2
* seqiv: Sequence Number IV Generator
4
* This generator generates an IV based on a sequence number by xoring it
5
* with a salt. This algorithm is mainly useful for CTR and similar modes.
7
* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
9
* This program is free software; you can redistribute it and/or modify it
10
* under the terms of the GNU General Public License as published by the Free
11
* Software Foundation; either version 2 of the License, or (at your option)
16
#include <crypto/internal/aead.h>
17
#include <crypto/internal/skcipher.h>
18
#include <crypto/rng.h>
19
#include <linux/err.h>
20
#include <linux/init.h>
21
#include <linux/kernel.h>
22
#include <linux/module.h>
23
#include <linux/slab.h>
24
#include <linux/spinlock.h>
25
#include <linux/string.h>
29
u8 salt[] __attribute__ ((aligned(__alignof__(u32))));
32
static void seqiv_complete2(struct skcipher_givcrypt_request *req, int err)
34
struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
35
struct crypto_ablkcipher *geniv;
37
if (err == -EINPROGRESS)
43
geniv = skcipher_givcrypt_reqtfm(req);
44
memcpy(req->creq.info, subreq->info, crypto_ablkcipher_ivsize(geniv));
50
static void seqiv_complete(struct crypto_async_request *base, int err)
52
struct skcipher_givcrypt_request *req = base->data;
54
seqiv_complete2(req, err);
55
skcipher_givcrypt_complete(req, err);
58
static void seqiv_aead_complete2(struct aead_givcrypt_request *req, int err)
60
struct aead_request *subreq = aead_givcrypt_reqctx(req);
61
struct crypto_aead *geniv;
63
if (err == -EINPROGRESS)
69
geniv = aead_givcrypt_reqtfm(req);
70
memcpy(req->areq.iv, subreq->iv, crypto_aead_ivsize(geniv));
76
static void seqiv_aead_complete(struct crypto_async_request *base, int err)
78
struct aead_givcrypt_request *req = base->data;
80
seqiv_aead_complete2(req, err);
81
aead_givcrypt_complete(req, err);
84
static void seqiv_geniv(struct seqiv_ctx *ctx, u8 *info, u64 seq,
87
unsigned int len = ivsize;
89
if (ivsize > sizeof(u64)) {
90
memset(info, 0, ivsize - sizeof(u64));
93
seq = cpu_to_be64(seq);
94
memcpy(info + ivsize - len, &seq, len);
95
crypto_xor(info, ctx->salt, ivsize);
98
static int seqiv_givencrypt(struct skcipher_givcrypt_request *req)
100
struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
101
struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
102
struct ablkcipher_request *subreq = skcipher_givcrypt_reqctx(req);
103
crypto_completion_t complete;
109
ablkcipher_request_set_tfm(subreq, skcipher_geniv_cipher(geniv));
111
complete = req->creq.base.complete;
112
data = req->creq.base.data;
113
info = req->creq.info;
115
ivsize = crypto_ablkcipher_ivsize(geniv);
117
if (unlikely(!IS_ALIGNED((unsigned long)info,
118
crypto_ablkcipher_alignmask(geniv) + 1))) {
119
info = kmalloc(ivsize, req->creq.base.flags &
120
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
125
complete = seqiv_complete;
129
ablkcipher_request_set_callback(subreq, req->creq.base.flags, complete,
131
ablkcipher_request_set_crypt(subreq, req->creq.src, req->creq.dst,
132
req->creq.nbytes, info);
134
seqiv_geniv(ctx, info, req->seq, ivsize);
135
memcpy(req->giv, info, ivsize);
137
err = crypto_ablkcipher_encrypt(subreq);
138
if (unlikely(info != req->creq.info))
139
seqiv_complete2(req, err);
143
static int seqiv_aead_givencrypt(struct aead_givcrypt_request *req)
145
struct crypto_aead *geniv = aead_givcrypt_reqtfm(req);
146
struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
147
struct aead_request *areq = &req->areq;
148
struct aead_request *subreq = aead_givcrypt_reqctx(req);
149
crypto_completion_t complete;
155
aead_request_set_tfm(subreq, aead_geniv_base(geniv));
157
complete = areq->base.complete;
158
data = areq->base.data;
161
ivsize = crypto_aead_ivsize(geniv);
163
if (unlikely(!IS_ALIGNED((unsigned long)info,
164
crypto_aead_alignmask(geniv) + 1))) {
165
info = kmalloc(ivsize, areq->base.flags &
166
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
171
complete = seqiv_aead_complete;
175
aead_request_set_callback(subreq, areq->base.flags, complete, data);
176
aead_request_set_crypt(subreq, areq->src, areq->dst, areq->cryptlen,
178
aead_request_set_assoc(subreq, areq->assoc, areq->assoclen);
180
seqiv_geniv(ctx, info, req->seq, ivsize);
181
memcpy(req->giv, info, ivsize);
183
err = crypto_aead_encrypt(subreq);
184
if (unlikely(info != areq->iv))
185
seqiv_aead_complete2(req, err);
189
static int seqiv_givencrypt_first(struct skcipher_givcrypt_request *req)
191
struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req);
192
struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
195
spin_lock_bh(&ctx->lock);
196
if (crypto_ablkcipher_crt(geniv)->givencrypt != seqiv_givencrypt_first)
199
crypto_ablkcipher_crt(geniv)->givencrypt = seqiv_givencrypt;
200
err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
201
crypto_ablkcipher_ivsize(geniv));
204
spin_unlock_bh(&ctx->lock);
209
return seqiv_givencrypt(req);
212
static int seqiv_aead_givencrypt_first(struct aead_givcrypt_request *req)
214
struct crypto_aead *geniv = aead_givcrypt_reqtfm(req);
215
struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
218
spin_lock_bh(&ctx->lock);
219
if (crypto_aead_crt(geniv)->givencrypt != seqiv_aead_givencrypt_first)
222
crypto_aead_crt(geniv)->givencrypt = seqiv_aead_givencrypt;
223
err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt,
224
crypto_aead_ivsize(geniv));
227
spin_unlock_bh(&ctx->lock);
232
return seqiv_aead_givencrypt(req);
235
static int seqiv_init(struct crypto_tfm *tfm)
237
struct crypto_ablkcipher *geniv = __crypto_ablkcipher_cast(tfm);
238
struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv);
240
spin_lock_init(&ctx->lock);
242
tfm->crt_ablkcipher.reqsize = sizeof(struct ablkcipher_request);
244
return skcipher_geniv_init(tfm);
247
static int seqiv_aead_init(struct crypto_tfm *tfm)
249
struct crypto_aead *geniv = __crypto_aead_cast(tfm);
250
struct seqiv_ctx *ctx = crypto_aead_ctx(geniv);
252
spin_lock_init(&ctx->lock);
254
tfm->crt_aead.reqsize = sizeof(struct aead_request);
256
return aead_geniv_init(tfm);
259
static struct crypto_template seqiv_tmpl;
261
static struct crypto_instance *seqiv_ablkcipher_alloc(struct rtattr **tb)
263
struct crypto_instance *inst;
265
inst = skcipher_geniv_alloc(&seqiv_tmpl, tb, 0, 0);
270
inst->alg.cra_ablkcipher.givencrypt = seqiv_givencrypt_first;
272
inst->alg.cra_init = seqiv_init;
273
inst->alg.cra_exit = skcipher_geniv_exit;
275
inst->alg.cra_ctxsize += inst->alg.cra_ablkcipher.ivsize;
281
static struct crypto_instance *seqiv_aead_alloc(struct rtattr **tb)
283
struct crypto_instance *inst;
285
inst = aead_geniv_alloc(&seqiv_tmpl, tb, 0, 0);
290
inst->alg.cra_aead.givencrypt = seqiv_aead_givencrypt_first;
292
inst->alg.cra_init = seqiv_aead_init;
293
inst->alg.cra_exit = aead_geniv_exit;
295
inst->alg.cra_ctxsize = inst->alg.cra_aead.ivsize;
301
static struct crypto_instance *seqiv_alloc(struct rtattr **tb)
303
struct crypto_attr_type *algt;
304
struct crypto_instance *inst;
307
algt = crypto_get_attr_type(tb);
312
err = crypto_get_default_rng();
316
if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK)
317
inst = seqiv_ablkcipher_alloc(tb);
319
inst = seqiv_aead_alloc(tb);
324
inst->alg.cra_alignmask |= __alignof__(u32) - 1;
325
inst->alg.cra_ctxsize += sizeof(struct seqiv_ctx);
331
crypto_put_default_rng();
335
static void seqiv_free(struct crypto_instance *inst)
337
if ((inst->alg.cra_flags ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK)
338
skcipher_geniv_free(inst);
340
aead_geniv_free(inst);
341
crypto_put_default_rng();
344
static struct crypto_template seqiv_tmpl = {
346
.alloc = seqiv_alloc,
348
.module = THIS_MODULE,
351
static int __init seqiv_module_init(void)
353
return crypto_register_template(&seqiv_tmpl);
356
static void __exit seqiv_module_exit(void)
358
crypto_unregister_template(&seqiv_tmpl);
361
module_init(seqiv_module_init);
362
module_exit(seqiv_module_exit);
364
MODULE_LICENSE("GPL");
365
MODULE_DESCRIPTION("Sequence Number IV Generator");