20Sopenharmony_ci iv = src; 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_ci src += bsize; 958c2ecf20Sopenharmony_ci } while ((nbytes -= bsize) >= bsize); 968c2ecf20Sopenharmony_ci 978c2ecf20Sopenharmony_ci memcpy(walk->iv, iv, bsize); 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci return nbytes; 1008c2ecf20Sopenharmony_ci} 1018c2ecf20Sopenharmony_ci 1028c2ecf20Sopenharmony_cistatic int crypto_cfb_encrypt(struct skcipher_request *req) 1038c2ecf20Sopenharmony_ci{ 1048c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1058c2ecf20Sopenharmony_ci struct skcipher_walk walk; 1068c2ecf20Sopenharmony_ci unsigned int bsize = crypto_cfb_bsize(tfm); 1078c2ecf20Sopenharmony_ci int err; 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci err = skcipher_walk_virt(&walk, req, false); 1108c2ecf20Sopenharmony_ci 1118c2ecf20Sopenharmony_ci while (walk.nbytes >= bsize) { 1128c2ecf20Sopenharmony_ci if (walk.src.virt.addr == walk.dst.virt.addr) 1138c2ecf20Sopenharmony_ci err = crypto_cfb_encrypt_inplace(&walk, tfm); 1148c2ecf20Sopenharmony_ci else 1158c2ecf20Sopenharmony_ci err = crypto_cfb_encrypt_segment(&walk, tfm); 1168c2ecf20Sopenharmony_ci err = skcipher_walk_done(&walk, err); 1178c2ecf20Sopenharmony_ci } 1188c2ecf20Sopenharmony_ci 1198c2ecf20Sopenharmony_ci if (walk.nbytes) { 1208c2ecf20Sopenharmony_ci crypto_cfb_final(&walk, tfm); 1218c2ecf20Sopenharmony_ci err = skcipher_walk_done(&walk, 0); 1228c2ecf20Sopenharmony_ci } 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci return err; 1258c2ecf20Sopenharmony_ci} 1268c2ecf20Sopenharmony_ci 1278c2ecf20Sopenharmony_cistatic int crypto_cfb_decrypt_segment(struct skcipher_walk *walk, 1288c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 1298c2ecf20Sopenharmony_ci{ 1308c2ecf20Sopenharmony_ci const unsigned int bsize = crypto_cfb_bsize(tfm); 1318c2ecf20Sopenharmony_ci unsigned int nbytes = walk->nbytes; 1328c2ecf20Sopenharmony_ci u8 *src = walk->src.virt.addr; 1338c2ecf20Sopenharmony_ci u8 *dst = walk->dst.virt.addr; 1348c2ecf20Sopenharmony_ci u8 *iv = walk->iv; 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci do { 1378c2ecf20Sopenharmony_ci crypto_cfb_encrypt_one(tfm, iv, dst); 1388c2ecf20Sopenharmony_ci crypto_xor(dst, src, bsize); 1398c2ecf20Sopenharmony_ci iv = src; 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_ci src += bsize; 1428c2ecf20Sopenharmony_ci dst += bsize; 1438c2ecf20Sopenharmony_ci } while ((nbytes -= bsize) >= bsize); 1448c2ecf20Sopenharmony_ci 1458c2ecf20Sopenharmony_ci memcpy(walk->iv, iv, bsize); 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ci return nbytes; 1488c2ecf20Sopenharmony_ci} 1498c2ecf20Sopenharmony_ci 1508c2ecf20Sopenharmony_cistatic int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk, 1518c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 1528c2ecf20Sopenharmony_ci{ 1538c2ecf20Sopenharmony_ci const unsigned int bsize = crypto_cfb_bsize(tfm); 1548c2ecf20Sopenharmony_ci unsigned int nbytes = walk->nbytes; 1558c2ecf20Sopenharmony_ci u8 *src = walk->src.virt.addr; 1568c2ecf20Sopenharmony_ci u8 * const iv = walk->iv; 1578c2ecf20Sopenharmony_ci u8 tmp[MAX_CIPHER_BLOCKSIZE]; 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci do { 1608c2ecf20Sopenharmony_ci crypto_cfb_encrypt_one(tfm, iv, tmp); 1618c2ecf20Sopenharmony_ci memcpy(iv, src, bsize); 1628c2ecf20Sopenharmony_ci crypto_xor(src, tmp, bsize); 1638c2ecf20Sopenharmony_ci src += bsize; 1648c2ecf20Sopenharmony_ci } while ((nbytes -= bsize) >= bsize); 1658c2ecf20Sopenharmony_ci 1668c2ecf20Sopenharmony_ci return nbytes; 1678c2ecf20Sopenharmony_ci} 1688c2ecf20Sopenharmony_ci 1698c2ecf20Sopenharmony_cistatic int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk, 1708c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm) 1718c2ecf20Sopenharmony_ci{ 1728c2ecf20Sopenharmony_ci if (walk->src.virt.addr == walk->dst.virt.addr) 1738c2ecf20Sopenharmony_ci return crypto_cfb_decrypt_inplace(walk, tfm); 1748c2ecf20Sopenharmony_ci else 1758c2ecf20Sopenharmony_ci return crypto_cfb_decrypt_segment(walk, tfm); 1768c2ecf20Sopenharmony_ci} 1778c2ecf20Sopenharmony_ci 1788c2ecf20Sopenharmony_cistatic int crypto_cfb_decrypt(struct skcipher_request *req) 1798c2ecf20Sopenharmony_ci{ 1808c2ecf20Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1818c2ecf20Sopenharmony_ci struct skcipher_walk walk; 1828c2ecf20Sopenharmony_ci const unsigned int bsize = crypto_cfb_bsize(tfm); 1838c2ecf20Sopenharmony_ci int err; 1848c2ecf20Sopenharmony_ci 1858c2ecf20Sopenharmony_ci err = skcipher_walk_virt(&walk, req, false); 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_ci while (walk.nbytes >= bsize) { 1888c2ecf20Sopenharmony_ci err = crypto_cfb_decrypt_blocks(&walk, tfm); 1898c2ecf20Sopenharmony_ci err = skcipher_walk_done(&walk, err); 1908c2ecf20Sopenharmony_ci } 1918c2ecf20Sopenharmony_ci 1928c2ecf20Sopenharmony_ci if (walk.nbytes) { 1938c2ecf20Sopenharmony_ci crypto_cfb_final(&walk, tfm); 1948c2ecf20Sopenharmony_ci err = skcipher_walk_done(&walk, 0); 1958c2ecf20Sopenharmony_ci } 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ci return err; 1988c2ecf20Sopenharmony_ci} 1998c2ecf20Sopenharmony_ci 2008c2ecf20Sopenharmony_cistatic int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb) 2018c2ecf20Sopenharmony_ci{ 2028c2ecf20Sopenharmony_ci struct skcipher_instance *inst; 2038c2ecf20Sopenharmony_ci struct crypto_alg *alg; 2048c2ecf20Sopenharmony_ci int err; 2058c2ecf20Sopenharmony_ci 2068c2ecf20Sopenharmony_ci inst = skcipher_alloc_instance_simple(tmpl, tb); 2078c2ecf20Sopenharmony_ci if (IS_ERR(inst)) 2088c2ecf20Sopenharmony_ci return PTR_ERR(inst); 2098c2ecf20Sopenharmony_ci 2108c2ecf20Sopenharmony_ci alg = skcipher_ialg_simple(inst); 2118c2ecf20Sopenharmony_ci 2128c2ecf20Sopenharmony_ci /* CFB mode is a stream cipher. */ 2138c2ecf20Sopenharmony_ci inst->alg.base.cra_blocksize = 1; 2148c2ecf20Sopenharmony_ci 2158c2ecf20Sopenharmony_ci /* 2168c2ecf20Sopenharmony_ci * To simplify the implementation, configure the skcipher walk to only 2178c2ecf20Sopenharmony_ci * give a partial block at the very end, never earlier. 2188c2ecf20Sopenharmony_ci */ 2198c2ecf20Sopenharmony_ci inst->alg.chunksize = alg->cra_blocksize; 2208c2ecf20Sopenharmony_ci 2218c2ecf20Sopenharmony_ci inst->alg.encrypt = crypto_cfb_encrypt; 2228c2ecf20Sopenharmony_ci inst->alg.decrypt = crypto_cfb_decrypt; 2238c2ecf20Sopenharmony_ci 2248c2ecf20Sopenharmony_ci err = skcipher_register_instance(tmpl, inst); 2258c2ecf20Sopenharmony_ci if (err) 2268c2ecf20Sopenharmony_ci inst->free(inst); 2278c2ecf20Sopenharmony_ci 2288c2ecf20Sopenharmony_ci return err; 2298c2ecf20Sopenharmony_ci} 2308c2ecf20Sopenharmony_ci 2318c2ecf20Sopenharmony_cistatic struct crypto_template crypto_cfb_tmpl = { 2328c2ecf20Sopenharmony_ci .name = "cfb", 2338c2ecf20Sopenharmony_ci .create = crypto_cfb_create, 2348c2ecf20Sopenharmony_ci .module = THIS_MODULE, 2358c2ecf20Sopenharmony_ci}; 2368c2ecf20Sopenharmony_ci 2378c2ecf20Sopenharmony_cistatic int __init crypto_cfb_module_init(void) 2388c2ecf20Sopenharmony_ci{ 2398c2ecf20Sopenharmony_ci return crypto_register_template(&crypto_cfb_tmpl); 2408c2ecf20Sopenharmony_ci} 2418c2ecf20Sopenharmony_ci 2428c2ecf20Sopenharmony_cistatic void __exit crypto_cfb_module_exit(void) 2438c2ecf20Sopenharmony_ci{ 2448c2ecf20Sopenharmony_ci crypto_unregister_template(&crypto_cfb_tmpl); 2458c2ecf20Sopenharmony_ci} 2468c2ecf20Sopenharmony_ci 2478c2ecf20Sopenharmony_cisubsys_initcall(crypto_cfb_module_init); 2488c2ecf20Sopenharmony_cimodule_exit(crypto_cfb_module_exit); 2498c2ecf20Sopenharmony_ci 2508c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 2518c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("CFB block cipher mode of operation"); 2528c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("cfb"); 253