echainiv.c 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * echainiv: Encrypted Chain IV Generator
  4. *
  5. * This generator generates an IV based on a sequence number by multiplying
  6. * it with a salt and then encrypting it with the same key as used to encrypt
  7. * the plain text. This algorithm requires that the block size be equal
  8. * to the IV size. It is mainly useful for CBC.
  9. *
  10. * This generator can only be used by algorithms where authentication
  11. * is performed after encryption (i.e., authenc).
  12. *
  13. * Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
  14. */
  15. #include <crypto/internal/geniv.h>
  16. #include <crypto/scatterwalk.h>
  17. #include <crypto/skcipher.h>
  18. #include <linux/err.h>
  19. #include <linux/init.h>
  20. #include <linux/kernel.h>
  21. #include <linux/module.h>
  22. #include <linux/slab.h>
  23. #include <linux/string.h>
  24. static int echainiv_encrypt(struct aead_request *req)
  25. {
  26. struct crypto_aead *geniv = crypto_aead_reqtfm(req);
  27. struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
  28. struct aead_request *subreq = aead_request_ctx(req);
  29. __be64 nseqno;
  30. u64 seqno;
  31. u8 *info;
  32. unsigned int ivsize = crypto_aead_ivsize(geniv);
  33. if (req->cryptlen < ivsize)
  34. return -EINVAL;
  35. aead_request_set_tfm(subreq, ctx->child);
  36. info = req->iv;
  37. if (req->src != req->dst)
  38. memcpy_sglist(req->dst, req->src,
  39. req->assoclen + req->cryptlen);
  40. aead_request_set_callback(subreq, req->base.flags,
  41. req->base.complete, req->base.data);
  42. aead_request_set_crypt(subreq, req->dst, req->dst,
  43. req->cryptlen, info);
  44. aead_request_set_ad(subreq, req->assoclen);
  45. memcpy(&nseqno, info + ivsize - 8, 8);
  46. seqno = be64_to_cpu(nseqno);
  47. memset(info, 0, ivsize);
  48. scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
  49. do {
  50. u64 a;
  51. memcpy(&a, ctx->salt + ivsize - 8, 8);
  52. a |= 1;
  53. a *= seqno;
  54. memcpy(info + ivsize - 8, &a, 8);
  55. } while ((ivsize -= 8));
  56. return crypto_aead_encrypt(subreq);
  57. }
  58. static int echainiv_decrypt(struct aead_request *req)
  59. {
  60. struct crypto_aead *geniv = crypto_aead_reqtfm(req);
  61. struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
  62. struct aead_request *subreq = aead_request_ctx(req);
  63. crypto_completion_t compl;
  64. void *data;
  65. unsigned int ivsize = crypto_aead_ivsize(geniv);
  66. if (req->cryptlen < ivsize)
  67. return -EINVAL;
  68. aead_request_set_tfm(subreq, ctx->child);
  69. compl = req->base.complete;
  70. data = req->base.data;
  71. aead_request_set_callback(subreq, req->base.flags, compl, data);
  72. aead_request_set_crypt(subreq, req->src, req->dst,
  73. req->cryptlen - ivsize, req->iv);
  74. aead_request_set_ad(subreq, req->assoclen + ivsize);
  75. scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0);
  76. return crypto_aead_decrypt(subreq);
  77. }
  78. static int echainiv_aead_create(struct crypto_template *tmpl,
  79. struct rtattr **tb)
  80. {
  81. struct aead_instance *inst;
  82. int err;
  83. inst = aead_geniv_alloc(tmpl, tb);
  84. if (IS_ERR(inst))
  85. return PTR_ERR(inst);
  86. err = -EINVAL;
  87. if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize)
  88. goto free_inst;
  89. inst->alg.encrypt = echainiv_encrypt;
  90. inst->alg.decrypt = echainiv_decrypt;
  91. inst->alg.init = aead_init_geniv;
  92. inst->alg.exit = aead_exit_geniv;
  93. inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
  94. inst->alg.base.cra_ctxsize += inst->alg.ivsize;
  95. err = aead_register_instance(tmpl, inst);
  96. if (err) {
  97. free_inst:
  98. inst->free(inst);
  99. }
  100. return err;
  101. }
  102. static struct crypto_template echainiv_tmpl = {
  103. .name = "echainiv",
  104. .create = echainiv_aead_create,
  105. .module = THIS_MODULE,
  106. };
  107. static int __init echainiv_module_init(void)
  108. {
  109. return crypto_register_template(&echainiv_tmpl);
  110. }
  111. static void __exit echainiv_module_exit(void)
  112. {
  113. crypto_unregister_template(&echainiv_tmpl);
  114. }
  115. module_init(echainiv_module_init);
  116. module_exit(echainiv_module_exit);
  117. MODULE_LICENSE("GPL");
  118. MODULE_DESCRIPTION("Encrypted Chain IV Generator");
  119. MODULE_ALIAS_CRYPTO("echainiv");