2019-05-27 06:55:01 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2015-08-20 07:21:45 +00:00
|
|
|
/*
|
|
|
|
|
* Symmetric key cipher operations.
|
|
|
|
|
*
|
|
|
|
|
* Generic encrypt/decrypt wrapper for ciphers, handles operations across
|
|
|
|
|
* multiple page boundaries by using temporary blocks. In user context,
|
|
|
|
|
* the kernel is given a chance to schedule us once per page.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
|
|
*/
|
|
|
|
|
|
2016-11-22 12:08:12 +00:00
|
|
|
#include <crypto/internal/aead.h>
|
2020-12-11 12:27:15 +00:00
|
|
|
#include <crypto/internal/cipher.h>
|
2015-08-20 07:21:45 +00:00
|
|
|
#include <crypto/internal/skcipher.h>
|
2016-11-22 12:08:12 +00:00
|
|
|
#include <crypto/scatterwalk.h>
|
2015-08-20 07:21:45 +00:00
|
|
|
#include <linux/bug.h>
|
2016-07-12 05:17:31 +00:00
|
|
|
#include <linux/cryptouser.h>
|
2023-02-16 10:35:21 +00:00
|
|
|
#include <linux/err.h>
|
|
|
|
|
#include <linux/kernel.h>
|
2015-08-20 07:21:45 +00:00
|
|
|
#include <linux/module.h>
|
2016-07-12 05:17:31 +00:00
|
|
|
#include <linux/seq_file.h>
|
2023-02-16 10:35:21 +00:00
|
|
|
#include <linux/slab.h>
|
|
|
|
|
#include <linux/string.h>
|
2025-01-17 14:42:22 +00:00
|
|
|
#include <linux/string_choices.h>
|
2016-07-12 05:17:31 +00:00
|
|
|
#include <net/netlink.h>
|
2023-09-14 08:28:24 +00:00
|
|
|
#include "skcipher.h"
|
2015-08-20 07:21:45 +00:00
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
#define CRYPTO_ALG_TYPE_SKCIPHER_MASK 0x0000000e
|
2015-08-20 07:21:45 +00:00
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
static const struct crypto_type crypto_skcipher_type;
|
|
|
|
|
|
2023-02-16 10:35:21 +00:00
|
|
|
static inline struct skcipher_alg *__crypto_skcipher_alg(
|
|
|
|
|
struct crypto_alg *alg)
|
|
|
|
|
{
|
|
|
|
|
return container_of(alg, struct skcipher_alg, base);
|
|
|
|
|
}
|
|
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
int skcipher_walk_virt(struct skcipher_walk *__restrict walk,
|
|
|
|
|
struct skcipher_request *__restrict req, bool atomic)
|
2016-11-22 12:08:12 +00:00
|
|
|
{
|
2025-02-23 06:27:51 +00:00
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
|
|
|
struct skcipher_alg *alg;
|
2025-01-05 19:34:13 +00:00
|
|
|
|
|
|
|
|
might_sleep_if(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
|
2016-11-22 12:08:12 +00:00
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
alg = crypto_skcipher_alg(tfm);
|
|
|
|
|
|
2017-10-07 03:29:48 +00:00
|
|
|
walk->total = req->cryptlen;
|
|
|
|
|
walk->nbytes = 0;
|
2017-11-29 09:18:57 +00:00
|
|
|
walk->iv = req->iv;
|
|
|
|
|
walk->oiv = req->iv;
|
2025-04-27 00:42:54 +00:00
|
|
|
if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP))
|
|
|
|
|
atomic = true;
|
2017-10-07 03:29:48 +00:00
|
|
|
|
|
|
|
|
if (unlikely(!walk->total))
|
2025-01-05 19:34:14 +00:00
|
|
|
return 0;
|
2017-10-07 03:29:48 +00:00
|
|
|
|
2016-11-22 12:08:12 +00:00
|
|
|
scatterwalk_start(&walk->in, req->src);
|
|
|
|
|
scatterwalk_start(&walk->out, req->dst);
|
|
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
walk->blocksize = crypto_skcipher_blocksize(tfm);
|
|
|
|
|
walk->ivsize = crypto_skcipher_ivsize(tfm);
|
|
|
|
|
walk->alignmask = crypto_skcipher_alignmask(tfm);
|
2016-11-22 12:08:12 +00:00
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
if (alg->co.base.cra_type != &crypto_skcipher_type)
|
|
|
|
|
walk->stride = alg->co.chunksize;
|
|
|
|
|
else
|
|
|
|
|
walk->stride = alg->walksize;
|
|
|
|
|
|
2025-04-27 00:42:54 +00:00
|
|
|
return skcipher_walk_first(walk, atomic);
|
2016-11-22 12:08:12 +00:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(skcipher_walk_virt);
|
|
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
static int skcipher_walk_aead_common(struct skcipher_walk *__restrict walk,
|
|
|
|
|
struct aead_request *__restrict req,
|
|
|
|
|
bool atomic)
|
2016-11-22 12:08:12 +00:00
|
|
|
{
|
2025-02-23 06:27:51 +00:00
|
|
|
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
|
2016-11-22 12:08:12 +00:00
|
|
|
|
2017-10-07 03:29:48 +00:00
|
|
|
walk->nbytes = 0;
|
2017-11-29 09:18:57 +00:00
|
|
|
walk->iv = req->iv;
|
|
|
|
|
walk->oiv = req->iv;
|
2025-04-27 00:42:54 +00:00
|
|
|
if (!(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP))
|
|
|
|
|
atomic = true;
|
2017-10-07 03:29:48 +00:00
|
|
|
|
|
|
|
|
if (unlikely(!walk->total))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2025-02-19 18:23:28 +00:00
|
|
|
scatterwalk_start_at_pos(&walk->in, req->src, req->assoclen);
|
|
|
|
|
scatterwalk_start_at_pos(&walk->out, req->dst, req->assoclen);
|
2017-11-23 12:49:06 +00:00
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
walk->blocksize = crypto_aead_blocksize(tfm);
|
|
|
|
|
walk->stride = crypto_aead_chunksize(tfm);
|
|
|
|
|
walk->ivsize = crypto_aead_ivsize(tfm);
|
|
|
|
|
walk->alignmask = crypto_aead_alignmask(tfm);
|
2016-11-22 12:08:12 +00:00
|
|
|
|
2025-04-27 00:42:54 +00:00
|
|
|
return skcipher_walk_first(walk, atomic);
|
2016-11-22 12:08:12 +00:00
|
|
|
}
|
2016-11-30 13:14:07 +00:00
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk,
|
|
|
|
|
struct aead_request *__restrict req,
|
|
|
|
|
bool atomic)
|
2016-11-30 13:14:07 +00:00
|
|
|
{
|
|
|
|
|
walk->total = req->cryptlen;
|
|
|
|
|
|
|
|
|
|
return skcipher_walk_aead_common(walk, req, atomic);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(skcipher_walk_aead_encrypt);
|
|
|
|
|
|
2025-02-23 06:27:51 +00:00
|
|
|
int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk,
|
|
|
|
|
struct aead_request *__restrict req,
|
|
|
|
|
bool atomic)
|
2016-11-30 13:14:07 +00:00
|
|
|
{
|
|
|
|
|
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
|
|
|
|
|
|
|
|
|
|
walk->total = req->cryptlen - crypto_aead_authsize(tfm);
|
|
|
|
|
|
|
|
|
|
return skcipher_walk_aead_common(walk, req, atomic);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(skcipher_walk_aead_decrypt);
|
|
|
|
|
|
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-01-07 02:47:43 +00:00
|
|
|
static void skcipher_set_needkey(struct crypto_skcipher *tfm)
|
|
|
|
|
{
|
2019-11-29 18:23:04 +00:00
|
|
|
if (crypto_skcipher_max_keysize(tfm) != 0)
|
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-01-07 02:47:43 +00:00
|
|
|
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-09 19:48:23 +00:00
|
|
|
static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
|
|
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
|
{
|
|
|
|
|
unsigned long alignmask = crypto_skcipher_alignmask(tfm);
|
|
|
|
|
struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
|
|
|
|
|
u8 *buffer, *alignbuffer;
|
|
|
|
|
unsigned long absize;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
absize = keylen + alignmask;
|
|
|
|
|
buffer = kmalloc(absize, GFP_ATOMIC);
|
|
|
|
|
if (!buffer)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
|
|
|
|
|
memcpy(alignbuffer, key, keylen);
|
|
|
|
|
ret = cipher->setkey(tfm, alignbuffer, keylen);
|
2020-08-07 06:18:13 +00:00
|
|
|
kfree_sensitive(buffer);
|
2017-05-09 19:48:23 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-29 18:23:05 +00:00
|
|
|
int crypto_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
2017-05-09 19:48:23 +00:00
|
|
|
unsigned int keylen)
|
|
|
|
|
{
|
|
|
|
|
struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
|
|
|
|
|
unsigned long alignmask = crypto_skcipher_alignmask(tfm);
|
2018-01-03 19:16:29 +00:00
|
|
|
int err;
|
2017-05-09 19:48:23 +00:00
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
if (cipher->co.base.cra_type != &crypto_skcipher_type) {
|
2023-10-13 05:56:13 +00:00
|
|
|
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(tfm);
|
|
|
|
|
|
|
|
|
|
crypto_lskcipher_clear_flags(*ctx, CRYPTO_TFM_REQ_MASK);
|
|
|
|
|
crypto_lskcipher_set_flags(*ctx,
|
|
|
|
|
crypto_skcipher_get_flags(tfm) &
|
|
|
|
|
CRYPTO_TFM_REQ_MASK);
|
|
|
|
|
err = crypto_lskcipher_setkey(*ctx, key, keylen);
|
2023-09-14 08:28:24 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-31 03:19:36 +00:00
|
|
|
if (keylen < cipher->min_keysize || keylen > cipher->max_keysize)
|
2017-05-09 19:48:23 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if ((unsigned long)key & alignmask)
|
2018-01-03 19:16:29 +00:00
|
|
|
err = skcipher_setkey_unaligned(tfm, key, keylen);
|
|
|
|
|
else
|
|
|
|
|
err = cipher->setkey(tfm, key, keylen);
|
|
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
out:
|
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-01-07 02:47:43 +00:00
|
|
|
if (unlikely(err)) {
|
|
|
|
|
skcipher_set_needkey(tfm);
|
2018-01-03 19:16:29 +00:00
|
|
|
return err;
|
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-01-07 02:47:43 +00:00
|
|
|
}
|
2017-05-09 19:48:23 +00:00
|
|
|
|
2018-01-03 19:16:29 +00:00
|
|
|
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
|
|
|
|
|
return 0;
|
2017-05-09 19:48:23 +00:00
|
|
|
}
|
2019-11-29 18:23:05 +00:00
|
|
|
EXPORT_SYMBOL_GPL(crypto_skcipher_setkey);
|
2017-05-09 19:48:23 +00:00
|
|
|
|
2019-06-03 05:45:51 +00:00
|
|
|
int crypto_skcipher_encrypt(struct skcipher_request *req)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
2023-02-16 10:35:21 +00:00
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
|
|
|
|
|
2019-06-03 05:45:51 +00:00
|
|
|
if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
|
crypto: remove CONFIG_CRYPTO_STATS
Remove support for the "Crypto usage statistics" feature
(CONFIG_CRYPTO_STATS). This feature does not appear to have ever been
used, and it is harmful because it significantly reduces performance and
is a large maintenance burden.
Covering each of these points in detail:
1. Feature is not being used
Since these generic crypto statistics are only readable using netlink,
it's fairly straightforward to look for programs that use them. I'm
unable to find any evidence that any such programs exist. For example,
Debian Code Search returns no hits except the kernel header and kernel
code itself and translations of the kernel header:
https://codesearch.debian.net/search?q=CRYPTOCFGA_STAT&literal=1&perpkg=1
The patch series that added this feature in 2018
(https://lore.kernel.org/linux-crypto/1537351855-16618-1-git-send-email-clabbe@baylibre.com/)
said "The goal is to have an ifconfig for crypto device." This doesn't
appear to have happened.
It's not clear that there is real demand for crypto statistics. Just
because the kernel provides other types of statistics such as I/O and
networking statistics and some people find those useful does not mean
that crypto statistics are useful too.
Further evidence that programs are not using CONFIG_CRYPTO_STATS is that
it was able to be disabled in RHEL and Fedora as a bug fix
(https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2947).
Even further evidence comes from the fact that there are and have been
bugs in how the stats work, but they were never reported. For example,
before Linux v6.7 hash stats were double-counted in most cases.
There has also never been any documentation for this feature, so it
might be hard to use even if someone wanted to.
2. CONFIG_CRYPTO_STATS significantly reduces performance
Enabling CONFIG_CRYPTO_STATS significantly reduces the performance of
the crypto API, even if no program ever retrieves the statistics. This
primarily affects systems with a large number of CPUs. For example,
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039576 reported
that Lustre client encryption performance improved from 21.7GB/s to
48.2GB/s by disabling CONFIG_CRYPTO_STATS.
It can be argued that this means that CONFIG_CRYPTO_STATS should be
optimized with per-cpu counters similar to many of the networking
counters. But no one has done this in 5+ years. This is consistent
with the fact that the feature appears to be unused, so there seems to
be little interest in improving it as opposed to just disabling it.
It can be argued that because CONFIG_CRYPTO_STATS is off by default,
performance doesn't matter. But Linux distros tend to error on the side
of enabling options. The option is enabled in Ubuntu and Arch Linux,
and until recently was enabled in RHEL and Fedora (see above). So, even
just having the option available is harmful to users.
3. CONFIG_CRYPTO_STATS is a large maintenance burden
There are over 1000 lines of code associated with CONFIG_CRYPTO_STATS,
spread among 32 files. It significantly complicates much of the
implementation of the crypto API. After the initial submission, many
fixes and refactorings have consumed effort of multiple people to keep
this feature "working". We should be spending this effort elsewhere.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-03-13 03:48:21 +00:00
|
|
|
return -ENOKEY;
|
|
|
|
|
if (alg->co.base.cra_type != &crypto_skcipher_type)
|
|
|
|
|
return crypto_lskcipher_encrypt_sg(req);
|
|
|
|
|
return alg->encrypt(req);
|
2019-06-03 05:45:51 +00:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
|
|
|
|
|
|
|
|
|
|
int crypto_skcipher_decrypt(struct skcipher_request *req)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
2023-02-16 10:35:21 +00:00
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
|
|
|
|
|
2019-06-03 05:45:51 +00:00
|
|
|
if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
|
crypto: remove CONFIG_CRYPTO_STATS
Remove support for the "Crypto usage statistics" feature
(CONFIG_CRYPTO_STATS). This feature does not appear to have ever been
used, and it is harmful because it significantly reduces performance and
is a large maintenance burden.
Covering each of these points in detail:
1. Feature is not being used
Since these generic crypto statistics are only readable using netlink,
it's fairly straightforward to look for programs that use them. I'm
unable to find any evidence that any such programs exist. For example,
Debian Code Search returns no hits except the kernel header and kernel
code itself and translations of the kernel header:
https://codesearch.debian.net/search?q=CRYPTOCFGA_STAT&literal=1&perpkg=1
The patch series that added this feature in 2018
(https://lore.kernel.org/linux-crypto/1537351855-16618-1-git-send-email-clabbe@baylibre.com/)
said "The goal is to have an ifconfig for crypto device." This doesn't
appear to have happened.
It's not clear that there is real demand for crypto statistics. Just
because the kernel provides other types of statistics such as I/O and
networking statistics and some people find those useful does not mean
that crypto statistics are useful too.
Further evidence that programs are not using CONFIG_CRYPTO_STATS is that
it was able to be disabled in RHEL and Fedora as a bug fix
(https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2947).
Even further evidence comes from the fact that there are and have been
bugs in how the stats work, but they were never reported. For example,
before Linux v6.7 hash stats were double-counted in most cases.
There has also never been any documentation for this feature, so it
might be hard to use even if someone wanted to.
2. CONFIG_CRYPTO_STATS significantly reduces performance
Enabling CONFIG_CRYPTO_STATS significantly reduces the performance of
the crypto API, even if no program ever retrieves the statistics. This
primarily affects systems with a large number of CPUs. For example,
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039576 reported
that Lustre client encryption performance improved from 21.7GB/s to
48.2GB/s by disabling CONFIG_CRYPTO_STATS.
It can be argued that this means that CONFIG_CRYPTO_STATS should be
optimized with per-cpu counters similar to many of the networking
counters. But no one has done this in 5+ years. This is consistent
with the fact that the feature appears to be unused, so there seems to
be little interest in improving it as opposed to just disabling it.
It can be argued that because CONFIG_CRYPTO_STATS is off by default,
performance doesn't matter. But Linux distros tend to error on the side
of enabling options. The option is enabled in Ubuntu and Arch Linux,
and until recently was enabled in RHEL and Fedora (see above). So, even
just having the option available is harmful to users.
3. CONFIG_CRYPTO_STATS is a large maintenance burden
There are over 1000 lines of code associated with CONFIG_CRYPTO_STATS,
spread among 32 files. It significantly complicates much of the
implementation of the crypto API. After the initial submission, many
fixes and refactorings have consumed effort of multiple people to keep
this feature "working". We should be spending this effort elsewhere.
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-03-13 03:48:21 +00:00
|
|
|
return -ENOKEY;
|
|
|
|
|
if (alg->co.base.cra_type != &crypto_skcipher_type)
|
|
|
|
|
return crypto_lskcipher_decrypt_sg(req);
|
|
|
|
|
return alg->decrypt(req);
|
2019-06-03 05:45:51 +00:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
|
|
|
|
|
|
2023-11-28 06:33:19 +00:00
|
|
|
static int crypto_lskcipher_export(struct skcipher_request *req, void *out)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
|
|
|
u8 *ivs = skcipher_request_ctx(req);
|
|
|
|
|
|
|
|
|
|
ivs = PTR_ALIGN(ivs, crypto_skcipher_alignmask(tfm) + 1);
|
|
|
|
|
|
|
|
|
|
memcpy(out, ivs + crypto_skcipher_ivsize(tfm),
|
|
|
|
|
crypto_skcipher_statesize(tfm));
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int crypto_lskcipher_import(struct skcipher_request *req, const void *in)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
|
|
|
u8 *ivs = skcipher_request_ctx(req);
|
|
|
|
|
|
|
|
|
|
ivs = PTR_ALIGN(ivs, crypto_skcipher_alignmask(tfm) + 1);
|
|
|
|
|
|
|
|
|
|
memcpy(ivs + crypto_skcipher_ivsize(tfm), in,
|
|
|
|
|
crypto_skcipher_statesize(tfm));
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int skcipher_noexport(struct skcipher_request *req, void *out)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int skcipher_noimport(struct skcipher_request *req, const void *in)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int crypto_skcipher_export(struct skcipher_request *req, void *out)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
|
|
|
|
|
|
|
|
|
if (alg->co.base.cra_type != &crypto_skcipher_type)
|
|
|
|
|
return crypto_lskcipher_export(req, out);
|
|
|
|
|
return alg->export(req, out);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_skcipher_export);
|
|
|
|
|
|
|
|
|
|
int crypto_skcipher_import(struct skcipher_request *req, const void *in)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
|
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
|
|
|
|
|
|
|
|
|
if (alg->co.base.cra_type != &crypto_skcipher_type)
|
|
|
|
|
return crypto_lskcipher_import(req, in);
|
|
|
|
|
return alg->import(req, in);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_skcipher_import);
|
|
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
|
|
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
|
|
|
|
|
|
|
|
|
|
alg->exit(skcipher);
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-20 07:21:45 +00:00
|
|
|
static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
|
|
|
|
|
{
|
2016-07-12 05:17:31 +00:00
|
|
|
struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
|
|
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
|
|
|
|
|
|
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-01-07 02:47:43 +00:00
|
|
|
skcipher_set_needkey(skcipher);
|
2018-01-03 19:16:29 +00:00
|
|
|
|
2023-11-28 06:33:19 +00:00
|
|
|
if (tfm->__crt_alg->cra_type != &crypto_skcipher_type) {
|
|
|
|
|
unsigned am = crypto_skcipher_alignmask(skcipher);
|
|
|
|
|
unsigned reqsize;
|
|
|
|
|
|
|
|
|
|
reqsize = am & ~(crypto_tfm_ctx_alignment() - 1);
|
|
|
|
|
reqsize += crypto_skcipher_ivsize(skcipher);
|
|
|
|
|
reqsize += crypto_skcipher_statesize(skcipher);
|
|
|
|
|
crypto_skcipher_set_reqsize(skcipher, reqsize);
|
|
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
return crypto_init_lskcipher_ops_sg(tfm);
|
2023-11-28 06:33:19 +00:00
|
|
|
}
|
2023-09-14 08:28:24 +00:00
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
if (alg->exit)
|
|
|
|
|
skcipher->base.exit = crypto_skcipher_exit_tfm;
|
2015-08-20 07:21:45 +00:00
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
if (alg->init)
|
|
|
|
|
return alg->init(skcipher);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
static unsigned int crypto_skcipher_extsize(struct crypto_alg *alg)
|
|
|
|
|
{
|
|
|
|
|
if (alg->cra_type != &crypto_skcipher_type)
|
|
|
|
|
return sizeof(struct crypto_lskcipher *);
|
|
|
|
|
|
|
|
|
|
return crypto_alg_extsize(alg);
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
static void crypto_skcipher_free_instance(struct crypto_instance *inst)
|
|
|
|
|
{
|
|
|
|
|
struct skcipher_instance *skcipher =
|
|
|
|
|
container_of(inst, struct skcipher_instance, s.base);
|
|
|
|
|
|
|
|
|
|
skcipher->free(skcipher);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void crypto_skcipher_show(struct seq_file *m, struct crypto_alg *alg)
|
2016-12-31 15:56:23 +00:00
|
|
|
__maybe_unused;
|
2016-07-12 05:17:31 +00:00
|
|
|
static void crypto_skcipher_show(struct seq_file *m, struct crypto_alg *alg)
|
|
|
|
|
{
|
2023-02-16 10:35:21 +00:00
|
|
|
struct skcipher_alg *skcipher = __crypto_skcipher_alg(alg);
|
2016-07-12 05:17:31 +00:00
|
|
|
|
|
|
|
|
seq_printf(m, "type : skcipher\n");
|
|
|
|
|
seq_printf(m, "async : %s\n",
|
2025-01-17 14:42:22 +00:00
|
|
|
str_yes_no(alg->cra_flags & CRYPTO_ALG_ASYNC));
|
2016-07-12 05:17:31 +00:00
|
|
|
seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
|
|
|
|
|
seq_printf(m, "min keysize : %u\n", skcipher->min_keysize);
|
|
|
|
|
seq_printf(m, "max keysize : %u\n", skcipher->max_keysize);
|
|
|
|
|
seq_printf(m, "ivsize : %u\n", skcipher->ivsize);
|
|
|
|
|
seq_printf(m, "chunksize : %u\n", skcipher->chunksize);
|
2016-12-29 14:09:08 +00:00
|
|
|
seq_printf(m, "walksize : %u\n", skcipher->walksize);
|
2023-11-28 06:33:19 +00:00
|
|
|
seq_printf(m, "statesize : %u\n", skcipher->statesize);
|
2015-08-20 07:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
2023-02-16 10:35:28 +00:00
|
|
|
static int __maybe_unused crypto_skcipher_report(
|
|
|
|
|
struct sk_buff *skb, struct crypto_alg *alg)
|
2016-07-12 05:17:31 +00:00
|
|
|
{
|
2023-02-16 10:35:21 +00:00
|
|
|
struct skcipher_alg *skcipher = __crypto_skcipher_alg(alg);
|
2016-07-12 05:17:31 +00:00
|
|
|
struct crypto_report_blkcipher rblkcipher;
|
|
|
|
|
|
2018-11-03 21:56:03 +00:00
|
|
|
memset(&rblkcipher, 0, sizeof(rblkcipher));
|
|
|
|
|
|
|
|
|
|
strscpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type));
|
|
|
|
|
strscpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv));
|
2016-07-12 05:17:31 +00:00
|
|
|
|
|
|
|
|
rblkcipher.blocksize = alg->cra_blocksize;
|
|
|
|
|
rblkcipher.min_keysize = skcipher->min_keysize;
|
|
|
|
|
rblkcipher.max_keysize = skcipher->max_keysize;
|
|
|
|
|
rblkcipher.ivsize = skcipher->ivsize;
|
|
|
|
|
|
2018-11-03 21:56:03 +00:00
|
|
|
return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
|
|
|
|
|
sizeof(rblkcipher), &rblkcipher);
|
2016-07-12 05:17:31 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-25 19:41:11 +00:00
|
|
|
static const struct crypto_type crypto_skcipher_type = {
|
2023-09-14 08:28:24 +00:00
|
|
|
.extsize = crypto_skcipher_extsize,
|
2015-08-20 07:21:45 +00:00
|
|
|
.init_tfm = crypto_skcipher_init_tfm,
|
2016-07-12 05:17:31 +00:00
|
|
|
.free = crypto_skcipher_free_instance,
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
|
|
|
.show = crypto_skcipher_show,
|
|
|
|
|
#endif
|
2023-05-02 08:02:33 +00:00
|
|
|
#if IS_ENABLED(CONFIG_CRYPTO_USER)
|
2016-07-12 05:17:31 +00:00
|
|
|
.report = crypto_skcipher_report,
|
2023-02-16 10:35:21 +00:00
|
|
|
#endif
|
2015-08-20 07:21:45 +00:00
|
|
|
.maskclear = ~CRYPTO_ALG_TYPE_MASK,
|
2023-09-14 08:28:24 +00:00
|
|
|
.maskset = CRYPTO_ALG_TYPE_SKCIPHER_MASK,
|
2016-07-12 05:17:31 +00:00
|
|
|
.type = CRYPTO_ALG_TYPE_SKCIPHER,
|
2015-08-20 07:21:45 +00:00
|
|
|
.tfmsize = offsetof(struct crypto_skcipher, base),
|
2025-04-12 05:16:43 +00:00
|
|
|
.algsize = offsetof(struct skcipher_alg, base),
|
2015-08-20 07:21:45 +00:00
|
|
|
};
|
|
|
|
|
|
2016-07-12 05:17:50 +00:00
|
|
|
int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
|
2020-01-03 03:58:45 +00:00
|
|
|
struct crypto_instance *inst,
|
|
|
|
|
const char *name, u32 type, u32 mask)
|
2016-07-12 05:17:31 +00:00
|
|
|
{
|
2019-10-25 19:41:11 +00:00
|
|
|
spawn->base.frontend = &crypto_skcipher_type;
|
2020-01-03 03:58:48 +00:00
|
|
|
return crypto_grab_spawn(&spawn->base, inst, name, type, mask);
|
2016-07-12 05:17:31 +00:00
|
|
|
}
|
2016-07-12 05:17:50 +00:00
|
|
|
EXPORT_SYMBOL_GPL(crypto_grab_skcipher);
|
2016-07-12 05:17:31 +00:00
|
|
|
|
2015-08-20 07:21:45 +00:00
|
|
|
struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
|
|
|
|
|
u32 type, u32 mask)
|
|
|
|
|
{
|
2019-10-25 19:41:11 +00:00
|
|
|
return crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
|
2015-08-20 07:21:45 +00:00
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_alloc_skcipher);
|
|
|
|
|
|
2018-09-19 02:10:38 +00:00
|
|
|
struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
|
|
|
|
|
const char *alg_name, u32 type, u32 mask)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_skcipher *tfm;
|
|
|
|
|
|
|
|
|
|
/* Only sync algorithms allowed. */
|
2022-11-11 10:05:41 +00:00
|
|
|
mask |= CRYPTO_ALG_ASYNC | CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE;
|
2025-02-15 00:57:51 +00:00
|
|
|
type &= ~(CRYPTO_ALG_ASYNC | CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE);
|
2018-09-19 02:10:38 +00:00
|
|
|
|
2019-10-25 19:41:11 +00:00
|
|
|
tfm = crypto_alloc_tfm(alg_name, &crypto_skcipher_type, type, mask);
|
2018-09-19 02:10:38 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure we do not allocate something that might get used with
|
|
|
|
|
* an on-stack request: check the request size.
|
|
|
|
|
*/
|
|
|
|
|
if (!IS_ERR(tfm) && WARN_ON(crypto_skcipher_reqsize(tfm) >
|
|
|
|
|
MAX_SYNC_SKCIPHER_REQSIZE)) {
|
|
|
|
|
crypto_free_skcipher(tfm);
|
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (struct crypto_sync_skcipher *)tfm;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_alloc_sync_skcipher);
|
|
|
|
|
|
2019-10-25 19:41:09 +00:00
|
|
|
int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask)
|
2016-07-12 05:17:31 +00:00
|
|
|
{
|
2019-10-25 19:41:11 +00:00
|
|
|
return crypto_type_has_alg(alg_name, &crypto_skcipher_type, type, mask);
|
2016-07-12 05:17:31 +00:00
|
|
|
}
|
2019-10-25 19:41:09 +00:00
|
|
|
EXPORT_SYMBOL_GPL(crypto_has_skcipher);
|
2016-07-12 05:17:31 +00:00
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
int skcipher_prepare_alg_common(struct skcipher_alg_common *alg)
|
2016-07-12 05:17:31 +00:00
|
|
|
{
|
|
|
|
|
struct crypto_alg *base = &alg->base;
|
|
|
|
|
|
2023-11-28 06:33:19 +00:00
|
|
|
if (alg->ivsize > PAGE_SIZE / 8 || alg->chunksize > PAGE_SIZE / 8 ||
|
|
|
|
|
alg->statesize > PAGE_SIZE / 2 ||
|
|
|
|
|
(alg->ivsize + alg->statesize) > PAGE_SIZE / 2)
|
2016-07-12 05:17:31 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (!alg->chunksize)
|
|
|
|
|
alg->chunksize = base->cra_blocksize;
|
|
|
|
|
|
|
|
|
|
base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
static int skcipher_prepare_alg(struct skcipher_alg *alg)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_alg *base = &alg->base;
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
err = skcipher_prepare_alg_common(&alg->co);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
if (alg->walksize > PAGE_SIZE / 8)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (!alg->walksize)
|
|
|
|
|
alg->walksize = alg->chunksize;
|
|
|
|
|
|
2023-11-28 06:33:19 +00:00
|
|
|
if (!alg->statesize) {
|
|
|
|
|
alg->import = skcipher_noimport;
|
|
|
|
|
alg->export = skcipher_noexport;
|
|
|
|
|
} else if (!(alg->import && alg->export))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2023-09-14 08:28:24 +00:00
|
|
|
base->cra_type = &crypto_skcipher_type;
|
|
|
|
|
base->cra_flags |= CRYPTO_ALG_TYPE_SKCIPHER;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
int crypto_register_skcipher(struct skcipher_alg *alg)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_alg *base = &alg->base;
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
err = skcipher_prepare_alg(alg);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
return crypto_register_alg(base);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_register_skcipher);
|
|
|
|
|
|
|
|
|
|
void crypto_unregister_skcipher(struct skcipher_alg *alg)
|
|
|
|
|
{
|
|
|
|
|
crypto_unregister_alg(&alg->base);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_unregister_skcipher);
|
|
|
|
|
|
|
|
|
|
int crypto_register_skciphers(struct skcipher_alg *algs, int count)
|
|
|
|
|
{
|
|
|
|
|
int i, ret;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
|
ret = crypto_register_skcipher(&algs[i]);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
for (--i; i >= 0; --i)
|
|
|
|
|
crypto_unregister_skcipher(&algs[i]);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_register_skciphers);
|
|
|
|
|
|
|
|
|
|
void crypto_unregister_skciphers(struct skcipher_alg *algs, int count)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = count - 1; i >= 0; --i)
|
|
|
|
|
crypto_unregister_skcipher(&algs[i]);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_unregister_skciphers);
|
|
|
|
|
|
|
|
|
|
int skcipher_register_instance(struct crypto_template *tmpl,
|
|
|
|
|
struct skcipher_instance *inst)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2020-01-03 04:04:40 +00:00
|
|
|
if (WARN_ON(!inst->free))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2016-07-12 05:17:31 +00:00
|
|
|
err = skcipher_prepare_alg(&inst->alg);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
return crypto_register_instance(tmpl, skcipher_crypto_instance(inst));
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(skcipher_register_instance);
|
|
|
|
|
|
2019-01-04 04:16:14 +00:00
|
|
|
static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key,
|
|
|
|
|
unsigned int keylen)
|
|
|
|
|
{
|
|
|
|
|
struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
|
|
|
|
|
|
|
|
|
|
crypto_cipher_clear_flags(cipher, CRYPTO_TFM_REQ_MASK);
|
|
|
|
|
crypto_cipher_set_flags(cipher, crypto_skcipher_get_flags(tfm) &
|
|
|
|
|
CRYPTO_TFM_REQ_MASK);
|
2019-12-31 03:19:38 +00:00
|
|
|
return crypto_cipher_setkey(cipher, key, keylen);
|
2019-01-04 04:16:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int skcipher_init_tfm_simple(struct crypto_skcipher *tfm)
|
|
|
|
|
{
|
|
|
|
|
struct skcipher_instance *inst = skcipher_alg_instance(tfm);
|
2020-01-03 03:59:05 +00:00
|
|
|
struct crypto_cipher_spawn *spawn = skcipher_instance_ctx(inst);
|
2019-01-04 04:16:14 +00:00
|
|
|
struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
|
|
|
|
|
struct crypto_cipher *cipher;
|
|
|
|
|
|
|
|
|
|
cipher = crypto_spawn_cipher(spawn);
|
|
|
|
|
if (IS_ERR(cipher))
|
|
|
|
|
return PTR_ERR(cipher);
|
|
|
|
|
|
|
|
|
|
ctx->cipher = cipher;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void skcipher_exit_tfm_simple(struct crypto_skcipher *tfm)
|
|
|
|
|
{
|
|
|
|
|
struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
|
|
|
|
|
|
|
|
|
|
crypto_free_cipher(ctx->cipher);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void skcipher_free_instance_simple(struct skcipher_instance *inst)
|
|
|
|
|
{
|
2020-01-03 03:59:00 +00:00
|
|
|
crypto_drop_cipher(skcipher_instance_ctx(inst));
|
2019-01-04 04:16:14 +00:00
|
|
|
kfree(inst);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* skcipher_alloc_instance_simple - allocate instance of simple block cipher mode
|
|
|
|
|
*
|
|
|
|
|
* Allocate an skcipher_instance for a simple block cipher mode of operation,
|
|
|
|
|
* e.g. cbc or ecb. The instance context will have just a single crypto_spawn,
|
|
|
|
|
* that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize,
|
|
|
|
|
* alignmask, and priority are set from the underlying cipher but can be
|
|
|
|
|
* overridden if needed. The tfm context defaults to skcipher_ctx_simple, and
|
|
|
|
|
* default ->setkey(), ->init(), and ->exit() methods are installed.
|
|
|
|
|
*
|
|
|
|
|
* @tmpl: the template being instantiated
|
|
|
|
|
* @tb: the template parameters
|
|
|
|
|
*
|
|
|
|
|
* Return: a pointer to the new instance, or an ERR_PTR(). The caller still
|
|
|
|
|
* needs to register the instance.
|
|
|
|
|
*/
|
2019-12-20 05:29:40 +00:00
|
|
|
struct skcipher_instance *skcipher_alloc_instance_simple(
|
|
|
|
|
struct crypto_template *tmpl, struct rtattr **tb)
|
2019-01-04 04:16:14 +00:00
|
|
|
{
|
|
|
|
|
u32 mask;
|
2020-01-03 03:59:00 +00:00
|
|
|
struct skcipher_instance *inst;
|
|
|
|
|
struct crypto_cipher_spawn *spawn;
|
|
|
|
|
struct crypto_alg *cipher_alg;
|
2019-01-04 04:16:14 +00:00
|
|
|
int err;
|
|
|
|
|
|
2020-07-10 06:20:38 +00:00
|
|
|
err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER, &mask);
|
|
|
|
|
if (err)
|
|
|
|
|
return ERR_PTR(err);
|
2019-01-04 04:16:14 +00:00
|
|
|
|
|
|
|
|
inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
|
2020-01-03 03:59:00 +00:00
|
|
|
if (!inst)
|
|
|
|
|
return ERR_PTR(-ENOMEM);
|
2019-01-04 04:16:14 +00:00
|
|
|
spawn = skcipher_instance_ctx(inst);
|
|
|
|
|
|
2020-01-03 03:59:00 +00:00
|
|
|
err = crypto_grab_cipher(spawn, skcipher_crypto_instance(inst),
|
|
|
|
|
crypto_attr_alg_name(tb[1]), 0, mask);
|
2019-01-04 04:16:14 +00:00
|
|
|
if (err)
|
|
|
|
|
goto err_free_inst;
|
2020-01-03 03:59:00 +00:00
|
|
|
cipher_alg = crypto_spawn_cipher_alg(spawn);
|
2019-01-04 04:16:14 +00:00
|
|
|
|
2020-01-03 03:59:00 +00:00
|
|
|
err = crypto_inst_setname(skcipher_crypto_instance(inst), tmpl->name,
|
|
|
|
|
cipher_alg);
|
2019-01-04 04:16:14 +00:00
|
|
|
if (err)
|
|
|
|
|
goto err_free_inst;
|
2020-01-03 03:59:00 +00:00
|
|
|
|
2019-01-04 04:16:14 +00:00
|
|
|
inst->free = skcipher_free_instance_simple;
|
|
|
|
|
|
|
|
|
|
/* Default algorithm properties, can be overridden */
|
|
|
|
|
inst->alg.base.cra_blocksize = cipher_alg->cra_blocksize;
|
|
|
|
|
inst->alg.base.cra_alignmask = cipher_alg->cra_alignmask;
|
|
|
|
|
inst->alg.base.cra_priority = cipher_alg->cra_priority;
|
|
|
|
|
inst->alg.min_keysize = cipher_alg->cra_cipher.cia_min_keysize;
|
|
|
|
|
inst->alg.max_keysize = cipher_alg->cra_cipher.cia_max_keysize;
|
|
|
|
|
inst->alg.ivsize = cipher_alg->cra_blocksize;
|
|
|
|
|
|
|
|
|
|
/* Use skcipher_ctx_simple by default, can be overridden */
|
|
|
|
|
inst->alg.base.cra_ctxsize = sizeof(struct skcipher_ctx_simple);
|
|
|
|
|
inst->alg.setkey = skcipher_setkey_simple;
|
|
|
|
|
inst->alg.init = skcipher_init_tfm_simple;
|
|
|
|
|
inst->alg.exit = skcipher_exit_tfm_simple;
|
|
|
|
|
|
|
|
|
|
return inst;
|
|
|
|
|
|
|
|
|
|
err_free_inst:
|
2020-01-03 03:59:00 +00:00
|
|
|
skcipher_free_instance_simple(inst);
|
2019-01-04 04:16:14 +00:00
|
|
|
return ERR_PTR(err);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple);
|
|
|
|
|
|
2015-08-20 07:21:45 +00:00
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
|
MODULE_DESCRIPTION("Symmetric key cipher type");
|
module: Convert symbol namespace to string literal
Clean up the existing export namespace code along the same lines of
commit 33def8498fdd ("treewide: Convert macro and uses of __section(foo)
to __section("foo")") and for the same reason, it is not desired for the
namespace argument to be a macro expansion itself.
Scripted using
git grep -l -e MODULE_IMPORT_NS -e EXPORT_SYMBOL_NS | while read file;
do
awk -i inplace '
/^#define EXPORT_SYMBOL_NS/ {
gsub(/__stringify\(ns\)/, "ns");
print;
next;
}
/^#define MODULE_IMPORT_NS/ {
gsub(/__stringify\(ns\)/, "ns");
print;
next;
}
/MODULE_IMPORT_NS/ {
$0 = gensub(/MODULE_IMPORT_NS\(([^)]*)\)/, "MODULE_IMPORT_NS(\"\\1\")", "g");
}
/EXPORT_SYMBOL_NS/ {
if ($0 ~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+),/) {
if ($0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/ &&
$0 !~ /(EXPORT_SYMBOL_NS[^(]*)\(\)/ &&
$0 !~ /^my/) {
getline line;
gsub(/[[:space:]]*\\$/, "");
gsub(/[[:space:]]/, "", line);
$0 = $0 " " line;
}
$0 = gensub(/(EXPORT_SYMBOL_NS[^(]*)\(([^,]+), ([^)]+)\)/,
"\\1(\\2, \"\\3\")", "g");
}
}
{ print }' $file;
done
Requested-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://mail.google.com/mail/u/2/#inbox/FMfcgzQXKWgMmjdFwwdsfgxzKpVHWPlc
Acked-by: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-12-02 14:59:47 +00:00
|
|
|
MODULE_IMPORT_NS("CRYPTO_INTERNAL");
|
