From ea58a6ccc85f51003477b15d9e61e56aeaffd376 Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Thu, 8 Aug 2019 15:26:50 +0800 Subject: [PATCH] dm-crypt: Add IV generation templates hulk inclusion category: feature bugzilla: 20209 CVE: NA --------------------------- Currently, the IV generation algorithms are implemented in crypt layer. This patch implements these algorithms as templates, so that dm-crypt layer can be simplified, and also these algorithms can be implemented in hardware for performance. This patch is based on the patchset originally started by Binoy Jayan ( crypto: Add IV generation algorithms https://patchwork.kernel.org/patch/9803469/ ) Signed-off-by: Binoy Jayan Signed-off-by: Xiongfeng Wang Reviewed-by: ZhangXiaoxu Signed-off-by: Yang Yingliang --- drivers/md/dm-crypt.c | 1925 +++++++++++++++++++++++++++++++++++----- include/crypto/geniv.h | 42 + 2 files changed, 1750 insertions(+), 217 deletions(-) create mode 100644 include/crypto/geniv.h diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index f3dcc7640319..3e758ae65fe1 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -33,13 +33,60 @@ #include #include #include +#include +#include +#include #include /* for struct rtattr and RTA macros only */ #include - +#include #include +#include #define DM_MSG_PREFIX "crypt" +struct geniv_ctx; +struct geniv_req_ctx; + +/* Sub request for each of the skcipher_request's for a segment */ +struct geniv_subreq { + struct scatterlist sg_in[4]; + struct scatterlist sg_out[4]; + sector_t iv_sector; + struct geniv_req_ctx *rctx; + union { + struct skcipher_request req; + struct aead_request req_aead; + } r CRYPTO_MINALIGN_ATTR; +}; + +/* used to iter the src scatterlist of the input parent request */ +struct scatterlist_iter { + /* current segment to be processed */ + unsigned int seg_no; + /* bytes had been processed in current segment */ + unsigned int done; + /* bytes to be processed in the next request */ + unsigned int len; +}; + +/* contex of the input parent request */ +struct geniv_req_ctx { + struct geniv_subreq *subreq; + bool is_write; + bool is_aead_request; + sector_t cc_sector; + /* array size of src scatterlist of parent request */ + unsigned int nents; + struct scatterlist_iter iter; + struct completion restart; + atomic_t req_pending; + u8 *integrity_metadata; + /* point to the input parent request */ + union { + struct skcipher_request *req; + struct aead_request *req_aead; + } r; +}; /* * context holding the current state of a multi-part conversion */ @@ -98,6 +145,19 @@ struct crypt_iv_operations { struct dm_crypt_request *dmreq); }; +struct crypt_geniv_operations { + int (*ctr)(struct geniv_ctx *ctx); + void (*dtr)(struct geniv_ctx *ctx); + int (*init)(struct geniv_ctx *ctx); + int (*wipe)(struct geniv_ctx *ctx); + int (*generator)(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + struct geniv_subreq *subreq, u8 *iv); + int (*post)(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + struct geniv_subreq *subreq, u8 *iv); +}; + struct iv_essiv_private { struct crypto_shash *hash_tfm; u8 *salt; @@ -220,6 +280,7 @@ struct crypt_config { #define MIN_IOS 64 #define MAX_TAG_SIZE 480 #define POOL_ENTRY_SIZE 512 +#define SECTOR_MASK ((1 << SECTOR_SHIFT) - 1) static DEFINE_SPINLOCK(dm_crypt_clients_lock); static unsigned dm_crypt_clients_n = 0; @@ -245,6 +306,55 @@ static struct crypto_aead *any_tfm_aead(struct crypt_config *cc) return cc->cipher_tfm.tfms_aead[0]; } +/* context of geniv tfm */ +struct geniv_ctx { + unsigned int tfms_count; + union { + struct crypto_skcipher *tfm; + struct crypto_aead *tfm_aead; + } tfm_child; + union { + struct crypto_skcipher **tfms; + struct crypto_aead **tfms_aead; + } tfms; + + char *ivmode; + unsigned int iv_size; + unsigned int iv_start; + unsigned int rctx_start; + sector_t iv_offset; + unsigned short int sector_size; + unsigned char sector_shift; + char *algname; + char *ivopts; + char *cipher; + char *ciphermode; + unsigned long cipher_flags; + + const struct crypt_geniv_operations *iv_gen_ops; + union { + struct iv_essiv_private essiv; + struct iv_benbi_private benbi; + struct iv_lmk_private lmk; + struct iv_tcw_private tcw; + } iv_gen_private; + void *iv_private; + + mempool_t *subreq_pool; + unsigned int key_size; + unsigned int key_parts; /* independent parts in key buffer */ + unsigned int key_extra_size; /* additional keys length */ + unsigned int key_mac_size; + + unsigned int integrity_tag_size; + unsigned int integrity_iv_size; + unsigned int on_disk_tag_size; + + char *msg; + u8 *authenc_key; /* space for keys in authenc() format (if used) */ + u8 *key; +}; + /* * Different IV generation algorithms: * @@ -644,256 +754,1656 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv, return 0; } -static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) +static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + struct scatterlist *sg; + u8 *src; + int r = 0; + + if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) { + sg = crypt_get_sg_data(cc, dmreq->sg_in); + src = kmap_atomic(sg_page(sg)); + r = crypt_iv_lmk_one(cc, iv, dmreq, src + sg->offset); + kunmap_atomic(src); + } else + memset(iv, 0, cc->iv_size); + + return r; +} + +static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + struct scatterlist *sg; + u8 *dst; + int r; + + if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) + return 0; + + sg = crypt_get_sg_data(cc, dmreq->sg_out); + dst = kmap_atomic(sg_page(sg)); + r = crypt_iv_lmk_one(cc, iv, dmreq, dst + sg->offset); + + /* Tweak the first block of plaintext sector */ + if (!r) + crypto_xor(dst + sg->offset, iv, cc->iv_size); + + kunmap_atomic(dst); + return r; +} + +static void crypt_iv_tcw_dtr(struct crypt_config *cc) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + + kzfree(tcw->iv_seed); + tcw->iv_seed = NULL; + kzfree(tcw->whitening); + tcw->whitening = NULL; + + if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm)) + crypto_free_shash(tcw->crc32_tfm); + tcw->crc32_tfm = NULL; +} + +static int crypt_iv_tcw_ctr(struct crypt_config *cc, struct dm_target *ti, + const char *opts) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + + if (cc->sector_size != (1 << SECTOR_SHIFT)) { + ti->error = "Unsupported sector size for TCW"; + return -EINVAL; + } + + if (cc->key_size <= (cc->iv_size + TCW_WHITENING_SIZE)) { + ti->error = "Wrong key size for TCW"; + return -EINVAL; + } + + tcw->crc32_tfm = crypto_alloc_shash("crc32", 0, 0); + if (IS_ERR(tcw->crc32_tfm)) { + ti->error = "Error initializing CRC32 in TCW"; + return PTR_ERR(tcw->crc32_tfm); + } + + tcw->iv_seed = kzalloc(cc->iv_size, GFP_KERNEL); + tcw->whitening = kzalloc(TCW_WHITENING_SIZE, GFP_KERNEL); + if (!tcw->iv_seed || !tcw->whitening) { + crypt_iv_tcw_dtr(cc); + ti->error = "Error allocating seed storage in TCW"; + return -ENOMEM; + } + + return 0; +} + +static int crypt_iv_tcw_init(struct crypt_config *cc) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE; + + memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size); + memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size], + TCW_WHITENING_SIZE); + + return 0; +} + +static int crypt_iv_tcw_wipe(struct crypt_config *cc) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + + memset(tcw->iv_seed, 0, cc->iv_size); + memset(tcw->whitening, 0, TCW_WHITENING_SIZE); + + return 0; +} + +static int crypt_iv_tcw_whitening(struct crypt_config *cc, + struct dm_crypt_request *dmreq, + u8 *data) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + __le64 sector = cpu_to_le64(dmreq->iv_sector); + u8 buf[TCW_WHITENING_SIZE]; + SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm); + int i, r; + + /* xor whitening with sector number */ + crypto_xor_cpy(buf, tcw->whitening, (u8 *)§or, 8); + crypto_xor_cpy(&buf[8], tcw->whitening + 8, (u8 *)§or, 8); + + /* calculate crc32 for every 32bit part and xor it */ + desc->tfm = tcw->crc32_tfm; + desc->flags = 0; + for (i = 0; i < 4; i++) { + r = crypto_shash_init(desc); + if (r) + goto out; + r = crypto_shash_update(desc, &buf[i * 4], 4); + if (r) + goto out; + r = crypto_shash_final(desc, &buf[i * 4]); + if (r) + goto out; + } + crypto_xor(&buf[0], &buf[12], 4); + crypto_xor(&buf[4], &buf[8], 4); + + /* apply whitening (8 bytes) to whole sector */ + for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) + crypto_xor(data + i * 8, buf, 8); +out: + memzero_explicit(buf, sizeof(buf)); + return r; +} + +static int crypt_iv_tcw_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + struct scatterlist *sg; + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + __le64 sector = cpu_to_le64(dmreq->iv_sector); + u8 *src; + int r = 0; + + /* Remove whitening from ciphertext */ + if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) { + sg = crypt_get_sg_data(cc, dmreq->sg_in); + src = kmap_atomic(sg_page(sg)); + r = crypt_iv_tcw_whitening(cc, dmreq, src + sg->offset); + kunmap_atomic(src); + } + + /* Calculate IV */ + crypto_xor_cpy(iv, tcw->iv_seed, (u8 *)§or, 8); + if (cc->iv_size > 8) + crypto_xor_cpy(&iv[8], tcw->iv_seed + 8, (u8 *)§or, + cc->iv_size - 8); + + return r; +} + +static int crypt_iv_tcw_post(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + struct scatterlist *sg; + u8 *dst; + int r; + + if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) + return 0; + + /* Apply whitening on ciphertext */ + sg = crypt_get_sg_data(cc, dmreq->sg_out); + dst = kmap_atomic(sg_page(sg)); + r = crypt_iv_tcw_whitening(cc, dmreq, dst + sg->offset); + kunmap_atomic(dst); + + return r; +} + +static int crypt_iv_random_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + /* Used only for writes, there must be an additional space to store IV */ + get_random_bytes(iv, cc->iv_size); + return 0; +} + +static const struct crypt_iv_operations crypt_iv_plain_ops = { + .generator = crypt_iv_plain_gen +}; + +static const struct crypt_iv_operations crypt_iv_plain64_ops = { + .generator = crypt_iv_plain64_gen +}; + +static const struct crypt_iv_operations crypt_iv_plain64be_ops = { + .generator = crypt_iv_plain64be_gen +}; + +static const struct crypt_iv_operations crypt_iv_essiv_ops = { + .ctr = crypt_iv_essiv_ctr, + .dtr = crypt_iv_essiv_dtr, + .init = crypt_iv_essiv_init, + .wipe = crypt_iv_essiv_wipe, + .generator = crypt_iv_essiv_gen +}; + +static const struct crypt_iv_operations crypt_iv_benbi_ops = { + .ctr = crypt_iv_benbi_ctr, + .dtr = crypt_iv_benbi_dtr, + .generator = crypt_iv_benbi_gen +}; + +static const struct crypt_iv_operations crypt_iv_null_ops = { + .generator = crypt_iv_null_gen +}; + +static const struct crypt_iv_operations crypt_iv_lmk_ops = { + .ctr = crypt_iv_lmk_ctr, + .dtr = crypt_iv_lmk_dtr, + .init = crypt_iv_lmk_init, + .wipe = crypt_iv_lmk_wipe, + .generator = crypt_iv_lmk_gen, + .post = crypt_iv_lmk_post +}; + +static const struct crypt_iv_operations crypt_iv_tcw_ops = { + .ctr = crypt_iv_tcw_ctr, + .dtr = crypt_iv_tcw_dtr, + .init = crypt_iv_tcw_init, + .wipe = crypt_iv_tcw_wipe, + .generator = crypt_iv_tcw_gen, + .post = crypt_iv_tcw_post +}; + +static struct crypt_iv_operations crypt_iv_random_ops = { + .generator = crypt_iv_random_gen +}; + + +static bool geniv_integrity_aead(struct geniv_ctx *ctx) +{ + return test_bit(CRYPT_MODE_INTEGRITY_AEAD, &ctx->cipher_flags); +} + +static bool geniv_integrity_hmac(struct geniv_ctx *ctx) +{ + return geniv_integrity_aead(ctx) && ctx->key_mac_size; +} + +static struct geniv_req_ctx *geniv_skcipher_req_ctx(struct skcipher_request *req) +{ + return (void *)PTR_ALIGN((u8 *)skcipher_request_ctx(req), __alignof__(struct geniv_req_ctx)); +} + +static struct geniv_req_ctx *geniv_aead_req_ctx(struct aead_request *req) +{ + return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), __alignof__(struct geniv_req_ctx)); +} + +static u8 *iv_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + if (geniv_integrity_aead(ctx)) + return (u8 *)ALIGN((unsigned long)((char *)subreq + ctx->iv_start), + crypto_aead_alignmask(crypto_aead_reqtfm(subreq->rctx->r.req_aead)) + 1); + else + return (u8 *)ALIGN((unsigned long)((char *)subreq + ctx->iv_start), + crypto_skcipher_alignmask(crypto_skcipher_reqtfm(subreq->rctx->r.req)) + 1); +} + +static const struct crypt_geniv_operations crypt_geniv_plain_ops; +static const struct crypt_geniv_operations crypt_geniv_plain64_ops; +static const struct crypt_geniv_operations crypt_geniv_essiv_ops; +static const struct crypt_geniv_operations crypt_geniv_benbi_ops; +static const struct crypt_geniv_operations crypt_geniv_null_ops; +static const struct crypt_geniv_operations crypt_geniv_lmk_ops; +static const struct crypt_geniv_operations crypt_geniv_tcw_ops; +static const struct crypt_geniv_operations crypt_geniv_random_ops; + +static int geniv_init_iv(struct geniv_ctx *ctx) +{ + int ret; + + DMDEBUG("IV Generation algorithm : %s\n", ctx->ivmode); + + if (ctx->ivmode == NULL) + ctx->iv_gen_ops = NULL; + else if (strcmp(ctx->ivmode, "plain") == 0) + ctx->iv_gen_ops = &crypt_geniv_plain_ops; + else if (strcmp(ctx->ivmode, "plain64") == 0) + ctx->iv_gen_ops = &crypt_geniv_plain64_ops; + else if (strcmp(ctx->ivmode, "essiv") == 0) + ctx->iv_gen_ops = &crypt_geniv_essiv_ops; + else if (strcmp(ctx->ivmode, "benbi") == 0) + ctx->iv_gen_ops = &crypt_geniv_benbi_ops; + else if (strcmp(ctx->ivmode, "null") == 0) + ctx->iv_gen_ops = &crypt_geniv_null_ops; + else if (strcmp(ctx->ivmode, "lmk") == 0) { + ctx->iv_gen_ops = &crypt_geniv_lmk_ops; + /* + * Version 2 and 3 is recognised according + * to length of provided multi-key string. + * If present (version 3), last key is used as IV seed. + * All keys (including IV seed) are always the same size. + */ + if (ctx->key_size % ctx->key_parts) { + ctx->key_parts++; + ctx->key_extra_size = ctx->key_size / ctx->key_parts; + } + } else if (strcmp(ctx->ivmode, "tcw") == 0) { + ctx->iv_gen_ops = &crypt_geniv_tcw_ops; + ctx->key_parts += 2; /* IV + whitening */ + ctx->key_extra_size = ctx->iv_size + TCW_WHITENING_SIZE; + } else if (strcmp(ctx->ivmode, "random") == 0) { + ctx->iv_gen_ops = &crypt_geniv_random_ops; + /* Need storage space in integrity fields. */ + ctx->integrity_iv_size = ctx->iv_size; + } else { + DMERR("Invalid IV mode %s\n", ctx->ivmode); + return -EINVAL; + } + + /* Allocate IV */ + if (ctx->iv_gen_ops && ctx->iv_gen_ops->ctr) { + ret = ctx->iv_gen_ops->ctr(ctx); + if (ret < 0) { + DMERR("Error creating IV for %s\n", ctx->ivmode); + return ret; + } + } + + /* Initialize IV (set keys for ESSIV etc) */ + if (ctx->iv_gen_ops && ctx->iv_gen_ops->init) { + ret = ctx->iv_gen_ops->init(ctx); + if (ret < 0) { + DMERR("Error creating IV for %s\n", ctx->ivmode); + return ret; + } + } + + return 0; +} + +static void geniv_free_tfms_aead(struct geniv_ctx *ctx) +{ + if (!ctx->tfms.tfms_aead) + return; + + if (ctx->tfms.tfms_aead[0] && IS_ERR(ctx->tfms.tfms_aead[0])) { + crypto_free_aead(ctx->tfms.tfms_aead[0]); + ctx->tfms.tfms_aead[0] = NULL; + } + + kfree(ctx->tfms.tfms_aead); + ctx->tfms.tfms_aead = NULL; +} + +static void geniv_free_tfms_skcipher(struct geniv_ctx *ctx) +{ + unsigned int i; + + if (!ctx->tfms.tfms) + return; + + for (i = 0; i < ctx->tfms_count; i++) + if (ctx->tfms.tfms[i] && IS_ERR(ctx->tfms.tfms[i])) { + crypto_free_skcipher(ctx->tfms.tfms[i]); + ctx->tfms.tfms[i] = NULL; + } + + kfree(ctx->tfms.tfms); + ctx->tfms.tfms = NULL; +} + +static void geniv_free_tfms(struct geniv_ctx *ctx) +{ + if (geniv_integrity_aead(ctx)) + geniv_free_tfms_aead(ctx); + else + geniv_free_tfms_skcipher(ctx); +} + +static int geniv_alloc_tfms_aead(struct crypto_aead *parent, + struct geniv_ctx *ctx) +{ + unsigned int reqsize, align; + + ctx->tfms.tfms_aead = kcalloc(1, sizeof(struct crypto_aead *), + GFP_KERNEL); + if (!ctx->tfms.tfms_aead) + return -ENOMEM; + + /* First instance is already allocated in geniv_init_tfm */ + ctx->tfms.tfms_aead[0] = ctx->tfm_child.tfm_aead; + + /* Setup the current cipher's request structure */ + align = crypto_aead_alignmask(parent); + align &= ~(crypto_tfm_ctx_alignment() - 1); + reqsize = align + sizeof(struct geniv_req_ctx) + + crypto_aead_reqsize(ctx->tfms.tfms_aead[0]); + + crypto_aead_set_reqsize(parent, reqsize); + + return 0; +} + +/* + * Allocate memory for the underlying cipher algorithm. Ex: cbc(aes) + */ +static int geniv_alloc_tfms_skcipher(struct crypto_skcipher *parent, + struct geniv_ctx *ctx) +{ + unsigned int i, reqsize, align, err; + + ctx->tfms.tfms = kcalloc(ctx->tfms_count, sizeof(struct crypto_skcipher *), + GFP_KERNEL); + if (!ctx->tfms.tfms) + return -ENOMEM; + + /* First instance is already allocated in geniv_init_tfm */ + ctx->tfms.tfms[0] = ctx->tfm_child.tfm; + for (i = 1; i < ctx->tfms_count; i++) { + ctx->tfms.tfms[i] = crypto_alloc_skcipher(ctx->ciphermode, 0, 0); + if (IS_ERR(ctx->tfms.tfms[i])) { + err = PTR_ERR(ctx->tfms.tfms[i]); + geniv_free_tfms(ctx); + return err; + } + + /* Setup the current cipher's request structure */ + align = crypto_skcipher_alignmask(parent); + align &= ~(crypto_tfm_ctx_alignment() - 1); + reqsize = align + sizeof(struct geniv_req_ctx) + + crypto_skcipher_reqsize(ctx->tfms.tfms[i]); + + crypto_skcipher_set_reqsize(parent, reqsize); + } + + return 0; +} + +static unsigned int geniv_authenckey_size(struct geniv_ctx *ctx) +{ + return ctx->key_size - ctx->key_extra_size + + RTA_SPACE(sizeof(struct crypto_authenc_key_param)); +} + +/* + * Initialize the cipher's context with the key, ivmode and other parameters. + * Also allocate IV generation template ciphers and initialize them. + */ +static int geniv_setkey_init(void *parent, struct geniv_key_info *info) +{ + struct geniv_ctx *ctx; + int ret; + + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) + ctx = crypto_aead_ctx((struct crypto_aead *)parent); + else + ctx = crypto_skcipher_ctx((struct crypto_skcipher *)parent); + + ctx->tfms_count = info->tfms_count; + ctx->key = info->key; + ctx->cipher_flags = info->cipher_flags; + ctx->ivopts = info->ivopts; + ctx->iv_offset = info->iv_offset; + ctx->sector_size = info->sector_size; + ctx->sector_shift = __ffs(ctx->sector_size) - SECTOR_SHIFT; + + ctx->key_size = info->key_size; + ctx->key_parts = info->key_parts; + ctx->key_mac_size = info->key_mac_size; + ctx->on_disk_tag_size = info->on_disk_tag_size; + + if (geniv_integrity_hmac(ctx)) { + ctx->authenc_key = kmalloc(geniv_authenckey_size(ctx), GFP_KERNEL); + if (!ctx->authenc_key) + return -ENOMEM; + } + + if (geniv_integrity_aead(ctx)) + ret = geniv_alloc_tfms_aead((struct crypto_aead *)parent, ctx); + else + ret = geniv_alloc_tfms_skcipher((struct crypto_skcipher *)parent, ctx); + if (ret) + return ret; + + ret = geniv_init_iv(ctx); + + if (geniv_integrity_aead(ctx)) + ctx->integrity_tag_size = ctx->on_disk_tag_size - ctx->integrity_iv_size; + + return ret; +} + +/* + * If AEAD is composed like authenc(hmac(sha256),xts(aes)), + * the key must be for some reason in special format. + * This function converts cc->key to this special format. + */ +static void crypt_copy_authenckey(char *p, const void *key, + unsigned int enckeylen, unsigned int authkeylen) +{ + struct crypto_authenc_key_param *param; + struct rtattr *rta; + + rta = (struct rtattr *)p; + param = RTA_DATA(rta); + param->enckeylen = cpu_to_be32(enckeylen); + rta->rta_len = RTA_LENGTH(sizeof(*param)); + rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; + p += RTA_SPACE(sizeof(*param)); + memcpy(p, key + enckeylen, authkeylen); + p += authkeylen; + memcpy(p, key, enckeylen); +} + +static int geniv_setkey_tfms_aead(struct crypto_aead *parent, struct geniv_ctx *ctx, + struct geniv_key_info *info) +{ + unsigned int key_size; + unsigned int authenc_key_size; + struct crypto_aead *child_aead; + int ret = 0; + + /* Ignore extra keys (which are used for IV etc) */ + key_size = ctx->key_size - ctx->key_extra_size; + authenc_key_size = key_size + RTA_SPACE(sizeof(struct crypto_authenc_key_param)); + + child_aead = ctx->tfms.tfms_aead[0]; + crypto_aead_clear_flags(child_aead, CRYPTO_TFM_REQ_MASK); + crypto_aead_set_flags(child_aead, crypto_aead_get_flags(parent) & CRYPTO_TFM_REQ_MASK); + + if (geniv_integrity_hmac(ctx)) { + if (key_size < ctx->key_mac_size) + return -EINVAL; + + crypt_copy_authenckey(ctx->authenc_key, ctx->key, key_size - ctx->key_mac_size, + ctx->key_mac_size); + } + + if (geniv_integrity_hmac(ctx)) + ret = crypto_aead_setkey(child_aead, ctx->authenc_key, authenc_key_size); + else + ret = crypto_aead_setkey(child_aead, ctx->key, key_size); + if (ret) { + DMERR("Error setting key for tfms[0]\n"); + goto out; + } + + crypto_aead_set_flags(parent, crypto_aead_get_flags(child_aead) & CRYPTO_TFM_RES_MASK); + +out: + if (geniv_integrity_hmac(ctx)) + memzero_explicit(ctx->authenc_key, authenc_key_size); + + return ret; +} + +static int geniv_setkey_tfms_skcipher(struct crypto_skcipher *parent, struct geniv_ctx *ctx, + struct geniv_key_info *info) +{ + unsigned int subkey_size; + char *subkey; + struct crypto_skcipher *child; + int ret, i; + + /* Ignore extra keys (which are used for IV etc) */ + subkey_size = (ctx->key_size - ctx->key_extra_size) + >> ilog2(ctx->tfms_count); + + for (i = 0; i < ctx->tfms_count; i++) { + child = ctx->tfms.tfms[i]; + crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); + crypto_skcipher_set_flags(child, + crypto_skcipher_get_flags(parent) & CRYPTO_TFM_REQ_MASK); + + subkey = ctx->key + (subkey_size) * i; + + ret = crypto_skcipher_setkey(child, subkey, subkey_size); + if (ret) { + DMERR("Error setting key for tfms[%d]\n", i); + return ret; + } + + crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) & + CRYPTO_TFM_RES_MASK); + } + + return 0; +} + +static int geniv_setkey_set(struct geniv_ctx *ctx) +{ + if (ctx->iv_gen_ops && ctx->iv_gen_ops->init) + return ctx->iv_gen_ops->init(ctx); + else + return 0; +} + +static int geniv_setkey_wipe(struct geniv_ctx *ctx) +{ + int ret; + + if (ctx->iv_gen_ops && ctx->iv_gen_ops->wipe) { + ret = ctx->iv_gen_ops->wipe(ctx); + if (ret) + return ret; + } + + if (geniv_integrity_hmac(ctx)) + kzfree(ctx->authenc_key); + + return 0; +} + +static int geniv_setkey(void *parent, const u8 *key, unsigned int keylen) +{ + int err = 0; + struct geniv_ctx *ctx; + struct geniv_key_info *info = (struct geniv_key_info *) key; + + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) + ctx = crypto_aead_ctx((struct crypto_aead *)parent); + else + ctx = crypto_skcipher_ctx((struct crypto_skcipher *)parent); + + DMDEBUG("SETKEY Operation : %d\n", info->keyop); + + switch (info->keyop) { + case SETKEY_OP_INIT: + err = geniv_setkey_init(parent, info); + break; + case SETKEY_OP_SET: + err = geniv_setkey_set(ctx); + break; + case SETKEY_OP_WIPE: + err = geniv_setkey_wipe(ctx); + break; + } + + if (err) + return err; + + if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) + return geniv_setkey_tfms_aead((struct crypto_aead *)parent, ctx, info); + else + return geniv_setkey_tfms_skcipher((struct crypto_skcipher *)parent, ctx, info); +} + +static int geniv_aead_setkey(struct crypto_aead *parent, + const u8 *key, unsigned int keylen) +{ + return geniv_setkey(parent, key, keylen); +} + +static int geniv_skcipher_setkey(struct crypto_skcipher *parent, + const u8 *key, unsigned int keylen) +{ + return geniv_setkey(parent, key, keylen); +} + +static void geniv_async_done(struct crypto_async_request *async_req, int error); + +static int geniv_alloc_subreq_aead(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + u32 req_flags) +{ + struct aead_request *req; + + if (!rctx->subreq) { + rctx->subreq = mempool_alloc(ctx->subreq_pool, GFP_NOIO); + if (!rctx->subreq) + return -ENOMEM; + } + + req = &rctx->subreq->r.req_aead; + rctx->subreq->rctx = rctx; + + aead_request_set_tfm(req, ctx->tfms.tfms_aead[0]); + aead_request_set_callback(req, req_flags, + geniv_async_done, rctx->subreq); + + return 0; +} + +/* req_flags: flags from parent request */ +static int geniv_alloc_subreq_skcipher(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + u32 req_flags) +{ + int key_index; + struct skcipher_request *req; + + if (!rctx->subreq) { + rctx->subreq = mempool_alloc(ctx->subreq_pool, GFP_NOIO); + if (!rctx->subreq) + return -ENOMEM; + } + + req = &rctx->subreq->r.req; + rctx->subreq->rctx = rctx; + + key_index = rctx->cc_sector & (ctx->tfms_count - 1); + + skcipher_request_set_tfm(req, ctx->tfms.tfms[key_index]); + skcipher_request_set_callback(req, req_flags, + geniv_async_done, rctx->subreq); + + return 0; +} + +/* + * Asynchronous IO completion callback for each sector in a segment. When all + * pending i/o are completed the parent cipher's async function is called. + */ +static void geniv_async_done(struct crypto_async_request *async_req, int error) +{ + struct geniv_subreq *subreq = async_req->data; + struct geniv_req_ctx *rctx = subreq->rctx; + struct skcipher_request *req = NULL; + struct aead_request *req_aead = NULL; + struct geniv_ctx *ctx; + u8 *iv; + + if (!rctx->is_aead_request) { + req = rctx->r.req; + ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); + } else { + req_aead = rctx->r.req_aead; + ctx = crypto_aead_ctx(crypto_aead_reqtfm(req_aead)); + } + + /* + * A request from crypto driver backlog is going to be processed now, + * finish the completion and continue in crypt_convert(). + * (Callback will be called for the second time for this request.) + */ + if (error == -EINPROGRESS) { + complete(&rctx->restart); + return; + } + + iv = iv_of_subreq(ctx, subreq); + if (!error && ctx->iv_gen_ops && ctx->iv_gen_ops->post) + error = ctx->iv_gen_ops->post(ctx, rctx, subreq, iv); + + mempool_free(subreq, ctx->subreq_pool); + + /* + * req_pending needs to be checked before req->base.complete is called + * as we need 'req_pending' to be equal to 1 to ensure all subrequests + * are processed. + */ + if (atomic_dec_and_test(&rctx->req_pending)) { + /* Call the parent cipher's completion function */ + if (!rctx->is_aead_request) + skcipher_request_complete(req, error); + else + aead_request_complete(req_aead, error); + + } +} + +static unsigned int geniv_get_sectors(struct scatterlist *sg1, + struct scatterlist *sg2, + unsigned int segments) +{ + unsigned int i, n1, n2; + + n1 = n2 = 0; + for (i = 0; i < segments ; i++) { + n1 += sg1[i].length >> SECTOR_SHIFT; + n1 += (sg1[i].length & SECTOR_MASK) ? 1 : 0; + } + + for (i = 0; i < segments ; i++) { + n2 += sg2[i].length >> SECTOR_SHIFT; + n2 += (sg2[i].length & SECTOR_MASK) ? 1 : 0; + } + + return max(n1, n2); +} + +/* + * Iterate scatterlist of segments to retrieve the 512-byte sectors so that + * unique IVs could be generated for each 512-byte sector. This split may not + * be necessary e.g. when these ciphers are modelled in hardware, where it can + * make use of the hardware's IV generation capabilities. + */ +static int geniv_iter_block(void *req_in, + struct geniv_ctx *ctx, struct geniv_req_ctx *rctx) + +{ + unsigned int rem; + struct scatterlist *src_org, *dst_org; + struct scatterlist *src1, *dst1; + struct scatterlist_iter *iter = &rctx->iter; + + if (unlikely(iter->seg_no >= rctx->nents)) + return 0; + + if (geniv_integrity_aead(ctx)) { + struct aead_request *req_aead = (struct aead_request *)req_in; + src_org = &req_aead->src[0]; + dst_org = &req_aead->dst[0]; + } else { + struct skcipher_request *req = (struct skcipher_request *)req_in; + src_org = &req->src[0]; + dst_org = &req->dst[0]; + } + + src1 = &src_org[iter->seg_no]; + dst1 = &dst_org[iter->seg_no]; + iter->done += iter->len; + + if (iter->done >= src1->length) { + iter->seg_no++; + + if (iter->seg_no >= rctx->nents) + return 0; + + src1 = &src_org[iter->seg_no]; + dst1 = &dst_org[iter->seg_no]; + iter->done = 0; + } + + rem = src1->length - iter->done; + + iter->len = rem > ctx->sector_size ? ctx->sector_size : rem; + + DMDEBUG("segment:(%d/%u), done:%d, rem:%d\n", + iter->seg_no, rctx->nents, iter->done, rem); + + return iter->len; +} + +static u8 *org_iv_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + return iv_of_subreq(ctx, subreq) + ctx->iv_size; +} + +static uint64_t *org_sector_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + u8 *ptr = iv_of_subreq(ctx, subreq) + ctx->iv_size + ctx->iv_size; + + return (uint64_t *) ptr; +} + +static unsigned int *org_tag_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + u8 *ptr = iv_of_subreq(ctx, subreq) + ctx->iv_size + + ctx->iv_size + sizeof(uint64_t); + + return (unsigned int *)ptr; +} + +static void *tag_from_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + return &subreq->rctx->integrity_metadata[*org_tag_of_subreq(ctx, subreq) * + ctx->on_disk_tag_size]; +} + +static void *iv_tag_from_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) +{ + return tag_from_subreq(ctx, subreq) + ctx->integrity_tag_size; +} + +static int geniv_convert_block_aead(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + struct geniv_subreq *subreq, + unsigned int tag_offset) +{ + struct scatterlist *sg_in, *sg_out; + u8 *iv, *org_iv, *tag_iv, *tag; + uint64_t *sector; + int r = 0; + struct scatterlist_iter *iter = &rctx->iter; + struct aead_request *req_aead; + struct aead_request *parent_req = rctx->r.req_aead; + + BUG_ON(ctx->integrity_iv_size && ctx->integrity_iv_size != ctx->iv_size); + + /* Reject unexpected unaligned bio. */ + if (unlikely(iter->len & (ctx->sector_size - 1))) + return -EIO; + + subreq->iv_sector = rctx->cc_sector; + if (test_bit(CRYPT_IV_LARGE_SECTORS, &ctx->cipher_flags)) + subreq->iv_sector >>= ctx->sector_shift; + + *org_tag_of_subreq(ctx, subreq) = tag_offset; + + sector = org_sector_of_subreq(ctx, subreq); + *sector = cpu_to_le64(rctx->cc_sector - ctx->iv_offset); + + iv = iv_of_subreq(ctx, subreq); + org_iv = org_iv_of_subreq(ctx, subreq); + tag = tag_from_subreq(ctx, subreq); + tag_iv = iv_tag_from_subreq(ctx, subreq); + + sg_in = subreq->sg_in; + sg_out = subreq->sg_out; + + /* + * AEAD request: + * |----- AAD -------|------ DATA -------|-- AUTH TAG --| + * | (authenticated) | (auth+encryption) | | + * | sector_LE | IV | sector in/out | tag in/out | + */ + sg_init_table(sg_in, 4); + sg_set_buf(&sg_in[0], sector, sizeof(uint64_t)); + sg_set_buf(&sg_in[1], org_iv, ctx->iv_size); + sg_set_page(&sg_in[2], sg_page(&parent_req->src[iter->seg_no]), + iter->len, parent_req->src[iter->seg_no].offset + iter->done); + sg_set_buf(&sg_in[3], tag, ctx->integrity_tag_size); + + sg_init_table(sg_out, 4); + sg_set_buf(&sg_out[0], sector, sizeof(uint64_t)); + sg_set_buf(&sg_out[1], org_iv, ctx->iv_size); + sg_set_page(&sg_out[2], sg_page(&parent_req->dst[iter->seg_no]), + iter->len, parent_req->dst[iter->seg_no].offset + iter->done); + sg_set_buf(&sg_out[3], tag, ctx->integrity_tag_size); + + if (ctx->iv_gen_ops) { + /* For READs use IV stored in integrity metadata */ + if (ctx->integrity_iv_size && !rctx->is_write) { + memcpy(org_iv, tag_iv, ctx->iv_size); + } else { + r = ctx->iv_gen_ops->generator(ctx, rctx, subreq, org_iv); + if (r < 0) + return r; + /* Store generated IV in integrity metadata */ + if (ctx->integrity_iv_size) + memcpy(tag_iv, org_iv, ctx->iv_size); + } + /* Working copy of IV, to be modified in crypto API */ + memcpy(iv, org_iv, ctx->iv_size); + } + + req_aead = &subreq->r.req_aead; + aead_request_set_ad(req_aead, sizeof(uint64_t) + ctx->iv_size); + if (rctx->is_write) { + aead_request_set_crypt(req_aead, subreq->sg_in, subreq->sg_out, + ctx->sector_size, iv); + r = crypto_aead_encrypt(req_aead); + if (ctx->integrity_tag_size + ctx->integrity_iv_size != ctx->on_disk_tag_size) + memset(tag + ctx->integrity_tag_size + ctx->integrity_iv_size, 0, + ctx->on_disk_tag_size - (ctx->integrity_tag_size + ctx->integrity_iv_size)); + } else { + aead_request_set_crypt(req_aead, subreq->sg_in, subreq->sg_out, + ctx->sector_size + ctx->integrity_tag_size, iv); + r = crypto_aead_decrypt(req_aead); + } + + if (r == -EBADMSG) + DMERR_LIMIT("INTEGRITY AEAD ERROR, sector %llu", + (unsigned long long)le64_to_cpu(*sector)); + + if (!r && ctx->iv_gen_ops && ctx->iv_gen_ops->post) + r = ctx->iv_gen_ops->post(ctx, rctx, subreq, org_iv); + + return r; +} + +static int geniv_convert_block_skcipher(struct geniv_ctx *ctx, + struct geniv_req_ctx *rctx, + struct geniv_subreq *subreq, + unsigned int tag_offset) +{ + struct scatterlist *sg_in, *sg_out; + u8 *iv, *org_iv, *tag_iv; + uint64_t *sector; + int r = 0; + struct scatterlist_iter *iter = &rctx->iter; + struct skcipher_request *req; + struct skcipher_request *parent_req = rctx->r.req; + + /* Reject unexpected unaligned bio. */ + if (unlikely(iter->len & (ctx->sector_size - 1))) + return -EIO; + + subreq->iv_sector = rctx->cc_sector; + if (test_bit(CRYPT_IV_LARGE_SECTORS, &ctx->cipher_flags)) + subreq->iv_sector >>= ctx->sector_shift; + + *org_tag_of_subreq(ctx, subreq) = tag_offset; + + iv = iv_of_subreq(ctx, subreq); + org_iv = org_iv_of_subreq(ctx, subreq); + tag_iv = iv_tag_from_subreq(ctx, subreq); + + sector = org_sector_of_subreq(ctx, subreq); + *sector = cpu_to_le64(rctx->cc_sector - ctx->iv_offset); + + /* For skcipher we use only the first sg item */ + sg_in = subreq->sg_in; + sg_out = subreq->sg_out; + + sg_init_table(sg_in, 1); + sg_set_page(sg_in, sg_page(&parent_req->src[iter->seg_no]), + iter->len, parent_req->src[iter->seg_no].offset + iter->done); + + sg_init_table(sg_out, 1); + sg_set_page(sg_out, sg_page(&parent_req->dst[iter->seg_no]), + iter->len, parent_req->dst[iter->seg_no].offset + iter->done); + + if (ctx->iv_gen_ops) { + /* For READs use IV stored in integrity metadata */ + if (ctx->integrity_iv_size && !rctx->is_write) { + memcpy(org_iv, tag_iv, ctx->integrity_iv_size); + } else { + r = ctx->iv_gen_ops->generator(ctx, rctx, subreq, org_iv); + if (r < 0) + return r; + /* Store generated IV in integrity metadata */ + if (ctx->integrity_iv_size) + memcpy(tag_iv, org_iv, ctx->integrity_iv_size); + } + /* Working copy of IV, to be modified in crypto API */ + memcpy(iv, org_iv, ctx->iv_size); + } + + req = &subreq->r.req; + skcipher_request_set_crypt(req, sg_in, sg_out, ctx->sector_size, iv); + + if (rctx->is_write) + r = crypto_skcipher_encrypt(req); + else + r = crypto_skcipher_decrypt(req); + + if (!r && ctx->iv_gen_ops && ctx->iv_gen_ops->post) + r = ctx->iv_gen_ops->post(ctx, rctx, subreq, org_iv); + + return r; +} + +/* + * Common encryt/decrypt function for geniv template cipher. Before the crypto + * operation, it splits the memory segments (in the scatterlist) into 512 byte + * sectors. The initialization vector(IV) used is based on a unique sector + * number which is generated here. + */ +static int geniv_crypt(struct geniv_ctx *ctx, void *parent_req, bool is_encrypt) +{ + struct skcipher_request *req = NULL; + struct aead_request *req_aead = NULL; + struct geniv_req_ctx *rctx; + struct geniv_req_info *rinfo; + int i, bytes, cryptlen, ret = 0; + unsigned int sectors; + unsigned int tag_offset = 0; + unsigned int sector_step = ctx->sector_size >> SECTOR_SHIFT; + char *str __maybe_unused = is_encrypt ? "encrypt" : "decrypt"; + + if (geniv_integrity_aead(ctx)) { + req_aead = (struct aead_request *)parent_req; + rctx = geniv_aead_req_ctx(req_aead); + rctx->r.req_aead = req_aead; + rinfo = (struct geniv_req_info *)req_aead->iv; + } else { + req = (struct skcipher_request *)parent_req; + rctx = geniv_skcipher_req_ctx(req); + rctx->r.req = req; + rinfo = (struct geniv_req_info *)req->iv; + } + + /* Instance of 'struct geniv_req_info' is stored in IV ptr */ + rctx->is_write = is_encrypt; + rctx->is_aead_request = geniv_integrity_aead(ctx); + rctx->cc_sector = rinfo->cc_sector; + rctx->nents = rinfo->nents; + rctx->integrity_metadata = rinfo->integrity_metadata; + rctx->subreq = NULL; + cryptlen = req->cryptlen; + + rctx->iter.seg_no = 0; + rctx->iter.done = 0; + rctx->iter.len = 0; + + DMDEBUG("geniv:%s: starting sector=%d, #segments=%u\n", str, + (unsigned int)rctx->cc_sector, rctx->nents); + + if (geniv_integrity_aead(ctx)) + sectors = geniv_get_sectors(req_aead->src, req_aead->dst, rctx->nents); + else + sectors = geniv_get_sectors(req->src, req->dst, rctx->nents); + + init_completion(&rctx->restart); + atomic_set(&rctx->req_pending, 1); + + for (i = 0; i < sectors; i++) { + struct geniv_subreq *subreq; + + if (geniv_integrity_aead(ctx)) + ret = geniv_alloc_subreq_aead(ctx, rctx, req_aead->base.flags); + else + ret = geniv_alloc_subreq_skcipher(ctx, rctx, req->base.flags); + if (ret) + return -ENOMEM; + + subreq = rctx->subreq; + + if (geniv_integrity_aead(ctx)) + bytes = geniv_iter_block(req_aead, ctx, rctx); + else + bytes = geniv_iter_block(req, ctx, rctx); + + if (bytes == 0) + break; + + cryptlen -= bytes; + atomic_inc(&rctx->req_pending); + + if (geniv_integrity_aead(ctx)) + ret = geniv_convert_block_aead(ctx, rctx, subreq, tag_offset); + else + ret = geniv_convert_block_skcipher(ctx, rctx, subreq, tag_offset); + + switch (ret) { + /* + * The request was queued by a crypto driver + * but the driver request queue is full, let's wait. + */ + case -EBUSY: + wait_for_completion(&rctx->restart); + reinit_completion(&rctx->restart); + /* fall through */ + /* + * The request is queued and processed asynchronously, + * completion function geniv_async_done() is called. + */ + case -EINPROGRESS: + /* Marking this NULL lets the creation of a new sub- + * request when 'geniv_alloc_subreq' is called. + */ + rctx->subreq = NULL; + rctx->cc_sector += sector_step; + tag_offset++; + cond_resched(); + break; + /* + * The request was already processed (synchronously). + */ + case 0: + atomic_dec(&rctx->req_pending); + rctx->cc_sector += sector_step; + tag_offset++; + cond_resched(); + continue; + + /* There was an error while processing the request. */ + default: + atomic_dec(&rctx->req_pending); + mempool_free(rctx->subreq, ctx->subreq_pool); + atomic_dec(&rctx->req_pending); + return ret; + } + } + + if (rctx->subreq) + mempool_free(rctx->subreq, ctx->subreq_pool); + + if (atomic_dec_and_test(&rctx->req_pending)) + return 0; + else + return -EINPROGRESS; +} + +static int geniv_skcipher_encrypt(struct skcipher_request *req) +{ + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); + + return geniv_crypt(ctx, req, true); +} + +static int geniv_skcipher_decrypt(struct skcipher_request *req) +{ + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); + + return geniv_crypt(ctx, req, false); +} + +static int geniv_aead_encrypt(struct aead_request *req) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct geniv_ctx *ctx = crypto_aead_ctx(tfm); + + return geniv_crypt(ctx, req, true); +} + +static int geniv_aead_decrypt(struct aead_request *req) +{ + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct geniv_ctx *ctx = crypto_aead_ctx(tfm); + + return geniv_crypt(ctx, req, false); +} + +/* + * Workaround to parse cipher algorithm from crypto API spec. + * The ctx->cipher is currently used only in ESSIV. + * This should be probably done by crypto-api calls (once available...) + */ +static int geniv_blkdev_cipher(struct geniv_ctx *ctx, bool is_crypto_aead) +{ + const char *alg_name = NULL; + char *start, *end; + + alg_name = ctx->ciphermode; + if (!alg_name) + return -EINVAL; + + if (is_crypto_aead) { + alg_name = strchr(alg_name, ','); + if (!alg_name) + alg_name = ctx->ciphermode; + alg_name++; + } + + start = strchr(alg_name, '('); + end = strchr(alg_name, ')'); + + if (!start && !end) { + ctx->cipher = kstrdup(alg_name, GFP_KERNEL); + return ctx->cipher ? 0 : -ENOMEM; + } + + if (!start || !end || ++start >= end) + return -EINVAL; + + ctx->cipher = kzalloc(end - start + 1, GFP_KERNEL); + if (!ctx->cipher) + return -ENOMEM; + + strncpy(ctx->cipher, start, end - start); + + return 0; +} + +static int geniv_init_tfm(void *tfm_tmp, bool is_crypto_aead) +{ + struct geniv_ctx *ctx; + struct crypto_skcipher *tfm; + struct crypto_aead *tfm_aead; + unsigned int reqsize; + size_t iv_size_padding; + char *algname; + int psize, ret; + + if (is_crypto_aead) { + tfm_aead = (struct crypto_aead *)tfm_tmp; + ctx = crypto_aead_ctx(tfm_aead); + algname = (char *) crypto_tfm_alg_name(crypto_aead_tfm(tfm_aead)); + } else { + tfm = (struct crypto_skcipher *)tfm_tmp; + ctx = crypto_skcipher_ctx(tfm); + algname = (char *) crypto_tfm_alg_name(crypto_skcipher_tfm(tfm)); + } + + ctx->ciphermode = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL); + if (!ctx->ciphermode) + return -ENOMEM; + + ctx->algname = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL); + if (!ctx->algname) { + ret = -ENOMEM; + goto free_ciphermode; + } + + strlcpy(ctx->algname, algname, CRYPTO_MAX_ALG_NAME); + algname = ctx->algname; + + /* Parse the algorithm name 'ivmode(ciphermode)' */ + ctx->ivmode = strsep(&algname, "("); + strlcpy(ctx->ciphermode, algname, CRYPTO_MAX_ALG_NAME); + ctx->ciphermode[strlen(algname) - 1] = '\0'; + + DMDEBUG("ciphermode=%s, ivmode=%s\n", ctx->ciphermode, ctx->ivmode); + + /* + * Usually the underlying cipher instances are spawned here, but since + * the value of tfms_count (which is equal to the key_count) is not + * known yet, create only one instance and delay the creation of the + * rest of the instances of the underlying cipher 'cbc(aes)' until + * the setkey operation is invoked. + * The first instance created i.e. ctx->child will later be assigned as + * the 1st element in the array ctx->tfms. Creation of atleast one + * instance of the cipher is necessary to be created here to uncover + * any errors earlier than during the setkey operation later where the + * remaining instances are created. + */ + if (is_crypto_aead) + ctx->tfm_child.tfm_aead = crypto_alloc_aead(ctx->ciphermode, 0, 0); + else + ctx->tfm_child.tfm = crypto_alloc_skcipher(ctx->ciphermode, 0, 0); + if (IS_ERR(ctx->tfm_child.tfm)) { + ret = PTR_ERR(ctx->tfm_child.tfm); + DMERR("Failed to create cipher %s. err %d\n", + ctx->ciphermode, ret); + goto free_algname; + } + + /* Setup the current cipher's request structure */ + if (is_crypto_aead) { + reqsize = sizeof(struct geniv_req_ctx) + __alignof__(struct geniv_req_ctx); + crypto_aead_set_reqsize(tfm_aead, reqsize); + + ctx->iv_start = sizeof(struct geniv_subreq); + ctx->iv_start += crypto_aead_reqsize(ctx->tfm_child.tfm_aead); + + ctx->iv_size = crypto_aead_ivsize(tfm_aead); + } else { + reqsize = sizeof(struct geniv_req_ctx) + __alignof__(struct geniv_req_ctx); + crypto_skcipher_set_reqsize(tfm, reqsize); + + ctx->iv_start = sizeof(struct geniv_subreq); + ctx->iv_start += crypto_skcipher_reqsize(ctx->tfm_child.tfm); + + ctx->iv_size = crypto_skcipher_ivsize(tfm); + } + /* at least a 64 bit sector number should fit in our buffer */ + if (ctx->iv_size) + ctx->iv_size = max(ctx->iv_size, + (unsigned int)(sizeof(u64) / sizeof(u8))); + + if (is_crypto_aead) { + if (crypto_aead_alignmask(tfm_aead) < CRYPTO_MINALIGN) { + /* Allocate the padding exactly */ + iv_size_padding = -ctx->iv_start + & crypto_aead_alignmask(ctx->tfm_child.tfm_aead); + } else { + /* + * If the cipher requires greater alignment than kmalloc + * alignment, we don't know the exact position of the + * initialization vector. We must assume worst case. + */ + iv_size_padding = crypto_aead_alignmask(ctx->tfm_child.tfm_aead); + } + } else { + if (crypto_skcipher_alignmask(tfm) < CRYPTO_MINALIGN) { + iv_size_padding = -ctx->iv_start + & crypto_skcipher_alignmask(ctx->tfm_child.tfm); + } else { + iv_size_padding = crypto_skcipher_alignmask(ctx->tfm_child.tfm); + } + } + + /* + * create memory pool for sub-request structure + * ...| IV + padding | original IV | original sec. number | bio tag offset | + */ + psize = ctx->iv_start + iv_size_padding + ctx->iv_size + ctx->iv_size + + sizeof(uint64_t) + sizeof(unsigned int); + + ctx->subreq_pool = mempool_create_kmalloc_pool(MIN_IOS, psize); + if (!ctx->subreq_pool) { + ret = -ENOMEM; + DMERR("Could not allocate crypt sub-request mempool\n"); + goto free_tfm; + } + + ret = geniv_blkdev_cipher(ctx, is_crypto_aead); + if (ret < 0) { + ret = -ENOMEM; + DMERR("Cannot allocate cipher string\n"); + goto free_tfm; + } + + return 0; + +free_tfm: + if (is_crypto_aead) + crypto_free_aead(ctx->tfm_child.tfm_aead); + else + crypto_free_skcipher(ctx->tfm_child.tfm); +free_algname: + kfree(ctx->algname); +free_ciphermode: + kfree(ctx->ciphermode); + return ret; +} + +static int geniv_skcipher_init_tfm(struct crypto_skcipher *tfm) { - struct scatterlist *sg; - u8 *src; - int r = 0; - - if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) { - sg = crypt_get_sg_data(cc, dmreq->sg_in); - src = kmap_atomic(sg_page(sg)); - r = crypt_iv_lmk_one(cc, iv, dmreq, src + sg->offset); - kunmap_atomic(src); - } else - memset(iv, 0, cc->iv_size); + return geniv_init_tfm(tfm, 0); +} - return r; +static int geniv_aead_init_tfm(struct crypto_aead *tfm) +{ + return geniv_init_tfm(tfm, 1); } -static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) +static void geniv_exit_tfm(struct geniv_ctx *ctx) { - struct scatterlist *sg; - u8 *dst; - int r; + if (ctx->iv_gen_ops && ctx->iv_gen_ops->dtr) + ctx->iv_gen_ops->dtr(ctx); + + mempool_destroy(ctx->subreq_pool); + geniv_free_tfms(ctx); + kzfree(ctx->ciphermode); + kzfree(ctx->algname); + kzfree(ctx->cipher); +} - if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) - return 0; +static void geniv_skcipher_exit_tfm(struct crypto_skcipher *tfm) +{ + struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); - sg = crypt_get_sg_data(cc, dmreq->sg_out); - dst = kmap_atomic(sg_page(sg)); - r = crypt_iv_lmk_one(cc, iv, dmreq, dst + sg->offset); + geniv_exit_tfm(ctx); +} - /* Tweak the first block of plaintext sector */ - if (!r) - crypto_xor(dst + sg->offset, iv, cc->iv_size); +static void geniv_aead_exit_tfm(struct crypto_aead *tfm) +{ + struct geniv_ctx *ctx = crypto_aead_ctx(tfm); - kunmap_atomic(dst); - return r; + geniv_exit_tfm(ctx); } -static void crypt_iv_tcw_dtr(struct crypt_config *cc) +static void geniv_skcipher_free(struct skcipher_instance *inst) { - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + struct crypto_skcipher_spawn *spawn = skcipher_instance_ctx(inst); - kzfree(tcw->iv_seed); - tcw->iv_seed = NULL; - kzfree(tcw->whitening); - tcw->whitening = NULL; + crypto_drop_skcipher(spawn); + kfree(inst); +} - if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm)) - crypto_free_shash(tcw->crc32_tfm); - tcw->crc32_tfm = NULL; +static void geniv_aead_free(struct aead_instance *inst) +{ + struct crypto_aead_spawn *spawn = aead_instance_ctx(inst); + + crypto_drop_aead(spawn); + kfree(inst); } -static int crypt_iv_tcw_ctr(struct crypt_config *cc, struct dm_target *ti, - const char *opts) +static int geniv_skcipher_create(struct crypto_template *tmpl, + struct rtattr **tb, char *algname) { - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + struct crypto_attr_type *algt; + struct skcipher_instance *inst; + struct skcipher_alg *alg; + struct crypto_skcipher_spawn *spawn; + const char *cipher_name; + int err; - if (cc->sector_size != (1 << SECTOR_SHIFT)) { - ti->error = "Unsupported sector size for TCW"; - return -EINVAL; - } + algt = crypto_get_attr_type(tb); - if (cc->key_size <= (cc->iv_size + TCW_WHITENING_SIZE)) { - ti->error = "Wrong key size for TCW"; - return -EINVAL; - } + cipher_name = crypto_attr_alg_name(tb[1]); - tcw->crc32_tfm = crypto_alloc_shash("crc32", 0, 0); - if (IS_ERR(tcw->crc32_tfm)) { - ti->error = "Error initializing CRC32 in TCW"; - return PTR_ERR(tcw->crc32_tfm); - } + if (IS_ERR(cipher_name)) + return PTR_ERR(cipher_name); - tcw->iv_seed = kzalloc(cc->iv_size, GFP_KERNEL); - tcw->whitening = kzalloc(TCW_WHITENING_SIZE, GFP_KERNEL); - if (!tcw->iv_seed || !tcw->whitening) { - crypt_iv_tcw_dtr(cc); - ti->error = "Error allocating seed storage in TCW"; + inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); + if (!inst) return -ENOMEM; - } - return 0; -} + spawn = skcipher_instance_ctx(inst); -static int crypt_iv_tcw_init(struct crypt_config *cc) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE; + crypto_set_skcipher_spawn(spawn, skcipher_crypto_instance(inst)); + err = crypto_grab_skcipher(spawn, cipher_name, 0, + crypto_requires_sync(algt->type, + algt->mask)); - memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size); - memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size], - TCW_WHITENING_SIZE); + if (err) + goto err_free_inst; - return 0; -} + alg = crypto_spawn_skcipher_alg(spawn); -static int crypt_iv_tcw_wipe(struct crypt_config *cc) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + err = -EINVAL; - memset(tcw->iv_seed, 0, cc->iv_size); - memset(tcw->whitening, 0, TCW_WHITENING_SIZE); + /* Only support blocks of size which is of a power of 2 */ + if (!is_power_of_2(alg->base.cra_blocksize)) + goto err_drop_spawn; - return 0; -} + /* algname: essiv, base.cra_name: cbc(aes) */ + err = -ENAMETOOLONG; + if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", + algname, alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) + goto err_drop_spawn; + if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, + "%s(%s)", algname, alg->base.cra_driver_name) >= + CRYPTO_MAX_ALG_NAME) + goto err_drop_spawn; -static int crypt_iv_tcw_whitening(struct crypt_config *cc, - struct dm_crypt_request *dmreq, - u8 *data) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - __le64 sector = cpu_to_le64(dmreq->iv_sector); - u8 buf[TCW_WHITENING_SIZE]; - SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm); - int i, r; + inst->alg.base.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; + inst->alg.base.cra_priority = alg->base.cra_priority; + inst->alg.base.cra_blocksize = alg->base.cra_blocksize; + inst->alg.base.cra_alignmask = alg->base.cra_alignmask; + inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; + inst->alg.ivsize = alg->base.cra_blocksize; + inst->alg.chunksize = crypto_skcipher_alg_chunksize(alg); + inst->alg.min_keysize = sizeof(struct geniv_key_info); + inst->alg.max_keysize = sizeof(struct geniv_key_info); - /* xor whitening with sector number */ - crypto_xor_cpy(buf, tcw->whitening, (u8 *)§or, 8); - crypto_xor_cpy(&buf[8], tcw->whitening + 8, (u8 *)§or, 8); + inst->alg.setkey = geniv_skcipher_setkey; + inst->alg.encrypt = geniv_skcipher_encrypt; + inst->alg.decrypt = geniv_skcipher_decrypt; - /* calculate crc32 for every 32bit part and xor it */ - desc->tfm = tcw->crc32_tfm; - desc->flags = 0; - for (i = 0; i < 4; i++) { - r = crypto_shash_init(desc); - if (r) - goto out; - r = crypto_shash_update(desc, &buf[i * 4], 4); - if (r) - goto out; - r = crypto_shash_final(desc, &buf[i * 4]); - if (r) - goto out; - } - crypto_xor(&buf[0], &buf[12], 4); - crypto_xor(&buf[4], &buf[8], 4); + inst->alg.base.cra_ctxsize = sizeof(struct geniv_ctx); + + inst->alg.init = geniv_skcipher_init_tfm; + inst->alg.exit = geniv_skcipher_exit_tfm; + + inst->free = geniv_skcipher_free; + + err = skcipher_register_instance(tmpl, inst); + if (err) + goto err_drop_spawn; - /* apply whitening (8 bytes) to whole sector */ - for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) - crypto_xor(data + i * 8, buf, 8); out: - memzero_explicit(buf, sizeof(buf)); - return r; + return err; + +err_drop_spawn: + crypto_drop_skcipher(spawn); +err_free_inst: + kfree(inst); + goto out; } -static int crypt_iv_tcw_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) + +static int geniv_aead_create(struct crypto_template *tmpl, + struct rtattr **tb, char *algname) { - struct scatterlist *sg; - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - __le64 sector = cpu_to_le64(dmreq->iv_sector); - u8 *src; - int r = 0; + struct crypto_attr_type *algt; + struct aead_instance *inst; + struct aead_alg *alg; + struct crypto_aead_spawn *spawn; + const char *cipher_name; + int err; - /* Remove whitening from ciphertext */ - if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) { - sg = crypt_get_sg_data(cc, dmreq->sg_in); - src = kmap_atomic(sg_page(sg)); - r = crypt_iv_tcw_whitening(cc, dmreq, src + sg->offset); - kunmap_atomic(src); - } + algt = crypto_get_attr_type(tb); - /* Calculate IV */ - crypto_xor_cpy(iv, tcw->iv_seed, (u8 *)§or, 8); - if (cc->iv_size > 8) - crypto_xor_cpy(&iv[8], tcw->iv_seed + 8, (u8 *)§or, - cc->iv_size - 8); + cipher_name = crypto_attr_alg_name(tb[1]); + if (IS_ERR(cipher_name)) + return PTR_ERR(cipher_name); - return r; -} + inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); + if (!inst) + return -ENOMEM; -static int crypt_iv_tcw_post(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - struct scatterlist *sg; - u8 *dst; - int r; + spawn = aead_instance_ctx(inst); - if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) - return 0; + crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); + err = crypto_grab_aead(spawn, cipher_name, 0, + crypto_requires_sync(algt->type, + algt->mask)); + if (err) + goto err_free_inst; - /* Apply whitening on ciphertext */ - sg = crypt_get_sg_data(cc, dmreq->sg_out); - dst = kmap_atomic(sg_page(sg)); - r = crypt_iv_tcw_whitening(cc, dmreq, dst + sg->offset); - kunmap_atomic(dst); + alg = crypto_spawn_aead_alg(spawn); - return r; -} + /* Only support blocks of size which is of a power of 2 */ + if (!is_power_of_2(alg->base.cra_blocksize)) { + err = -EINVAL; + goto err_drop_spawn; + } -static int crypt_iv_random_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - /* Used only for writes, there must be an additional space to store IV */ - get_random_bytes(iv, cc->iv_size); - return 0; -} + /* algname: essiv, base.cra_name: cbc(aes) */ + if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", + algname, alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) { + err = -ENAMETOOLONG; + goto err_drop_spawn; + } -static const struct crypt_iv_operations crypt_iv_plain_ops = { - .generator = crypt_iv_plain_gen -}; + if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, + "%s(%s)", algname, alg->base.cra_driver_name) >= + CRYPTO_MAX_ALG_NAME) { + err = -ENAMETOOLONG; + goto err_drop_spawn; + } -static const struct crypt_iv_operations crypt_iv_plain64_ops = { - .generator = crypt_iv_plain64_gen -}; + inst->alg.base.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; + inst->alg.base.cra_priority = alg->base.cra_priority; + inst->alg.base.cra_blocksize = alg->base.cra_blocksize; + inst->alg.base.cra_alignmask = alg->base.cra_alignmask; + inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; + inst->alg.ivsize = crypto_aead_alg_ivsize(alg); + inst->alg.chunksize = crypto_aead_alg_chunksize(alg); + inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); -static const struct crypt_iv_operations crypt_iv_plain64be_ops = { - .generator = crypt_iv_plain64be_gen -}; + inst->alg.setkey = geniv_aead_setkey; + inst->alg.encrypt = geniv_aead_encrypt; + inst->alg.decrypt = geniv_aead_decrypt; -static const struct crypt_iv_operations crypt_iv_essiv_ops = { - .ctr = crypt_iv_essiv_ctr, - .dtr = crypt_iv_essiv_dtr, - .init = crypt_iv_essiv_init, - .wipe = crypt_iv_essiv_wipe, - .generator = crypt_iv_essiv_gen -}; + inst->alg.base.cra_ctxsize = sizeof(struct geniv_ctx); -static const struct crypt_iv_operations crypt_iv_benbi_ops = { - .ctr = crypt_iv_benbi_ctr, - .dtr = crypt_iv_benbi_dtr, - .generator = crypt_iv_benbi_gen -}; + inst->alg.init = geniv_aead_init_tfm; + inst->alg.exit = geniv_aead_exit_tfm; -static const struct crypt_iv_operations crypt_iv_null_ops = { - .generator = crypt_iv_null_gen -}; + inst->free = geniv_aead_free; -static const struct crypt_iv_operations crypt_iv_lmk_ops = { - .ctr = crypt_iv_lmk_ctr, - .dtr = crypt_iv_lmk_dtr, - .init = crypt_iv_lmk_init, - .wipe = crypt_iv_lmk_wipe, - .generator = crypt_iv_lmk_gen, - .post = crypt_iv_lmk_post -}; + err = aead_register_instance(tmpl, inst); + if (err) + goto err_drop_spawn; -static const struct crypt_iv_operations crypt_iv_tcw_ops = { - .ctr = crypt_iv_tcw_ctr, - .dtr = crypt_iv_tcw_dtr, - .init = crypt_iv_tcw_init, - .wipe = crypt_iv_tcw_wipe, - .generator = crypt_iv_tcw_gen, - .post = crypt_iv_tcw_post -}; + return 0; -static struct crypt_iv_operations crypt_iv_random_ops = { - .generator = crypt_iv_random_gen +err_drop_spawn: + crypto_drop_aead(spawn); +err_free_inst: + kfree(inst); + return err; +} + +static int geniv_create(struct crypto_template *tmpl, + struct rtattr **tb, char *algname) +{ + if (!crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER)) + return geniv_skcipher_create(tmpl, tb, algname); + else if (!crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD)) + return geniv_aead_create(tmpl, tb, algname); + else + return -EINVAL; +} + +static int geniv_template_create(struct crypto_template *tmpl, + struct rtattr **tb) +{ + return geniv_create(tmpl, tb, tmpl->name); +} + +#define DECLARE_CRYPTO_TEMPLATE(type) \ + { .name = type, \ + .create = geniv_template_create, \ + .module = THIS_MODULE, }, + +static struct crypto_template geniv_tmpl[] = { + DECLARE_CRYPTO_TEMPLATE("plain") + DECLARE_CRYPTO_TEMPLATE("plain64") + DECLARE_CRYPTO_TEMPLATE("essiv") + DECLARE_CRYPTO_TEMPLATE("benbi") + DECLARE_CRYPTO_TEMPLATE("null") + DECLARE_CRYPTO_TEMPLATE("lmk") + DECLARE_CRYPTO_TEMPLATE("tcw") + DECLARE_CRYPTO_TEMPLATE("random") }; /* @@ -1924,27 +3434,8 @@ static unsigned crypt_authenckey_size(struct crypt_config *cc) return crypt_subkey_size(cc) + RTA_SPACE(sizeof(struct crypto_authenc_key_param)); } -/* - * If AEAD is composed like authenc(hmac(sha256),xts(aes)), - * the key must be for some reason in special format. - * This funcion converts cc->key to this special format. - */ static void crypt_copy_authenckey(char *p, const void *key, - unsigned enckeylen, unsigned authkeylen) -{ - struct crypto_authenc_key_param *param; - struct rtattr *rta; - - rta = (struct rtattr *)p; - param = RTA_DATA(rta); - param->enckeylen = cpu_to_be32(enckeylen); - rta->rta_len = RTA_LENGTH(sizeof(*param)); - rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; - p += RTA_SPACE(sizeof(*param)); - memcpy(p, key + enckeylen, authkeylen); - p += authkeylen; - memcpy(p, key, enckeylen); -} + unsigned enckeylen, unsigned authkeylen); static int crypt_setkey(struct crypt_config *cc) { diff --git a/include/crypto/geniv.h b/include/crypto/geniv.h new file mode 100644 index 000000000000..6fcf93b87427 --- /dev/null +++ b/include/crypto/geniv.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * geniv.h: common interface for IV generation algorithms + * + * Copyright (C) 2018, Linaro + * + * This file define the data structure the user should pass to the template. + */ + +#ifndef _CRYPTO_GENIV_H +#define _CRYPTO_GENIV_H + +#include + +enum setkey_op { + SETKEY_OP_INIT, + SETKEY_OP_SET, + SETKEY_OP_WIPE, +}; + +struct geniv_key_info { + enum setkey_op keyop; + unsigned int tfms_count; + u8 *key; + char *ivopts; + sector_t iv_offset; + unsigned long cipher_flags; + + unsigned short int sector_size; + unsigned int key_size; + unsigned int key_parts; + unsigned int key_mac_size; + unsigned int on_disk_tag_size; +}; + +struct geniv_req_info { + sector_t cc_sector; + unsigned int nents; + u8 *integrity_metadata; +}; + +#endif -- GitLab