Root/
1 | /* XTS: as defined in IEEE1619/D16 |
2 | * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf |
3 | * (sector sizes which are not a multiple of 16 bytes are, |
4 | * however currently unsupported) |
5 | * |
6 | * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org> |
7 | * |
8 | * Based om ecb.c |
9 | * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au> |
10 | * |
11 | * This program is free software; you can redistribute it and/or modify it |
12 | * under the terms of the GNU General Public License as published by the Free |
13 | * Software Foundation; either version 2 of the License, or (at your option) |
14 | * any later version. |
15 | */ |
16 | #include <crypto/algapi.h> |
17 | #include <linux/err.h> |
18 | #include <linux/init.h> |
19 | #include <linux/kernel.h> |
20 | #include <linux/module.h> |
21 | #include <linux/scatterlist.h> |
22 | #include <linux/slab.h> |
23 | |
24 | #include <crypto/b128ops.h> |
25 | #include <crypto/gf128mul.h> |
26 | |
27 | struct priv { |
28 | struct crypto_cipher *child; |
29 | struct crypto_cipher *tweak; |
30 | }; |
31 | |
32 | static int setkey(struct crypto_tfm *parent, const u8 *key, |
33 | unsigned int keylen) |
34 | { |
35 | struct priv *ctx = crypto_tfm_ctx(parent); |
36 | struct crypto_cipher *child = ctx->tweak; |
37 | u32 *flags = &parent->crt_flags; |
38 | int err; |
39 | |
40 | /* key consists of keys of equal size concatenated, therefore |
41 | * the length must be even */ |
42 | if (keylen % 2) { |
43 | /* tell the user why there was an error */ |
44 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
45 | return -EINVAL; |
46 | } |
47 | |
48 | /* we need two cipher instances: one to compute the inital 'tweak' |
49 | * by encrypting the IV (usually the 'plain' iv) and the other |
50 | * one to encrypt and decrypt the data */ |
51 | |
52 | /* tweak cipher, uses Key2 i.e. the second half of *key */ |
53 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); |
54 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & |
55 | CRYPTO_TFM_REQ_MASK); |
56 | err = crypto_cipher_setkey(child, key + keylen/2, keylen/2); |
57 | if (err) |
58 | return err; |
59 | |
60 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & |
61 | CRYPTO_TFM_RES_MASK); |
62 | |
63 | child = ctx->child; |
64 | |
65 | /* data cipher, uses Key1 i.e. the first half of *key */ |
66 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); |
67 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & |
68 | CRYPTO_TFM_REQ_MASK); |
69 | err = crypto_cipher_setkey(child, key, keylen/2); |
70 | if (err) |
71 | return err; |
72 | |
73 | crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & |
74 | CRYPTO_TFM_RES_MASK); |
75 | |
76 | return 0; |
77 | } |
78 | |
79 | struct sinfo { |
80 | be128 *t; |
81 | struct crypto_tfm *tfm; |
82 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *); |
83 | }; |
84 | |
85 | static inline void xts_round(struct sinfo *s, void *dst, const void *src) |
86 | { |
87 | be128_xor(dst, s->t, src); /* PP <- T xor P */ |
88 | s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ |
89 | be128_xor(dst, dst, s->t); /* C <- T xor CC */ |
90 | } |
91 | |
92 | static int crypt(struct blkcipher_desc *d, |
93 | struct blkcipher_walk *w, struct priv *ctx, |
94 | void (*tw)(struct crypto_tfm *, u8 *, const u8 *), |
95 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *)) |
96 | { |
97 | int err; |
98 | unsigned int avail; |
99 | const int bs = crypto_cipher_blocksize(ctx->child); |
100 | struct sinfo s = { |
101 | .tfm = crypto_cipher_tfm(ctx->child), |
102 | .fn = fn |
103 | }; |
104 | u8 *wsrc; |
105 | u8 *wdst; |
106 | |
107 | err = blkcipher_walk_virt(d, w); |
108 | if (!w->nbytes) |
109 | return err; |
110 | |
111 | s.t = (be128 *)w->iv; |
112 | avail = w->nbytes; |
113 | |
114 | wsrc = w->src.virt.addr; |
115 | wdst = w->dst.virt.addr; |
116 | |
117 | /* calculate first value of T */ |
118 | tw(crypto_cipher_tfm(ctx->tweak), w->iv, w->iv); |
119 | |
120 | goto first; |
121 | |
122 | for (;;) { |
123 | do { |
124 | gf128mul_x_ble(s.t, s.t); |
125 | |
126 | first: |
127 | xts_round(&s, wdst, wsrc); |
128 | |
129 | wsrc += bs; |
130 | wdst += bs; |
131 | } while ((avail -= bs) >= bs); |
132 | |
133 | err = blkcipher_walk_done(d, w, avail); |
134 | if (!w->nbytes) |
135 | break; |
136 | |
137 | avail = w->nbytes; |
138 | |
139 | wsrc = w->src.virt.addr; |
140 | wdst = w->dst.virt.addr; |
141 | } |
142 | |
143 | return err; |
144 | } |
145 | |
146 | static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, |
147 | struct scatterlist *src, unsigned int nbytes) |
148 | { |
149 | struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); |
150 | struct blkcipher_walk w; |
151 | |
152 | blkcipher_walk_init(&w, dst, src, nbytes); |
153 | return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, |
154 | crypto_cipher_alg(ctx->child)->cia_encrypt); |
155 | } |
156 | |
157 | static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, |
158 | struct scatterlist *src, unsigned int nbytes) |
159 | { |
160 | struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); |
161 | struct blkcipher_walk w; |
162 | |
163 | blkcipher_walk_init(&w, dst, src, nbytes); |
164 | return crypt(desc, &w, ctx, crypto_cipher_alg(ctx->tweak)->cia_encrypt, |
165 | crypto_cipher_alg(ctx->child)->cia_decrypt); |
166 | } |
167 | |
168 | static int init_tfm(struct crypto_tfm *tfm) |
169 | { |
170 | struct crypto_cipher *cipher; |
171 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
172 | struct crypto_spawn *spawn = crypto_instance_ctx(inst); |
173 | struct priv *ctx = crypto_tfm_ctx(tfm); |
174 | u32 *flags = &tfm->crt_flags; |
175 | |
176 | cipher = crypto_spawn_cipher(spawn); |
177 | if (IS_ERR(cipher)) |
178 | return PTR_ERR(cipher); |
179 | |
180 | if (crypto_cipher_blocksize(cipher) != 16) { |
181 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; |
182 | crypto_free_cipher(cipher); |
183 | return -EINVAL; |
184 | } |
185 | |
186 | ctx->child = cipher; |
187 | |
188 | cipher = crypto_spawn_cipher(spawn); |
189 | if (IS_ERR(cipher)) { |
190 | crypto_free_cipher(ctx->child); |
191 | return PTR_ERR(cipher); |
192 | } |
193 | |
194 | /* this check isn't really needed, leave it here just in case */ |
195 | if (crypto_cipher_blocksize(cipher) != 16) { |
196 | crypto_free_cipher(cipher); |
197 | crypto_free_cipher(ctx->child); |
198 | *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; |
199 | return -EINVAL; |
200 | } |
201 | |
202 | ctx->tweak = cipher; |
203 | |
204 | return 0; |
205 | } |
206 | |
207 | static void exit_tfm(struct crypto_tfm *tfm) |
208 | { |
209 | struct priv *ctx = crypto_tfm_ctx(tfm); |
210 | crypto_free_cipher(ctx->child); |
211 | crypto_free_cipher(ctx->tweak); |
212 | } |
213 | |
214 | static struct crypto_instance *alloc(struct rtattr **tb) |
215 | { |
216 | struct crypto_instance *inst; |
217 | struct crypto_alg *alg; |
218 | int err; |
219 | |
220 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); |
221 | if (err) |
222 | return ERR_PTR(err); |
223 | |
224 | alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, |
225 | CRYPTO_ALG_TYPE_MASK); |
226 | if (IS_ERR(alg)) |
227 | return ERR_CAST(alg); |
228 | |
229 | inst = crypto_alloc_instance("xts", alg); |
230 | if (IS_ERR(inst)) |
231 | goto out_put_alg; |
232 | |
233 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; |
234 | inst->alg.cra_priority = alg->cra_priority; |
235 | inst->alg.cra_blocksize = alg->cra_blocksize; |
236 | |
237 | if (alg->cra_alignmask < 7) |
238 | inst->alg.cra_alignmask = 7; |
239 | else |
240 | inst->alg.cra_alignmask = alg->cra_alignmask; |
241 | |
242 | inst->alg.cra_type = &crypto_blkcipher_type; |
243 | |
244 | inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; |
245 | inst->alg.cra_blkcipher.min_keysize = |
246 | 2 * alg->cra_cipher.cia_min_keysize; |
247 | inst->alg.cra_blkcipher.max_keysize = |
248 | 2 * alg->cra_cipher.cia_max_keysize; |
249 | |
250 | inst->alg.cra_ctxsize = sizeof(struct priv); |
251 | |
252 | inst->alg.cra_init = init_tfm; |
253 | inst->alg.cra_exit = exit_tfm; |
254 | |
255 | inst->alg.cra_blkcipher.setkey = setkey; |
256 | inst->alg.cra_blkcipher.encrypt = encrypt; |
257 | inst->alg.cra_blkcipher.decrypt = decrypt; |
258 | |
259 | out_put_alg: |
260 | crypto_mod_put(alg); |
261 | return inst; |
262 | } |
263 | |
264 | static void free(struct crypto_instance *inst) |
265 | { |
266 | crypto_drop_spawn(crypto_instance_ctx(inst)); |
267 | kfree(inst); |
268 | } |
269 | |
270 | static struct crypto_template crypto_tmpl = { |
271 | .name = "xts", |
272 | .alloc = alloc, |
273 | .free = free, |
274 | .module = THIS_MODULE, |
275 | }; |
276 | |
277 | static int __init crypto_module_init(void) |
278 | { |
279 | return crypto_register_template(&crypto_tmpl); |
280 | } |
281 | |
282 | static void __exit crypto_module_exit(void) |
283 | { |
284 | crypto_unregister_template(&crypto_tmpl); |
285 | } |
286 | |
287 | module_init(crypto_module_init); |
288 | module_exit(crypto_module_exit); |
289 | |
290 | MODULE_LICENSE("GPL"); |
291 | MODULE_DESCRIPTION("XTS block cipher mode"); |
292 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9