diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-08-14 08:21:31 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2008-08-29 01:50:06 -0400 |
commit | a0f000ec9b61b99111757df138b11144236fc59b (patch) | |
tree | bd698163c48b5cd6d6a3c05c8d34d862ebcd86ed /crypto | |
parent | 17f0f4a47df9aea9ee26c939f8057c35e0be1847 (diff) |
crypto: skcipher - Use RNG interface instead of get_random_bytes
This patch makes the IV generators use the new RNG interface so
that the user can pick an RNG other than the default get_random_bytes.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Kconfig | 2 | ||||
-rw-r--r-- | crypto/chainiv.c | 34 | ||||
-rw-r--r-- | crypto/eseqiv.c | 25 | ||||
-rw-r--r-- | crypto/seqiv.c | 27 |
4 files changed, 75 insertions, 13 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index 2274293e71e..39dbd8e4dde 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig | |||
@@ -41,6 +41,7 @@ config CRYPTO_AEAD | |||
41 | config CRYPTO_BLKCIPHER | 41 | config CRYPTO_BLKCIPHER |
42 | tristate | 42 | tristate |
43 | select CRYPTO_ALGAPI | 43 | select CRYPTO_ALGAPI |
44 | select CRYPTO_RNG | ||
44 | 45 | ||
45 | config CRYPTO_HASH | 46 | config CRYPTO_HASH |
46 | tristate | 47 | tristate |
@@ -125,6 +126,7 @@ config CRYPTO_SEQIV | |||
125 | tristate "Sequence Number IV Generator" | 126 | tristate "Sequence Number IV Generator" |
126 | select CRYPTO_AEAD | 127 | select CRYPTO_AEAD |
127 | select CRYPTO_BLKCIPHER | 128 | select CRYPTO_BLKCIPHER |
129 | select CRYPTO_RNG | ||
128 | help | 130 | help |
129 | This IV generator generates an IV based on a sequence number by | 131 | This IV generator generates an IV based on a sequence number by |
130 | xoring it with a salt. This algorithm is mainly useful for CTR | 132 | xoring it with a salt. This algorithm is mainly useful for CTR |
diff --git a/crypto/chainiv.c b/crypto/chainiv.c index cf68d436534..7c37a497b86 100644 --- a/crypto/chainiv.c +++ b/crypto/chainiv.c | |||
@@ -14,11 +14,11 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include <crypto/internal/skcipher.h> | 16 | #include <crypto/internal/skcipher.h> |
17 | #include <crypto/rng.h> | ||
17 | #include <linux/err.h> | 18 | #include <linux/err.h> |
18 | #include <linux/init.h> | 19 | #include <linux/init.h> |
19 | #include <linux/kernel.h> | 20 | #include <linux/kernel.h> |
20 | #include <linux/module.h> | 21 | #include <linux/module.h> |
21 | #include <linux/random.h> | ||
22 | #include <linux/spinlock.h> | 22 | #include <linux/spinlock.h> |
23 | #include <linux/string.h> | 23 | #include <linux/string.h> |
24 | #include <linux/workqueue.h> | 24 | #include <linux/workqueue.h> |
@@ -83,6 +83,7 @@ static int chainiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
83 | { | 83 | { |
84 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); | 84 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); |
85 | struct chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); | 85 | struct chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); |
86 | int err = 0; | ||
86 | 87 | ||
87 | spin_lock_bh(&ctx->lock); | 88 | spin_lock_bh(&ctx->lock); |
88 | if (crypto_ablkcipher_crt(geniv)->givencrypt != | 89 | if (crypto_ablkcipher_crt(geniv)->givencrypt != |
@@ -90,11 +91,15 @@ static int chainiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
90 | goto unlock; | 91 | goto unlock; |
91 | 92 | ||
92 | crypto_ablkcipher_crt(geniv)->givencrypt = chainiv_givencrypt; | 93 | crypto_ablkcipher_crt(geniv)->givencrypt = chainiv_givencrypt; |
93 | get_random_bytes(ctx->iv, crypto_ablkcipher_ivsize(geniv)); | 94 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->iv, |
95 | crypto_ablkcipher_ivsize(geniv)); | ||
94 | 96 | ||
95 | unlock: | 97 | unlock: |
96 | spin_unlock_bh(&ctx->lock); | 98 | spin_unlock_bh(&ctx->lock); |
97 | 99 | ||
100 | if (err) | ||
101 | return err; | ||
102 | |||
98 | return chainiv_givencrypt(req); | 103 | return chainiv_givencrypt(req); |
99 | } | 104 | } |
100 | 105 | ||
@@ -203,6 +208,7 @@ static int async_chainiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
203 | { | 208 | { |
204 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); | 209 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); |
205 | struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); | 210 | struct async_chainiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); |
211 | int err = 0; | ||
206 | 212 | ||
207 | if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state)) | 213 | if (test_and_set_bit(CHAINIV_STATE_INUSE, &ctx->state)) |
208 | goto out; | 214 | goto out; |
@@ -212,11 +218,15 @@ static int async_chainiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
212 | goto unlock; | 218 | goto unlock; |
213 | 219 | ||
214 | crypto_ablkcipher_crt(geniv)->givencrypt = async_chainiv_givencrypt; | 220 | crypto_ablkcipher_crt(geniv)->givencrypt = async_chainiv_givencrypt; |
215 | get_random_bytes(ctx->iv, crypto_ablkcipher_ivsize(geniv)); | 221 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->iv, |
222 | crypto_ablkcipher_ivsize(geniv)); | ||
216 | 223 | ||
217 | unlock: | 224 | unlock: |
218 | clear_bit(CHAINIV_STATE_INUSE, &ctx->state); | 225 | clear_bit(CHAINIV_STATE_INUSE, &ctx->state); |
219 | 226 | ||
227 | if (err) | ||
228 | return err; | ||
229 | |||
220 | out: | 230 | out: |
221 | return async_chainiv_givencrypt(req); | 231 | return async_chainiv_givencrypt(req); |
222 | } | 232 | } |
@@ -284,9 +294,13 @@ static struct crypto_instance *chainiv_alloc(struct rtattr **tb) | |||
284 | if (IS_ERR(algt)) | 294 | if (IS_ERR(algt)) |
285 | return ERR_PTR(err); | 295 | return ERR_PTR(err); |
286 | 296 | ||
297 | err = crypto_get_default_rng(); | ||
298 | if (err) | ||
299 | return ERR_PTR(err); | ||
300 | |||
287 | inst = skcipher_geniv_alloc(&chainiv_tmpl, tb, 0, 0); | 301 | inst = skcipher_geniv_alloc(&chainiv_tmpl, tb, 0, 0); |
288 | if (IS_ERR(inst)) | 302 | if (IS_ERR(inst)) |
289 | goto out; | 303 | goto put_rng; |
290 | 304 | ||
291 | inst->alg.cra_ablkcipher.givencrypt = chainiv_givencrypt_first; | 305 | inst->alg.cra_ablkcipher.givencrypt = chainiv_givencrypt_first; |
292 | 306 | ||
@@ -311,12 +325,22 @@ static struct crypto_instance *chainiv_alloc(struct rtattr **tb) | |||
311 | 325 | ||
312 | out: | 326 | out: |
313 | return inst; | 327 | return inst; |
328 | |||
329 | put_rng: | ||
330 | crypto_put_default_rng(); | ||
331 | goto out; | ||
332 | } | ||
333 | |||
334 | static void chainiv_free(struct crypto_instance *inst) | ||
335 | { | ||
336 | skcipher_geniv_free(inst); | ||
337 | crypto_put_default_rng(); | ||
314 | } | 338 | } |
315 | 339 | ||
316 | static struct crypto_template chainiv_tmpl = { | 340 | static struct crypto_template chainiv_tmpl = { |
317 | .name = "chainiv", | 341 | .name = "chainiv", |
318 | .alloc = chainiv_alloc, | 342 | .alloc = chainiv_alloc, |
319 | .free = skcipher_geniv_free, | 343 | .free = chainiv_free, |
320 | .module = THIS_MODULE, | 344 | .module = THIS_MODULE, |
321 | }; | 345 | }; |
322 | 346 | ||
diff --git a/crypto/eseqiv.c b/crypto/eseqiv.c index f5def217a8f..2a342c8e52b 100644 --- a/crypto/eseqiv.c +++ b/crypto/eseqiv.c | |||
@@ -16,13 +16,13 @@ | |||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include <crypto/internal/skcipher.h> | 18 | #include <crypto/internal/skcipher.h> |
19 | #include <crypto/rng.h> | ||
19 | #include <crypto/scatterwalk.h> | 20 | #include <crypto/scatterwalk.h> |
20 | #include <linux/err.h> | 21 | #include <linux/err.h> |
21 | #include <linux/init.h> | 22 | #include <linux/init.h> |
22 | #include <linux/kernel.h> | 23 | #include <linux/kernel.h> |
23 | #include <linux/mm.h> | 24 | #include <linux/mm.h> |
24 | #include <linux/module.h> | 25 | #include <linux/module.h> |
25 | #include <linux/random.h> | ||
26 | #include <linux/scatterlist.h> | 26 | #include <linux/scatterlist.h> |
27 | #include <linux/spinlock.h> | 27 | #include <linux/spinlock.h> |
28 | #include <linux/string.h> | 28 | #include <linux/string.h> |
@@ -163,17 +163,22 @@ static int eseqiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
163 | { | 163 | { |
164 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); | 164 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); |
165 | struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); | 165 | struct eseqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); |
166 | int err = 0; | ||
166 | 167 | ||
167 | spin_lock_bh(&ctx->lock); | 168 | spin_lock_bh(&ctx->lock); |
168 | if (crypto_ablkcipher_crt(geniv)->givencrypt != eseqiv_givencrypt_first) | 169 | if (crypto_ablkcipher_crt(geniv)->givencrypt != eseqiv_givencrypt_first) |
169 | goto unlock; | 170 | goto unlock; |
170 | 171 | ||
171 | crypto_ablkcipher_crt(geniv)->givencrypt = eseqiv_givencrypt; | 172 | crypto_ablkcipher_crt(geniv)->givencrypt = eseqiv_givencrypt; |
172 | get_random_bytes(ctx->salt, crypto_ablkcipher_ivsize(geniv)); | 173 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, |
174 | crypto_ablkcipher_ivsize(geniv)); | ||
173 | 175 | ||
174 | unlock: | 176 | unlock: |
175 | spin_unlock_bh(&ctx->lock); | 177 | spin_unlock_bh(&ctx->lock); |
176 | 178 | ||
179 | if (err) | ||
180 | return err; | ||
181 | |||
177 | return eseqiv_givencrypt(req); | 182 | return eseqiv_givencrypt(req); |
178 | } | 183 | } |
179 | 184 | ||
@@ -216,9 +221,13 @@ static struct crypto_instance *eseqiv_alloc(struct rtattr **tb) | |||
216 | struct crypto_instance *inst; | 221 | struct crypto_instance *inst; |
217 | int err; | 222 | int err; |
218 | 223 | ||
224 | err = crypto_get_default_rng(); | ||
225 | if (err) | ||
226 | return ERR_PTR(err); | ||
227 | |||
219 | inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0); | 228 | inst = skcipher_geniv_alloc(&eseqiv_tmpl, tb, 0, 0); |
220 | if (IS_ERR(inst)) | 229 | if (IS_ERR(inst)) |
221 | goto out; | 230 | goto put_rng; |
222 | 231 | ||
223 | err = -EINVAL; | 232 | err = -EINVAL; |
224 | if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize) | 233 | if (inst->alg.cra_ablkcipher.ivsize != inst->alg.cra_blocksize) |
@@ -238,13 +247,21 @@ out: | |||
238 | free_inst: | 247 | free_inst: |
239 | skcipher_geniv_free(inst); | 248 | skcipher_geniv_free(inst); |
240 | inst = ERR_PTR(err); | 249 | inst = ERR_PTR(err); |
250 | put_rng: | ||
251 | crypto_put_default_rng(); | ||
241 | goto out; | 252 | goto out; |
242 | } | 253 | } |
243 | 254 | ||
255 | static void eseqiv_free(struct crypto_instance *inst) | ||
256 | { | ||
257 | skcipher_geniv_free(inst); | ||
258 | crypto_put_default_rng(); | ||
259 | } | ||
260 | |||
244 | static struct crypto_template eseqiv_tmpl = { | 261 | static struct crypto_template eseqiv_tmpl = { |
245 | .name = "eseqiv", | 262 | .name = "eseqiv", |
246 | .alloc = eseqiv_alloc, | 263 | .alloc = eseqiv_alloc, |
247 | .free = skcipher_geniv_free, | 264 | .free = eseqiv_free, |
248 | .module = THIS_MODULE, | 265 | .module = THIS_MODULE, |
249 | }; | 266 | }; |
250 | 267 | ||
diff --git a/crypto/seqiv.c b/crypto/seqiv.c index b903aab3157..5a013a8bf87 100644 --- a/crypto/seqiv.c +++ b/crypto/seqiv.c | |||
@@ -15,11 +15,11 @@ | |||
15 | 15 | ||
16 | #include <crypto/internal/aead.h> | 16 | #include <crypto/internal/aead.h> |
17 | #include <crypto/internal/skcipher.h> | 17 | #include <crypto/internal/skcipher.h> |
18 | #include <crypto/rng.h> | ||
18 | #include <linux/err.h> | 19 | #include <linux/err.h> |
19 | #include <linux/init.h> | 20 | #include <linux/init.h> |
20 | #include <linux/kernel.h> | 21 | #include <linux/kernel.h> |
21 | #include <linux/module.h> | 22 | #include <linux/module.h> |
22 | #include <linux/random.h> | ||
23 | #include <linux/spinlock.h> | 23 | #include <linux/spinlock.h> |
24 | #include <linux/string.h> | 24 | #include <linux/string.h> |
25 | 25 | ||
@@ -189,17 +189,22 @@ static int seqiv_givencrypt_first(struct skcipher_givcrypt_request *req) | |||
189 | { | 189 | { |
190 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); | 190 | struct crypto_ablkcipher *geniv = skcipher_givcrypt_reqtfm(req); |
191 | struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); | 191 | struct seqiv_ctx *ctx = crypto_ablkcipher_ctx(geniv); |
192 | int err = 0; | ||
192 | 193 | ||
193 | spin_lock_bh(&ctx->lock); | 194 | spin_lock_bh(&ctx->lock); |
194 | if (crypto_ablkcipher_crt(geniv)->givencrypt != seqiv_givencrypt_first) | 195 | if (crypto_ablkcipher_crt(geniv)->givencrypt != seqiv_givencrypt_first) |
195 | goto unlock; | 196 | goto unlock; |
196 | 197 | ||
197 | crypto_ablkcipher_crt(geniv)->givencrypt = seqiv_givencrypt; | 198 | crypto_ablkcipher_crt(geniv)->givencrypt = seqiv_givencrypt; |
198 | get_random_bytes(ctx->salt, crypto_ablkcipher_ivsize(geniv)); | 199 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, |
200 | crypto_ablkcipher_ivsize(geniv)); | ||
199 | 201 | ||
200 | unlock: | 202 | unlock: |
201 | spin_unlock_bh(&ctx->lock); | 203 | spin_unlock_bh(&ctx->lock); |
202 | 204 | ||
205 | if (err) | ||
206 | return err; | ||
207 | |||
203 | return seqiv_givencrypt(req); | 208 | return seqiv_givencrypt(req); |
204 | } | 209 | } |
205 | 210 | ||
@@ -207,17 +212,22 @@ static int seqiv_aead_givencrypt_first(struct aead_givcrypt_request *req) | |||
207 | { | 212 | { |
208 | struct crypto_aead *geniv = aead_givcrypt_reqtfm(req); | 213 | struct crypto_aead *geniv = aead_givcrypt_reqtfm(req); |
209 | struct seqiv_ctx *ctx = crypto_aead_ctx(geniv); | 214 | struct seqiv_ctx *ctx = crypto_aead_ctx(geniv); |
215 | int err = 0; | ||
210 | 216 | ||
211 | spin_lock_bh(&ctx->lock); | 217 | spin_lock_bh(&ctx->lock); |
212 | if (crypto_aead_crt(geniv)->givencrypt != seqiv_aead_givencrypt_first) | 218 | if (crypto_aead_crt(geniv)->givencrypt != seqiv_aead_givencrypt_first) |
213 | goto unlock; | 219 | goto unlock; |
214 | 220 | ||
215 | crypto_aead_crt(geniv)->givencrypt = seqiv_aead_givencrypt; | 221 | crypto_aead_crt(geniv)->givencrypt = seqiv_aead_givencrypt; |
216 | get_random_bytes(ctx->salt, crypto_aead_ivsize(geniv)); | 222 | err = crypto_rng_get_bytes(crypto_default_rng, ctx->salt, |
223 | crypto_aead_ivsize(geniv)); | ||
217 | 224 | ||
218 | unlock: | 225 | unlock: |
219 | spin_unlock_bh(&ctx->lock); | 226 | spin_unlock_bh(&ctx->lock); |
220 | 227 | ||
228 | if (err) | ||
229 | return err; | ||
230 | |||
221 | return seqiv_aead_givencrypt(req); | 231 | return seqiv_aead_givencrypt(req); |
222 | } | 232 | } |
223 | 233 | ||
@@ -298,19 +308,27 @@ static struct crypto_instance *seqiv_alloc(struct rtattr **tb) | |||
298 | if (IS_ERR(algt)) | 308 | if (IS_ERR(algt)) |
299 | return ERR_PTR(err); | 309 | return ERR_PTR(err); |
300 | 310 | ||
311 | err = crypto_get_default_rng(); | ||
312 | if (err) | ||
313 | return ERR_PTR(err); | ||
314 | |||
301 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK) | 315 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & CRYPTO_ALG_TYPE_MASK) |
302 | inst = seqiv_ablkcipher_alloc(tb); | 316 | inst = seqiv_ablkcipher_alloc(tb); |
303 | else | 317 | else |
304 | inst = seqiv_aead_alloc(tb); | 318 | inst = seqiv_aead_alloc(tb); |
305 | 319 | ||
306 | if (IS_ERR(inst)) | 320 | if (IS_ERR(inst)) |
307 | goto out; | 321 | goto put_rng; |
308 | 322 | ||
309 | inst->alg.cra_alignmask |= __alignof__(u32) - 1; | 323 | inst->alg.cra_alignmask |= __alignof__(u32) - 1; |
310 | inst->alg.cra_ctxsize += sizeof(struct seqiv_ctx); | 324 | inst->alg.cra_ctxsize += sizeof(struct seqiv_ctx); |
311 | 325 | ||
312 | out: | 326 | out: |
313 | return inst; | 327 | return inst; |
328 | |||
329 | put_rng: | ||
330 | crypto_put_default_rng(); | ||
331 | goto out; | ||
314 | } | 332 | } |
315 | 333 | ||
316 | static void seqiv_free(struct crypto_instance *inst) | 334 | static void seqiv_free(struct crypto_instance *inst) |
@@ -319,6 +337,7 @@ static void seqiv_free(struct crypto_instance *inst) | |||
319 | skcipher_geniv_free(inst); | 337 | skcipher_geniv_free(inst); |
320 | else | 338 | else |
321 | aead_geniv_free(inst); | 339 | aead_geniv_free(inst); |
340 | crypto_put_default_rng(); | ||
322 | } | 341 | } |
323 | 342 | ||
324 | static struct crypto_template seqiv_tmpl = { | 343 | static struct crypto_template seqiv_tmpl = { |