include/crypto/skcipher.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * Symmetric key ciphers.
0004  *
0005  * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
0006  */
0007
0008 #ifndef _CRYPTO_SKCIPHER_H
0009 #define _CRYPTO_SKCIPHER_H
0010
0011 #include <linux/container_of.h>
0012 #include <linux/crypto.h>
0013 #include <linux/slab.h>
0014 #include <linux/string.h>
0015 #include <linux/types.h>
0016
0017 struct scatterlist;
0018
0019 /**
0020  *  struct skcipher_request - Symmetric key cipher request
0021  *  @cryptlen: Number of bytes to encrypt or decrypt
0022  *  @iv: Initialisation Vector
0023  *  @src: Source SG list
0024  *  @dst: Destination SG list
0025  *  @base: Underlying async request
0026  *  @__ctx: Start of private context data
0027  */
0028 struct skcipher_request {
0029     unsigned int cryptlen;
0030
0031     u8 *iv;
0032
0033     struct scatterlist *src;
0034     struct scatterlist *dst;
0035
0036     struct crypto_async_request base;
0037
0038     void *__ctx[] CRYPTO_MINALIGN_ATTR;
0039 };
0040
0041 struct crypto_skcipher {
0042     unsigned int reqsize;
0043
0044     struct crypto_tfm base;
0045 };
0046
0047 struct crypto_sync_skcipher {
0048     struct crypto_skcipher base;
0049 };
0050
0051 /**
0052  * struct skcipher_alg - symmetric key cipher definition
0053  * @min_keysize: Minimum key size supported by the transformation. This is the
0054  *       smallest key length supported by this transformation algorithm.
0055  *       This must be set to one of the pre-defined values as this is
0056  *       not hardware specific. Possible values for this field can be
0057  *       found via git grep "_MIN_KEY_SIZE" include/crypto/
0058  * @max_keysize: Maximum key size supported by the transformation. This is the
0059  *       largest key length supported by this transformation algorithm.
0060  *       This must be set to one of the pre-defined values as this is
0061  *       not hardware specific. Possible values for this field can be
0062  *       found via git grep "_MAX_KEY_SIZE" include/crypto/
0063  * @setkey: Set key for the transformation. This function is used to either
0064  *      program a supplied key into the hardware or store the key in the
0065  *      transformation context for programming it later. Note that this
0066  *      function does modify the transformation context. This function can
0067  *      be called multiple times during the existence of the transformation
0068  *      object, so one must make sure the key is properly reprogrammed into
0069  *      the hardware. This function is also responsible for checking the key
0070  *      length for validity. In case a software fallback was put in place in
0071  *      the @cra_init call, this function might need to use the fallback if
0072  *      the algorithm doesn't support all of the key sizes.
0073  * @encrypt: Encrypt a scatterlist of blocks. This function is used to encrypt
0074  *       the supplied scatterlist containing the blocks of data. The crypto
0075  *       API consumer is responsible for aligning the entries of the
0076  *       scatterlist properly and making sure the chunks are correctly
0077  *       sized. In case a software fallback was put in place in the
0078  *       @cra_init call, this function might need to use the fallback if
0079  *       the algorithm doesn't support all of the key sizes. In case the
0080  *       key was stored in transformation context, the key might need to be
0081  *       re-programmed into the hardware in this function. This function
0082  *       shall not modify the transformation context, as this function may
0083  *       be called in parallel with the same transformation object.
0084  * @decrypt: Decrypt a single block. This is a reverse counterpart to @encrypt
0085  *       and the conditions are exactly the same.
0086  * @init: Initialize the cryptographic transformation object. This function
0087  *    is used to initialize the cryptographic transformation object.
0088  *    This function is called only once at the instantiation time, right
0089  *    after the transformation context was allocated. In case the
0090  *    cryptographic hardware has some special requirements which need to
0091  *    be handled by software, this function shall check for the precise
0092  *    requirement of the transformation and put any software fallbacks
0093  *    in place.
0094  * @exit: Deinitialize the cryptographic transformation object. This is a
0095  *    counterpart to @init, used to remove various changes set in
0096  *    @init.
0097  * @ivsize: IV size applicable for transformation. The consumer must provide an
0098  *      IV of exactly that size to perform the encrypt or decrypt operation.
0099  * @chunksize: Equal to the block size except for stream ciphers such as
0100  *         CTR where it is set to the underlying block size.
0101  * @walksize: Equal to the chunk size except in cases where the algorithm is
0102  *        considerably more efficient if it can operate on multiple chunks
0103  *        in parallel. Should be a multiple of chunksize.
0104  * @base: Definition of a generic crypto algorithm.
0105  *
0106  * All fields except @ivsize are mandatory and must be filled.
0107  */
0108 struct skcipher_alg {
0109     int (*setkey)(struct crypto_skcipher *tfm, const u8 *key,
0110                   unsigned int keylen);
0111     int (*encrypt)(struct skcipher_request *req);
0112     int (*decrypt)(struct skcipher_request *req);
0113     int (*init)(struct crypto_skcipher *tfm);
0114     void (*exit)(struct crypto_skcipher *tfm);
0115
0116     unsigned int min_keysize;
0117     unsigned int max_keysize;
0118     unsigned int ivsize;
0119     unsigned int chunksize;
0120     unsigned int walksize;
0121
0122     struct crypto_alg base;
0123 };
0124
0125 #define MAX_SYNC_SKCIPHER_REQSIZE      384
0126 /*
0127  * This performs a type-check against the "tfm" argument to make sure
0128  * all users have the correct skcipher tfm for doing on-stack requests.
0129  */
0130 #define SYNC_SKCIPHER_REQUEST_ON_STACK(name, tfm) \
0131     char __##name##_desc[sizeof(struct skcipher_request) + \
0132                  MAX_SYNC_SKCIPHER_REQSIZE + \
0133                  (!(sizeof((struct crypto_sync_skcipher *)1 == \
0134                        (typeof(tfm))1))) \
0135                 ] CRYPTO_MINALIGN_ATTR; \
0136     struct skcipher_request *name = (void *)__##name##_desc
0137
0138 /**
0139  * DOC: Symmetric Key Cipher API
0140  *
0141  * Symmetric key cipher API is used with the ciphers of type
0142  * CRYPTO_ALG_TYPE_SKCIPHER (listed as type "skcipher" in /proc/crypto).
0143  *
0144  * Asynchronous cipher operations imply that the function invocation for a
0145  * cipher request returns immediately before the completion of the operation.
0146  * The cipher request is scheduled as a separate kernel thread and therefore
0147  * load-balanced on the different CPUs via the process scheduler. To allow
0148  * the kernel crypto API to inform the caller about the completion of a cipher
0149  * request, the caller must provide a callback function. That function is
0150  * invoked with the cipher handle when the request completes.
0151  *
0152  * To support the asynchronous operation, additional information than just the
0153  * cipher handle must be supplied to the kernel crypto API. That additional
0154  * information is given by filling in the skcipher_request data structure.
0155  *
0156  * For the symmetric key cipher API, the state is maintained with the tfm
0157  * cipher handle. A single tfm can be used across multiple calls and in
0158  * parallel. For asynchronous block cipher calls, context data supplied and
0159  * only used by the caller can be referenced the request data structure in
0160  * addition to the IV used for the cipher request. The maintenance of such
0161  * state information would be important for a crypto driver implementer to
0162  * have, because when calling the callback function upon completion of the
0163  * cipher operation, that callback function may need some information about
0164  * which operation just finished if it invoked multiple in parallel. This
0165  * state information is unused by the kernel crypto API.
0166  */
0167
0168 static inline struct crypto_skcipher *__crypto_skcipher_cast(
0169     struct crypto_tfm *tfm)
0170 {
0171     return container_of(tfm, struct crypto_skcipher, base);
0172 }
0173
0174 /**
0175  * crypto_alloc_skcipher() - allocate symmetric key cipher handle
0176  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
0177  *        skcipher cipher
0178  * @type: specifies the type of the cipher
0179  * @mask: specifies the mask for the cipher
0180  *
0181  * Allocate a cipher handle for an skcipher. The returned struct
0182  * crypto_skcipher is the cipher handle that is required for any subsequent
0183  * API invocation for that skcipher.
0184  *
0185  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
0186  *     of an error, PTR_ERR() returns the error code.
0187  */
0188 struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name,
0189                           u32 type, u32 mask);
0190
0191 struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name,
0192                           u32 type, u32 mask);
0193
0194 static inline struct crypto_tfm *crypto_skcipher_tfm(
0195     struct crypto_skcipher *tfm)
0196 {
0197     return &tfm->base;
0198 }
0199
0200 /**
0201  * crypto_free_skcipher() - zeroize and free cipher handle
0202  * @tfm: cipher handle to be freed
0203  *
0204  * If @tfm is a NULL or error pointer, this function does nothing.
0205  */
0206 static inline void crypto_free_skcipher(struct crypto_skcipher *tfm)
0207 {
0208     crypto_destroy_tfm(tfm, crypto_skcipher_tfm(tfm));
0209 }
0210
0211 static inline void crypto_free_sync_skcipher(struct crypto_sync_skcipher *tfm)
0212 {
0213     crypto_free_skcipher(&tfm->base);
0214 }
0215
0216 /**
0217  * crypto_has_skcipher() - Search for the availability of an skcipher.
0218  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
0219  *        skcipher
0220  * @type: specifies the type of the skcipher
0221  * @mask: specifies the mask for the skcipher
0222  *
0223  * Return: true when the skcipher is known to the kernel crypto API; false
0224  *     otherwise
0225  */
0226 int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask);
0227
0228 static inline const char *crypto_skcipher_driver_name(
0229     struct crypto_skcipher *tfm)
0230 {
0231     return crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
0232 }
0233
0234 static inline struct skcipher_alg *crypto_skcipher_alg(
0235     struct crypto_skcipher *tfm)
0236 {
0237     return container_of(crypto_skcipher_tfm(tfm)->__crt_alg,
0238                 struct skcipher_alg, base);
0239 }
0240
0241 static inline unsigned int crypto_skcipher_alg_ivsize(struct skcipher_alg *alg)
0242 {
0243     return alg->ivsize;
0244 }
0245
0246 /**
0247  * crypto_skcipher_ivsize() - obtain IV size
0248  * @tfm: cipher handle
0249  *
0250  * The size of the IV for the skcipher referenced by the cipher handle is
0251  * returned. This IV size may be zero if the cipher does not need an IV.
0252  *
0253  * Return: IV size in bytes
0254  */
0255 static inline unsigned int crypto_skcipher_ivsize(struct crypto_skcipher *tfm)
0256 {
0257     return crypto_skcipher_alg(tfm)->ivsize;
0258 }
0259
0260 static inline unsigned int crypto_sync_skcipher_ivsize(
0261     struct crypto_sync_skcipher *tfm)
0262 {
0263     return crypto_skcipher_ivsize(&tfm->base);
0264 }
0265
0266 /**
0267  * crypto_skcipher_blocksize() - obtain block size of cipher
0268  * @tfm: cipher handle
0269  *
0270  * The block size for the skcipher referenced with the cipher handle is
0271  * returned. The caller may use that information to allocate appropriate
0272  * memory for the data returned by the encryption or decryption operation
0273  *
0274  * Return: block size of cipher
0275  */
0276 static inline unsigned int crypto_skcipher_blocksize(
0277     struct crypto_skcipher *tfm)
0278 {
0279     return crypto_tfm_alg_blocksize(crypto_skcipher_tfm(tfm));
0280 }
0281
0282 static inline unsigned int crypto_skcipher_alg_chunksize(
0283     struct skcipher_alg *alg)
0284 {
0285     return alg->chunksize;
0286 }
0287
0288 /**
0289  * crypto_skcipher_chunksize() - obtain chunk size
0290  * @tfm: cipher handle
0291  *
0292  * The block size is set to one for ciphers such as CTR.  However,
0293  * you still need to provide incremental updates in multiples of
0294  * the underlying block size as the IV does not have sub-block
0295  * granularity.  This is known in this API as the chunk size.
0296  *
0297  * Return: chunk size in bytes
0298  */
0299 static inline unsigned int crypto_skcipher_chunksize(
0300     struct crypto_skcipher *tfm)
0301 {
0302     return crypto_skcipher_alg_chunksize(crypto_skcipher_alg(tfm));
0303 }
0304
0305 static inline unsigned int crypto_sync_skcipher_blocksize(
0306     struct crypto_sync_skcipher *tfm)
0307 {
0308     return crypto_skcipher_blocksize(&tfm->base);
0309 }
0310
0311 static inline unsigned int crypto_skcipher_alignmask(
0312     struct crypto_skcipher *tfm)
0313 {
0314     return crypto_tfm_alg_alignmask(crypto_skcipher_tfm(tfm));
0315 }
0316
0317 static inline u32 crypto_skcipher_get_flags(struct crypto_skcipher *tfm)
0318 {
0319     return crypto_tfm_get_flags(crypto_skcipher_tfm(tfm));
0320 }
0321
0322 static inline void crypto_skcipher_set_flags(struct crypto_skcipher *tfm,
0323                            u32 flags)
0324 {
0325     crypto_tfm_set_flags(crypto_skcipher_tfm(tfm), flags);
0326 }
0327
0328 static inline void crypto_skcipher_clear_flags(struct crypto_skcipher *tfm,
0329                          u32 flags)
0330 {
0331     crypto_tfm_clear_flags(crypto_skcipher_tfm(tfm), flags);
0332 }
0333
0334 static inline u32 crypto_sync_skcipher_get_flags(
0335     struct crypto_sync_skcipher *tfm)
0336 {
0337     return crypto_skcipher_get_flags(&tfm->base);
0338 }
0339
0340 static inline void crypto_sync_skcipher_set_flags(
0341     struct crypto_sync_skcipher *tfm, u32 flags)
0342 {
0343     crypto_skcipher_set_flags(&tfm->base, flags);
0344 }
0345
0346 static inline void crypto_sync_skcipher_clear_flags(
0347     struct crypto_sync_skcipher *tfm, u32 flags)
0348 {
0349     crypto_skcipher_clear_flags(&tfm->base, flags);
0350 }
0351
0352 /**
0353  * crypto_skcipher_setkey() - set key for cipher
0354  * @tfm: cipher handle
0355  * @key: buffer holding the key
0356  * @keylen: length of the key in bytes
0357  *
0358  * The caller provided key is set for the skcipher referenced by the cipher
0359  * handle.
0360  *
0361  * Note, the key length determines the cipher type. Many block ciphers implement
0362  * different cipher modes depending on the key size, such as AES-128 vs AES-192
0363  * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
0364  * is performed.
0365  *
0366  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
0367  */
0368 int crypto_skcipher_setkey(struct crypto_skcipher *tfm,
0369                const u8 *key, unsigned int keylen);
0370
0371 static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm,
0372                      const u8 *key, unsigned int keylen)
0373 {
0374     return crypto_skcipher_setkey(&tfm->base, key, keylen);
0375 }
0376
0377 static inline unsigned int crypto_skcipher_min_keysize(
0378     struct crypto_skcipher *tfm)
0379 {
0380     return crypto_skcipher_alg(tfm)->min_keysize;
0381 }
0382
0383 static inline unsigned int crypto_skcipher_max_keysize(
0384     struct crypto_skcipher *tfm)
0385 {
0386     return crypto_skcipher_alg(tfm)->max_keysize;
0387 }
0388
0389 /**
0390  * crypto_skcipher_reqtfm() - obtain cipher handle from request
0391  * @req: skcipher_request out of which the cipher handle is to be obtained
0392  *
0393  * Return the crypto_skcipher handle when furnishing an skcipher_request
0394  * data structure.
0395  *
0396  * Return: crypto_skcipher handle
0397  */
0398 static inline struct crypto_skcipher *crypto_skcipher_reqtfm(
0399     struct skcipher_request *req)
0400 {
0401     return __crypto_skcipher_cast(req->base.tfm);
0402 }
0403
0404 static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm(
0405     struct skcipher_request *req)
0406 {
0407     struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
0408
0409     return container_of(tfm, struct crypto_sync_skcipher, base);
0410 }
0411
0412 /**
0413  * crypto_skcipher_encrypt() - encrypt plaintext
0414  * @req: reference to the skcipher_request handle that holds all information
0415  *   needed to perform the cipher operation
0416  *
0417  * Encrypt plaintext data using the skcipher_request handle. That data
0418  * structure and how it is filled with data is discussed with the
0419  * skcipher_request_* functions.
0420  *
0421  * Return: 0 if the cipher operation was successful; < 0 if an error occurred
0422  */
0423 int crypto_skcipher_encrypt(struct skcipher_request *req);
0424
0425 /**
0426  * crypto_skcipher_decrypt() - decrypt ciphertext
0427  * @req: reference to the skcipher_request handle that holds all information
0428  *   needed to perform the cipher operation
0429  *
0430  * Decrypt ciphertext data using the skcipher_request handle. That data
0431  * structure and how it is filled with data is discussed with the
0432  * skcipher_request_* functions.
0433  *
0434  * Return: 0 if the cipher operation was successful; < 0 if an error occurred
0435  */
0436 int crypto_skcipher_decrypt(struct skcipher_request *req);
0437
0438 /**
0439  * DOC: Symmetric Key Cipher Request Handle
0440  *
0441  * The skcipher_request data structure contains all pointers to data
0442  * required for the symmetric key cipher operation. This includes the cipher
0443  * handle (which can be used by multiple skcipher_request instances), pointer
0444  * to plaintext and ciphertext, asynchronous callback function, etc. It acts
0445  * as a handle to the skcipher_request_* API calls in a similar way as
0446  * skcipher handle to the crypto_skcipher_* API calls.
0447  */
0448
0449 /**
0450  * crypto_skcipher_reqsize() - obtain size of the request data structure
0451  * @tfm: cipher handle
0452  *
0453  * Return: number of bytes
0454  */
0455 static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm)
0456 {
0457     return tfm->reqsize;
0458 }
0459
0460 /**
0461  * skcipher_request_set_tfm() - update cipher handle reference in request
0462  * @req: request handle to be modified
0463  * @tfm: cipher handle that shall be added to the request handle
0464  *
0465  * Allow the caller to replace the existing skcipher handle in the request
0466  * data structure with a different one.
0467  */
0468 static inline void skcipher_request_set_tfm(struct skcipher_request *req,
0469                         struct crypto_skcipher *tfm)
0470 {
0471     req->base.tfm = crypto_skcipher_tfm(tfm);
0472 }
0473
0474 static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req,
0475                         struct crypto_sync_skcipher *tfm)
0476 {
0477     skcipher_request_set_tfm(req, &tfm->base);
0478 }
0479
0480 static inline struct skcipher_request *skcipher_request_cast(
0481     struct crypto_async_request *req)
0482 {
0483     return container_of(req, struct skcipher_request, base);
0484 }
0485
0486 /**
0487  * skcipher_request_alloc() - allocate request data structure
0488  * @tfm: cipher handle to be registered with the request
0489  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
0490  *
0491  * Allocate the request data structure that must be used with the skcipher
0492  * encrypt and decrypt API calls. During the allocation, the provided skcipher
0493  * handle is registered in the request data structure.
0494  *
0495  * Return: allocated request handle in case of success, or NULL if out of memory
0496  */
0497 static inline struct skcipher_request *skcipher_request_alloc(
0498     struct crypto_skcipher *tfm, gfp_t gfp)
0499 {
0500     struct skcipher_request *req;
0501
0502     req = kmalloc(sizeof(struct skcipher_request) +
0503               crypto_skcipher_reqsize(tfm), gfp);
0504
0505     if (likely(req))
0506         skcipher_request_set_tfm(req, tfm);
0507
0508     return req;
0509 }
0510
0511 /**
0512  * skcipher_request_free() - zeroize and free request data structure
0513  * @req: request data structure cipher handle to be freed
0514  */
0515 static inline void skcipher_request_free(struct skcipher_request *req)
0516 {
0517     kfree_sensitive(req);
0518 }
0519
0520 static inline void skcipher_request_zero(struct skcipher_request *req)
0521 {
0522     struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
0523
0524     memzero_explicit(req, sizeof(*req) + crypto_skcipher_reqsize(tfm));
0525 }
0526
0527 /**
0528  * skcipher_request_set_callback() - set asynchronous callback function
0529  * @req: request handle
0530  * @flags: specify zero or an ORing of the flags
0531  *     CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
0532  *     increase the wait queue beyond the initial maximum size;
0533  *     CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
0534  * @compl: callback function pointer to be registered with the request handle
0535  * @data: The data pointer refers to memory that is not used by the kernel
0536  *    crypto API, but provided to the callback function for it to use. Here,
0537  *    the caller can provide a reference to memory the callback function can
0538  *    operate on. As the callback function is invoked asynchronously to the
0539  *    related functionality, it may need to access data structures of the
0540  *    related functionality which can be referenced using this pointer. The
0541  *    callback function can access the memory via the "data" field in the
0542  *    crypto_async_request data structure provided to the callback function.
0543  *
0544  * This function allows setting the callback function that is triggered once the
0545  * cipher operation completes.
0546  *
0547  * The callback function is registered with the skcipher_request handle and
0548  * must comply with the following template::
0549  *
0550  *  void callback_function(struct crypto_async_request *req, int error)
0551  */
0552 static inline void skcipher_request_set_callback(struct skcipher_request *req,
0553                          u32 flags,
0554                          crypto_completion_t compl,
0555                          void *data)
0556 {
0557     req->base.complete = compl;
0558     req->base.data = data;
0559     req->base.flags = flags;
0560 }
0561
0562 /**
0563  * skcipher_request_set_crypt() - set data buffers
0564  * @req: request handle
0565  * @src: source scatter / gather list
0566  * @dst: destination scatter / gather list
0567  * @cryptlen: number of bytes to process from @src
0568  * @iv: IV for the cipher operation which must comply with the IV size defined
0569  *      by crypto_skcipher_ivsize
0570  *
0571  * This function allows setting of the source data and destination data
0572  * scatter / gather lists.
0573  *
0574  * For encryption, the source is treated as the plaintext and the
0575  * destination is the ciphertext. For a decryption operation, the use is
0576  * reversed - the source is the ciphertext and the destination is the plaintext.
0577  */
0578 static inline void skcipher_request_set_crypt(
0579     struct skcipher_request *req,
0580     struct scatterlist *src, struct scatterlist *dst,
0581     unsigned int cryptlen, void *iv)
0582 {
0583     req->src = src;
0584     req->dst = dst;
0585     req->cryptlen = cryptlen;
0586     req->iv = iv;
0587 }
0588
0589 #endif  /* _CRYPTO_SKCIPHER_H */
0590