1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* 3 * Symmetric key ciphers. 4 * 5 * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au> 6 */ 7 8 #ifndef _CRYPTO_SKCIPHER_H 9 #define _CRYPTO_SKCIPHER_H 10 11 #include <linux/atomic.h> 12 #include <linux/container_of.h> 13 #include <linux/crypto.h> 14 #include <linux/slab.h> 15 #include <linux/string.h> 16 #include <linux/types.h> 17 18 /* Set this bit if the lskcipher operation is a continuation. */ 19 #define CRYPTO_LSKCIPHER_FLAG_CONT 0x00000001 20 /* Set this bit if the lskcipher operation is final. */ 21 #define CRYPTO_LSKCIPHER_FLAG_FINAL 0x00000002 22 /* The bit CRYPTO_TFM_REQ_MAY_SLEEP can also be set if needed. */ 23 24 /* Set this bit if the skcipher operation is a continuation. */ 25 #define CRYPTO_SKCIPHER_REQ_CONT 0x00000001 26 /* Set this bit if the skcipher operation is not final. */ 27 #define CRYPTO_SKCIPHER_REQ_NOTFINAL 0x00000002 28 29 struct scatterlist; 30 31 /** 32 * struct skcipher_request - Symmetric key cipher request 33 * @cryptlen: Number of bytes to encrypt or decrypt 34 * @iv: Initialisation Vector 35 * @src: Source SG list 36 * @dst: Destination SG list 37 * @base: Underlying async request 38 * @__ctx: Start of private context data 39 */ 40 struct skcipher_request { 41 unsigned int cryptlen; 42 43 u8 *iv; 44 45 struct scatterlist *src; 46 struct scatterlist *dst; 47 48 struct crypto_async_request base; 49 50 void *__ctx[] CRYPTO_MINALIGN_ATTR; 51 }; 52 53 struct crypto_skcipher { 54 unsigned int reqsize; 55 56 struct crypto_tfm base; 57 }; 58 59 struct crypto_sync_skcipher { 60 struct crypto_skcipher base; 61 }; 62 63 struct crypto_lskcipher { 64 struct crypto_tfm base; 65 }; 66 67 /* 68 * struct skcipher_alg_common - common properties of skcipher_alg 69 * @min_keysize: Minimum key size supported by the transformation. This is the 70 * smallest key length supported by this transformation algorithm. 71 * This must be set to one of the pre-defined values as this is 72 * not hardware specific. Possible values for this field can be 73 * found via git grep "_MIN_KEY_SIZE" include/crypto/ 74 * @max_keysize: Maximum key size supported by the transformation. This is the 75 * largest key length supported by this transformation algorithm. 76 * This must be set to one of the pre-defined values as this is 77 * not hardware specific. Possible values for this field can be 78 * found via git grep "_MAX_KEY_SIZE" include/crypto/ 79 * @ivsize: IV size applicable for transformation. The consumer must provide an 80 * IV of exactly that size to perform the encrypt or decrypt operation. 81 * @chunksize: Equal to the block size except for stream ciphers such as 82 * CTR where it is set to the underlying block size. 83 * @statesize: Size of the internal state for the algorithm. 84 * @base: Definition of a generic crypto algorithm. 85 */ 86 #define SKCIPHER_ALG_COMMON { \ 87 unsigned int min_keysize; \ 88 unsigned int max_keysize; \ 89 unsigned int ivsize; \ 90 unsigned int chunksize; \ 91 unsigned int statesize; \ 92 \ 93 struct crypto_alg base; \ 94 } 95 struct skcipher_alg_common SKCIPHER_ALG_COMMON; 96 97 /** 98 * struct skcipher_alg - symmetric key cipher definition 99 * @setkey: Set key for the transformation. This function is used to either 100 * program a supplied key into the hardware or store the key in the 101 * transformation context for programming it later. Note that this 102 * function does modify the transformation context. This function can 103 * be called multiple times during the existence of the transformation 104 * object, so one must make sure the key is properly reprogrammed into 105 * the hardware. This function is also responsible for checking the key 106 * length for validity. In case a software fallback was put in place in 107 * the @cra_init call, this function might need to use the fallback if 108 * the algorithm doesn't support all of the key sizes. 109 * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt 110 * the supplied scatterlist containing the blocks of data. The crypto 111 * API consumer is responsible for aligning the entries of the 112 * scatterlist properly and making sure the chunks are correctly 113 * sized. In case a software fallback was put in place in the 114 * @cra_init call, this function might need to use the fallback if 115 * the algorithm doesn't support all of the key sizes. In case the 116 * key was stored in transformation context, the key might need to be 117 * re-programmed into the hardware in this function. This function 118 * shall not modify the transformation context, as this function may 119 * be called in parallel with the same transformation object. 120 * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt 121 * and the conditions are exactly the same. 122 * @export: Export partial state of the transformation. This function dumps the 123 * entire state of the ongoing transformation into a provided block of 124 * data so it can be @import 'ed back later on. This is useful in case 125 * you want to save partial result of the transformation after 126 * processing certain amount of data and reload this partial result 127 * multiple times later on for multiple re-use. No data processing 128 * happens at this point. 129 * @import: Import partial state of the transformation. This function loads the 130 * entire state of the ongoing transformation from a provided block of 131 * data so the transformation can continue from this point onward. No 132 * data processing happens at this point. 133 * @init: Initialize the cryptographic transformation object. This function 134 * is used to initialize the cryptographic transformation object. 135 * This function is called only once at the instantiation time, right 136 * after the transformation context was allocated. In case the 137 * cryptographic hardware has some special requirements which need to 138 * be handled by software, this function shall check for the precise 139 * requirement of the transformation and put any software fallbacks 140 * in place. 141 * @exit: Deinitialize the cryptographic transformation object. This is a 142 * counterpart to @init, used to remove various changes set in 143 * @init. 144 * @walksize: Equal to the chunk size except in cases where the algorithm is 145 * considerably more efficient if it can operate on multiple chunks 146 * in parallel. Should be a multiple of chunksize. 147 * @co: see struct skcipher_alg_common 148 * 149 * All fields except @ivsize are mandatory and must be filled. 150 */ 151 struct skcipher_alg { 152 int (*setkey)(struct crypto_skcipher *tfm, const u8 *key, 153 unsigned int keylen); 154 int (*encrypt)(struct skcipher_request *req); 155 int (*decrypt)(struct skcipher_request *req); 156 int (*export)(struct skcipher_request *req, void *out); 157 int (*import)(struct skcipher_request *req, const void *in); 158 int (*init)(struct crypto_skcipher *tfm); 159 void (*exit)(struct crypto_skcipher *tfm); 160 161 unsigned int walksize; 162 163 union { 164 struct SKCIPHER_ALG_COMMON; 165 struct skcipher_alg_common co; 166 }; 167 }; 168 169 /** 170 * struct lskcipher_alg - linear symmetric key cipher definition 171 * @setkey: Set key for the transformation. This function is used to either 172 * program a supplied key into the hardware or store the key in the 173 * transformation context for programming it later. Note that this 174 * function does modify the transformation context. This function can 175 * be called multiple times during the existence of the transformation 176 * object, so one must make sure the key is properly reprogrammed into 177 * the hardware. This function is also responsible for checking the key 178 * length for validity. In case a software fallback was put in place in 179 * the @cra_init call, this function might need to use the fallback if 180 * the algorithm doesn't support all of the key sizes. 181 * @encrypt: Encrypt a number of bytes. This function is used to encrypt 182 * the supplied data. This function shall not modify 183 * the transformation context, as this function may be called 184 * in parallel with the same transformation object. Data 185 * may be left over if length is not a multiple of blocks 186 * and there is more to come (final == false). The number of 187 * left-over bytes should be returned in case of success. 188 * The siv field shall be as long as ivsize + statesize with 189 * the IV placed at the front. The state will be used by the 190 * algorithm internally. 191 * @decrypt: Decrypt a number of bytes. This is a reverse counterpart to 192 * @encrypt and the conditions are exactly the same. 193 * @init: Initialize the cryptographic transformation object. This function 194 * is used to initialize the cryptographic transformation object. 195 * This function is called only once at the instantiation time, right 196 * after the transformation context was allocated. 197 * @exit: Deinitialize the cryptographic transformation object. This is a 198 * counterpart to @init, used to remove various changes set in 199 * @init. 200 * @co: see struct skcipher_alg_common 201 */ 202 struct lskcipher_alg { 203 int (*setkey)(struct crypto_lskcipher *tfm, const u8 *key, 204 unsigned int keylen); 205 int (*encrypt)(struct crypto_lskcipher *tfm, const u8 *src, 206 u8 *dst, unsigned len, u8 *siv, u32 flags); 207 int (*decrypt)(struct crypto_lskcipher *tfm, const u8 *src, 208 u8 *dst, unsigned len, u8 *siv, u32 flags); 209 int (*init)(struct crypto_lskcipher *tfm); 210 void (*exit)(struct crypto_lskcipher *tfm); 211 212 struct skcipher_alg_common co; 213 }; 214 215 #define MAX_SYNC_SKCIPHER_REQSIZE 384 216 /* 217 * This performs a type-check against the "tfm" argument to make sure 218 * all users have the correct skcipher tfm for doing on-stack requests. 219 */ 220 #define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \ 221 char __##name##_desc[sizeof(struct skcipher_request) + \ 222 MAX_SYNC_SKCIPHER_REQSIZE + \ 223 (!(sizeof((struct crypto_sync_skcipher *)1 == \ 224 (typeof(tfm))1))) \ 225 ] CRYPTO_MINALIGN_ATTR; \ 226 struct skcipher_request *name = (void *)__##name##_desc 227 228 /** 229 * DOC: Symmetric Key Cipher API 230 * 231 * Symmetric key cipher API is used with the ciphers of type 232 * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto). 233 * 234 * Asynchronous cipher operations imply that the function invocation for a 235 * cipher request returns immediately before the completion of the operation. 236 * The cipher request is scheduled as a separate kernel thread and therefore 237 * load-balanced on the different CPUs via the process scheduler. To allow 238 * the kernel crypto API to inform the caller about the completion of a cipher 239 * request, the caller must provide a callback function. That function is 240 * invoked with the cipher handle when the request completes. 241 * 242 * To support the asynchronous operation, additional information than just the 243 * cipher handle must be supplied to the kernel crypto API. That additional 244 * information is given by filling in the skcipher_request data structure. 245 * 246 * For the symmetric key cipher API, the state is maintained with the tfm 247 * cipher handle. A single tfm can be used across multiple calls and in 248 * parallel. For asynchronous block cipher calls, context data supplied and 249 * only used by the caller can be referenced the request data structure in 250 * addition to the IV used for the cipher request. The maintenance of such 251 * state information would be important for a crypto driver implementer to 252 * have, because when calling the callback function upon completion of the 253 * cipher operation, that callback function may need some information about 254 * which operation just finished if it invoked multiple in parallel. This 255 * state information is unused by the kernel crypto API. 256 */ 257 258 static inline struct crypto_skcipher *__crypto_skcipher_cast( 259 struct crypto_tfm *tfm) 260 { 261 return container_of(tfm, struct crypto_skcipher, base); 262 } 263 264 /** 265 * crypto_alloc_skcipher() - allocate symmetric key cipher handle 266 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 267 * skcipher cipher 268 * @type: specifies the type of the cipher 269 * @mask: specifies the mask for the cipher 270 * 271 * Allocate a cipher handle for an skcipher. The returned struct 272 * crypto_skcipher is the cipher handle that is required for any subsequent 273 * API invocation for that skcipher. 274 * 275 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 276 * of an error, PTR_ERR() returns the error code. 277 */ 278 struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name, 279 u32 type, u32 mask); 280 281 struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, 282 u32 type, u32 mask); 283 284 285 /** 286 * crypto_alloc_lskcipher() - allocate linear symmetric key cipher handle 287 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 288 * lskcipher 289 * @type: specifies the type of the cipher 290 * @mask: specifies the mask for the cipher 291 * 292 * Allocate a cipher handle for an lskcipher. The returned struct 293 * crypto_lskcipher is the cipher handle that is required for any subsequent 294 * API invocation for that lskcipher. 295 * 296 * Return: allocated cipher handle in case of success; IS_ERR() is true in case 297 * of an error, PTR_ERR() returns the error code. 298 */ 299 struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name, 300 u32 type, u32 mask); 301 302 static inline struct crypto_tfm *crypto_skcipher_tfm( 303 struct crypto_skcipher *tfm) 304 { 305 return &tfm->base; 306 } 307 308 static inline struct crypto_tfm *crypto_lskcipher_tfm( 309 struct crypto_lskcipher *tfm) 310 { 311 return &tfm->base; 312 } 313 314 /** 315 * crypto_free_skcipher() - zeroize and free cipher handle 316 * @tfm: cipher handle to be freed 317 * 318 * If @tfm is a NULL or error pointer, this function does nothing. 319 */ 320 static inline void crypto_free_skcipher(struct crypto_skcipher *tfm) 321 { 322 crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm)); 323 } 324 325 static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm) 326 { 327 crypto_free_skcipher(&tfm->base); 328 } 329 330 /** 331 * crypto_free_lskcipher() - zeroize and free cipher handle 332 * @tfm: cipher handle to be freed 333 * 334 * If @tfm is a NULL or error pointer, this function does nothing. 335 */ 336 static inline void crypto_free_lskcipher(struct crypto_lskcipher *tfm) 337 { 338 crypto_destroy_tfm(tfm, crypto_lskcipher_tfm(tfm)); 339 } 340 341 /** 342 * crypto_has_skcipher() - Search for the availability of an skcipher. 343 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the 344 * skcipher 345 * @type: specifies the type of the skcipher 346 * @mask: specifies the mask for the skcipher 347 * 348 * Return: true when the skcipher is known to the kernel crypto API; false 349 * otherwise 350 */ 351 int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask); 352 353 static inline const char *crypto_skcipher_driver_name( 354 struct crypto_skcipher *tfm) 355 { 356 return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); 357 } 358 359 static inline const char *crypto_lskcipher_driver_name( 360 struct crypto_lskcipher *tfm) 361 { 362 return crypto_tfm_alg_driver_name(crypto_lskcipher_tfm(tfm)); 363 } 364 365 static inline struct skcipher_alg_common *crypto_skcipher_alg_common( 366 struct crypto_skcipher *tfm) 367 { 368 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 369 struct skcipher_alg_common, base); 370 } 371 372 static inline struct skcipher_alg *crypto_skcipher_alg( 373 struct crypto_skcipher *tfm) 374 { 375 return container_of(crypto_skcipher_tfm(tfm)->__crt_alg, 376 struct skcipher_alg, base); 377 } 378 379 static inline struct lskcipher_alg *crypto_lskcipher_alg( 380 struct crypto_lskcipher *tfm) 381 { 382 return container_of(crypto_lskcipher_tfm(tfm)->__crt_alg, 383 struct lskcipher_alg, co.base); 384 } 385 386 /** 387 * crypto_skcipher_ivsize() - obtain IV size 388 * @tfm: cipher handle 389 * 390 * The size of the IV for the skcipher referenced by the cipher handle is 391 * returned. This IV size may be zero if the cipher does not need an IV. 392 * 393 * Return: IV size in bytes 394 */ 395 static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm) 396 { 397 return crypto_skcipher_alg_common(tfm)->ivsize; 398 } 399 400 static inline unsigned int crypto_sync_skcipher_ivsize( 401 struct crypto_sync_skcipher *tfm) 402 { 403 return crypto_skcipher_ivsize(&tfm->base); 404 } 405 406 /** 407 * crypto_lskcipher_ivsize() - obtain IV size 408 * @tfm: cipher handle 409 * 410 * The size of the IV for the lskcipher referenced by the cipher handle is 411 * returned. This IV size may be zero if the cipher does not need an IV. 412 * 413 * Return: IV size in bytes 414 */ 415 static inline unsigned int crypto_lskcipher_ivsize( 416 struct crypto_lskcipher *tfm) 417 { 418 return crypto_lskcipher_alg(tfm)->co.ivsize; 419 } 420 421 /** 422 * crypto_skcipher_blocksize() - obtain block size of cipher 423 * @tfm: cipher handle 424 * 425 * The block size for the skcipher referenced with the cipher handle is 426 * returned. The caller may use that information to allocate appropriate 427 * memory for the data returned by the encryption or decryption operation 428 * 429 * Return: block size of cipher 430 */ 431 static inline unsigned int crypto_skcipher_blocksize( 432 struct crypto_skcipher *tfm) 433 { 434 return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm)); 435 } 436 437 /** 438 * crypto_lskcipher_blocksize() - obtain block size of cipher 439 * @tfm: cipher handle 440 * 441 * The block size for the lskcipher referenced with the cipher handle is 442 * returned. The caller may use that information to allocate appropriate 443 * memory for the data returned by the encryption or decryption operation 444 * 445 * Return: block size of cipher 446 */ 447 static inline unsigned int crypto_lskcipher_blocksize( 448 struct crypto_lskcipher *tfm) 449 { 450 return crypto_tfm_alg_blocksize(crypto_lskcipher_tfm(tfm)); 451 } 452 453 /** 454 * crypto_skcipher_chunksize() - obtain chunk size 455 * @tfm: cipher handle 456 * 457 * The block size is set to one for ciphers such as CTR. However, 458 * you still need to provide incremental updates in multiples of 459 * the underlying block size as the IV does not have sub-block 460 * granularity. This is known in this API as the chunk size. 461 * 462 * Return: chunk size in bytes 463 */ 464 static inline unsigned int crypto_skcipher_chunksize( 465 struct crypto_skcipher *tfm) 466 { 467 return crypto_skcipher_alg_common(tfm)->chunksize; 468 } 469 470 /** 471 * crypto_lskcipher_chunksize() - obtain chunk size 472 * @tfm: cipher handle 473 * 474 * The block size is set to one for ciphers such as CTR. However, 475 * you still need to provide incremental updates in multiples of 476 * the underlying block size as the IV does not have sub-block 477 * granularity. This is known in this API as the chunk size. 478 * 479 * Return: chunk size in bytes 480 */ 481 static inline unsigned int crypto_lskcipher_chunksize( 482 struct crypto_lskcipher *tfm) 483 { 484 return crypto_lskcipher_alg(tfm)->co.chunksize; 485 } 486 487 /** 488 * crypto_skcipher_statesize() - obtain state size 489 * @tfm: cipher handle 490 * 491 * Some algorithms cannot be chained with the IV alone. They carry 492 * internal state which must be replicated if data is to be processed 493 * incrementally. The size of that state can be obtained with this 494 * function. 495 * 496 * Return: state size in bytes 497 */ 498 static inline unsigned int crypto_skcipher_statesize( 499 struct crypto_skcipher *tfm) 500 { 501 return crypto_skcipher_alg_common(tfm)->statesize; 502 } 503 504 /** 505 * crypto_lskcipher_statesize() - obtain state size 506 * @tfm: cipher handle 507 * 508 * Some algorithms cannot be chained with the IV alone. They carry 509 * internal state which must be replicated if data is to be processed 510 * incrementally. The size of that state can be obtained with this 511 * function. 512 * 513 * Return: state size in bytes 514 */ 515 static inline unsigned int crypto_lskcipher_statesize( 516 struct crypto_lskcipher *tfm) 517 { 518 return crypto_lskcipher_alg(tfm)->co.statesize; 519 } 520 521 static inline unsigned int crypto_sync_skcipher_blocksize( 522 struct crypto_sync_skcipher *tfm) 523 { 524 return crypto_skcipher_blocksize(&tfm->base); 525 } 526 527 static inline unsigned int crypto_skcipher_alignmask( 528 struct crypto_skcipher *tfm) 529 { 530 return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm)); 531 } 532 533 static inline unsigned int crypto_lskcipher_alignmask( 534 struct crypto_lskcipher *tfm) 535 { 536 return crypto_tfm_alg_alignmask(crypto_lskcipher_tfm(tfm)); 537 } 538 539 static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm) 540 { 541 return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm)); 542 } 543 544 static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm, 545 u32 flags) 546 { 547 crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags); 548 } 549 550 static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm, 551 u32 flags) 552 { 553 crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags); 554 } 555 556 static inline u32 crypto_sync_skcipher_get_flags( 557 struct crypto_sync_skcipher *tfm) 558 { 559 return crypto_skcipher_get_flags(&tfm->base); 560 } 561 562 static inline void crypto_sync_skcipher_set_flags( 563 struct crypto_sync_skcipher *tfm, u32 flags) 564 { 565 crypto_skcipher_set_flags(&tfm->base, flags); 566 } 567 568 static inline void crypto_sync_skcipher_clear_flags( 569 struct crypto_sync_skcipher *tfm, u32 flags) 570 { 571 crypto_skcipher_clear_flags(&tfm->base, flags); 572 } 573 574 static inline u32 crypto_lskcipher_get_flags(struct crypto_lskcipher *tfm) 575 { 576 return crypto_tfm_get_flags(crypto_lskcipher_tfm(tfm)); 577 } 578 579 static inline void crypto_lskcipher_set_flags(struct crypto_lskcipher *tfm, 580 u32 flags) 581 { 582 crypto_tfm_set_flags(crypto_lskcipher_tfm(tfm), flags); 583 } 584 585 static inline void crypto_lskcipher_clear_flags(struct crypto_lskcipher *tfm, 586 u32 flags) 587 { 588 crypto_tfm_clear_flags(crypto_lskcipher_tfm(tfm), flags); 589 } 590 591 /** 592 * crypto_skcipher_setkey() - set key for cipher 593 * @tfm: cipher handle 594 * @key: buffer holding the key 595 * @keylen: length of the key in bytes 596 * 597 * The caller provided key is set for the skcipher referenced by the cipher 598 * handle. 599 * 600 * Note, the key length determines the cipher type. Many block ciphers implement 601 * different cipher modes depending on the key size, such as AES-128 vs AES-192 602 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 603 * is performed. 604 * 605 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 606 */ 607 int crypto_skcipher_setkey(struct crypto_skcipher *tfm, 608 const u8 *key, unsigned int keylen); 609 610 static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, 611 const u8 *key, unsigned int keylen) 612 { 613 return crypto_skcipher_setkey(&tfm->base, key, keylen); 614 } 615 616 /** 617 * crypto_lskcipher_setkey() - set key for cipher 618 * @tfm: cipher handle 619 * @key: buffer holding the key 620 * @keylen: length of the key in bytes 621 * 622 * The caller provided key is set for the lskcipher referenced by the cipher 623 * handle. 624 * 625 * Note, the key length determines the cipher type. Many block ciphers implement 626 * different cipher modes depending on the key size, such as AES-128 vs AES-192 627 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128 628 * is performed. 629 * 630 * Return: 0 if the setting of the key was successful; < 0 if an error occurred 631 */ 632 int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, 633 const u8 *key, unsigned int keylen); 634 635 static inline unsigned int crypto_skcipher_min_keysize( 636 struct crypto_skcipher *tfm) 637 { 638 return crypto_skcipher_alg_common(tfm)->min_keysize; 639 } 640 641 static inline unsigned int crypto_skcipher_max_keysize( 642 struct crypto_skcipher *tfm) 643 { 644 return crypto_skcipher_alg_common(tfm)->max_keysize; 645 } 646 647 static inline unsigned int crypto_lskcipher_min_keysize( 648 struct crypto_lskcipher *tfm) 649 { 650 return crypto_lskcipher_alg(tfm)->co.min_keysize; 651 } 652 653 static inline unsigned int crypto_lskcipher_max_keysize( 654 struct crypto_lskcipher *tfm) 655 { 656 return crypto_lskcipher_alg(tfm)->co.max_keysize; 657 } 658 659 /** 660 * crypto_skcipher_reqtfm() - obtain cipher handle from request 661 * @req: skcipher_request out of which the cipher handle is to be obtained 662 * 663 * Return the crypto_skcipher handle when furnishing an skcipher_request 664 * data structure. 665 * 666 * Return: crypto_skcipher handle 667 */ 668 static inline struct crypto_skcipher *crypto_skcipher_reqtfm( 669 struct skcipher_request *req) 670 { 671 return __crypto_skcipher_cast(req->base.tfm); 672 } 673 674 static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm( 675 struct skcipher_request *req) 676 { 677 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 678 679 return container_of(tfm, struct crypto_sync_skcipher, base); 680 } 681 682 /** 683 * crypto_skcipher_encrypt() - encrypt plaintext 684 * @req: reference to the skcipher_request handle that holds all information 685 * needed to perform the cipher operation 686 * 687 * Encrypt plaintext data using the skcipher_request handle. That data 688 * structure and how it is filled with data is discussed with the 689 * skcipher_request_* functions. 690 * 691 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 692 */ 693 int crypto_skcipher_encrypt(struct skcipher_request *req); 694 695 /** 696 * crypto_skcipher_decrypt() - decrypt ciphertext 697 * @req: reference to the skcipher_request handle that holds all information 698 * needed to perform the cipher operation 699 * 700 * Decrypt ciphertext data using the skcipher_request handle. That data 701 * structure and how it is filled with data is discussed with the 702 * skcipher_request_* functions. 703 * 704 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 705 */ 706 int crypto_skcipher_decrypt(struct skcipher_request *req); 707 708 /** 709 * crypto_skcipher_export() - export partial state 710 * @req: reference to the skcipher_request handle that holds all information 711 * needed to perform the operation 712 * @out: output buffer of sufficient size that can hold the state 713 * 714 * Export partial state of the transformation. This function dumps the 715 * entire state of the ongoing transformation into a provided block of 716 * data so it can be @import 'ed back later on. This is useful in case 717 * you want to save partial result of the transformation after 718 * processing certain amount of data and reload this partial result 719 * multiple times later on for multiple re-use. No data processing 720 * happens at this point. 721 * 722 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 723 */ 724 int crypto_skcipher_export(struct skcipher_request *req, void *out); 725 726 /** 727 * crypto_skcipher_import() - import partial state 728 * @req: reference to the skcipher_request handle that holds all information 729 * needed to perform the operation 730 * @in: buffer holding the state 731 * 732 * Import partial state of the transformation. This function loads the 733 * entire state of the ongoing transformation from a provided block of 734 * data so the transformation can continue from this point onward. No 735 * data processing happens at this point. 736 * 737 * Return: 0 if the cipher operation was successful; < 0 if an error occurred 738 */ 739 int crypto_skcipher_import(struct skcipher_request *req, const void *in); 740 741 /** 742 * crypto_lskcipher_encrypt() - encrypt plaintext 743 * @tfm: lskcipher handle 744 * @src: source buffer 745 * @dst: destination buffer 746 * @len: number of bytes to process 747 * @siv: IV + state for the cipher operation. The length of the IV must 748 * comply with the IV size defined by crypto_lskcipher_ivsize. The 749 * IV is then followed with a buffer with the length as specified by 750 * crypto_lskcipher_statesize. 751 * Encrypt plaintext data using the lskcipher handle. 752 * 753 * Return: >=0 if the cipher operation was successful, if positive 754 * then this many bytes have been left unprocessed; 755 * < 0 if an error occurred 756 */ 757 int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, 758 u8 *dst, unsigned len, u8 *siv); 759 760 /** 761 * crypto_lskcipher_decrypt() - decrypt ciphertext 762 * @tfm: lskcipher handle 763 * @src: source buffer 764 * @dst: destination buffer 765 * @len: number of bytes to process 766 * @siv: IV + state for the cipher operation. The length of the IV must 767 * comply with the IV size defined by crypto_lskcipher_ivsize. The 768 * IV is then followed with a buffer with the length as specified by 769 * crypto_lskcipher_statesize. 770 * 771 * Decrypt ciphertext data using the lskcipher handle. 772 * 773 * Return: >=0 if the cipher operation was successful, if positive 774 * then this many bytes have been left unprocessed; 775 * < 0 if an error occurred 776 */ 777 int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, 778 u8 *dst, unsigned len, u8 *siv); 779 780 /** 781 * DOC: Symmetric Key Cipher Request Handle 782 * 783 * The skcipher_request data structure contains all pointers to data 784 * required for the symmetric key cipher operation. This includes the cipher 785 * handle (which can be used by multiple skcipher_request instances), pointer 786 * to plaintext and ciphertext, asynchronous callback function, etc. It acts 787 * as a handle to the skcipher_request_* API calls in a similar way as 788 * skcipher handle to the crypto_skcipher_* API calls. 789 */ 790 791 /** 792 * crypto_skcipher_reqsize() - obtain size of the request data structure 793 * @tfm: cipher handle 794 * 795 * Return: number of bytes 796 */ 797 static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) 798 { 799 return tfm->reqsize; 800 } 801 802 /** 803 * skcipher_request_set_tfm() - update cipher handle reference in request 804 * @req: request handle to be modified 805 * @tfm: cipher handle that shall be added to the request handle 806 * 807 * Allow the caller to replace the existing skcipher handle in the request 808 * data structure with a different one. 809 */ 810 static inline void skcipher_request_set_tfm(struct skcipher_request *req, 811 struct crypto_skcipher *tfm) 812 { 813 req->base.tfm = crypto_skcipher_tfm(tfm); 814 } 815 816 static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req, 817 struct crypto_sync_skcipher *tfm) 818 { 819 skcipher_request_set_tfm(req, &tfm->base); 820 } 821 822 static inline struct skcipher_request *skcipher_request_cast( 823 struct crypto_async_request *req) 824 { 825 return container_of(req, struct skcipher_request, base); 826 } 827 828 /** 829 * skcipher_request_alloc() - allocate request data structure 830 * @tfm: cipher handle to be registered with the request 831 * @gfp: memory allocation flag that is handed to kmalloc by the API call. 832 * 833 * Allocate the request data structure that must be used with the skcipher 834 * encrypt and decrypt API calls. During the allocation, the provided skcipher 835 * handle is registered in the request data structure. 836 * 837 * Return: allocated request handle in case of success, or NULL if out of memory 838 */ 839 static inline struct skcipher_request *skcipher_request_alloc_noprof( 840 struct crypto_skcipher *tfm, gfp_t gfp) 841 { 842 struct skcipher_request *req; 843 844 req = kmalloc_noprof(sizeof(struct skcipher_request) + 845 crypto_skcipher_reqsize(tfm), gfp); 846 847 if (likely(req)) 848 skcipher_request_set_tfm(req, tfm); 849 850 return req; 851 } 852 #define skcipher_request_alloc(...) alloc_hooks(skcipher_request_alloc_noprof(__VA_ARGS__)) 853 854 /** 855 * skcipher_request_free() - zeroize and free request data structure 856 * @req: request data structure cipher handle to be freed 857 */ 858 static inline void skcipher_request_free(struct skcipher_request *req) 859 { 860 kfree_sensitive(req); 861 } 862 863 static inline void skcipher_request_zero(struct skcipher_request *req) 864 { 865 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 866 867 memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm)); 868 } 869 870 /** 871 * skcipher_request_set_callback() - set asynchronous callback function 872 * @req: request handle 873 * @flags: specify zero or an ORing of the flags 874 * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and 875 * increase the wait queue beyond the initial maximum size; 876 * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep 877 * @compl: callback function pointer to be registered with the request handle 878 * @data: The data pointer refers to memory that is not used by the kernel 879 * crypto API, but provided to the callback function for it to use. Here, 880 * the caller can provide a reference to memory the callback function can 881 * operate on. As the callback function is invoked asynchronously to the 882 * related functionality, it may need to access data structures of the 883 * related functionality which can be referenced using this pointer. The 884 * callback function can access the memory via the "data" field in the 885 * crypto_async_request data structure provided to the callback function. 886 * 887 * This function allows setting the callback function that is triggered once the 888 * cipher operation completes. 889 * 890 * The callback function is registered with the skcipher_request handle and 891 * must comply with the following template:: 892 * 893 * void callback_function(struct crypto_async_request *req, int error) 894 */ 895 static inline void skcipher_request_set_callback(struct skcipher_request *req, 896 u32 flags, 897 crypto_completion_t compl, 898 void *data) 899 { 900 req->base.complete = compl; 901 req->base.data = data; 902 req->base.flags = flags; 903 } 904 905 /** 906 * skcipher_request_set_crypt() - set data buffers 907 * @req: request handle 908 * @src: source scatter / gather list 909 * @dst: destination scatter / gather list 910 * @cryptlen: number of bytes to process from @src 911 * @iv: IV for the cipher operation which must comply with the IV size defined 912 * by crypto_skcipher_ivsize 913 * 914 * This function allows setting of the source data and destination data 915 * scatter / gather lists. 916 * 917 * For encryption, the source is treated as the plaintext and the 918 * destination is the ciphertext. For a decryption operation, the use is 919 * reversed - the source is the ciphertext and the destination is the plaintext. 920 */ 921 static inline void skcipher_request_set_crypt( 922 struct skcipher_request *req, 923 struct scatterlist *src, struct scatterlist *dst, 924 unsigned int cryptlen, void *iv) 925 { 926 req->src = src; 927 req->dst = dst; 928 req->cryptlen = cryptlen; 929 req->iv = iv; 930 } 931 932 #endif /* _CRYPTO_SKCIPHER_H */ 933 934