1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* 3 * Symmetric key ciphers. 4 * 5 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8#ifndef _CRYPTO_SKCIPHER_H 9#define _CRYPTO_SKCIPHER_H 10 11#include <linux/atomic.h> 12#include <linux/container_of.h> 13#include <linux/crypto.h> 14#include <linux/slab.h> 15#include <linux/string.h> 16#include <linux/types.h> 17 18/* Set this bit if the lskcipher operation is a continuation. */ 19#define CRYPTO_LSKCIPHER_FLAG_CONT 0x00000001 20/* Set this bit if the lskcipher operation is final. */ 21#define CRYPTO_LSKCIPHER_FLAG_FINAL 0x00000002 22/* The bit CRYPTO_TFM_REQ_MAY_SLEEP can also be set if needed. */ 23 24/* Set this bit if the skcipher operation is a continuation. */ 25#define CRYPTO_SKCIPHER_REQ_CONT 0x00000001 26/* Set this bit if the skcipher operation is not final. */ 27#define CRYPTO_SKCIPHER_REQ_NOTFINAL 0x00000002 28 29struct scatterlist; 30 31/** 32 * struct skcipher_request - Symmetric key cipher request 33 * @cryptlen: Number of bytes to encrypt or decrypt 34 * @iv: Initialisation Vector 35 * @src: Source SG list 36 * @dst: Destination SG list 37 * @base: Underlying async request 38 * @__ctx: Start of private context data 39 */ 40struct skcipher_request { 41 unsigned int cryptlen; 42 43 u8 *iv; 44 45 struct scatterlist *src; 46 struct scatterlist *dst; 47 48 struct crypto_async_request base; 49 50 void *__ctx[] CRYPTO_MINALIGN_ATTR; 51}; 52 53struct crypto_skcipher { 54 unsigned int reqsize; 55 56 struct crypto_tfm base; 57}; 58 59struct crypto_sync_skcipher { 60 struct crypto_skcipher base; 61}; 62 63struct crypto_lskcipher { 64 struct crypto_tfm base; 65}; 66 67/* 68 * struct crypto_istat_cipher - statistics for cipher algorithm 69 * @encrypt_cnt: number of encrypt requests 70 * @encrypt_tlen: total data size handled by encrypt requests 71 * @decrypt_cnt: number of decrypt requests 72 * @decrypt_tlen: total data size handled by decrypt requests 73 * @err_cnt: number of error for cipher requests 74 */ 75struct crypto_istat_cipher { 76 atomic64_t encrypt_cnt; 77 atomic64_t encrypt_tlen; 78 atomic64_t decrypt_cnt; 79 atomic64_t decrypt_tlen; 80 atomic64_t err_cnt; 81}; 82 83#ifdef CONFIG_CRYPTO_STATS 84#define SKCIPHER_ALG_COMMON_STAT struct crypto_istat_cipher stat; 85#else 86#define SKCIPHER_ALG_COMMON_STAT 87#endif 88 89/* 90 * struct skcipher_alg_common - common properties of skcipher_alg 91 * @min_keysize: Minimum key size supported by the transformation. This is the 92 * smallest key length supported by this transformation algorithm. 93 * This must be set to one of the pre-defined values as this is 94 * not hardware specific. Possible values for this field can be 95 * found via git grep "_MIN_KEY_SIZE" include/crypto/ 96 * @max_keysize: Maximum key size supported by the transformation. This is the 97 * largest key length supported by this transformation algorithm. 98 * This must be set to one of the pre-defined values as this is 99 * not hardware specific. Possible values for this field can be 100 * found via git grep "_MAX_KEY_SIZE" include/crypto/ 101 * @ivsize: IV size applicable for transformation. The consumer must provide an 102 * IV of exactly that size to perform the encrypt or decrypt operation. 103 * @chunksize: Equal to the block size except for stream ciphers such as 104 * CTR where it is set to the underlying block size. 105 * @statesize: Size of the internal state for the algorithm. 106 * @stat: Statistics for cipher algorithm 107 * @base: Definition of a generic crypto algorithm. 108 */ 109#define SKCIPHER_ALG_COMMON { \ 110 unsigned int min_keysize; \ 111 unsigned int max_keysize; \ 112 unsigned int ivsize; \ 113 unsigned int chunksize; \ 114 unsigned int statesize; \ 115 \ 116 SKCIPHER_ALG_COMMON_STAT \ 117 \ 118 struct crypto_alg base; \ 119} 120struct skcipher_alg_common SKCIPHER_ALG_COMMON; 121 122/** 123 * struct skcipher_alg - symmetric key cipher definition 124 * @setkey: Set key for the transformation. This function is used to either 125 * program a supplied key into the hardware or store the key in the 126 * transformation context for programming it later. Note that this 127 * function does modify the transformation context. This function can 128 * be called multiple times during the existence of the transformation 129 * object, so one must make sure the key is properly reprogrammed into 130 * the hardware. This function is also responsible for checking the key 131 * length for validity. In case a software fallback was put in place in 132 * the @cra_init call, this function might need to use the fallback if 133 * the algorithm doesn't support all of the key sizes. 134 * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt 135 * the supplied scatterlist containing the blocks of data. The crypto 136 * API consumer is responsible for aligning the entries of the 137 * scatterlist properly and making sure the chunks are correctly 138 * sized. In case a software fallback was put in place in the 139 * @cra_init call, this function might need to use the fallback if 140 * the algorithm doesn't support all of the key sizes. In case the 141 * key was stored in transformation context, the key might need to be 142 * re-programmed into the hardware in this function. This function 143 * shall not modify the transformation context, as this function may 144 * be called in parallel with the same transformation object. 145 * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt 146 * and the conditions are exactly the same. 147 * @export: Export partial state of the transformation. This function dumps the 148 * entire state of the ongoing transformation into a provided block of 149 * data so it can be @import 'ed back later on. This is useful in case 150 * you want to save partial result of the transformation after 151 * processing certain amount of data and reload this partial result 152 * multiple times later on for multiple re-use. No data processing 153 * happens at this point. 154 * @import: Import partial state of the transformation. This function loads the 155 * entire state of the ongoing transformation from a provided block of 156 * data so the transformation can continue from this point onward. No 157 * data processing happens at this point. 158 * @init: Initialize the cryptographic transformation object. This function 159 * is used to initialize the cryptographic transformation object. 160 * This function is called only once at the instantiation time, right 161 * after the transformation context was allocated. In case the 162 * cryptographic hardware has some special requirements which need to 163 * be handled by software, this function shall check for the precise 164 * requirement of the transformation and put any software fallbacks 165 * in place. 166 * @exit: Deinitialize the cryptographic transformation object. This is a 167 * counterpart to @init, used to remove various changes set in 168 * @init. 169 * @walksize: Equal to the chunk size except in cases where the algorithm is 170 * considerably more efficient if it can operate on multiple chunks 171 * in parallel. Should be a multiple of chunksize. 172 * @co: see struct skcipher_alg_common 173 * 174 * All fields except @ivsize are mandatory and must be filled. 175 */ 176struct skcipher_alg { 177 int (*setkey)(struct crypto_skcipher *tfm, const u8 *key, 178 unsigned int keylen); 179 int (*encrypt)(struct skcipher_request *req); 180 int (*decrypt)(struct skcipher_request *req); 181 int (*export)(struct skcipher_request *req, void *out); 182 int (*import)(struct skcipher_request *req, const void *in); 183 int (*init)(struct crypto_skcipher *tfm); 184 void (*exit)(struct crypto_skcipher *tfm); 185 186 unsigned int walksize; 187 188 union { 189 struct SKCIPHER_ALG_COMMON; 190 struct skcipher_alg_common co; 191 }; 192}; 193 194/** 195 * struct lskcipher_alg - linear symmetric key cipher definition 196 * @setkey: Set key for the transformation. This function is used to either 197 * program a supplied key into the hardware or store the key in the 198 * transformation context for programming it later. Note that this 199 * function does modify the transformation context. This function can 200 * be called multiple times during the existence of the transformation 201 * object, so one must make sure the key is properly reprogrammed into 202 * the hardware. This function is also responsible for checking the key 203 * length for validity. In case a software fallback was put in place in 204 * the @cra_init call, this function might need to use the fallback if 205 * the algorithm doesn't support all of the key sizes. 206 * @encrypt: Encrypt a number of bytes. This function is used to encrypt 207 * the supplied data. This function shall not modify 208 * the transformation context, as this function may be called 209 * in parallel with the same transformation object. Data 210 * may be left over if length is not a multiple of blocks 211 * and there is more to come (final == false). The number of 212 * left-over bytes should be returned in case of success. 213 * The siv field shall be as long as ivsize + statesize with 214 * the IV placed at the front. The state will be used by the 215 * algorithm internally. 216 * @decrypt: Decrypt a number of bytes. This is a reverse counterpart to 217 * @encrypt and the conditions are exactly the same. 218 * @init: Initialize the cryptographic transformation object. This function 219 * is used to initialize the cryptographic transformation object. 220 * This function is called only once at the instantiation time, right 221 * after the transformation context was allocated. 222 * @exit: Deinitialize the cryptographic transformation object. This is a 223 * counterpart to @init, used to remove various changes set in 224 * @init. 225 * @co: see struct skcipher_alg_common 226 */ 227struct lskcipher_alg { 228 int (*setkey)(struct crypto_lskcipher *tfm, const u8 *key, 229 unsigned int keylen); 230 int (*encrypt)(struct crypto_lskcipher *tfm, const u8 *src, 231 u8 *dst, unsigned len, u8 *siv, u32 flags); 232 int (*decrypt)(struct crypto_lskcipher *tfm, const u8 *src, 233 u8 *dst, unsigned len, u8 *siv, u32 flags); 234 int (*init)(struct crypto_lskcipher *tfm); 235 void (*exit)(struct crypto_lskcipher *tfm); 236 237 struct skcipher_alg_common co; 238}; 239 240#define MAX_SYNC_SKCIPHER_REQSIZE 384 241/* 242 * This performs a type-check against the "tfm" argument to make sure 243 * all users have the correct skcipher tfm for doing on-stack requests. 244 */ 245#define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \ 246 char __##name##_desc[sizeof(struct skcipher_request) + \ 247 MAX_SYNC_SKCIPHER_REQSIZE + \ 248 (!(sizeof((struct crypto_sync_skcipher *)1 == \ 249 (typeof(tfm))1))) \ 250 ] CRYPTO_MINALIGN_ATTR; \ 251 struct skcipher_request *name = (void *)__##name##_desc 252 253/** 254 * DOC: Symmetric Key Cipher API 255 * 256 * Symmetric key cipher API is used with the ciphers of type 257 * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto). 258 * 259 * Asynchronous cipher operations imply that the function invocation for a 260 * cipher request returns immediately before the completion of the operation. 261 * The cipher request is scheduled as a separate kernel thread and therefore 262 * load-balanced on the different CPUs via the process scheduler. To allow 263 * the kernel crypto API to inform the caller about the completion of a cipher 264 * request, the caller must provide a callback function. That function is 265 * invoked with the cipher handle when the request completes. 266 * 267 * To support the asynchronous operation, additional information than just the 268 * cipher handle must be supplied to the kernel crypto API. That additional 269 * information is given by filling in the skcipher_request data structure. 270 * 271 * For the symmetric key cipher API, the state is maintained with the tfm 272 * cipher handle. A single tfm can be used across multiple calls and in 273 * parallel. For asynchronous block cipher calls, context data supplied and 274 * only used by the caller can be referenced the request data structure in 275 * addition to the IV used for the cipher request. The maintenance of such 276 * state information would be important for a crypto driver implementer to 277 * have, because when calling the callback function upon completion of the 278 * cipher operation, that callback function may need some information about 279 * which operation just finished if it invoked multiple in parallel. This 280 * state information is unused by the kernel crypto API. 281 */ 282 283static inline struct crypto_skcipher *__crypto_skcipher_cast( 284 struct crypto_tfm *tfm) 285{ 286 return container_of(tfm, struct crypto_skcipher, base); 287} 288 289/** 290 * crypto_alloc_skcipher() - allocate symmetric key cipher handle 291 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 292 * skcipher cipher 293 * @type: specifies the type of the cipher 294 * @mask: specifies the mask for the cipher 295 * 296 * Allocate a cipher handle for an skcipher. The returned struct 297 * crypto_skcipher is the cipher handle that is required for any subsequent 298 * API invocation for that skcipher. 299 * 300 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 301 * of an error, PTR_ERR() returns the error code. 302 */ 303struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name, 304 u32 type, u32 mask); 305 306struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, 307 u32 type, u32 mask); 308 309 310/** 311 * crypto_alloc_lskcipher() - allocate linear symmetric key cipher handle 312 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 313 * lskcipher 314 * @type: specifies the type of the cipher 315 * @mask: specifies the mask for the cipher 316 * 317 * Allocate a cipher handle for an lskcipher. The returned struct 318 * crypto_lskcipher is the cipher handle that is required for any subsequent 319 * API invocation for that lskcipher. 320 * 321 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 322 * of an error, PTR_ERR() returns the error code. 323 */ 324struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name, 325 u32 type, u32 mask); 326 327static inline struct crypto_tfm *crypto_skcipher_tfm( 328 struct crypto_skcipher *tfm) 329{ 330 return &tfm->base; 331} 332 333static inline struct crypto_tfm *crypto_lskcipher_tfm( 334 struct crypto_lskcipher *tfm) 335{ 336 return &tfm->base; 337} 338 339/** 340 * crypto_free_skcipher() - zeroize and free cipher handle 341 * @tfm: cipher handle to be freed 342 * 343 * If @tfm is a NULL or error pointer, this function does nothing. 344 */ 345static inline void crypto_free_skcipher(struct crypto_skcipher *tfm) 346{ 347 crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm)); 348} 349 350static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm) 351{ 352 crypto_free_skcipher(&tfm->base); 353} 354 355/** 356 * crypto_free_lskcipher() - zeroize and free cipher handle 357 * @tfm: cipher handle to be freed 358 * 359 * If @tfm is a NULL or error pointer, this function does nothing. 360 */ 361static inline void crypto_free_lskcipher(struct crypto_lskcipher *tfm) 362{ 363 crypto_destroy_tfm(tfm, crypto_lskcipher_tfm(tfm)); 364} 365 366/** 367 * crypto_has_skcipher() - Search for the availability of an skcipher. 368 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 369 * skcipher 370 * @type: specifies the type of the skcipher 371 * @mask: specifies the mask for the skcipher 372 * 373 * Return: true when the skcipher is known to the kernel crypto API; false 374 * otherwise 375 */ 376int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask); 377 378static inline const char *crypto_skcipher_driver_name( 379 struct crypto_skcipher *tfm) 380{ 381 return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); 382} 383 384static inline const char *crypto_lskcipher_driver_name( 385 struct crypto_lskcipher *tfm) 386{ 387 return crypto_tfm_alg_driver_name(crypto_lskcipher_tfm(tfm)); 388} 389 390static inline struct skcipher_alg_common *crypto_skcipher_alg_common( 391 struct crypto_skcipher *tfm) 392{ 393 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 394 struct skcipher_alg_common, base); 395} 396 397static inline struct skcipher_alg *crypto_skcipher_alg( 398 struct crypto_skcipher *tfm) 399{ 400 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 401 struct skcipher_alg, base); 402} 403 404static inline struct lskcipher_alg *crypto_lskcipher_alg( 405 struct crypto_lskcipher *tfm) 406{ 407 return container_of(crypto_lskcipher_tfm(tfm)->__crt_alg, 408 struct lskcipher_alg, co.base); 409} 410 411/** 412 * crypto_skcipher_ivsize() - obtain IV size 413 * @tfm: cipher handle 414 * 415 * The size of the IV for the skcipher referenced by the cipher handle is 416 * returned. This IV size may be zero if the cipher does not need an IV. 417 * 418 * Return: IV size in bytes 419 */ 420static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm) 421{ 422 return crypto_skcipher_alg_common(tfm)->ivsize; 423} 424 425static inline unsigned int crypto_sync_skcipher_ivsize( 426 struct crypto_sync_skcipher *tfm) 427{ 428 return crypto_skcipher_ivsize(&tfm->base); 429} 430 431/** 432 * crypto_lskcipher_ivsize() - obtain IV size 433 * @tfm: cipher handle 434 * 435 * The size of the IV for the lskcipher referenced by the cipher handle is 436 * returned. This IV size may be zero if the cipher does not need an IV. 437 * 438 * Return: IV size in bytes 439 */ 440static inline unsigned int crypto_lskcipher_ivsize( 441 struct crypto_lskcipher *tfm) 442{ 443 return crypto_lskcipher_alg(tfm)->co.ivsize; 444} 445 446/** 447 * crypto_skcipher_blocksize() - obtain block size of cipher 448 * @tfm: cipher handle 449 * 450 * The block size for the skcipher referenced with the cipher handle is 451 * returned. The caller may use that information to allocate appropriate 452 * memory for the data returned by the encryption or decryption operation 453 * 454 * Return: block size of cipher 455 */ 456static inline unsigned int crypto_skcipher_blocksize( 457 struct crypto_skcipher *tfm) 458{ 459 return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm)); 460} 461 462/** 463 * crypto_lskcipher_blocksize() - obtain block size of cipher 464 * @tfm: cipher handle 465 * 466 * The block size for the lskcipher referenced with the cipher handle is 467 * returned. The caller may use that information to allocate appropriate 468 * memory for the data returned by the encryption or decryption operation 469 * 470 * Return: block size of cipher 471 */ 472static inline unsigned int crypto_lskcipher_blocksize( 473 struct crypto_lskcipher *tfm) 474{ 475 return crypto_tfm_alg_blocksize(crypto_lskcipher_tfm(tfm)); 476} 477 478/** 479 * crypto_skcipher_chunksize() - obtain chunk size 480 * @tfm: cipher handle 481 * 482 * The block size is set to one for ciphers such as CTR. However, 483 * you still need to provide incremental updates in multiples of 484 * the underlying block size as the IV does not have sub-block 485 * granularity. This is known in this API as the chunk size. 486 * 487 * Return: chunk size in bytes 488 */ 489static inline unsigned int crypto_skcipher_chunksize( 490 struct crypto_skcipher *tfm) 491{ 492 return crypto_skcipher_alg_common(tfm)->chunksize; 493} 494 495/** 496 * crypto_lskcipher_chunksize() - obtain chunk size 497 * @tfm: cipher handle 498 * 499 * The block size is set to one for ciphers such as CTR. However, 500 * you still need to provide incremental updates in multiples of 501 * the underlying block size as the IV does not have sub-block 502 * granularity. This is known in this API as the chunk size. 503 * 504 * Return: chunk size in bytes 505 */ 506static inline unsigned int crypto_lskcipher_chunksize( 507 struct crypto_lskcipher *tfm) 508{ 509 return crypto_lskcipher_alg(tfm)->co.chunksize; 510} 511 512/** 513 * crypto_skcipher_statesize() - obtain state size 514 * @tfm: cipher handle 515 * 516 * Some algorithms cannot be chained with the IV alone. They carry 517 * internal state which must be replicated if data is to be processed 518 * incrementally. The size of that state can be obtained with this 519 * function. 520 * 521 * Return: state size in bytes 522 */ 523static inline unsigned int crypto_skcipher_statesize( 524 struct crypto_skcipher *tfm) 525{ 526 return crypto_skcipher_alg_common(tfm)->statesize; 527} 528 529/** 530 * crypto_lskcipher_statesize() - obtain state size 531 * @tfm: cipher handle 532 * 533 * Some algorithms cannot be chained with the IV alone. They carry 534 * internal state which must be replicated if data is to be processed 535 * incrementally. The size of that state can be obtained with this 536 * function. 537 * 538 * Return: state size in bytes 539 */ 540static inline unsigned int crypto_lskcipher_statesize( 541 struct crypto_lskcipher *tfm) 542{ 543 return crypto_lskcipher_alg(tfm)->co.statesize; 544} 545 546static inline unsigned int crypto_sync_skcipher_blocksize( 547 struct crypto_sync_skcipher *tfm) 548{ 549 return crypto_skcipher_blocksize(&tfm->base); 550} 551 552static inline unsigned int crypto_skcipher_alignmask( 553 struct crypto_skcipher *tfm) 554{ 555 return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm)); 556} 557 558static inline unsigned int crypto_lskcipher_alignmask( 559 struct crypto_lskcipher *tfm) 560{ 561 return crypto_tfm_alg_alignmask(crypto_lskcipher_tfm(tfm)); 562} 563 564static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm) 565{ 566 return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm)); 567} 568 569static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm, 570 u32 flags) 571{ 572 crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags); 573} 574 575static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm, 576 u32 flags) 577{ 578 crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags); 579} 580 581static inline u32 crypto_sync_skcipher_get_flags( 582 struct crypto_sync_skcipher *tfm) 583{ 584 return crypto_skcipher_get_flags(&tfm->base); 585} 586 587static inline void crypto_sync_skcipher_set_flags( 588 struct crypto_sync_skcipher *tfm, u32 flags) 589{ 590 crypto_skcipher_set_flags(&tfm->base, flags); 591} 592 593static inline void crypto_sync_skcipher_clear_flags( 594 struct crypto_sync_skcipher *tfm, u32 flags) 595{ 596 crypto_skcipher_clear_flags(&tfm->base, flags); 597} 598 599static inline u32 crypto_lskcipher_get_flags(struct crypto_lskcipher *tfm) 600{ 601 return crypto_tfm_get_flags(crypto_lskcipher_tfm(tfm)); 602} 603 604static inline void crypto_lskcipher_set_flags(struct crypto_lskcipher *tfm, 605 u32 flags) 606{ 607 crypto_tfm_set_flags(crypto_lskcipher_tfm(tfm), flags); 608} 609 610static inline void crypto_lskcipher_clear_flags(struct crypto_lskcipher *tfm, 611 u32 flags) 612{ 613 crypto_tfm_clear_flags(crypto_lskcipher_tfm(tfm), flags); 614} 615 616/** 617 * crypto_skcipher_setkey() - set key for cipher 618 * @tfm: cipher handle 619 * @key: buffer holding the key 620 * @keylen: length of the key in bytes 621 * 622 * The caller provided key is set for the skcipher referenced by the cipher 623 * handle. 624 * 625 * Note, the key length determines the cipher type. Many block ciphers implement 626 * different cipher modes depending on the key size, such as AES-128 vs AES-192 627 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 628 * is performed. 629 * 630 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 631 */ 632int crypto_skcipher_setkey(struct crypto_skcipher *tfm, 633 const u8 *key, unsigned int keylen); 634 635static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, 636 const u8 *key, unsigned int keylen) 637{ 638 return crypto_skcipher_setkey(&tfm->base, key, keylen); 639} 640 641/** 642 * crypto_lskcipher_setkey() - set key for cipher 643 * @tfm: cipher handle 644 * @key: buffer holding the key 645 * @keylen: length of the key in bytes 646 * 647 * The caller provided key is set for the lskcipher referenced by the cipher 648 * handle. 649 * 650 * Note, the key length determines the cipher type. Many block ciphers implement 651 * different cipher modes depending on the key size, such as AES-128 vs AES-192 652 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 653 * is performed. 654 * 655 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 656 */ 657int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, 658 const u8 *key, unsigned int keylen); 659 660static inline unsigned int crypto_skcipher_min_keysize( 661 struct crypto_skcipher *tfm) 662{ 663 return crypto_skcipher_alg_common(tfm)->min_keysize; 664} 665 666static inline unsigned int crypto_skcipher_max_keysize( 667 struct crypto_skcipher *tfm) 668{ 669 return crypto_skcipher_alg_common(tfm)->max_keysize; 670} 671 672static inline unsigned int crypto_lskcipher_min_keysize( 673 struct crypto_lskcipher *tfm) 674{ 675 return crypto_lskcipher_alg(tfm)->co.min_keysize; 676} 677 678static inline unsigned int crypto_lskcipher_max_keysize( 679 struct crypto_lskcipher *tfm) 680{ 681 return crypto_lskcipher_alg(tfm)->co.max_keysize; 682} 683 684/** 685 * crypto_skcipher_reqtfm() - obtain cipher handle from request 686 * @req: skcipher_request out of which the cipher handle is to be obtained 687 * 688 * Return the crypto_skcipher handle when furnishing an skcipher_request 689 * data structure. 690 * 691 * Return: crypto_skcipher handle 692 */ 693static inline struct crypto_skcipher *crypto_skcipher_reqtfm( 694 struct skcipher_request *req) 695{ 696 return __crypto_skcipher_cast(req->base.tfm); 697} 698 699static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm( 700 struct skcipher_request *req) 701{ 702 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 703 704 return container_of(tfm, struct crypto_sync_skcipher, base); 705} 706 707/** 708 * crypto_skcipher_encrypt() - encrypt plaintext 709 * @req: reference to the skcipher_request handle that holds all information 710 * needed to perform the cipher operation 711 * 712 * Encrypt plaintext data using the skcipher_request handle. That data 713 * structure and how it is filled with data is discussed with the 714 * skcipher_request_* functions. 715 * 716 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 717 */ 718int crypto_skcipher_encrypt(struct skcipher_request *req); 719 720/** 721 * crypto_skcipher_decrypt() - decrypt ciphertext 722 * @req: reference to the skcipher_request handle that holds all information 723 * needed to perform the cipher operation 724 * 725 * Decrypt ciphertext data using the skcipher_request handle. That data 726 * structure and how it is filled with data is discussed with the 727 * skcipher_request_* functions. 728 * 729 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 730 */ 731int crypto_skcipher_decrypt(struct skcipher_request *req); 732 733/** 734 * crypto_skcipher_export() - export partial state 735 * @req: reference to the skcipher_request handle that holds all information 736 * needed to perform the operation 737 * @out: output buffer of sufficient size that can hold the state 738 * 739 * Export partial state of the transformation. This function dumps the 740 * entire state of the ongoing transformation into a provided block of 741 * data so it can be @import 'ed back later on. This is useful in case 742 * you want to save partial result of the transformation after 743 * processing certain amount of data and reload this partial result 744 * multiple times later on for multiple re-use. No data processing 745 * happens at this point. 746 * 747 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 748 */ 749int crypto_skcipher_export(struct skcipher_request *req, void *out); 750 751/** 752 * crypto_skcipher_import() - import partial state 753 * @req: reference to the skcipher_request handle that holds all information 754 * needed to perform the operation 755 * @in: buffer holding the state 756 * 757 * Import partial state of the transformation. This function loads the 758 * entire state of the ongoing transformation from a provided block of 759 * data so the transformation can continue from this point onward. No 760 * data processing happens at this point. 761 * 762 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 763 */ 764int crypto_skcipher_import(struct skcipher_request *req, const void *in); 765 766/** 767 * crypto_lskcipher_encrypt() - encrypt plaintext 768 * @tfm: lskcipher handle 769 * @src: source buffer 770 * @dst: destination buffer 771 * @len: number of bytes to process 772 * @siv: IV + state for the cipher operation. The length of the IV must 773 * comply with the IV size defined by crypto_lskcipher_ivsize. The 774 * IV is then followed with a buffer with the length as specified by 775 * crypto_lskcipher_statesize. 776 * Encrypt plaintext data using the lskcipher handle. 777 * 778 * Return: >=0 if the cipher operation was successful, if positive 779 * then this many bytes have been left unprocessed; 780 * < 0 if an error occurred 781 */ 782int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, 783 u8 *dst, unsigned len, u8 *siv); 784 785/** 786 * crypto_lskcipher_decrypt() - decrypt ciphertext 787 * @tfm: lskcipher handle 788 * @src: source buffer 789 * @dst: destination buffer 790 * @len: number of bytes to process 791 * @siv: IV + state for the cipher operation. The length of the IV must 792 * comply with the IV size defined by crypto_lskcipher_ivsize. The 793 * IV is then followed with a buffer with the length as specified by 794 * crypto_lskcipher_statesize. 795 * 796 * Decrypt ciphertext data using the lskcipher handle. 797 * 798 * Return: >=0 if the cipher operation was successful, if positive 799 * then this many bytes have been left unprocessed; 800 * < 0 if an error occurred 801 */ 802int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, 803 u8 *dst, unsigned len, u8 *siv); 804 805/** 806 * DOC: Symmetric Key Cipher Request Handle 807 * 808 * The skcipher_request data structure contains all pointers to data 809 * required for the symmetric key cipher operation. This includes the cipher 810 * handle (which can be used by multiple skcipher_request instances), pointer 811 * to plaintext and ciphertext, asynchronous callback function, etc. It acts 812 * as a handle to the skcipher_request_* API calls in a similar way as 813 * skcipher handle to the crypto_skcipher_* API calls. 814 */ 815 816/** 817 * crypto_skcipher_reqsize() - obtain size of the request data structure 818 * @tfm: cipher handle 819 * 820 * Return: number of bytes 821 */ 822static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) 823{ 824 return tfm->reqsize; 825} 826 827/** 828 * skcipher_request_set_tfm() - update cipher handle reference in request 829 * @req: request handle to be modified 830 * @tfm: cipher handle that shall be added to the request handle 831 * 832 * Allow the caller to replace the existing skcipher handle in the request 833 * data structure with a different one. 834 */ 835static inline void skcipher_request_set_tfm(struct skcipher_request *req, 836 struct crypto_skcipher *tfm) 837{ 838 req->base.tfm = crypto_skcipher_tfm(tfm); 839} 840 841static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req, 842 struct crypto_sync_skcipher *tfm) 843{ 844 skcipher_request_set_tfm(req, &tfm->base); 845} 846 847static inline struct skcipher_request *skcipher_request_cast( 848 struct crypto_async_request *req) 849{ 850 return container_of(req, struct skcipher_request, base); 851} 852 853/** 854 * skcipher_request_alloc() - allocate request data structure 855 * @tfm: cipher handle to be registered with the request 856 * @gfp: memory allocation flag that is handed to kmalloc by the API call. 857 * 858 * Allocate the request data structure that must be used with the skcipher 859 * encrypt and decrypt API calls. During the allocation, the provided skcipher 860 * handle is registered in the request data structure. 861 * 862 * Return: allocated request handle in case of success, or NULL if out of memory 863 */ 864static inline struct skcipher_request *skcipher_request_alloc( 865 struct crypto_skcipher *tfm, gfp_t gfp) 866{ 867 struct skcipher_request *req; 868 869 req = kmalloc(sizeof(struct skcipher_request) + 870 crypto_skcipher_reqsize(tfm), gfp); 871 872 if (likely(req)) 873 skcipher_request_set_tfm(req, tfm); 874 875 return req; 876} 877 878/** 879 * skcipher_request_free() - zeroize and free request data structure 880 * @req: request data structure cipher handle to be freed 881 */ 882static inline void skcipher_request_free(struct skcipher_request *req) 883{ 884 kfree_sensitive(req); 885} 886 887static inline void skcipher_request_zero(struct skcipher_request *req) 888{ 889 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 890 891 memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm)); 892} 893 894/** 895 * skcipher_request_set_callback() - set asynchronous callback function 896 * @req: request handle 897 * @flags: specify zero or an ORing of the flags 898 * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and 899 * increase the wait queue beyond the initial maximum size; 900 * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep 901 * @compl: callback function pointer to be registered with the request handle 902 * @data: The data pointer refers to memory that is not used by the kernel 903 * crypto API, but provided to the callback function for it to use. Here, 904 * the caller can provide a reference to memory the callback function can 905 * operate on. As the callback function is invoked asynchronously to the 906 * related functionality, it may need to access data structures of the 907 * related functionality which can be referenced using this pointer. The 908 * callback function can access the memory via the "data" field in the 909 * crypto_async_request data structure provided to the callback function. 910 * 911 * This function allows setting the callback function that is triggered once the 912 * cipher operation completes. 913 * 914 * The callback function is registered with the skcipher_request handle and 915 * must comply with the following template:: 916 * 917 * void callback_function(struct crypto_async_request *req, int error) 918 */ 919static inline void skcipher_request_set_callback(struct skcipher_request *req, 920 u32 flags, 921 crypto_completion_t compl, 922 void *data) 923{ 924 req->base.complete = compl; 925 req->base.data = data; 926 req->base.flags = flags; 927} 928 929/** 930 * skcipher_request_set_crypt() - set data buffers 931 * @req: request handle 932 * @src: source scatter / gather list 933 * @dst: destination scatter / gather list 934 * @cryptlen: number of bytes to process from @src 935 * @iv: IV for the cipher operation which must comply with the IV size defined 936 * by crypto_skcipher_ivsize 937 * 938 * This function allows setting of the source data and destination data 939 * scatter / gather lists. 940 * 941 * For encryption, the source is treated as the plaintext and the 942 * destination is the ciphertext. For a decryption operation, the use is 943 * reversed - the source is the ciphertext and the destination is the plaintext. 944 */ 945static inline void skcipher_request_set_crypt( 946 struct skcipher_request *req, 947 struct scatterlist *src, struct scatterlist *dst, 948 unsigned int cryptlen, void *iv) 949{ 950 req->src = src; 951 req->dst = dst; 952 req->cryptlen = cryptlen; 953 req->iv = iv; 954} 955 956#endif /* _CRYPTO_SKCIPHER_H */ 957 958