xref: /linux/include/crypto/skcipher.h (revision 08f3e0873ac203449465c2b8473d684e2f9f41d1)
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * Symmetric key ciphers.
4  *
5  * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
6  */
7 
8 #ifndef _CRYPTO_SKCIPHER_H
9 #define _CRYPTO_SKCIPHER_H
10 
11 #include <linux/crypto.h>
12 #include <linux/kernel.h>
13 #include <linux/slab.h>
14 
15 /**
16  *	struct skcipher_request - Symmetric key cipher request
17  *	@cryptlen: Number of bytes to encrypt or decrypt
18  *	@iv: Initialisation Vector
19  *	@src: Source SG list
20  *	@dst: Destination SG list
21  *	@base: Underlying async request
22  *	@__ctx: Start of private context data
23  */
24 struct skcipher_request {
25 	unsigned int cryptlen;
26 
27 	u8 *iv;
28 
29 	struct scatterlist *src;
30 	struct scatterlist *dst;
31 
32 	struct crypto_async_request base;
33 
34 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
35 };
36 
37 struct crypto_skcipher {
38 	unsigned int reqsize;
39 
40 	struct crypto_tfm base;
41 };
42 
43 struct crypto_sync_skcipher {
44 	struct crypto_skcipher base;
45 };
46 
47 /**
48  * struct skcipher_alg - symmetric key cipher definition
49  * @min_keysize: Minimum key size supported by the transformation. This is the
50  *		 smallest key length supported by this transformation algorithm.
51  *		 This must be set to one of the pre-defined values as this is
52  *		 not hardware specific. Possible values for this field can be
53  *		 found via git grep "_MIN_KEY_SIZE" include/crypto/
54  * @max_keysize: Maximum key size supported by the transformation. This is the
55  *		 largest key length supported by this transformation algorithm.
56  *		 This must be set to one of the pre-defined values as this is
57  *		 not hardware specific. Possible values for this field can be
58  *		 found via git grep "_MAX_KEY_SIZE" include/crypto/
59  * @setkey: Set key for the transformation. This function is used to either
60  *	    program a supplied key into the hardware or store the key in the
61  *	    transformation context for programming it later. Note that this
62  *	    function does modify the transformation context. This function can
63  *	    be called multiple times during the existence of the transformation
64  *	    object, so one must make sure the key is properly reprogrammed into
65  *	    the hardware. This function is also responsible for checking the key
66  *	    length for validity. In case a software fallback was put in place in
67  *	    the @cra_init call, this function might need to use the fallback if
68  *	    the algorithm doesn't support all of the key sizes.
69  * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt
70  *	     the supplied scatterlist containing the blocks of data. The crypto
71  *	     API consumer is responsible for aligning the entries of the
72  *	     scatterlist properly and making sure the chunks are correctly
73  *	     sized. In case a software fallback was put in place in the
74  *	     @cra_init call, this function might need to use the fallback if
75  *	     the algorithm doesn't support all of the key sizes. In case the
76  *	     key was stored in transformation context, the key might need to be
77  *	     re-programmed into the hardware in this function. This function
78  *	     shall not modify the transformation context, as this function may
79  *	     be called in parallel with the same transformation object.
80  * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt
81  *	     and the conditions are exactly the same.
82  * @init: Initialize the cryptographic transformation object. This function
83  *	  is used to initialize the cryptographic transformation object.
84  *	  This function is called only once at the instantiation time, right
85  *	  after the transformation context was allocated. In case the
86  *	  cryptographic hardware has some special requirements which need to
87  *	  be handled by software, this function shall check for the precise
88  *	  requirement of the transformation and put any software fallbacks
89  *	  in place.
90  * @exit: Deinitialize the cryptographic transformation object. This is a
91  *	  counterpart to @init, used to remove various changes set in
92  *	  @init.
93  * @ivsize: IV size applicable for transformation. The consumer must provide an
94  *	    IV of exactly that size to perform the encrypt or decrypt operation.
95  * @chunksize: Equal to the block size except for stream ciphers such as
96  *	       CTR where it is set to the underlying block size.
97  * @walksize: Equal to the chunk size except in cases where the algorithm is
98  * 	      considerably more efficient if it can operate on multiple chunks
99  * 	      in parallel. Should be a multiple of chunksize.
100  * @base: Definition of a generic crypto algorithm.
101  *
102  * All fields except @ivsize are mandatory and must be filled.
103  */
104 struct skcipher_alg {
105 	int (*setkey)(struct crypto_skcipher *tfm, const u8 *key,
106 	              unsigned int keylen);
107 	int (*encrypt)(struct skcipher_request *req);
108 	int (*decrypt)(struct skcipher_request *req);
109 	int (*init)(struct crypto_skcipher *tfm);
110 	void (*exit)(struct crypto_skcipher *tfm);
111 
112 	unsigned int min_keysize;
113 	unsigned int max_keysize;
114 	unsigned int ivsize;
115 	unsigned int chunksize;
116 	unsigned int walksize;
117 
118 	struct crypto_alg base;
119 };
120 
121 #define MAX_SYNC_SKCIPHER_REQSIZE      384
122 /*
123  * This performs a type-check against the "tfm" argument to make sure
124  * all users have the correct skcipher tfm for doing on-stack requests.
125  */
126 #define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \
127 	char __##name##_desc[sizeof(struct skcipher_request) + \
128 			     MAX_SYNC_SKCIPHER_REQSIZE + \
129 			     (!(sizeof((struct crypto_sync_skcipher *)1 == \
130 				       (typeof(tfm))1))) \
131 			    ] CRYPTO_MINALIGN_ATTR; \
132 	struct skcipher_request *name = (void *)__##name##_desc
133 
134 /**
135  * DOC: Symmetric Key Cipher API
136  *
137  * Symmetric key cipher API is used with the ciphers of type
138  * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto).
139  *
140  * Asynchronous cipher operations imply that the function invocation for a
141  * cipher request returns immediately before the completion of the operation.
142  * The cipher request is scheduled as a separate kernel thread and therefore
143  * load-balanced on the different CPUs via the process scheduler. To allow
144  * the kernel crypto API to inform the caller about the completion of a cipher
145  * request, the caller must provide a callback function. That function is
146  * invoked with the cipher handle when the request completes.
147  *
148  * To support the asynchronous operation, additional information than just the
149  * cipher handle must be supplied to the kernel crypto API. That additional
150  * information is given by filling in the skcipher_request data structure.
151  *
152  * For the symmetric key cipher API, the state is maintained with the tfm
153  * cipher handle. A single tfm can be used across multiple calls and in
154  * parallel. For asynchronous block cipher calls, context data supplied and
155  * only used by the caller can be referenced the request data structure in
156  * addition to the IV used for the cipher request. The maintenance of such
157  * state information would be important for a crypto driver implementer to
158  * have, because when calling the callback function upon completion of the
159  * cipher operation, that callback function may need some information about
160  * which operation just finished if it invoked multiple in parallel. This
161  * state information is unused by the kernel crypto API.
162  */
163 
164 static inline struct crypto_skcipher *__crypto_skcipher_cast(
165 	struct crypto_tfm *tfm)
166 {
167 	return container_of(tfm, struct crypto_skcipher, base);
168 }
169 
170 /**
171  * crypto_alloc_skcipher() - allocate symmetric key cipher handle
172  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
173  *	      skcipher cipher
174  * @type: specifies the type of the cipher
175  * @mask: specifies the mask for the cipher
176  *
177  * Allocate a cipher handle for an skcipher. The returned struct
178  * crypto_skcipher is the cipher handle that is required for any subsequent
179  * API invocation for that skcipher.
180  *
181  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
182  *	   of an error, PTR_ERR() returns the error code.
183  */
184 struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
185 					      u32 type, u32 mask);
186 
187 struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
188 					      u32 type, u32 mask);
189 
190 static inline struct crypto_tfm *crypto_skcipher_tfm(
191 	struct crypto_skcipher *tfm)
192 {
193 	return &tfm->base;
194 }
195 
196 /**
197  * crypto_free_skcipher() - zeroize and free cipher handle
198  * @tfm: cipher handle to be freed
199  *
200  * If @tfm is a NULL or error pointer, this function does nothing.
201  */
202 static inline void crypto_free_skcipher(struct crypto_skcipher *tfm)
203 {
204 	crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm));
205 }
206 
207 static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm)
208 {
209 	crypto_free_skcipher(&tfm->base);
210 }
211 
212 /**
213  * crypto_has_skcipher() - Search for the availability of an skcipher.
214  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
215  *	      skcipher
216  * @type: specifies the type of the skcipher
217  * @mask: specifies the mask for the skcipher
218  *
219  * Return: true when the skcipher is known to the kernel crypto API; false
220  *	   otherwise
221  */
222 int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask);
223 
224 static inline const char *crypto_skcipher_driver_name(
225 	struct crypto_skcipher *tfm)
226 {
227 	return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
228 }
229 
230 static inline struct skcipher_alg *crypto_skcipher_alg(
231 	struct crypto_skcipher *tfm)
232 {
233 	return container_of(crypto_skcipher_tfm(tfm)->__crt_alg,
234 			    struct skcipher_alg, base);
235 }
236 
237 static inline unsigned int crypto_skcipher_alg_ivsize(struct skcipher_alg *alg)
238 {
239 	return alg->ivsize;
240 }
241 
242 /**
243  * crypto_skcipher_ivsize() - obtain IV size
244  * @tfm: cipher handle
245  *
246  * The size of the IV for the skcipher referenced by the cipher handle is
247  * returned. This IV size may be zero if the cipher does not need an IV.
248  *
249  * Return: IV size in bytes
250  */
251 static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm)
252 {
253 	return crypto_skcipher_alg(tfm)->ivsize;
254 }
255 
256 static inline unsigned int crypto_sync_skcipher_ivsize(
257 	struct crypto_sync_skcipher *tfm)
258 {
259 	return crypto_skcipher_ivsize(&tfm->base);
260 }
261 
262 /**
263  * crypto_skcipher_blocksize() - obtain block size of cipher
264  * @tfm: cipher handle
265  *
266  * The block size for the skcipher referenced with the cipher handle is
267  * returned. The caller may use that information to allocate appropriate
268  * memory for the data returned by the encryption or decryption operation
269  *
270  * Return: block size of cipher
271  */
272 static inline unsigned int crypto_skcipher_blocksize(
273 	struct crypto_skcipher *tfm)
274 {
275 	return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm));
276 }
277 
278 static inline unsigned int crypto_skcipher_alg_chunksize(
279 	struct skcipher_alg *alg)
280 {
281 	return alg->chunksize;
282 }
283 
284 /**
285  * crypto_skcipher_chunksize() - obtain chunk size
286  * @tfm: cipher handle
287  *
288  * The block size is set to one for ciphers such as CTR.  However,
289  * you still need to provide incremental updates in multiples of
290  * the underlying block size as the IV does not have sub-block
291  * granularity.  This is known in this API as the chunk size.
292  *
293  * Return: chunk size in bytes
294  */
295 static inline unsigned int crypto_skcipher_chunksize(
296 	struct crypto_skcipher *tfm)
297 {
298 	return crypto_skcipher_alg_chunksize(crypto_skcipher_alg(tfm));
299 }
300 
301 static inline unsigned int crypto_sync_skcipher_blocksize(
302 	struct crypto_sync_skcipher *tfm)
303 {
304 	return crypto_skcipher_blocksize(&tfm->base);
305 }
306 
307 static inline unsigned int crypto_skcipher_alignmask(
308 	struct crypto_skcipher *tfm)
309 {
310 	return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm));
311 }
312 
313 static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm)
314 {
315 	return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm));
316 }
317 
318 static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm,
319 					       u32 flags)
320 {
321 	crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags);
322 }
323 
324 static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm,
325 						 u32 flags)
326 {
327 	crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags);
328 }
329 
330 static inline u32 crypto_sync_skcipher_get_flags(
331 	struct crypto_sync_skcipher *tfm)
332 {
333 	return crypto_skcipher_get_flags(&tfm->base);
334 }
335 
336 static inline void crypto_sync_skcipher_set_flags(
337 	struct crypto_sync_skcipher *tfm, u32 flags)
338 {
339 	crypto_skcipher_set_flags(&tfm->base, flags);
340 }
341 
342 static inline void crypto_sync_skcipher_clear_flags(
343 	struct crypto_sync_skcipher *tfm, u32 flags)
344 {
345 	crypto_skcipher_clear_flags(&tfm->base, flags);
346 }
347 
348 /**
349  * crypto_skcipher_setkey() - set key for cipher
350  * @tfm: cipher handle
351  * @key: buffer holding the key
352  * @keylen: length of the key in bytes
353  *
354  * The caller provided key is set for the skcipher referenced by the cipher
355  * handle.
356  *
357  * Note, the key length determines the cipher type. Many block ciphers implement
358  * different cipher modes depending on the key size, such as AES-128 vs AES-192
359  * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
360  * is performed.
361  *
362  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
363  */
364 int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
365 			   const u8 *key, unsigned int keylen);
366 
367 static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
368 					 const u8 *key, unsigned int keylen)
369 {
370 	return crypto_skcipher_setkey(&tfm->base, key, keylen);
371 }
372 
373 static inline unsigned int crypto_skcipher_min_keysize(
374 	struct crypto_skcipher *tfm)
375 {
376 	return crypto_skcipher_alg(tfm)->min_keysize;
377 }
378 
379 static inline unsigned int crypto_skcipher_max_keysize(
380 	struct crypto_skcipher *tfm)
381 {
382 	return crypto_skcipher_alg(tfm)->max_keysize;
383 }
384 
385 /**
386  * crypto_skcipher_reqtfm() - obtain cipher handle from request
387  * @req: skcipher_request out of which the cipher handle is to be obtained
388  *
389  * Return the crypto_skcipher handle when furnishing an skcipher_request
390  * data structure.
391  *
392  * Return: crypto_skcipher handle
393  */
394 static inline struct crypto_skcipher *crypto_skcipher_reqtfm(
395 	struct skcipher_request *req)
396 {
397 	return __crypto_skcipher_cast(req->base.tfm);
398 }
399 
400 static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm(
401 	struct skcipher_request *req)
402 {
403 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
404 
405 	return container_of(tfm, struct crypto_sync_skcipher, base);
406 }
407 
408 /**
409  * crypto_skcipher_encrypt() - encrypt plaintext
410  * @req: reference to the skcipher_request handle that holds all information
411  *	 needed to perform the cipher operation
412  *
413  * Encrypt plaintext data using the skcipher_request handle. That data
414  * structure and how it is filled with data is discussed with the
415  * skcipher_request_* functions.
416  *
417  * Return: 0 if the cipher operation was successful; < 0 if an error occurred
418  */
419 int crypto_skcipher_encrypt(struct skcipher_request *req);
420 
421 /**
422  * crypto_skcipher_decrypt() - decrypt ciphertext
423  * @req: reference to the skcipher_request handle that holds all information
424  *	 needed to perform the cipher operation
425  *
426  * Decrypt ciphertext data using the skcipher_request handle. That data
427  * structure and how it is filled with data is discussed with the
428  * skcipher_request_* functions.
429  *
430  * Return: 0 if the cipher operation was successful; < 0 if an error occurred
431  */
432 int crypto_skcipher_decrypt(struct skcipher_request *req);
433 
434 /**
435  * DOC: Symmetric Key Cipher Request Handle
436  *
437  * The skcipher_request data structure contains all pointers to data
438  * required for the symmetric key cipher operation. This includes the cipher
439  * handle (which can be used by multiple skcipher_request instances), pointer
440  * to plaintext and ciphertext, asynchronous callback function, etc. It acts
441  * as a handle to the skcipher_request_* API calls in a similar way as
442  * skcipher handle to the crypto_skcipher_* API calls.
443  */
444 
445 /**
446  * crypto_skcipher_reqsize() - obtain size of the request data structure
447  * @tfm: cipher handle
448  *
449  * Return: number of bytes
450  */
451 static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm)
452 {
453 	return tfm->reqsize;
454 }
455 
456 /**
457  * skcipher_request_set_tfm() - update cipher handle reference in request
458  * @req: request handle to be modified
459  * @tfm: cipher handle that shall be added to the request handle
460  *
461  * Allow the caller to replace the existing skcipher handle in the request
462  * data structure with a different one.
463  */
464 static inline void skcipher_request_set_tfm(struct skcipher_request *req,
465 					    struct crypto_skcipher *tfm)
466 {
467 	req->base.tfm = crypto_skcipher_tfm(tfm);
468 }
469 
470 static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req,
471 					    struct crypto_sync_skcipher *tfm)
472 {
473 	skcipher_request_set_tfm(req, &tfm->base);
474 }
475 
476 static inline struct skcipher_request *skcipher_request_cast(
477 	struct crypto_async_request *req)
478 {
479 	return container_of(req, struct skcipher_request, base);
480 }
481 
482 /**
483  * skcipher_request_alloc() - allocate request data structure
484  * @tfm: cipher handle to be registered with the request
485  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
486  *
487  * Allocate the request data structure that must be used with the skcipher
488  * encrypt and decrypt API calls. During the allocation, the provided skcipher
489  * handle is registered in the request data structure.
490  *
491  * Return: allocated request handle in case of success, or NULL if out of memory
492  */
493 static inline struct skcipher_request *skcipher_request_alloc(
494 	struct crypto_skcipher *tfm, gfp_t gfp)
495 {
496 	struct skcipher_request *req;
497 
498 	req = kmalloc(sizeof(struct skcipher_request) +
499 		      crypto_skcipher_reqsize(tfm), gfp);
500 
501 	if (likely(req))
502 		skcipher_request_set_tfm(req, tfm);
503 
504 	return req;
505 }
506 
507 /**
508  * skcipher_request_free() - zeroize and free request data structure
509  * @req: request data structure cipher handle to be freed
510  */
511 static inline void skcipher_request_free(struct skcipher_request *req)
512 {
513 	kfree_sensitive(req);
514 }
515 
516 static inline void skcipher_request_zero(struct skcipher_request *req)
517 {
518 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
519 
520 	memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm));
521 }
522 
523 /**
524  * skcipher_request_set_callback() - set asynchronous callback function
525  * @req: request handle
526  * @flags: specify zero or an ORing of the flags
527  *	   CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
528  *	   increase the wait queue beyond the initial maximum size;
529  *	   CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
530  * @compl: callback function pointer to be registered with the request handle
531  * @data: The data pointer refers to memory that is not used by the kernel
532  *	  crypto API, but provided to the callback function for it to use. Here,
533  *	  the caller can provide a reference to memory the callback function can
534  *	  operate on. As the callback function is invoked asynchronously to the
535  *	  related functionality, it may need to access data structures of the
536  *	  related functionality which can be referenced using this pointer. The
537  *	  callback function can access the memory via the "data" field in the
538  *	  crypto_async_request data structure provided to the callback function.
539  *
540  * This function allows setting the callback function that is triggered once the
541  * cipher operation completes.
542  *
543  * The callback function is registered with the skcipher_request handle and
544  * must comply with the following template::
545  *
546  *	void callback_function(struct crypto_async_request *req, int error)
547  */
548 static inline void skcipher_request_set_callback(struct skcipher_request *req,
549 						 u32 flags,
550 						 crypto_completion_t compl,
551 						 void *data)
552 {
553 	req->base.complete = compl;
554 	req->base.data = data;
555 	req->base.flags = flags;
556 }
557 
558 /**
559  * skcipher_request_set_crypt() - set data buffers
560  * @req: request handle
561  * @src: source scatter / gather list
562  * @dst: destination scatter / gather list
563  * @cryptlen: number of bytes to process from @src
564  * @iv: IV for the cipher operation which must comply with the IV size defined
565  *      by crypto_skcipher_ivsize
566  *
567  * This function allows setting of the source data and destination data
568  * scatter / gather lists.
569  *
570  * For encryption, the source is treated as the plaintext and the
571  * destination is the ciphertext. For a decryption operation, the use is
572  * reversed - the source is the ciphertext and the destination is the plaintext.
573  */
574 static inline void skcipher_request_set_crypt(
575 	struct skcipher_request *req,
576 	struct scatterlist *src, struct scatterlist *dst,
577 	unsigned int cryptlen, void *iv)
578 {
579 	req->src = src;
580 	req->dst = dst;
581 	req->cryptlen = cryptlen;
582 	req->iv = iv;
583 }
584 
585 #endif	/* _CRYPTO_SKCIPHER_H */
586 
587