Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/crypto/authencesn.c

  1 /*
  2  * authencesn.c - AEAD wrapper for IPsec with extended sequence numbers,
  3  *                 derived from authenc.c
  4  *
  5  * Copyright (C) 2010 secunet Security Networks AG
  6  * Copyright (C) 2010 Steffen Klassert <steffen.klassert@secunet.com>
  7  * Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
  8  *
  9  * This program is free software; you can redistribute it and/or modify it
 10  * under the terms of the GNU General Public License as published by the Free
 11  * Software Foundation; either version 2 of the License, or (at your option)
 12  * any later version.
 13  *
 14  */
 15 
 16 #include <crypto/internal/aead.h>
 17 #include <crypto/internal/hash.h>
 18 #include <crypto/internal/skcipher.h>
 19 #include <crypto/authenc.h>
 20 #include <crypto/null.h>
 21 #include <crypto/scatterwalk.h>
 22 #include <linux/err.h>
 23 #include <linux/init.h>
 24 #include <linux/kernel.h>
 25 #include <linux/module.h>
 26 #include <linux/rtnetlink.h>
 27 #include <linux/slab.h>
 28 #include <linux/spinlock.h>
 29 
 30 struct authenc_esn_instance_ctx {
 31         struct crypto_ahash_spawn auth;
 32         struct crypto_skcipher_spawn enc;
 33 };
 34 
 35 struct crypto_authenc_esn_ctx {
 36         unsigned int reqoff;
 37         struct crypto_ahash *auth;
 38         struct crypto_skcipher *enc;
 39         struct crypto_skcipher *null;
 40 };
 41 
 42 struct authenc_esn_request_ctx {
 43         struct scatterlist src[2];
 44         struct scatterlist dst[2];
 45         char tail[];
 46 };
 47 
 48 static void authenc_esn_request_complete(struct aead_request *req, int err)
 49 {
 50         if (err != -EINPROGRESS)
 51                 aead_request_complete(req, err);
 52 }
 53 
 54 static int crypto_authenc_esn_setauthsize(struct crypto_aead *authenc_esn,
 55                                           unsigned int authsize)
 56 {
 57         if (authsize > 0 && authsize < 4)
 58                 return -EINVAL;
 59 
 60         return 0;
 61 }
 62 
 63 static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 *key,
 64                                      unsigned int keylen)
 65 {
 66         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
 67         struct crypto_ahash *auth = ctx->auth;
 68         struct crypto_skcipher *enc = ctx->enc;
 69         struct crypto_authenc_keys keys;
 70         int err = -EINVAL;
 71 
 72         if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
 73                 goto badkey;
 74 
 75         crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
 76         crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) &
 77                                      CRYPTO_TFM_REQ_MASK);
 78         err = crypto_ahash_setkey(auth, keys.authkey, keys.authkeylen);
 79         crypto_aead_set_flags(authenc_esn, crypto_ahash_get_flags(auth) &
 80                                            CRYPTO_TFM_RES_MASK);
 81 
 82         if (err)
 83                 goto out;
 84 
 85         crypto_skcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK);
 86         crypto_skcipher_set_flags(enc, crypto_aead_get_flags(authenc_esn) &
 87                                          CRYPTO_TFM_REQ_MASK);
 88         err = crypto_skcipher_setkey(enc, keys.enckey, keys.enckeylen);
 89         crypto_aead_set_flags(authenc_esn, crypto_skcipher_get_flags(enc) &
 90                                            CRYPTO_TFM_RES_MASK);
 91 
 92 out:
 93         return err;
 94 
 95 badkey:
 96         crypto_aead_set_flags(authenc_esn, CRYPTO_TFM_RES_BAD_KEY_LEN);
 97         goto out;
 98 }
 99 
100 static int crypto_authenc_esn_genicv_tail(struct aead_request *req,
101                                           unsigned int flags)
102 {
103         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
104         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
105         struct authenc_esn_request_ctx *areq_ctx = aead_request_ctx(req);
106         struct crypto_ahash *auth = ctx->auth;
107         u8 *hash = PTR_ALIGN((u8 *)areq_ctx->tail,
108                              crypto_ahash_alignmask(auth) + 1);
109         unsigned int authsize = crypto_aead_authsize(authenc_esn);
110         unsigned int assoclen = req->assoclen;
111         unsigned int cryptlen = req->cryptlen;
112         struct scatterlist *dst = req->dst;
113         u32 tmp[2];
114 
115         /* Move high-order bits of sequence number back. */
116         scatterwalk_map_and_copy(tmp, dst, 4, 4, 0);
117         scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);
118         scatterwalk_map_and_copy(tmp, dst, 0, 8, 1);
119 
120         scatterwalk_map_and_copy(hash, dst, assoclen + cryptlen, authsize, 1);
121         return 0;
122 }
123 
124 static void authenc_esn_geniv_ahash_done(struct crypto_async_request *areq,
125                                          int err)
126 {
127         struct aead_request *req = areq->data;
128 
129         err = err ?: crypto_authenc_esn_genicv_tail(req, 0);
130         aead_request_complete(req, err);
131 }
132 
133 static int crypto_authenc_esn_genicv(struct aead_request *req,
134                                      unsigned int flags)
135 {
136         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
137         struct authenc_esn_request_ctx *areq_ctx = aead_request_ctx(req);
138         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
139         struct crypto_ahash *auth = ctx->auth;
140         u8 *hash = PTR_ALIGN((u8 *)areq_ctx->tail,
141                              crypto_ahash_alignmask(auth) + 1);
142         struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff);
143         unsigned int authsize = crypto_aead_authsize(authenc_esn);
144         unsigned int assoclen = req->assoclen;
145         unsigned int cryptlen = req->cryptlen;
146         struct scatterlist *dst = req->dst;
147         u32 tmp[2];
148 
149         if (!authsize)
150                 return 0;
151 
152         /* Move high-order bits of sequence number to the end. */
153         scatterwalk_map_and_copy(tmp, dst, 0, 8, 0);
154         scatterwalk_map_and_copy(tmp, dst, 4, 4, 1);
155         scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1);
156 
157         sg_init_table(areq_ctx->dst, 2);
158         dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);
159 
160         ahash_request_set_tfm(ahreq, auth);
161         ahash_request_set_crypt(ahreq, dst, hash, assoclen + cryptlen);
162         ahash_request_set_callback(ahreq, flags,
163                                    authenc_esn_geniv_ahash_done, req);
164 
165         return crypto_ahash_digest(ahreq) ?:
166                crypto_authenc_esn_genicv_tail(req, aead_request_flags(req));
167 }
168 
169 
170 static void crypto_authenc_esn_encrypt_done(struct crypto_async_request *req,
171                                             int err)
172 {
173         struct aead_request *areq = req->data;
174 
175         if (!err)
176                 err = crypto_authenc_esn_genicv(areq, 0);
177 
178         authenc_esn_request_complete(areq, err);
179 }
180 
181 static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len)
182 {
183         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
184         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
185         SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
186 
187         skcipher_request_set_tfm(skreq, ctx->null);
188         skcipher_request_set_callback(skreq, aead_request_flags(req),
189                                       NULL, NULL);
190         skcipher_request_set_crypt(skreq, req->src, req->dst, len, NULL);
191 
192         return crypto_skcipher_encrypt(skreq);
193 }
194 
195 static int crypto_authenc_esn_encrypt(struct aead_request *req)
196 {
197         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
198         struct authenc_esn_request_ctx *areq_ctx = aead_request_ctx(req);
199         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
200         struct skcipher_request *skreq = (void *)(areq_ctx->tail +
201                                                   ctx->reqoff);
202         struct crypto_skcipher *enc = ctx->enc;
203         unsigned int assoclen = req->assoclen;
204         unsigned int cryptlen = req->cryptlen;
205         struct scatterlist *src, *dst;
206         int err;
207 
208         sg_init_table(areq_ctx->src, 2);
209         src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen);
210         dst = src;
211 
212         if (req->src != req->dst) {
213                 err = crypto_authenc_esn_copy(req, assoclen);
214                 if (err)
215                         return err;
216 
217                 sg_init_table(areq_ctx->dst, 2);
218                 dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, assoclen);
219         }
220 
221         skcipher_request_set_tfm(skreq, enc);
222         skcipher_request_set_callback(skreq, aead_request_flags(req),
223                                       crypto_authenc_esn_encrypt_done, req);
224         skcipher_request_set_crypt(skreq, src, dst, cryptlen, req->iv);
225 
226         err = crypto_skcipher_encrypt(skreq);
227         if (err)
228                 return err;
229 
230         return crypto_authenc_esn_genicv(req, aead_request_flags(req));
231 }
232 
233 static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,
234                                            unsigned int flags)
235 {
236         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
237         unsigned int authsize = crypto_aead_authsize(authenc_esn);
238         struct authenc_esn_request_ctx *areq_ctx = aead_request_ctx(req);
239         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
240         struct skcipher_request *skreq = (void *)(areq_ctx->tail +
241                                                   ctx->reqoff);
242         struct crypto_ahash *auth = ctx->auth;
243         u8 *ohash = PTR_ALIGN((u8 *)areq_ctx->tail,
244                               crypto_ahash_alignmask(auth) + 1);
245         unsigned int cryptlen = req->cryptlen - authsize;
246         unsigned int assoclen = req->assoclen;
247         struct scatterlist *dst = req->dst;
248         u8 *ihash = ohash + crypto_ahash_digestsize(auth);
249         u32 tmp[2];
250 
251         /* Move high-order bits of sequence number back. */
252         scatterwalk_map_and_copy(tmp, dst, 4, 4, 0);
253         scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);
254         scatterwalk_map_and_copy(tmp, dst, 0, 8, 1);
255 
256         if (crypto_memneq(ihash, ohash, authsize))
257                 return -EBADMSG;
258 
259         sg_init_table(areq_ctx->dst, 2);
260         dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
261 
262         skcipher_request_set_tfm(skreq, ctx->enc);
263         skcipher_request_set_callback(skreq, flags,
264                                       req->base.complete, req->base.data);
265         skcipher_request_set_crypt(skreq, dst, dst, cryptlen, req->iv);
266 
267         return crypto_skcipher_decrypt(skreq);
268 }
269 
270 static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
271                                           int err)
272 {
273         struct aead_request *req = areq->data;
274 
275         err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
276         aead_request_complete(req, err);
277 }
278 
279 static int crypto_authenc_esn_decrypt(struct aead_request *req)
280 {
281         struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
282         struct authenc_esn_request_ctx *areq_ctx = aead_request_ctx(req);
283         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
284         struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff);
285         unsigned int authsize = crypto_aead_authsize(authenc_esn);
286         struct crypto_ahash *auth = ctx->auth;
287         u8 *ohash = PTR_ALIGN((u8 *)areq_ctx->tail,
288                               crypto_ahash_alignmask(auth) + 1);
289         unsigned int assoclen = req->assoclen;
290         unsigned int cryptlen = req->cryptlen;
291         u8 *ihash = ohash + crypto_ahash_digestsize(auth);
292         struct scatterlist *dst = req->dst;
293         u32 tmp[2];
294         int err;
295 
296         cryptlen -= authsize;
297 
298         if (req->src != dst) {
299                 err = crypto_authenc_esn_copy(req, assoclen + cryptlen);
300                 if (err)
301                         return err;
302         }
303 
304         scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
305                                  authsize, 0);
306 
307         if (!authsize)
308                 goto tail;
309 
310         /* Move high-order bits of sequence number to the end. */
311         scatterwalk_map_and_copy(tmp, dst, 0, 8, 0);
312         scatterwalk_map_and_copy(tmp, dst, 4, 4, 1);
313         scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 1);
314 
315         sg_init_table(areq_ctx->dst, 2);
316         dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);
317 
318         ahash_request_set_tfm(ahreq, auth);
319         ahash_request_set_crypt(ahreq, dst, ohash, assoclen + cryptlen);
320         ahash_request_set_callback(ahreq, aead_request_flags(req),
321                                    authenc_esn_verify_ahash_done, req);
322 
323         err = crypto_ahash_digest(ahreq);
324         if (err)
325                 return err;
326 
327 tail:
328         return crypto_authenc_esn_decrypt_tail(req, aead_request_flags(req));
329 }
330 
331 static int crypto_authenc_esn_init_tfm(struct crypto_aead *tfm)
332 {
333         struct aead_instance *inst = aead_alg_instance(tfm);
334         struct authenc_esn_instance_ctx *ictx = aead_instance_ctx(inst);
335         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(tfm);
336         struct crypto_ahash *auth;
337         struct crypto_skcipher *enc;
338         struct crypto_skcipher *null;
339         int err;
340 
341         auth = crypto_spawn_ahash(&ictx->auth);
342         if (IS_ERR(auth))
343                 return PTR_ERR(auth);
344 
345         enc = crypto_spawn_skcipher(&ictx->enc);
346         err = PTR_ERR(enc);
347         if (IS_ERR(enc))
348                 goto err_free_ahash;
349 
350         null = crypto_get_default_null_skcipher2();
351         err = PTR_ERR(null);
352         if (IS_ERR(null))
353                 goto err_free_skcipher;
354 
355         ctx->auth = auth;
356         ctx->enc = enc;
357         ctx->null = null;
358 
359         ctx->reqoff = ALIGN(2 * crypto_ahash_digestsize(auth),
360                             crypto_ahash_alignmask(auth) + 1);
361 
362         crypto_aead_set_reqsize(
363                 tfm,
364                 sizeof(struct authenc_esn_request_ctx) +
365                 ctx->reqoff +
366                 max_t(unsigned int,
367                       crypto_ahash_reqsize(auth) +
368                       sizeof(struct ahash_request),
369                       sizeof(struct skcipher_request) +
370                       crypto_skcipher_reqsize(enc)));
371 
372         return 0;
373 
374 err_free_skcipher:
375         crypto_free_skcipher(enc);
376 err_free_ahash:
377         crypto_free_ahash(auth);
378         return err;
379 }
380 
381 static void crypto_authenc_esn_exit_tfm(struct crypto_aead *tfm)
382 {
383         struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(tfm);
384 
385         crypto_free_ahash(ctx->auth);
386         crypto_free_skcipher(ctx->enc);
387         crypto_put_default_null_skcipher2();
388 }
389 
390 static void crypto_authenc_esn_free(struct aead_instance *inst)
391 {
392         struct authenc_esn_instance_ctx *ctx = aead_instance_ctx(inst);
393 
394         crypto_drop_skcipher(&ctx->enc);
395         crypto_drop_ahash(&ctx->auth);
396         kfree(inst);
397 }
398 
399 static int crypto_authenc_esn_create(struct crypto_template *tmpl,
400                                      struct rtattr **tb)
401 {
402         struct crypto_attr_type *algt;
403         struct aead_instance *inst;
404         struct hash_alg_common *auth;
405         struct crypto_alg *auth_base;
406         struct skcipher_alg *enc;
407         struct authenc_esn_instance_ctx *ctx;
408         const char *enc_name;
409         int err;
410 
411         algt = crypto_get_attr_type(tb);
412         if (IS_ERR(algt))
413                 return PTR_ERR(algt);
414 
415         if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
416                 return -EINVAL;
417 
418         auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
419                               CRYPTO_ALG_TYPE_AHASH_MASK |
420                               crypto_requires_sync(algt->type, algt->mask));
421         if (IS_ERR(auth))
422                 return PTR_ERR(auth);
423 
424         auth_base = &auth->base;
425 
426         enc_name = crypto_attr_alg_name(tb[2]);
427         err = PTR_ERR(enc_name);
428         if (IS_ERR(enc_name))
429                 goto out_put_auth;
430 
431         inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
432         err = -ENOMEM;
433         if (!inst)
434                 goto out_put_auth;
435 
436         ctx = aead_instance_ctx(inst);
437 
438         err = crypto_init_ahash_spawn(&ctx->auth, auth,
439                                       aead_crypto_instance(inst));
440         if (err)
441                 goto err_free_inst;
442 
443         crypto_set_skcipher_spawn(&ctx->enc, aead_crypto_instance(inst));
444         err = crypto_grab_skcipher(&ctx->enc, enc_name, 0,
445                                    crypto_requires_sync(algt->type,
446                                                         algt->mask));
447         if (err)
448                 goto err_drop_auth;
449 
450         enc = crypto_spawn_skcipher_alg(&ctx->enc);
451 
452         err = -ENAMETOOLONG;
453         if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
454                      "authencesn(%s,%s)", auth_base->cra_name,
455                      enc->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
456                 goto err_drop_enc;
457 
458         if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
459                      "authencesn(%s,%s)", auth_base->cra_driver_name,
460                      enc->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
461                 goto err_drop_enc;
462 
463         inst->alg.base.cra_flags = (auth_base->cra_flags |
464                                     enc->base.cra_flags) & CRYPTO_ALG_ASYNC;
465         inst->alg.base.cra_priority = enc->base.cra_priority * 10 +
466                                       auth_base->cra_priority;
467         inst->alg.base.cra_blocksize = enc->base.cra_blocksize;
468         inst->alg.base.cra_alignmask = auth_base->cra_alignmask |
469                                        enc->base.cra_alignmask;
470         inst->alg.base.cra_ctxsize = sizeof(struct crypto_authenc_esn_ctx);
471 
472         inst->alg.ivsize = crypto_skcipher_alg_ivsize(enc);
473         inst->alg.chunksize = crypto_skcipher_alg_chunksize(enc);
474         inst->alg.maxauthsize = auth->digestsize;
475 
476         inst->alg.init = crypto_authenc_esn_init_tfm;
477         inst->alg.exit = crypto_authenc_esn_exit_tfm;
478 
479         inst->alg.setkey = crypto_authenc_esn_setkey;
480         inst->alg.setauthsize = crypto_authenc_esn_setauthsize;
481         inst->alg.encrypt = crypto_authenc_esn_encrypt;
482         inst->alg.decrypt = crypto_authenc_esn_decrypt;
483 
484         inst->free = crypto_authenc_esn_free,
485 
486         err = aead_register_instance(tmpl, inst);
487         if (err)
488                 goto err_drop_enc;
489 
490 out:
491         crypto_mod_put(auth_base);
492         return err;
493 
494 err_drop_enc:
495         crypto_drop_skcipher(&ctx->enc);
496 err_drop_auth:
497         crypto_drop_ahash(&ctx->auth);
498 err_free_inst:
499         kfree(inst);
500 out_put_auth:
501         goto out;
502 }
503 
504 static struct crypto_template crypto_authenc_esn_tmpl = {
505         .name = "authencesn",
506         .create = crypto_authenc_esn_create,
507         .module = THIS_MODULE,
508 };
509 
510 static int __init crypto_authenc_esn_module_init(void)
511 {
512         return crypto_register_template(&crypto_authenc_esn_tmpl);
513 }
514 
515 static void __exit crypto_authenc_esn_module_exit(void)
516 {
517         crypto_unregister_template(&crypto_authenc_esn_tmpl);
518 }
519 
520 module_init(crypto_authenc_esn_module_init);
521 module_exit(crypto_authenc_esn_module_exit);
522 
523 MODULE_LICENSE("GPL");
524 MODULE_AUTHOR("Steffen Klassert <steffen.klassert@secunet.com>");
525 MODULE_DESCRIPTION("AEAD wrapper for IPsec with extended sequence numbers");
526 MODULE_ALIAS_CRYPTO("authencesn");
527 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us