1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* 3 * Key-agreement Protocol Primitives (KPP) 4 * 5 * Copyright (c) 2016, Intel Corporation 6 * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com> 7 */ 8 9#ifndef _CRYPTO_KPP_ 10#define _CRYPTO_KPP_ 11#include <linux/crypto.h> 12 13/** 14 * struct kpp_request 15 * 16 * @base: Common attributes for async crypto requests 17 * @src: Source data 18 * @dst: Destination data 19 * @src_len: Size of the input buffer 20 * @dst_len: Size of the output buffer. It needs to be at least 21 * as big as the expected result depending on the operation 22 * After operation it will be updated with the actual size of the 23 * result. In case of error where the dst sgl size was insufficient, 24 * it will be updated to the size required for the operation. 25 * @__ctx: Start of private context data 26 */ 27struct kpp_request { 28 struct crypto_async_request base; 29 struct scatterlist *src; 30 struct scatterlist *dst; 31 unsigned int src_len; 32 unsigned int dst_len; 33 void *__ctx[] CRYPTO_MINALIGN_ATTR; 34}; 35 36/** 37 * struct crypto_kpp - user-instantiated object which encapsulate 38 * algorithms and core processing logic 39 * 40 * @base: Common crypto API algorithm data structure 41 */ 42struct crypto_kpp { 43 struct crypto_tfm base; 44}; 45 46/** 47 * struct kpp_alg - generic key-agreement protocol primitives 48 * 49 * @set_secret: Function invokes the protocol specific function to 50 * store the secret private key along with parameters. 51 * The implementation knows how to decode the buffer 52 * @generate_public_key: Function generate the public key to be sent to the 53 * counterpart. In case of error, where output is not big 54 * enough req->dst_len will be updated to the size 55 * required 56 * @compute_shared_secret: Function compute the shared secret as defined by 57 * the algorithm. The result is given back to the user. 58 * In case of error, where output is not big enough, 59 * req->dst_len will be updated to the size required 60 * @max_size: Function returns the size of the output buffer 61 * @init: Initialize the object. This is called only once at 62 * instantiation time. In case the cryptographic hardware 63 * needs to be initialized. Software fallback should be 64 * put in place here. 65 * @exit: Undo everything @init did. 66 * 67 * @reqsize: Request context size required by algorithm 68 * implementation 69 * @base: Common crypto API algorithm data structure 70 */ 71struct kpp_alg { 72 int (*set_secret)(struct crypto_kpp *tfm, const void *buffer, 73 unsigned int len); 74 int (*generate_public_key)(struct kpp_request *req); 75 int (*compute_shared_secret)(struct kpp_request *req); 76 77 unsigned int (*max_size)(struct crypto_kpp *tfm); 78 79 int (*init)(struct crypto_kpp *tfm); 80 void (*exit)(struct crypto_kpp *tfm); 81 82 unsigned int reqsize; 83 struct crypto_alg base; 84}; 85 86/** 87 * DOC: Generic Key-agreement Protocol Primitives API 88 * 89 * The KPP API is used with the algorithm type 90 * CRYPTO_ALG_TYPE_KPP (listed as type "kpp" in /proc/crypto) 91 */ 92 93/** 94 * crypto_alloc_kpp() - allocate KPP tfm handle 95 * @alg_name: is the name of the kpp algorithm (e.g. "dh", "ecdh") 96 * @type: specifies the type of the algorithm 97 * @mask: specifies the mask for the algorithm 98 * 99 * Allocate a handle for kpp algorithm. The returned struct crypto_kpp 100 * is required for any following API invocation 101 * 102 * Return: allocated handle in case of success; IS_ERR() is true in case of 103 * an error, PTR_ERR() returns the error code. 104 */ 105struct crypto_kpp *crypto_alloc_kpp(const char *alg_name, u32 type, u32 mask); 106 107static inline struct crypto_tfm *crypto_kpp_tfm(struct crypto_kpp *tfm) 108{ 109 return &tfm->base; 110} 111 112static inline struct kpp_alg *__crypto_kpp_alg(struct crypto_alg *alg) 113{ 114 return container_of(alg, struct kpp_alg, base); 115} 116 117static inline struct crypto_kpp *__crypto_kpp_tfm(struct crypto_tfm *tfm) 118{ 119 return container_of(tfm, struct crypto_kpp, base); 120} 121 122static inline struct kpp_alg *crypto_kpp_alg(struct crypto_kpp *tfm) 123{ 124 return __crypto_kpp_alg(crypto_kpp_tfm(tfm)->__crt_alg); 125} 126 127static inline unsigned int crypto_kpp_reqsize(struct crypto_kpp *tfm) 128{ 129 return crypto_kpp_alg(tfm)->reqsize; 130} 131 132static inline void kpp_request_set_tfm(struct kpp_request *req, 133 struct crypto_kpp *tfm) 134{ 135 req->base.tfm = crypto_kpp_tfm(tfm); 136} 137 138static inline struct crypto_kpp *crypto_kpp_reqtfm(struct kpp_request *req) 139{ 140 return __crypto_kpp_tfm(req->base.tfm); 141} 142 143static inline u32 crypto_kpp_get_flags(struct crypto_kpp *tfm) 144{ 145 return crypto_tfm_get_flags(crypto_kpp_tfm(tfm)); 146} 147 148static inline void crypto_kpp_set_flags(struct crypto_kpp *tfm, u32 flags) 149{ 150 crypto_tfm_set_flags(crypto_kpp_tfm(tfm), flags); 151} 152 153/** 154 * crypto_free_kpp() - free KPP tfm handle 155 * 156 * @tfm: KPP tfm handle allocated with crypto_alloc_kpp() 157 */ 158static inline void crypto_free_kpp(struct crypto_kpp *tfm) 159{ 160 crypto_destroy_tfm(tfm, crypto_kpp_tfm(tfm)); 161} 162 163/** 164 * kpp_request_alloc() - allocates kpp request 165 * 166 * @tfm: KPP tfm handle allocated with crypto_alloc_kpp() 167 * @gfp: allocation flags 168 * 169 * Return: allocated handle in case of success or NULL in case of an error. 170 */ 171static inline struct kpp_request *kpp_request_alloc(struct crypto_kpp *tfm, 172 gfp_t gfp) 173{ 174 struct kpp_request *req; 175 176 req = kmalloc(sizeof(*req) + crypto_kpp_reqsize(tfm), gfp); 177 if (likely(req)) 178 kpp_request_set_tfm(req, tfm); 179 180 return req; 181} 182 183/** 184 * kpp_request_free() - zeroize and free kpp request 185 * 186 * @req: request to free 187 */ 188static inline void kpp_request_free(struct kpp_request *req) 189{ 190 kfree_sensitive(req); 191} 192 193/** 194 * kpp_request_set_callback() - Sets an asynchronous callback. 195 * 196 * Callback will be called when an asynchronous operation on a given 197 * request is finished. 198 * 199 * @req: request that the callback will be set for 200 * @flgs: specify for instance if the operation may backlog 201 * @cmpl: callback which will be called 202 * @data: private data used by the caller 203 */ 204static inline void kpp_request_set_callback(struct kpp_request *req, 205 u32 flgs, 206 crypto_completion_t cmpl, 207 void *data) 208{ 209 req->base.complete = cmpl; 210 req->base.data = data; 211 req->base.flags = flgs; 212} 213 214/** 215 * kpp_request_set_input() - Sets input buffer 216 * 217 * Sets parameters required by generate_public_key 218 * 219 * @req: kpp request 220 * @input: ptr to input scatter list 221 * @input_len: size of the input scatter list 222 */ 223static inline void kpp_request_set_input(struct kpp_request *req, 224 struct scatterlist *input, 225 unsigned int input_len) 226{ 227 req->src = input; 228 req->src_len = input_len; 229} 230 231/** 232 * kpp_request_set_output() - Sets output buffer 233 * 234 * Sets parameters required by kpp operation 235 * 236 * @req: kpp request 237 * @output: ptr to output scatter list 238 * @output_len: size of the output scatter list 239 */ 240static inline void kpp_request_set_output(struct kpp_request *req, 241 struct scatterlist *output, 242 unsigned int output_len) 243{ 244 req->dst = output; 245 req->dst_len = output_len; 246} 247 248enum { 249 CRYPTO_KPP_SECRET_TYPE_UNKNOWN, 250 CRYPTO_KPP_SECRET_TYPE_DH, 251 CRYPTO_KPP_SECRET_TYPE_ECDH, 252}; 253 254/** 255 * struct kpp_secret - small header for packing secret buffer 256 * 257 * @type: define type of secret. Each kpp type will define its own 258 * @len: specify the len of the secret, include the header, that 259 * follows the struct 260 */ 261struct kpp_secret { 262 unsigned short type; 263 unsigned short len; 264}; 265 266/** 267 * crypto_kpp_set_secret() - Invoke kpp operation 268 * 269 * Function invokes the specific kpp operation for a given alg. 270 * 271 * @tfm: tfm handle 272 * @buffer: Buffer holding the packet representation of the private 273 * key. The structure of the packet key depends on the particular 274 * KPP implementation. Packing and unpacking helpers are provided 275 * for ECDH and DH (see the respective header files for those 276 * implementations). 277 * @len: Length of the packet private key buffer. 278 * 279 * Return: zero on success; error code in case of error 280 */ 281static inline int crypto_kpp_set_secret(struct crypto_kpp *tfm, 282 const void *buffer, unsigned int len) 283{ 284 struct kpp_alg *alg = crypto_kpp_alg(tfm); 285 struct crypto_alg *calg = tfm->base.__crt_alg; 286 int ret; 287 288 crypto_stats_get(calg); 289 ret = alg->set_secret(tfm, buffer, len); 290 crypto_stats_kpp_set_secret(calg, ret); 291 return ret; 292} 293 294/** 295 * crypto_kpp_generate_public_key() - Invoke kpp operation 296 * 297 * Function invokes the specific kpp operation for generating the public part 298 * for a given kpp algorithm. 299 * 300 * To generate a private key, the caller should use a random number generator. 301 * The output of the requested length serves as the private key. 302 * 303 * @req: kpp key request 304 * 305 * Return: zero on success; error code in case of error 306 */ 307static inline int crypto_kpp_generate_public_key(struct kpp_request *req) 308{ 309 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 310 struct kpp_alg *alg = crypto_kpp_alg(tfm); 311 struct crypto_alg *calg = tfm->base.__crt_alg; 312 int ret; 313 314 crypto_stats_get(calg); 315 ret = alg->generate_public_key(req); 316 crypto_stats_kpp_generate_public_key(calg, ret); 317 return ret; 318} 319 320/** 321 * crypto_kpp_compute_shared_secret() - Invoke kpp operation 322 * 323 * Function invokes the specific kpp operation for computing the shared secret 324 * for a given kpp algorithm. 325 * 326 * @req: kpp key request 327 * 328 * Return: zero on success; error code in case of error 329 */ 330static inline int crypto_kpp_compute_shared_secret(struct kpp_request *req) 331{ 332 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 333 struct kpp_alg *alg = crypto_kpp_alg(tfm); 334 struct crypto_alg *calg = tfm->base.__crt_alg; 335 int ret; 336 337 crypto_stats_get(calg); 338 ret = alg->compute_shared_secret(req); 339 crypto_stats_kpp_compute_shared_secret(calg, ret); 340 return ret; 341} 342 343/** 344 * crypto_kpp_maxsize() - Get len for output buffer 345 * 346 * Function returns the output buffer size required for a given key. 347 * Function assumes that the key is already set in the transformation. If this 348 * function is called without a setkey or with a failed setkey, you will end up 349 * in a NULL dereference. 350 * 351 * @tfm: KPP tfm handle allocated with crypto_alloc_kpp() 352 */ 353static inline unsigned int crypto_kpp_maxsize(struct crypto_kpp *tfm) 354{ 355 struct kpp_alg *alg = crypto_kpp_alg(tfm); 356 357 return alg->max_size(tfm); 358} 359 360#endif 361