1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * AEAD: Authenticated Encryption with Associated Data 4 * 5 * This file provides API support for AEAD algorithms. 6 * 7 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10#include <crypto/internal/aead.h> 11#include <linux/cryptouser.h> 12#include <linux/errno.h> 13#include <linux/init.h> 14#include <linux/kernel.h> 15#include <linux/module.h> 16#include <linux/slab.h> 17#include <linux/seq_file.h> 18#include <linux/string.h> 19#include <net/netlink.h> 20 21#include "internal.h" 22 23static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 24 unsigned int keylen) 25{ 26 unsigned long alignmask = crypto_aead_alignmask(tfm); 27 int ret; 28 u8 *buffer, *alignbuffer; 29 unsigned long absize; 30 31 absize = keylen + alignmask; 32 buffer = kmalloc(absize, GFP_ATOMIC); 33 if (!buffer) 34 return -ENOMEM; 35 36 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 37 memcpy(alignbuffer, key, keylen); 38 ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); 39 kfree_sensitive(buffer); 40 return ret; 41} 42 43int crypto_aead_setkey(struct crypto_aead *tfm, 44 const u8 *key, unsigned int keylen) 45{ 46 unsigned long alignmask = crypto_aead_alignmask(tfm); 47 int err; 48 49 if ((unsigned long)key & alignmask) 50 err = setkey_unaligned(tfm, key, keylen); 51 else 52 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); 53 54 if (unlikely(err)) { 55 crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY); 56 return err; 57 } 58 59 crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 60 return 0; 61} 62EXPORT_SYMBOL_GPL(crypto_aead_setkey); 63 64int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 65{ 66 int err; 67 68 if ((!authsize && crypto_aead_maxauthsize(tfm)) || 69 authsize > crypto_aead_maxauthsize(tfm)) 70 return -EINVAL; 71 72 if (crypto_aead_alg(tfm)->setauthsize) { 73 err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); 74 if (err) 75 return err; 76 } 77 78 tfm->authsize = authsize; 79 return 0; 80} 81EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); 82 83int crypto_aead_encrypt(struct aead_request *req) 84{ 85 struct crypto_aead *aead = crypto_aead_reqtfm(req); 86 87 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 88 return -ENOKEY; 89 90 return crypto_aead_alg(aead)->encrypt(req); 91} 92EXPORT_SYMBOL_GPL(crypto_aead_encrypt); 93 94int crypto_aead_decrypt(struct aead_request *req) 95{ 96 struct crypto_aead *aead = crypto_aead_reqtfm(req); 97 98 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 99 return -ENOKEY; 100 101 if (req->cryptlen < crypto_aead_authsize(aead)) 102 return -EINVAL; 103 104 return crypto_aead_alg(aead)->decrypt(req); 105} 106EXPORT_SYMBOL_GPL(crypto_aead_decrypt); 107 108static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) 109{ 110 struct crypto_aead *aead = __crypto_aead_cast(tfm); 111 struct aead_alg *alg = crypto_aead_alg(aead); 112 113 alg->exit(aead); 114} 115 116static int crypto_aead_init_tfm(struct crypto_tfm *tfm) 117{ 118 struct crypto_aead *aead = __crypto_aead_cast(tfm); 119 struct aead_alg *alg = crypto_aead_alg(aead); 120 121 crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY); 122 123 aead->authsize = alg->maxauthsize; 124 125 if (alg->exit) 126 aead->base.exit = crypto_aead_exit_tfm; 127 128 if (alg->init) 129 return alg->init(aead); 130 131 return 0; 132} 133 134static int __maybe_unused crypto_aead_report( 135 struct sk_buff *skb, struct crypto_alg *alg) 136{ 137 struct crypto_report_aead raead; 138 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 139 140 memset(&raead, 0, sizeof(raead)); 141 142 strscpy(raead.type, "aead", sizeof(raead.type)); 143 strscpy(raead.geniv, "<none>", sizeof(raead.geniv)); 144 145 raead.blocksize = alg->cra_blocksize; 146 raead.maxauthsize = aead->maxauthsize; 147 raead.ivsize = aead->ivsize; 148 149 return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead); 150} 151 152static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 153 __maybe_unused; 154static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) 155{ 156 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 157 158 seq_printf(m, "type : aead\n"); 159 seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? 160 "yes" : "no"); 161 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 162 seq_printf(m, "ivsize : %u\n", aead->ivsize); 163 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); 164 seq_printf(m, "geniv : <none>\n"); 165} 166 167static void crypto_aead_free_instance(struct crypto_instance *inst) 168{ 169 struct aead_instance *aead = aead_instance(inst); 170 171 aead->free(aead); 172} 173 174static const struct crypto_type crypto_aead_type = { 175 .extsize = crypto_alg_extsize, 176 .init_tfm = crypto_aead_init_tfm, 177 .free = crypto_aead_free_instance, 178#ifdef CONFIG_PROC_FS 179 .show = crypto_aead_show, 180#endif 181#if IS_ENABLED(CONFIG_CRYPTO_USER) 182 .report = crypto_aead_report, 183#endif 184 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 185 .maskset = CRYPTO_ALG_TYPE_MASK, 186 .type = CRYPTO_ALG_TYPE_AEAD, 187 .tfmsize = offsetof(struct crypto_aead, base), 188}; 189 190int crypto_grab_aead(struct crypto_aead_spawn *spawn, 191 struct crypto_instance *inst, 192 const char *name, u32 type, u32 mask) 193{ 194 spawn->base.frontend = &crypto_aead_type; 195 return crypto_grab_spawn(&spawn->base, inst, name, type, mask); 196} 197EXPORT_SYMBOL_GPL(crypto_grab_aead); 198 199struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) 200{ 201 return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); 202} 203EXPORT_SYMBOL_GPL(crypto_alloc_aead); 204 205int crypto_has_aead(const char *alg_name, u32 type, u32 mask) 206{ 207 return crypto_type_has_alg(alg_name, &crypto_aead_type, type, mask); 208} 209EXPORT_SYMBOL_GPL(crypto_has_aead); 210 211static int aead_prepare_alg(struct aead_alg *alg) 212{ 213 struct crypto_alg *base = &alg->base; 214 215 if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > 216 PAGE_SIZE / 8) 217 return -EINVAL; 218 219 if (!alg->chunksize) 220 alg->chunksize = base->cra_blocksize; 221 222 base->cra_type = &crypto_aead_type; 223 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 224 base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; 225 226 return 0; 227} 228 229int crypto_register_aead(struct aead_alg *alg) 230{ 231 struct crypto_alg *base = &alg->base; 232 int err; 233 234 err = aead_prepare_alg(alg); 235 if (err) 236 return err; 237 238 return crypto_register_alg(base); 239} 240EXPORT_SYMBOL_GPL(crypto_register_aead); 241 242void crypto_unregister_aead(struct aead_alg *alg) 243{ 244 crypto_unregister_alg(&alg->base); 245} 246EXPORT_SYMBOL_GPL(crypto_unregister_aead); 247 248int crypto_register_aeads(struct aead_alg *algs, int count) 249{ 250 int i, ret; 251 252 for (i = 0; i < count; i++) { 253 ret = crypto_register_aead(&algs[i]); 254 if (ret) 255 goto err; 256 } 257 258 return 0; 259 260err: 261 for (--i; i >= 0; --i) 262 crypto_unregister_aead(&algs[i]); 263 264 return ret; 265} 266EXPORT_SYMBOL_GPL(crypto_register_aeads); 267 268void crypto_unregister_aeads(struct aead_alg *algs, int count) 269{ 270 int i; 271 272 for (i = count - 1; i >= 0; --i) 273 crypto_unregister_aead(&algs[i]); 274} 275EXPORT_SYMBOL_GPL(crypto_unregister_aeads); 276 277int aead_register_instance(struct crypto_template *tmpl, 278 struct aead_instance *inst) 279{ 280 int err; 281 282 if (WARN_ON(!inst->free)) 283 return -EINVAL; 284 285 err = aead_prepare_alg(&inst->alg); 286 if (err) 287 return err; 288 289 return crypto_register_instance(tmpl, aead_crypto_instance(inst)); 290} 291EXPORT_SYMBOL_GPL(aead_register_instance); 292 293MODULE_LICENSE("GPL"); 294MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); 295