1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* 3 * Symmetric key ciphers. 4 * 5 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8#ifndef _CRYPTO_SKCIPHER_H 9#define _CRYPTO_SKCIPHER_H 10 11#include <linux/crypto.h> 12#include <linux/kernel.h> 13#include <linux/slab.h> 14 15/** 16 * struct skcipher_request - Symmetric key cipher request 17 * @cryptlen: Number of bytes to encrypt or decrypt 18 * @iv: Initialisation Vector 19 * @src: Source SG list 20 * @dst: Destination SG list 21 * @base: Underlying async request request 22 * @__ctx: Start of private context data 23 */ 24struct skcipher_request { 25 unsigned int cryptlen; 26 27 u8 *iv; 28 29 struct scatterlist *src; 30 struct scatterlist *dst; 31 32 struct crypto_async_request base; 33 34 void *__ctx[] CRYPTO_MINALIGN_ATTR; 35}; 36 37struct crypto_skcipher { 38 int (*setkey)(struct crypto_skcipher *tfm, const u8 *key, 39 unsigned int keylen); 40 int (*encrypt)(struct skcipher_request *req); 41 int (*decrypt)(struct skcipher_request *req); 42 43 unsigned int ivsize; 44 unsigned int reqsize; 45 unsigned int keysize; 46 47 struct crypto_tfm base; 48}; 49 50struct crypto_sync_skcipher { 51 struct crypto_skcipher base; 52}; 53 54/** 55 * struct skcipher_alg - symmetric key cipher definition 56 * @min_keysize: Minimum key size supported by the transformation. This is the 57 * smallest key length supported by this transformation algorithm. 58 * This must be set to one of the pre-defined values as this is 59 * not hardware specific. Possible values for this field can be 60 * found via git grep "_MIN_KEY_SIZE" include/crypto/ 61 * @max_keysize: Maximum key size supported by the transformation. This is the 62 * largest key length supported by this transformation algorithm. 63 * This must be set to one of the pre-defined values as this is 64 * not hardware specific. Possible values for this field can be 65 * found via git grep "_MAX_KEY_SIZE" include/crypto/ 66 * @setkey: Set key for the transformation. This function is used to either 67 * program a supplied key into the hardware or store the key in the 68 * transformation context for programming it later. Note that this 69 * function does modify the transformation context. This function can 70 * be called multiple times during the existence of the transformation 71 * object, so one must make sure the key is properly reprogrammed into 72 * the hardware. This function is also responsible for checking the key 73 * length for validity. In case a software fallback was put in place in 74 * the @cra_init call, this function might need to use the fallback if 75 * the algorithm doesn't support all of the key sizes. 76 * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt 77 * the supplied scatterlist containing the blocks of data. The crypto 78 * API consumer is responsible for aligning the entries of the 79 * scatterlist properly and making sure the chunks are correctly 80 * sized. In case a software fallback was put in place in the 81 * @cra_init call, this function might need to use the fallback if 82 * the algorithm doesn't support all of the key sizes. In case the 83 * key was stored in transformation context, the key might need to be 84 * re-programmed into the hardware in this function. This function 85 * shall not modify the transformation context, as this function may 86 * be called in parallel with the same transformation object. 87 * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt 88 * and the conditions are exactly the same. 89 * @init: Initialize the cryptographic transformation object. This function 90 * is used to initialize the cryptographic transformation object. 91 * This function is called only once at the instantiation time, right 92 * after the transformation context was allocated. In case the 93 * cryptographic hardware has some special requirements which need to 94 * be handled by software, this function shall check for the precise 95 * requirement of the transformation and put any software fallbacks 96 * in place. 97 * @exit: Deinitialize the cryptographic transformation object. This is a 98 * counterpart to @init, used to remove various changes set in 99 * @init. 100 * @ivsize: IV size applicable for transformation. The consumer must provide an 101 * IV of exactly that size to perform the encrypt or decrypt operation. 102 * @chunksize: Equal to the block size except for stream ciphers such as 103 * CTR where it is set to the underlying block size. 104 * @walksize: Equal to the chunk size except in cases where the algorithm is 105 * considerably more efficient if it can operate on multiple chunks 106 * in parallel. Should be a multiple of chunksize. 107 * @base: Definition of a generic crypto algorithm. 108 * 109 * All fields except @ivsize are mandatory and must be filled. 110 */ 111struct skcipher_alg { 112 int (*setkey)(struct crypto_skcipher *tfm, const u8 *key, 113 unsigned int keylen); 114 int (*encrypt)(struct skcipher_request *req); 115 int (*decrypt)(struct skcipher_request *req); 116 int (*init)(struct crypto_skcipher *tfm); 117 void (*exit)(struct crypto_skcipher *tfm); 118 119 unsigned int min_keysize; 120 unsigned int max_keysize; 121 unsigned int ivsize; 122 unsigned int chunksize; 123 unsigned int walksize; 124 125 struct crypto_alg base; 126}; 127 128#define MAX_SYNC_SKCIPHER_REQSIZE 384 129/* 130 * This performs a type-check against the "tfm" argument to make sure 131 * all users have the correct skcipher tfm for doing on-stack requests. 132 */ 133#define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \ 134 char __##name##_desc[sizeof(struct skcipher_request) + \ 135 MAX_SYNC_SKCIPHER_REQSIZE + \ 136 (!(sizeof((struct crypto_sync_skcipher *)1 == \ 137 (typeof(tfm))1))) \ 138 ] CRYPTO_MINALIGN_ATTR; \ 139 struct skcipher_request *name = (void *)__##name##_desc 140 141/** 142 * DOC: Symmetric Key Cipher API 143 * 144 * Symmetric key cipher API is used with the ciphers of type 145 * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto). 146 * 147 * Asynchronous cipher operations imply that the function invocation for a 148 * cipher request returns immediately before the completion of the operation. 149 * The cipher request is scheduled as a separate kernel thread and therefore 150 * load-balanced on the different CPUs via the process scheduler. To allow 151 * the kernel crypto API to inform the caller about the completion of a cipher 152 * request, the caller must provide a callback function. That function is 153 * invoked with the cipher handle when the request completes. 154 * 155 * To support the asynchronous operation, additional information than just the 156 * cipher handle must be supplied to the kernel crypto API. That additional 157 * information is given by filling in the skcipher_request data structure. 158 * 159 * For the symmetric key cipher API, the state is maintained with the tfm 160 * cipher handle. A single tfm can be used across multiple calls and in 161 * parallel. For asynchronous block cipher calls, context data supplied and 162 * only used by the caller can be referenced the request data structure in 163 * addition to the IV used for the cipher request. The maintenance of such 164 * state information would be important for a crypto driver implementer to 165 * have, because when calling the callback function upon completion of the 166 * cipher operation, that callback function may need some information about 167 * which operation just finished if it invoked multiple in parallel. This 168 * state information is unused by the kernel crypto API. 169 */ 170 171static inline struct crypto_skcipher *__crypto_skcipher_cast( 172 struct crypto_tfm *tfm) 173{ 174 return container_of(tfm, struct crypto_skcipher, base); 175} 176 177/** 178 * crypto_alloc_skcipher() - allocate symmetric key cipher handle 179 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 180 * skcipher cipher 181 * @type: specifies the type of the cipher 182 * @mask: specifies the mask for the cipher 183 * 184 * Allocate a cipher handle for an skcipher. The returned struct 185 * crypto_skcipher is the cipher handle that is required for any subsequent 186 * API invocation for that skcipher. 187 * 188 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 189 * of an error, PTR_ERR() returns the error code. 190 */ 191struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name, 192 u32 type, u32 mask); 193 194struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, 195 u32 type, u32 mask); 196 197static inline struct crypto_tfm *crypto_skcipher_tfm( 198 struct crypto_skcipher *tfm) 199{ 200 return &tfm->base; 201} 202 203/** 204 * crypto_free_skcipher() - zeroize and free cipher handle 205 * @tfm: cipher handle to be freed 206 */ 207static inline void crypto_free_skcipher(struct crypto_skcipher *tfm) 208{ 209 crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm)); 210} 211 212static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm) 213{ 214 crypto_free_skcipher(&tfm->base); 215} 216 217/** 218 * crypto_has_skcipher() - Search for the availability of an skcipher. 219 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 220 * skcipher 221 * @type: specifies the type of the cipher 222 * @mask: specifies the mask for the cipher 223 * 224 * Return: true when the skcipher is known to the kernel crypto API; false 225 * otherwise 226 */ 227static inline int crypto_has_skcipher(const char *alg_name, u32 type, 228 u32 mask) 229{ 230 return crypto_has_alg(alg_name, crypto_skcipher_type(type), 231 crypto_skcipher_mask(mask)); 232} 233 234/** 235 * crypto_has_skcipher2() - Search for the availability of an skcipher. 236 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 237 * skcipher 238 * @type: specifies the type of the skcipher 239 * @mask: specifies the mask for the skcipher 240 * 241 * Return: true when the skcipher is known to the kernel crypto API; false 242 * otherwise 243 */ 244int crypto_has_skcipher2(const char *alg_name, u32 type, u32 mask); 245 246static inline const char *crypto_skcipher_driver_name( 247 struct crypto_skcipher *tfm) 248{ 249 return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); 250} 251 252static inline struct skcipher_alg *crypto_skcipher_alg( 253 struct crypto_skcipher *tfm) 254{ 255 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 256 struct skcipher_alg, base); 257} 258 259static inline unsigned int crypto_skcipher_alg_ivsize(struct skcipher_alg *alg) 260{ 261 if ((alg->base.cra_flags & CRYPTO_ALG_TYPE_MASK) == 262 CRYPTO_ALG_TYPE_BLKCIPHER) 263 return alg->base.cra_blkcipher.ivsize; 264 265 if (alg->base.cra_ablkcipher.encrypt) 266 return alg->base.cra_ablkcipher.ivsize; 267 268 return alg->ivsize; 269} 270 271/** 272 * crypto_skcipher_ivsize() - obtain IV size 273 * @tfm: cipher handle 274 * 275 * The size of the IV for the skcipher referenced by the cipher handle is 276 * returned. This IV size may be zero if the cipher does not need an IV. 277 * 278 * Return: IV size in bytes 279 */ 280static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm) 281{ 282 return tfm->ivsize; 283} 284 285static inline unsigned int crypto_sync_skcipher_ivsize( 286 struct crypto_sync_skcipher *tfm) 287{ 288 return crypto_skcipher_ivsize(&tfm->base); 289} 290 291/** 292 * crypto_skcipher_blocksize() - obtain block size of cipher 293 * @tfm: cipher handle 294 * 295 * The block size for the skcipher referenced with the cipher handle is 296 * returned. The caller may use that information to allocate appropriate 297 * memory for the data returned by the encryption or decryption operation 298 * 299 * Return: block size of cipher 300 */ 301static inline unsigned int crypto_skcipher_blocksize( 302 struct crypto_skcipher *tfm) 303{ 304 return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm)); 305} 306 307static inline unsigned int crypto_sync_skcipher_blocksize( 308 struct crypto_sync_skcipher *tfm) 309{ 310 return crypto_skcipher_blocksize(&tfm->base); 311} 312 313static inline unsigned int crypto_skcipher_alignmask( 314 struct crypto_skcipher *tfm) 315{ 316 return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm)); 317} 318 319static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm) 320{ 321 return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm)); 322} 323 324static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm, 325 u32 flags) 326{ 327 crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags); 328} 329 330static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm, 331 u32 flags) 332{ 333 crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags); 334} 335 336static inline u32 crypto_sync_skcipher_get_flags( 337 struct crypto_sync_skcipher *tfm) 338{ 339 return crypto_skcipher_get_flags(&tfm->base); 340} 341 342static inline void crypto_sync_skcipher_set_flags( 343 struct crypto_sync_skcipher *tfm, u32 flags) 344{ 345 crypto_skcipher_set_flags(&tfm->base, flags); 346} 347 348static inline void crypto_sync_skcipher_clear_flags( 349 struct crypto_sync_skcipher *tfm, u32 flags) 350{ 351 crypto_skcipher_clear_flags(&tfm->base, flags); 352} 353 354/** 355 * crypto_skcipher_setkey() - set key for cipher 356 * @tfm: cipher handle 357 * @key: buffer holding the key 358 * @keylen: length of the key in bytes 359 * 360 * The caller provided key is set for the skcipher referenced by the cipher 361 * handle. 362 * 363 * Note, the key length determines the cipher type. Many block ciphers implement 364 * different cipher modes depending on the key size, such as AES-128 vs AES-192 365 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 366 * is performed. 367 * 368 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 369 */ 370static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm, 371 const u8 *key, unsigned int keylen) 372{ 373 return tfm->setkey(tfm, key, keylen); 374} 375 376static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, 377 const u8 *key, unsigned int keylen) 378{ 379 return crypto_skcipher_setkey(&tfm->base, key, keylen); 380} 381 382static inline unsigned int crypto_skcipher_default_keysize( 383 struct crypto_skcipher *tfm) 384{ 385 return tfm->keysize; 386} 387 388/** 389 * crypto_skcipher_reqtfm() - obtain cipher handle from request 390 * @req: skcipher_request out of which the cipher handle is to be obtained 391 * 392 * Return the crypto_skcipher handle when furnishing an skcipher_request 393 * data structure. 394 * 395 * Return: crypto_skcipher handle 396 */ 397static inline struct crypto_skcipher *crypto_skcipher_reqtfm( 398 struct skcipher_request *req) 399{ 400 return __crypto_skcipher_cast(req->base.tfm); 401} 402 403static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm( 404 struct skcipher_request *req) 405{ 406 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 407 408 return container_of(tfm, struct crypto_sync_skcipher, base); 409} 410 411/** 412 * crypto_skcipher_encrypt() - encrypt plaintext 413 * @req: reference to the skcipher_request handle that holds all information 414 * needed to perform the cipher operation 415 * 416 * Encrypt plaintext data using the skcipher_request handle. That data 417 * structure and how it is filled with data is discussed with the 418 * skcipher_request_* functions. 419 * 420 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 421 */ 422int crypto_skcipher_encrypt(struct skcipher_request *req); 423 424/** 425 * crypto_skcipher_decrypt() - decrypt ciphertext 426 * @req: reference to the skcipher_request handle that holds all information 427 * needed to perform the cipher operation 428 * 429 * Decrypt ciphertext data using the skcipher_request handle. That data 430 * structure and how it is filled with data is discussed with the 431 * skcipher_request_* functions. 432 * 433 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 434 */ 435int crypto_skcipher_decrypt(struct skcipher_request *req); 436 437/** 438 * DOC: Symmetric Key Cipher Request Handle 439 * 440 * The skcipher_request data structure contains all pointers to data 441 * required for the symmetric key cipher operation. This includes the cipher 442 * handle (which can be used by multiple skcipher_request instances), pointer 443 * to plaintext and ciphertext, asynchronous callback function, etc. It acts 444 * as a handle to the skcipher_request_* API calls in a similar way as 445 * skcipher handle to the crypto_skcipher_* API calls. 446 */ 447 448/** 449 * crypto_skcipher_reqsize() - obtain size of the request data structure 450 * @tfm: cipher handle 451 * 452 * Return: number of bytes 453 */ 454static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) 455{ 456 return tfm->reqsize; 457} 458 459/** 460 * skcipher_request_set_tfm() - update cipher handle reference in request 461 * @req: request handle to be modified 462 * @tfm: cipher handle that shall be added to the request handle 463 * 464 * Allow the caller to replace the existing skcipher handle in the request 465 * data structure with a different one. 466 */ 467static inline void skcipher_request_set_tfm(struct skcipher_request *req, 468 struct crypto_skcipher *tfm) 469{ 470 req->base.tfm = crypto_skcipher_tfm(tfm); 471} 472 473static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req, 474 struct crypto_sync_skcipher *tfm) 475{ 476 skcipher_request_set_tfm(req, &tfm->base); 477} 478 479static inline struct skcipher_request *skcipher_request_cast( 480 struct crypto_async_request *req) 481{ 482 return container_of(req, struct skcipher_request, base); 483} 484 485/** 486 * skcipher_request_alloc() - allocate request data structure 487 * @tfm: cipher handle to be registered with the request 488 * @gfp: memory allocation flag that is handed to kmalloc by the API call. 489 * 490 * Allocate the request data structure that must be used with the skcipher 491 * encrypt and decrypt API calls. During the allocation, the provided skcipher 492 * handle is registered in the request data structure. 493 * 494 * Return: allocated request handle in case of success, or NULL if out of memory 495 */ 496static inline struct skcipher_request *skcipher_request_alloc( 497 struct crypto_skcipher *tfm, gfp_t gfp) 498{ 499 struct skcipher_request *req; 500 501 req = kmalloc(sizeof(struct skcipher_request) + 502 crypto_skcipher_reqsize(tfm), gfp); 503 504 if (likely(req)) 505 skcipher_request_set_tfm(req, tfm); 506 507 return req; 508} 509 510/** 511 * skcipher_request_free() - zeroize and free request data structure 512 * @req: request data structure cipher handle to be freed 513 */ 514static inline void skcipher_request_free(struct skcipher_request *req) 515{ 516 kzfree(req); 517} 518 519static inline void skcipher_request_zero(struct skcipher_request *req) 520{ 521 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 522 523 memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm)); 524} 525 526/** 527 * skcipher_request_set_callback() - set asynchronous callback function 528 * @req: request handle 529 * @flags: specify zero or an ORing of the flags 530 * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and 531 * increase the wait queue beyond the initial maximum size; 532 * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep 533 * @compl: callback function pointer to be registered with the request handle 534 * @data: The data pointer refers to memory that is not used by the kernel 535 * crypto API, but provided to the callback function for it to use. Here, 536 * the caller can provide a reference to memory the callback function can 537 * operate on. As the callback function is invoked asynchronously to the 538 * related functionality, it may need to access data structures of the 539 * related functionality which can be referenced using this pointer. The 540 * callback function can access the memory via the "data" field in the 541 * crypto_async_request data structure provided to the callback function. 542 * 543 * This function allows setting the callback function that is triggered once the 544 * cipher operation completes. 545 * 546 * The callback function is registered with the skcipher_request handle and 547 * must comply with the following template:: 548 * 549 * void callback_function(struct crypto_async_request *req, int error) 550 */ 551static inline void skcipher_request_set_callback(struct skcipher_request *req, 552 u32 flags, 553 crypto_completion_t compl, 554 void *data) 555{ 556 req->base.complete = compl; 557 req->base.data = data; 558 req->base.flags = flags; 559} 560 561/** 562 * skcipher_request_set_crypt() - set data buffers 563 * @req: request handle 564 * @src: source scatter / gather list 565 * @dst: destination scatter / gather list 566 * @cryptlen: number of bytes to process from @src 567 * @iv: IV for the cipher operation which must comply with the IV size defined 568 * by crypto_skcipher_ivsize 569 * 570 * This function allows setting of the source data and destination data 571 * scatter / gather lists. 572 * 573 * For encryption, the source is treated as the plaintext and the 574 * destination is the ciphertext. For a decryption operation, the use is 575 * reversed - the source is the ciphertext and the destination is the plaintext. 576 */ 577static inline void skcipher_request_set_crypt( 578 struct skcipher_request *req, 579 struct scatterlist *src, struct scatterlist *dst, 580 unsigned int cryptlen, void *iv) 581{ 582 req->src = src; 583 req->dst = dst; 584 req->cryptlen = cryptlen; 585 req->iv = iv; 586} 587 588#endif /* _CRYPTO_SKCIPHER_H */ 589 590