18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * seqiv: Sequence Number IV Generator 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This generator generates an IV based on a sequence number by xoring it 68c2ecf20Sopenharmony_ci * with a salt. This algorithm is mainly useful for CTR and similar modes. 78c2ecf20Sopenharmony_ci * 88c2ecf20Sopenharmony_ci * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au> 98c2ecf20Sopenharmony_ci */ 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ci#include <crypto/internal/geniv.h> 128c2ecf20Sopenharmony_ci#include <crypto/scatterwalk.h> 138c2ecf20Sopenharmony_ci#include <crypto/skcipher.h> 148c2ecf20Sopenharmony_ci#include <linux/err.h> 158c2ecf20Sopenharmony_ci#include <linux/init.h> 168c2ecf20Sopenharmony_ci#include <linux/kernel.h> 178c2ecf20Sopenharmony_ci#include <linux/module.h> 188c2ecf20Sopenharmony_ci#include <linux/slab.h> 198c2ecf20Sopenharmony_ci#include <linux/string.h> 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_cistatic void seqiv_aead_encrypt_complete2(struct aead_request *req, int err) 228c2ecf20Sopenharmony_ci{ 238c2ecf20Sopenharmony_ci struct aead_request *subreq = aead_request_ctx(req); 248c2ecf20Sopenharmony_ci struct crypto_aead *geniv; 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_ci if (err == -EINPROGRESS || err == -EBUSY) 278c2ecf20Sopenharmony_ci return; 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ci if (err) 308c2ecf20Sopenharmony_ci goto out; 318c2ecf20Sopenharmony_ci 328c2ecf20Sopenharmony_ci geniv = crypto_aead_reqtfm(req); 338c2ecf20Sopenharmony_ci memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv)); 348c2ecf20Sopenharmony_ci 358c2ecf20Sopenharmony_ciout: 368c2ecf20Sopenharmony_ci kfree_sensitive(subreq->iv); 378c2ecf20Sopenharmony_ci} 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_cistatic void seqiv_aead_encrypt_complete(struct crypto_async_request *base, 408c2ecf20Sopenharmony_ci int err) 418c2ecf20Sopenharmony_ci{ 428c2ecf20Sopenharmony_ci struct aead_request *req = base->data; 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_ci seqiv_aead_encrypt_complete2(req, err); 458c2ecf20Sopenharmony_ci aead_request_complete(req, err); 468c2ecf20Sopenharmony_ci} 478c2ecf20Sopenharmony_ci 488c2ecf20Sopenharmony_cistatic int seqiv_aead_encrypt(struct aead_request *req) 498c2ecf20Sopenharmony_ci{ 508c2ecf20Sopenharmony_ci struct crypto_aead *geniv = crypto_aead_reqtfm(req); 518c2ecf20Sopenharmony_ci struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); 528c2ecf20Sopenharmony_ci struct aead_request *subreq = aead_request_ctx(req); 538c2ecf20Sopenharmony_ci crypto_completion_t compl; 548c2ecf20Sopenharmony_ci void *data; 558c2ecf20Sopenharmony_ci u8 *info; 568c2ecf20Sopenharmony_ci unsigned int ivsize = 8; 578c2ecf20Sopenharmony_ci int err; 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ci if (req->cryptlen < ivsize) 608c2ecf20Sopenharmony_ci return -EINVAL; 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci aead_request_set_tfm(subreq, ctx->child); 638c2ecf20Sopenharmony_ci 648c2ecf20Sopenharmony_ci compl = req->base.complete; 658c2ecf20Sopenharmony_ci data = req->base.data; 668c2ecf20Sopenharmony_ci info = req->iv; 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_ci if (req->src != req->dst) { 698c2ecf20Sopenharmony_ci SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull); 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci skcipher_request_set_sync_tfm(nreq, ctx->sknull); 728c2ecf20Sopenharmony_ci skcipher_request_set_callback(nreq, req->base.flags, 738c2ecf20Sopenharmony_ci NULL, NULL); 748c2ecf20Sopenharmony_ci skcipher_request_set_crypt(nreq, req->src, req->dst, 758c2ecf20Sopenharmony_ci req->assoclen + req->cryptlen, 768c2ecf20Sopenharmony_ci NULL); 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci err = crypto_skcipher_encrypt(nreq); 798c2ecf20Sopenharmony_ci if (err) 808c2ecf20Sopenharmony_ci return err; 818c2ecf20Sopenharmony_ci } 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci if (unlikely(!IS_ALIGNED((unsigned long)info, 848c2ecf20Sopenharmony_ci crypto_aead_alignmask(geniv) + 1))) { 858c2ecf20Sopenharmony_ci info = kmemdup(req->iv, ivsize, req->base.flags & 868c2ecf20Sopenharmony_ci CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL : 878c2ecf20Sopenharmony_ci GFP_ATOMIC); 888c2ecf20Sopenharmony_ci if (!info) 898c2ecf20Sopenharmony_ci return -ENOMEM; 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci compl = seqiv_aead_encrypt_complete; 928c2ecf20Sopenharmony_ci data = req; 938c2ecf20Sopenharmony_ci } 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci aead_request_set_callback(subreq, req->base.flags, compl, data); 968c2ecf20Sopenharmony_ci aead_request_set_crypt(subreq, req->dst, req->dst, 978c2ecf20Sopenharmony_ci req->cryptlen - ivsize, info); 988c2ecf20Sopenharmony_ci aead_request_set_ad(subreq, req->assoclen + ivsize); 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_ci crypto_xor(info, ctx->salt, ivsize); 1018c2ecf20Sopenharmony_ci scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1); 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ci err = crypto_aead_encrypt(subreq); 1048c2ecf20Sopenharmony_ci if (unlikely(info != req->iv)) 1058c2ecf20Sopenharmony_ci seqiv_aead_encrypt_complete2(req, err); 1068c2ecf20Sopenharmony_ci return err; 1078c2ecf20Sopenharmony_ci} 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_cistatic int seqiv_aead_decrypt(struct aead_request *req) 1108c2ecf20Sopenharmony_ci{ 1118c2ecf20Sopenharmony_ci struct crypto_aead *geniv = crypto_aead_reqtfm(req); 1128c2ecf20Sopenharmony_ci struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv); 1138c2ecf20Sopenharmony_ci struct aead_request *subreq = aead_request_ctx(req); 1148c2ecf20Sopenharmony_ci crypto_completion_t compl; 1158c2ecf20Sopenharmony_ci void *data; 1168c2ecf20Sopenharmony_ci unsigned int ivsize = 8; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci if (req->cryptlen < ivsize + crypto_aead_authsize(geniv)) 1198c2ecf20Sopenharmony_ci return -EINVAL; 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci aead_request_set_tfm(subreq, ctx->child); 1228c2ecf20Sopenharmony_ci 1238c2ecf20Sopenharmony_ci compl = req->base.complete; 1248c2ecf20Sopenharmony_ci data = req->base.data; 1258c2ecf20Sopenharmony_ci 1268c2ecf20Sopenharmony_ci aead_request_set_callback(subreq, req->base.flags, compl, data); 1278c2ecf20Sopenharmony_ci aead_request_set_crypt(subreq, req->src, req->dst, 1288c2ecf20Sopenharmony_ci req->cryptlen - ivsize, req->iv); 1298c2ecf20Sopenharmony_ci aead_request_set_ad(subreq, req->assoclen + ivsize); 1308c2ecf20Sopenharmony_ci 1318c2ecf20Sopenharmony_ci scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0); 1328c2ecf20Sopenharmony_ci 1338c2ecf20Sopenharmony_ci return crypto_aead_decrypt(subreq); 1348c2ecf20Sopenharmony_ci} 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_cistatic int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb) 1378c2ecf20Sopenharmony_ci{ 1388c2ecf20Sopenharmony_ci struct aead_instance *inst; 1398c2ecf20Sopenharmony_ci int err; 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_ci inst = aead_geniv_alloc(tmpl, tb); 1428c2ecf20Sopenharmony_ci 1438c2ecf20Sopenharmony_ci if (IS_ERR(inst)) 1448c2ecf20Sopenharmony_ci return PTR_ERR(inst); 1458c2ecf20Sopenharmony_ci 1468c2ecf20Sopenharmony_ci err = -EINVAL; 1478c2ecf20Sopenharmony_ci if (inst->alg.ivsize != sizeof(u64)) 1488c2ecf20Sopenharmony_ci goto free_inst; 1498c2ecf20Sopenharmony_ci 1508c2ecf20Sopenharmony_ci inst->alg.encrypt = seqiv_aead_encrypt; 1518c2ecf20Sopenharmony_ci inst->alg.decrypt = seqiv_aead_decrypt; 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci inst->alg.init = aead_init_geniv; 1548c2ecf20Sopenharmony_ci inst->alg.exit = aead_exit_geniv; 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ci inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx); 1578c2ecf20Sopenharmony_ci inst->alg.base.cra_ctxsize += inst->alg.ivsize; 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci err = aead_register_instance(tmpl, inst); 1608c2ecf20Sopenharmony_ci if (err) { 1618c2ecf20Sopenharmony_cifree_inst: 1628c2ecf20Sopenharmony_ci inst->free(inst); 1638c2ecf20Sopenharmony_ci } 1648c2ecf20Sopenharmony_ci return err; 1658c2ecf20Sopenharmony_ci} 1668c2ecf20Sopenharmony_ci 1678c2ecf20Sopenharmony_cistatic struct crypto_template seqiv_tmpl = { 1688c2ecf20Sopenharmony_ci .name = "seqiv", 1698c2ecf20Sopenharmony_ci .create = seqiv_aead_create, 1708c2ecf20Sopenharmony_ci .module = THIS_MODULE, 1718c2ecf20Sopenharmony_ci}; 1728c2ecf20Sopenharmony_ci 1738c2ecf20Sopenharmony_cistatic int __init seqiv_module_init(void) 1748c2ecf20Sopenharmony_ci{ 1758c2ecf20Sopenharmony_ci return crypto_register_template(&seqiv_tmpl); 1768c2ecf20Sopenharmony_ci} 1778c2ecf20Sopenharmony_ci 1788c2ecf20Sopenharmony_cistatic void __exit seqiv_module_exit(void) 1798c2ecf20Sopenharmony_ci{ 1808c2ecf20Sopenharmony_ci crypto_unregister_template(&seqiv_tmpl); 1818c2ecf20Sopenharmony_ci} 1828c2ecf20Sopenharmony_ci 1838c2ecf20Sopenharmony_cisubsys_initcall(seqiv_module_init); 1848c2ecf20Sopenharmony_cimodule_exit(seqiv_module_exit); 1858c2ecf20Sopenharmony_ci 1868c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 1878c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("Sequence Number IV Generator"); 1888c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("seqiv"); 189