2019-05-27 08:55:01 +02:00
// SPDX-License-Identifier: GPL-2.0-or-later
2006-12-16 12:09:02 +11:00
/*
* PCBC : Propagating Cipher Block Chaining mode
*
* Copyright ( C ) 2006 Red Hat , Inc . All Rights Reserved .
* Written by David Howells ( dhowells @ redhat . com )
*
* Derived from cbc . c
* - Copyright ( c ) 2006 Herbert Xu < herbert @ gondor . apana . org . au >
*/
2018-04-09 15:54:47 +02:00
# include <crypto/algapi.h>
2020-12-11 13:27:15 +01:00
# include <crypto/internal/cipher.h>
2016-11-22 20:08:27 +08:00
# include <crypto/internal/skcipher.h>
2006-12-16 12:09:02 +11:00
# include <linux/err.h>
# include <linux/init.h>
# include <linux/kernel.h>
# include <linux/module.h>
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_encrypt_segment ( struct skcipher_request * req ,
struct skcipher_walk * walk ,
2007-11-20 17:49:49 +08:00
struct crypto_cipher * tfm )
2006-12-16 12:09:02 +11:00
{
int bsize = crypto_cipher_blocksize ( tfm ) ;
unsigned int nbytes = walk - > nbytes ;
u8 * src = walk - > src . virt . addr ;
u8 * dst = walk - > dst . virt . addr ;
2019-01-03 20:16:13 -08:00
u8 * const iv = walk - > iv ;
2006-12-16 12:09:02 +11:00
do {
2007-11-20 17:49:49 +08:00
crypto_xor ( iv , src , bsize ) ;
2016-11-22 20:08:27 +08:00
crypto_cipher_encrypt_one ( tfm , dst , iv ) ;
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 11:28:04 +01:00
crypto_xor_cpy ( iv , dst , src , bsize ) ;
2006-12-16 12:09:02 +11:00
src + = bsize ;
dst + = bsize ;
} while ( ( nbytes - = bsize ) > = bsize ) ;
return nbytes ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_encrypt_inplace ( struct skcipher_request * req ,
struct skcipher_walk * walk ,
2007-11-20 17:49:49 +08:00
struct crypto_cipher * tfm )
2006-12-16 12:09:02 +11:00
{
int bsize = crypto_cipher_blocksize ( tfm ) ;
unsigned int nbytes = walk - > nbytes ;
u8 * src = walk - > src . virt . addr ;
2019-01-03 20:16:13 -08:00
u8 * const iv = walk - > iv ;
2018-04-09 15:54:47 +02:00
u8 tmpbuf [ MAX_CIPHER_BLOCKSIZE ] ;
2006-12-16 12:09:02 +11:00
do {
memcpy ( tmpbuf , src , bsize ) ;
2007-11-20 17:49:49 +08:00
crypto_xor ( iv , src , bsize ) ;
2016-11-22 20:08:27 +08:00
crypto_cipher_encrypt_one ( tfm , src , iv ) ;
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 11:28:04 +01:00
crypto_xor_cpy ( iv , tmpbuf , src , bsize ) ;
2006-12-16 12:09:02 +11:00
src + = bsize ;
} while ( ( nbytes - = bsize ) > = bsize ) ;
return nbytes ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_encrypt ( struct skcipher_request * req )
2006-12-16 12:09:02 +11:00
{
2016-11-22 20:08:27 +08:00
struct crypto_skcipher * tfm = crypto_skcipher_reqtfm ( req ) ;
2019-01-03 20:16:22 -08:00
struct crypto_cipher * cipher = skcipher_cipher_simple ( tfm ) ;
2016-11-22 20:08:27 +08:00
struct skcipher_walk walk ;
unsigned int nbytes ;
2006-12-16 12:09:02 +11:00
int err ;
2016-11-22 20:08:27 +08:00
err = skcipher_walk_virt ( & walk , req , false ) ;
2006-12-16 12:09:02 +11:00
2024-01-16 10:43:02 +00:00
while ( walk . nbytes ) {
2006-12-16 12:09:02 +11:00
if ( walk . src . virt . addr = = walk . dst . virt . addr )
2016-11-22 20:08:27 +08:00
nbytes = crypto_pcbc_encrypt_inplace ( req , & walk ,
2019-01-03 20:16:22 -08:00
cipher ) ;
2006-12-16 12:09:02 +11:00
else
2016-11-22 20:08:27 +08:00
nbytes = crypto_pcbc_encrypt_segment ( req , & walk ,
2019-01-03 20:16:22 -08:00
cipher ) ;
2016-11-22 20:08:27 +08:00
err = skcipher_walk_done ( & walk , nbytes ) ;
2006-12-16 12:09:02 +11:00
}
return err ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_decrypt_segment ( struct skcipher_request * req ,
struct skcipher_walk * walk ,
2007-11-20 17:49:49 +08:00
struct crypto_cipher * tfm )
2006-12-16 12:09:02 +11:00
{
int bsize = crypto_cipher_blocksize ( tfm ) ;
unsigned int nbytes = walk - > nbytes ;
u8 * src = walk - > src . virt . addr ;
u8 * dst = walk - > dst . virt . addr ;
2019-01-03 20:16:13 -08:00
u8 * const iv = walk - > iv ;
2006-12-16 12:09:02 +11:00
do {
2016-11-22 20:08:27 +08:00
crypto_cipher_decrypt_one ( tfm , dst , src ) ;
2007-11-20 17:49:49 +08:00
crypto_xor ( dst , iv , bsize ) ;
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 11:28:04 +01:00
crypto_xor_cpy ( iv , dst , src , bsize ) ;
2006-12-16 12:09:02 +11:00
src + = bsize ;
dst + = bsize ;
} while ( ( nbytes - = bsize ) > = bsize ) ;
return nbytes ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_decrypt_inplace ( struct skcipher_request * req ,
struct skcipher_walk * walk ,
2007-11-20 17:49:49 +08:00
struct crypto_cipher * tfm )
2006-12-16 12:09:02 +11:00
{
int bsize = crypto_cipher_blocksize ( tfm ) ;
unsigned int nbytes = walk - > nbytes ;
u8 * src = walk - > src . virt . addr ;
2019-01-03 20:16:13 -08:00
u8 * const iv = walk - > iv ;
2018-04-09 15:54:47 +02:00
u8 tmpbuf [ MAX_CIPHER_BLOCKSIZE ] __aligned ( __alignof__ ( u32 ) ) ;
2006-12-16 12:09:02 +11:00
do {
memcpy ( tmpbuf , src , bsize ) ;
2016-11-22 20:08:27 +08:00
crypto_cipher_decrypt_one ( tfm , src , src ) ;
2007-11-20 17:49:49 +08:00
crypto_xor ( src , iv , bsize ) ;
crypto: algapi - make crypto_xor() take separate dst and src arguments
There are quite a number of occurrences in the kernel of the pattern
if (dst != src)
memcpy(dst, src, walk.total % AES_BLOCK_SIZE);
crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE);
or
crypto_xor(keystream, src, nbytes);
memcpy(dst, keystream, nbytes);
where crypto_xor() is preceded or followed by a memcpy() invocation
that is only there because crypto_xor() uses its output parameter as
one of the inputs. To avoid having to add new instances of this pattern
in the arm64 code, which will be refactored to implement non-SIMD
fallbacks, add an alternative implementation called crypto_xor_cpy(),
taking separate input and output arguments. This removes the need for
the separate memcpy().
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-07-24 11:28:04 +01:00
crypto_xor_cpy ( iv , src , tmpbuf , bsize ) ;
2006-12-16 12:09:02 +11:00
src + = bsize ;
} while ( ( nbytes - = bsize ) > = bsize ) ;
return nbytes ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_decrypt ( struct skcipher_request * req )
2006-12-16 12:09:02 +11:00
{
2016-11-22 20:08:27 +08:00
struct crypto_skcipher * tfm = crypto_skcipher_reqtfm ( req ) ;
2019-01-03 20:16:22 -08:00
struct crypto_cipher * cipher = skcipher_cipher_simple ( tfm ) ;
2016-11-22 20:08:27 +08:00
struct skcipher_walk walk ;
unsigned int nbytes ;
2006-12-16 12:09:02 +11:00
int err ;
2016-11-22 20:08:27 +08:00
err = skcipher_walk_virt ( & walk , req , false ) ;
2006-12-16 12:09:02 +11:00
2024-01-16 10:43:02 +00:00
while ( walk . nbytes ) {
2006-12-16 12:09:02 +11:00
if ( walk . src . virt . addr = = walk . dst . virt . addr )
2016-11-22 20:08:27 +08:00
nbytes = crypto_pcbc_decrypt_inplace ( req , & walk ,
2019-01-03 20:16:22 -08:00
cipher ) ;
2006-12-16 12:09:02 +11:00
else
2016-11-22 20:08:27 +08:00
nbytes = crypto_pcbc_decrypt_segment ( req , & walk ,
2019-01-03 20:16:22 -08:00
cipher ) ;
2016-11-22 20:08:27 +08:00
err = skcipher_walk_done ( & walk , nbytes ) ;
2006-12-16 12:09:02 +11:00
}
return err ;
}
2016-11-22 20:08:27 +08:00
static int crypto_pcbc_create ( struct crypto_template * tmpl , struct rtattr * * tb )
2006-12-16 12:09:02 +11:00
{
2016-11-22 20:08:27 +08:00
struct skcipher_instance * inst ;
2007-01-01 18:37:02 +11:00
int err ;
2019-12-20 13:29:40 +08:00
inst = skcipher_alloc_instance_simple ( tmpl , tb ) ;
2019-01-03 20:16:22 -08:00
if ( IS_ERR ( inst ) )
return PTR_ERR ( inst ) ;
2006-12-16 12:09:02 +11:00
2016-11-22 20:08:27 +08:00
inst - > alg . encrypt = crypto_pcbc_encrypt ;
inst - > alg . decrypt = crypto_pcbc_decrypt ;
2006-12-16 12:09:02 +11:00
2016-11-22 20:08:27 +08:00
err = skcipher_register_instance ( tmpl , inst ) ;
if ( err )
2019-01-03 20:16:22 -08:00
inst - > free ( inst ) ;
2019-12-20 13:29:40 +08:00
2016-11-22 20:08:27 +08:00
return err ;
2006-12-16 12:09:02 +11:00
}
static struct crypto_template crypto_pcbc_tmpl = {
. name = " pcbc " ,
2016-11-22 20:08:27 +08:00
. create = crypto_pcbc_create ,
2006-12-16 12:09:02 +11:00
. module = THIS_MODULE ,
} ;
static int __init crypto_pcbc_module_init ( void )
{
return crypto_register_template ( & crypto_pcbc_tmpl ) ;
}
static void __exit crypto_pcbc_module_exit ( void )
{
crypto_unregister_template ( & crypto_pcbc_tmpl ) ;
}
2019-04-11 21:57:42 -07:00
subsys_initcall ( crypto_pcbc_module_init ) ;
2006-12-16 12:09:02 +11:00
module_exit ( crypto_pcbc_module_exit ) ;
MODULE_LICENSE ( " GPL " ) ;
2019-01-03 20:16:22 -08:00
MODULE_DESCRIPTION ( " PCBC block cipher mode of operation " ) ;
2014-11-24 16:32:38 -08:00
MODULE_ALIAS_CRYPTO ( " pcbc " ) ;
2020-12-11 13:27:15 +01:00
MODULE_IMPORT_NS ( CRYPTO_INTERNAL ) ;