1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * AEAD: Authenticated Encryption with Associated Data 4 * 5 * This file provides API support for AEAD algorithms. 6 * 7 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <crypto/internal/aead.h> 11 #include <linux/cryptouser.h> 12 #include <linux/errno.h> 13 #include <linux/init.h> 14 #include <linux/kernel.h> 15 #include <linux/module.h> 16 #include <linux/slab.h> 17 #include <linux/seq_file.h> 18 #include <linux/string.h> 19 #include <linux/string_choices.h> 20 #include <net/netlink.h> 21 22 #include "internal.h" 23 24 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 25 unsigned int keylen) 26 { 27 unsigned long alignmask = crypto_aead_alignmask(tfm); 28 int ret; 29 u8 *buffer, *alignbuffer; 30 unsigned long absize; 31 32 absize = keylen + alignmask; 33 buffer = kmalloc(absize, GFP_ATOMIC); 34 if (!buffer) 35 return -ENOMEM; 36 37 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 38 memcpy(alignbuffer, key, keylen); 39 ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); 40 kfree_sensitive(buffer); 41 return ret; 42 } 43 44 int crypto_aead_setkey(struct crypto_aead *tfm, 45 const u8 *key, unsigned int keylen) 46 { 47 unsigned long alignmask = crypto_aead_alignmask(tfm); 48 int err; 49 50 if ((unsigned long)key & alignmask) 51 err = setkey_unaligned(tfm, key, keylen); 52 else 53 err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); 54 55 if (unlikely(err)) { 56 crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY); 57 return err; 58 } 59 60 crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); 61 return 0; 62 } 63 EXPORT_SYMBOL_GPL(crypto_aead_setkey); 64 65 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 66 { 67 int err; 68 69 if ((!authsize && crypto_aead_maxauthsize(tfm)) || 70 authsize > crypto_aead_maxauthsize(tfm)) 71 return -EINVAL; 72 73 if (crypto_aead_alg(tfm)->setauthsize) { 74 err = crypto_aead_alg(tfm)->setauthsize(tfm, authsize); 75 if (err) 76 return err; 77 } 78 79 tfm->authsize = authsize; 80 return 0; 81 } 82 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); 83 84 int crypto_aead_encrypt(struct aead_request *req) 85 { 86 struct crypto_aead *aead = crypto_aead_reqtfm(req); 87 88 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 89 return -ENOKEY; 90 91 return crypto_aead_alg(aead)->encrypt(req); 92 } 93 EXPORT_SYMBOL_GPL(crypto_aead_encrypt); 94 95 int crypto_aead_decrypt(struct aead_request *req) 96 { 97 struct crypto_aead *aead = crypto_aead_reqtfm(req); 98 99 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 100 return -ENOKEY; 101 102 if (req->cryptlen < crypto_aead_authsize(aead)) 103 return -EINVAL; 104 105 return crypto_aead_alg(aead)->decrypt(req); 106 } 107 EXPORT_SYMBOL_GPL(crypto_aead_decrypt); 108 109 static void crypto_aead_exit_tfm(struct crypto_tfm *tfm) 110 { 111 struct crypto_aead *aead = __crypto_aead_cast(tfm); 112 struct aead_alg *alg = crypto_aead_alg(aead); 113 114 alg->exit(aead); 115 } 116 117 static int crypto_aead_init_tfm(struct crypto_tfm *tfm) 118 { 119 struct crypto_aead *aead = __crypto_aead_cast(tfm); 120 struct aead_alg *alg = crypto_aead_alg(aead); 121 122 crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY); 123 crypto_aead_set_reqsize(aead, crypto_tfm_alg_reqsize(tfm)); 124 125 aead->authsize = alg->maxauthsize; 126 127 if (alg->exit) 128 aead->base.exit = crypto_aead_exit_tfm; 129 130 if (alg->init) 131 return alg->init(aead); 132 133 return 0; 134 } 135 136 static int __maybe_unused crypto_aead_report( 137 struct sk_buff *skb, struct crypto_alg *alg) 138 { 139 struct crypto_report_aead raead; 140 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 141 142 memset(&raead, 0, sizeof(raead)); 143 144 strscpy(raead.type, "aead", sizeof(raead.type)); 145 strscpy(raead.geniv, "<none>", sizeof(raead.geniv)); 146 147 raead.blocksize = alg->cra_blocksize; 148 raead.maxauthsize = aead->maxauthsize; 149 raead.ivsize = aead->ivsize; 150 151 return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead); 152 } 153 154 static void __maybe_unused crypto_aead_show(struct seq_file *m, 155 struct crypto_alg *alg) 156 { 157 struct aead_alg *aead = container_of(alg, struct aead_alg, base); 158 159 seq_printf(m, "type : aead\n"); 160 seq_printf(m, "async : %s\n", 161 str_yes_no(alg->cra_flags & CRYPTO_ALG_ASYNC)); 162 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); 163 seq_printf(m, "ivsize : %u\n", aead->ivsize); 164 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); 165 seq_printf(m, "geniv : <none>\n"); 166 } 167 168 static void crypto_aead_free_instance(struct crypto_instance *inst) 169 { 170 struct aead_instance *aead = aead_instance(inst); 171 172 aead->free(aead); 173 } 174 175 static const struct crypto_type crypto_aead_type = { 176 .extsize = crypto_alg_extsize, 177 .init_tfm = crypto_aead_init_tfm, 178 .free = crypto_aead_free_instance, 179 #ifdef CONFIG_PROC_FS 180 .show = crypto_aead_show, 181 #endif 182 #if IS_ENABLED(CONFIG_CRYPTO_USER) 183 .report = crypto_aead_report, 184 #endif 185 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 186 .maskset = CRYPTO_ALG_TYPE_MASK, 187 .type = CRYPTO_ALG_TYPE_AEAD, 188 .tfmsize = offsetof(struct crypto_aead, base), 189 .algsize = offsetof(struct aead_alg, base), 190 }; 191 192 int crypto_grab_aead(struct crypto_aead_spawn *spawn, 193 struct crypto_instance *inst, 194 const char *name, u32 type, u32 mask) 195 { 196 spawn->base.frontend = &crypto_aead_type; 197 return crypto_grab_spawn(&spawn->base, inst, name, type, mask); 198 } 199 EXPORT_SYMBOL_GPL(crypto_grab_aead); 200 201 struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) 202 { 203 return crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); 204 } 205 EXPORT_SYMBOL_GPL(crypto_alloc_aead); 206 207 struct crypto_sync_aead *crypto_alloc_sync_aead(const char *alg_name, u32 type, u32 mask) 208 { 209 struct crypto_aead *tfm; 210 211 /* Only sync algorithms are allowed. */ 212 mask |= CRYPTO_ALG_ASYNC; 213 type &= ~(CRYPTO_ALG_ASYNC); 214 215 tfm = crypto_alloc_tfm(alg_name, &crypto_aead_type, type, mask); 216 217 if (!IS_ERR(tfm) && WARN_ON(crypto_aead_reqsize(tfm) > MAX_SYNC_AEAD_REQSIZE)) { 218 crypto_free_aead(tfm); 219 return ERR_PTR(-EINVAL); 220 } 221 222 return (struct crypto_sync_aead *)tfm; 223 } 224 EXPORT_SYMBOL_GPL(crypto_alloc_sync_aead); 225 226 int crypto_has_aead(const char *alg_name, u32 type, u32 mask) 227 { 228 return crypto_type_has_alg(alg_name, &crypto_aead_type, type, mask); 229 } 230 EXPORT_SYMBOL_GPL(crypto_has_aead); 231 232 static int aead_prepare_alg(struct aead_alg *alg) 233 { 234 struct crypto_alg *base = &alg->base; 235 236 if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > 237 PAGE_SIZE / 8) 238 return -EINVAL; 239 240 if (!alg->chunksize) 241 alg->chunksize = base->cra_blocksize; 242 243 base->cra_type = &crypto_aead_type; 244 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 245 base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; 246 247 return 0; 248 } 249 250 int crypto_register_aead(struct aead_alg *alg) 251 { 252 struct crypto_alg *base = &alg->base; 253 int err; 254 255 err = aead_prepare_alg(alg); 256 if (err) 257 return err; 258 259 return crypto_register_alg(base); 260 } 261 EXPORT_SYMBOL_GPL(crypto_register_aead); 262 263 void crypto_unregister_aead(struct aead_alg *alg) 264 { 265 crypto_unregister_alg(&alg->base); 266 } 267 EXPORT_SYMBOL_GPL(crypto_unregister_aead); 268 269 int crypto_register_aeads(struct aead_alg *algs, int count) 270 { 271 int i, ret; 272 273 for (i = 0; i < count; i++) { 274 ret = crypto_register_aead(&algs[i]); 275 if (ret) 276 goto err; 277 } 278 279 return 0; 280 281 err: 282 for (--i; i >= 0; --i) 283 crypto_unregister_aead(&algs[i]); 284 285 return ret; 286 } 287 EXPORT_SYMBOL_GPL(crypto_register_aeads); 288 289 void crypto_unregister_aeads(struct aead_alg *algs, int count) 290 { 291 int i; 292 293 for (i = count - 1; i >= 0; --i) 294 crypto_unregister_aead(&algs[i]); 295 } 296 EXPORT_SYMBOL_GPL(crypto_unregister_aeads); 297 298 int aead_register_instance(struct crypto_template *tmpl, 299 struct aead_instance *inst) 300 { 301 int err; 302 303 if (WARN_ON(!inst->free)) 304 return -EINVAL; 305 306 err = aead_prepare_alg(&inst->alg); 307 if (err) 308 return err; 309 310 return crypto_register_instance(tmpl, aead_crypto_instance(inst)); 311 } 312 EXPORT_SYMBOL_GPL(aead_register_instance); 313 314 MODULE_LICENSE("GPL"); 315 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); 316