18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * echainiv: Encrypted Chain IV Generator 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This generator generates an IV based on a sequence number by multiplying 68c2ecf20Sopenharmony_ci * it with a salt and then encrypting it with the same key as used to encrypt 78c2ecf20Sopenharmony_ci * the plain text. This algorithm requires that the block size be equal 88c2ecf20Sopenharmony_ci * to the IV size. It is mainly useful for CBC. 98c2ecf20Sopenharmony_ci * 108c2ecf20Sopenharmony_ci * This generator can only be used by algorithms where authentication 118c2ecf20Sopenharmony_ci * is performed after encryption (i.e., authenc). 128c2ecf20Sopenharmony_ci * 138c2ecf20Sopenharmony_ci * Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au> 148c2ecf20Sopenharmony_ci */ 158c2ecf20Sopenharmony_ci 168c2ecf20Sopenharmony_ci#include <crypto/internal/geniv.h> 178c2ecf20Sopenharmony_ci#include <crypto/scatterwalk.h> 188c2ecf20Sopenharmony_ci#include <crypto/skcipher.h> 198c2ecf20Sopenharmony_ci#include <linux/err.h> 208c2ecf20Sopenharmony_ci#include <linux/init.h> 218c2ecf20Sopenharmony_ci#include <linux/kernel.h> 228c2ecf20Sopenharmony_ci#include <linux/module.h> 238c2ecf20Sopenharmony_ci#include <linux/slab.h> 248c2ecf20Sopenharmony_ci#include <linux/string.h> 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_cistatic int echainiv_encrypt(struct aead_request *req) 278c2ecf20Sopenharmony_ci{ 288c2ecf20Sopenharmony_ci struct crypto_aead *geniv = crypto_aead_reqtfm(req); 298c2ecf20Sopenharmony_ci struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); 308c2ecf20Sopenharmony_ci struct aead_request *subreq = aead_request_ctx(req); 318c2ecf20Sopenharmony_ci __be64 nseqno; 328c2ecf20Sopenharmony_ci u64 seqno; 338c2ecf20Sopenharmony_ci u8 *info; 348c2ecf20Sopenharmony_ci unsigned int ivsize = crypto_aead_ivsize(geniv); 358c2ecf20Sopenharmony_ci int err; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci if (req->cryptlen < ivsize) 388c2ecf20Sopenharmony_ci return -EINVAL; 398c2ecf20Sopenharmony_ci 408c2ecf20Sopenharmony_ci aead_request_set_tfm(subreq, ctx->child); 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_ci info = req->iv; 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_ci if (req->src != req->dst) { 458c2ecf20Sopenharmony_ci SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull); 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci skcipher_request_set_sync_tfm(nreq, ctx->sknull); 488c2ecf20Sopenharmony_ci skcipher_request_set_callback(nreq, req->base.flags, 498c2ecf20Sopenharmony_ci NULL, NULL); 508c2ecf20Sopenharmony_ci skcipher_request_set_crypt(nreq, req->src, req->dst, 518c2ecf20Sopenharmony_ci req->assoclen + req->cryptlen, 528c2ecf20Sopenharmony_ci NULL); 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci err = crypto_skcipher_encrypt(nreq); 558c2ecf20Sopenharmony_ci if (err) 568c2ecf20Sopenharmony_ci return err; 578c2ecf20Sopenharmony_ci } 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ci aead_request_set_callback(subreq, req->base.flags, 608c2ecf20Sopenharmony_ci req->base.complete, req->base.data); 618c2ecf20Sopenharmony_ci aead_request_set_crypt(subreq, req->dst, req->dst, 628c2ecf20Sopenharmony_ci req->cryptlen, info); 638c2ecf20Sopenharmony_ci aead_request_set_ad(subreq, req->assoclen); 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci memcpy(&nseqno, info + ivsize - 8, 8); 668c2ecf20Sopenharmony_ci seqno = be64_to_cpu(nseqno); 678c2ecf20Sopenharmony_ci memset(info, 0, ivsize); 688c2ecf20Sopenharmony_ci 698c2ecf20Sopenharmony_ci scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1); 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci do { 728c2ecf20Sopenharmony_ci u64 a; 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci memcpy(&a, ctx->salt + ivsize - 8, 8); 758c2ecf20Sopenharmony_ci 768c2ecf20Sopenharmony_ci a |= 1; 778c2ecf20Sopenharmony_ci a *= seqno; 788c2ecf20Sopenharmony_ci 798c2ecf20Sopenharmony_ci memcpy(info + ivsize - 8, &a, 8); 808c2ecf20Sopenharmony_ci } while ((ivsize -= 8)); 818c2ecf20Sopenharmony_ci 828c2ecf20Sopenharmony_ci return crypto_aead_encrypt(subreq); 838c2ecf20Sopenharmony_ci} 848c2ecf20Sopenharmony_ci 858c2ecf20Sopenharmony_cistatic int echainiv_decrypt(struct aead_request *req) 868c2ecf20Sopenharmony_ci{ 878c2ecf20Sopenharmony_ci struct crypto_aead *geniv = crypto_aead_reqtfm(req); 888c2ecf20Sopenharmony_ci struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); 898c2ecf20Sopenharmony_ci struct aead_request *subreq = aead_request_ctx(req); 908c2ecf20Sopenharmony_ci crypto_completion_t compl; 918c2ecf20Sopenharmony_ci void *data; 928c2ecf20Sopenharmony_ci unsigned int ivsize = crypto_aead_ivsize(geniv); 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_ci if (req->cryptlen < ivsize) 958c2ecf20Sopenharmony_ci return -EINVAL; 968c2ecf20Sopenharmony_ci 978c2ecf20Sopenharmony_ci aead_request_set_tfm(subreq, ctx->child); 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci compl = req->base.complete; 1008c2ecf20Sopenharmony_ci data = req->base.data; 1018c2ecf20Sopenharmony_ci 1028c2ecf20Sopenharmony_ci aead_request_set_callback(subreq, req->base.flags, compl, data); 1038c2ecf20Sopenharmony_ci aead_request_set_crypt(subreq, req->src, req->dst, 1048c2ecf20Sopenharmony_ci req->cryptlen - ivsize, req->iv); 1058c2ecf20Sopenharmony_ci aead_request_set_ad(subreq, req->assoclen + ivsize); 1068c2ecf20Sopenharmony_ci 1078c2ecf20Sopenharmony_ci scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0); 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci return crypto_aead_decrypt(subreq); 1108c2ecf20Sopenharmony_ci} 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_cistatic int echainiv_aead_create(struct crypto_template *tmpl, 1138c2ecf20Sopenharmony_ci struct rtattr **tb) 1148c2ecf20Sopenharmony_ci{ 1158c2ecf20Sopenharmony_ci struct aead_instance *inst; 1168c2ecf20Sopenharmony_ci int err; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci inst = aead_geniv_alloc(tmpl, tb); 1198c2ecf20Sopenharmony_ci 1208c2ecf20Sopenharmony_ci if (IS_ERR(inst)) 1218c2ecf20Sopenharmony_ci return PTR_ERR(inst); 1228c2ecf20Sopenharmony_ci 1238c2ecf20Sopenharmony_ci err = -EINVAL; 1248c2ecf20Sopenharmony_ci if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize) 1258c2ecf20Sopenharmony_ci goto free_inst; 1268c2ecf20Sopenharmony_ci 1278c2ecf20Sopenharmony_ci inst->alg.encrypt = echainiv_encrypt; 1288c2ecf20Sopenharmony_ci inst->alg.decrypt = echainiv_decrypt; 1298c2ecf20Sopenharmony_ci 1308c2ecf20Sopenharmony_ci inst->alg.init = aead_init_geniv; 1318c2ecf20Sopenharmony_ci inst->alg.exit = aead_exit_geniv; 1328c2ecf20Sopenharmony_ci 1338c2ecf20Sopenharmony_ci inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); 1348c2ecf20Sopenharmony_ci inst->alg.base.cra_ctxsize += inst->alg.ivsize; 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci err = aead_register_instance(tmpl, inst); 1378c2ecf20Sopenharmony_ci if (err) { 1388c2ecf20Sopenharmony_cifree_inst: 1398c2ecf20Sopenharmony_ci inst->free(inst); 1408c2ecf20Sopenharmony_ci } 1418c2ecf20Sopenharmony_ci return err; 1428c2ecf20Sopenharmony_ci} 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_cistatic struct crypto_template echainiv_tmpl = { 1458c2ecf20Sopenharmony_ci .name = "echainiv", 1468c2ecf20Sopenharmony_ci .create = echainiv_aead_create, 1478c2ecf20Sopenharmony_ci .module = THIS_MODULE, 1488c2ecf20Sopenharmony_ci}; 1498c2ecf20Sopenharmony_ci 1508c2ecf20Sopenharmony_cistatic int __init echainiv_module_init(void) 1518c2ecf20Sopenharmony_ci{ 1528c2ecf20Sopenharmony_ci return crypto_register_template(&echainiv_tmpl); 1538c2ecf20Sopenharmony_ci} 1548c2ecf20Sopenharmony_ci 1558c2ecf20Sopenharmony_cistatic void __exit echainiv_module_exit(void) 1568c2ecf20Sopenharmony_ci{ 1578c2ecf20Sopenharmony_ci crypto_unregister_template(&echainiv_tmpl); 1588c2ecf20Sopenharmony_ci} 1598c2ecf20Sopenharmony_ci 1608c2ecf20Sopenharmony_cisubsys_initcall(echainiv_module_init); 1618c2ecf20Sopenharmony_cimodule_exit(echainiv_module_exit); 1628c2ecf20Sopenharmony_ci 1638c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 1648c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("Encrypted Chain IV Generator"); 1658c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("echainiv"); 166