2006-12-16 08:09:02 +07:00
|
|
|
/*
|
|
|
|
* PCBC: Propagating Cipher Block Chaining mode
|
|
|
|
*
|
|
|
|
* Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
*
|
|
|
|
* Derived from cbc.c
|
|
|
|
* - Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
|
|
* any later version.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2018-04-09 20:54:47 +07:00
|
|
|
#include <crypto/algapi.h>
|
2016-11-22 19:08:27 +07:00
|
|
|
#include <crypto/internal/skcipher.h>
|
2006-12-16 08:09:02 +07:00
|
|
|
#include <linux/err.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_encrypt_segment(struct skcipher_request *req,
|
|
|
|
struct skcipher_walk *walk,
|
2007-11-20 16:49:49 +07:00
|
|
|
struct crypto_cipher *tfm)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
|
|
|
int bsize = crypto_cipher_blocksize(tfm);
|
|
|
|
unsigned int nbytes = walk->nbytes;
|
|
|
|
u8 *src = walk->src.virt.addr;
|
|
|
|
u8 *dst = walk->dst.virt.addr;
|
2019-01-04 11:16:13 +07:00
|
|
|
u8 * const iv = walk->iv;
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
do {
|
2007-11-20 16:49:49 +07:00
|
|
|
crypto_xor(iv, src, bsize);
|
2016-11-22 19:08:27 +07:00
|
|
|
crypto_cipher_encrypt_one(tfm, dst, iv);
|
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 17:28:04 +07:00
|
|
|
crypto_xor_cpy(iv, dst, src, bsize);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
src += bsize;
|
|
|
|
dst += bsize;
|
|
|
|
} while ((nbytes -= bsize) >= bsize);
|
|
|
|
|
|
|
|
return nbytes;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req,
|
|
|
|
struct skcipher_walk *walk,
|
2007-11-20 16:49:49 +07:00
|
|
|
struct crypto_cipher *tfm)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
|
|
|
int bsize = crypto_cipher_blocksize(tfm);
|
|
|
|
unsigned int nbytes = walk->nbytes;
|
|
|
|
u8 *src = walk->src.virt.addr;
|
2019-01-04 11:16:13 +07:00
|
|
|
u8 * const iv = walk->iv;
|
2018-04-09 20:54:47 +07:00
|
|
|
u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
do {
|
|
|
|
memcpy(tmpbuf, src, bsize);
|
2007-11-20 16:49:49 +07:00
|
|
|
crypto_xor(iv, src, bsize);
|
2016-11-22 19:08:27 +07:00
|
|
|
crypto_cipher_encrypt_one(tfm, src, iv);
|
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 17:28:04 +07:00
|
|
|
crypto_xor_cpy(iv, tmpbuf, src, bsize);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
src += bsize;
|
|
|
|
} while ((nbytes -= bsize) >= bsize);
|
|
|
|
|
|
|
|
return nbytes;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_encrypt(struct skcipher_request *req)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
2016-11-22 19:08:27 +07:00
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
2019-01-04 11:16:22 +07:00
|
|
|
struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
|
2016-11-22 19:08:27 +07:00
|
|
|
struct skcipher_walk walk;
|
|
|
|
unsigned int nbytes;
|
2006-12-16 08:09:02 +07:00
|
|
|
int err;
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
err = skcipher_walk_virt(&walk, req, false);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
while ((nbytes = walk.nbytes)) {
|
|
|
|
if (walk.src.virt.addr == walk.dst.virt.addr)
|
2016-11-22 19:08:27 +07:00
|
|
|
nbytes = crypto_pcbc_encrypt_inplace(req, &walk,
|
2019-01-04 11:16:22 +07:00
|
|
|
cipher);
|
2006-12-16 08:09:02 +07:00
|
|
|
else
|
2016-11-22 19:08:27 +07:00
|
|
|
nbytes = crypto_pcbc_encrypt_segment(req, &walk,
|
2019-01-04 11:16:22 +07:00
|
|
|
cipher);
|
2016-11-22 19:08:27 +07:00
|
|
|
err = skcipher_walk_done(&walk, nbytes);
|
2006-12-16 08:09:02 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_decrypt_segment(struct skcipher_request *req,
|
|
|
|
struct skcipher_walk *walk,
|
2007-11-20 16:49:49 +07:00
|
|
|
struct crypto_cipher *tfm)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
|
|
|
int bsize = crypto_cipher_blocksize(tfm);
|
|
|
|
unsigned int nbytes = walk->nbytes;
|
|
|
|
u8 *src = walk->src.virt.addr;
|
|
|
|
u8 *dst = walk->dst.virt.addr;
|
2019-01-04 11:16:13 +07:00
|
|
|
u8 * const iv = walk->iv;
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
do {
|
2016-11-22 19:08:27 +07:00
|
|
|
crypto_cipher_decrypt_one(tfm, dst, src);
|
2007-11-20 16:49:49 +07:00
|
|
|
crypto_xor(dst, iv, bsize);
|
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 17:28:04 +07:00
|
|
|
crypto_xor_cpy(iv, dst, src, bsize);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
src += bsize;
|
|
|
|
dst += bsize;
|
|
|
|
} while ((nbytes -= bsize) >= bsize);
|
|
|
|
|
|
|
|
return nbytes;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req,
|
|
|
|
struct skcipher_walk *walk,
|
2007-11-20 16:49:49 +07:00
|
|
|
struct crypto_cipher *tfm)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
|
|
|
int bsize = crypto_cipher_blocksize(tfm);
|
|
|
|
unsigned int nbytes = walk->nbytes;
|
|
|
|
u8 *src = walk->src.virt.addr;
|
2019-01-04 11:16:13 +07:00
|
|
|
u8 * const iv = walk->iv;
|
2018-04-09 20:54:47 +07:00
|
|
|
u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
do {
|
|
|
|
memcpy(tmpbuf, src, bsize);
|
2016-11-22 19:08:27 +07:00
|
|
|
crypto_cipher_decrypt_one(tfm, src, src);
|
2007-11-20 16:49:49 +07:00
|
|
|
crypto_xor(src, iv, bsize);
|
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 17:28:04 +07:00
|
|
|
crypto_xor_cpy(iv, src, tmpbuf, bsize);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
src += bsize;
|
|
|
|
} while ((nbytes -= bsize) >= bsize);
|
|
|
|
|
|
|
|
return nbytes;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_decrypt(struct skcipher_request *req)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
2016-11-22 19:08:27 +07:00
|
|
|
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
|
2019-01-04 11:16:22 +07:00
|
|
|
struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
|
2016-11-22 19:08:27 +07:00
|
|
|
struct skcipher_walk walk;
|
|
|
|
unsigned int nbytes;
|
2006-12-16 08:09:02 +07:00
|
|
|
int err;
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
err = skcipher_walk_virt(&walk, req, false);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
|
|
|
while ((nbytes = walk.nbytes)) {
|
|
|
|
if (walk.src.virt.addr == walk.dst.virt.addr)
|
2016-11-22 19:08:27 +07:00
|
|
|
nbytes = crypto_pcbc_decrypt_inplace(req, &walk,
|
2019-01-04 11:16:22 +07:00
|
|
|
cipher);
|
2006-12-16 08:09:02 +07:00
|
|
|
else
|
2016-11-22 19:08:27 +07:00
|
|
|
nbytes = crypto_pcbc_decrypt_segment(req, &walk,
|
2019-01-04 11:16:22 +07:00
|
|
|
cipher);
|
2016-11-22 19:08:27 +07:00
|
|
|
err = skcipher_walk_done(&walk, nbytes);
|
2006-12-16 08:09:02 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
|
2006-12-16 08:09:02 +07:00
|
|
|
{
|
2016-11-22 19:08:27 +07:00
|
|
|
struct skcipher_instance *inst;
|
2006-12-16 08:09:02 +07:00
|
|
|
struct crypto_alg *alg;
|
2007-01-01 14:37:02 +07:00
|
|
|
int err;
|
|
|
|
|
2019-01-04 11:16:22 +07:00
|
|
|
inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
|
|
|
|
if (IS_ERR(inst))
|
|
|
|
return PTR_ERR(inst);
|
2006-12-16 08:09:02 +07:00
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
inst->alg.encrypt = crypto_pcbc_encrypt;
|
|
|
|
inst->alg.decrypt = crypto_pcbc_decrypt;
|
2006-12-16 08:09:02 +07:00
|
|
|
|
2016-11-22 19:08:27 +07:00
|
|
|
err = skcipher_register_instance(tmpl, inst);
|
|
|
|
if (err)
|
2019-01-04 11:16:22 +07:00
|
|
|
inst->free(inst);
|
2018-11-22 17:00:16 +07:00
|
|
|
crypto_mod_put(alg);
|
2016-11-22 19:08:27 +07:00
|
|
|
return err;
|
2006-12-16 08:09:02 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct crypto_template crypto_pcbc_tmpl = {
|
|
|
|
.name = "pcbc",
|
2016-11-22 19:08:27 +07:00
|
|
|
.create = crypto_pcbc_create,
|
2006-12-16 08:09:02 +07:00
|
|
|
.module = THIS_MODULE,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int __init crypto_pcbc_module_init(void)
|
|
|
|
{
|
|
|
|
return crypto_register_template(&crypto_pcbc_tmpl);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit crypto_pcbc_module_exit(void)
|
|
|
|
{
|
|
|
|
crypto_unregister_template(&crypto_pcbc_tmpl);
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(crypto_pcbc_module_init);
|
|
|
|
module_exit(crypto_pcbc_module_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
2019-01-04 11:16:22 +07:00
|
|
|
MODULE_DESCRIPTION("PCBC block cipher mode of operation");
|
2014-11-25 07:32:38 +07:00
|
|
|
MODULE_ALIAS_CRYPTO("pcbc");
|