aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazunori MIYAZAWA <miyazawa@linux-ipv6.org>2006-10-27 23:15:24 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-06 21:38:49 -0500
commit333b0d7eeacbd47159daf23757aa81368470c409 (patch)
treee05f1a3bed92833ab4d5f7c5dcc75ab8d8fcf245
parent45789328e5aa2de96d4467e4445418364e5378d7 (diff)
[CRYPTO] xcbc: New algorithm
This is core code of XCBC. XCBC is an algorithm that forms a MAC algorithm out of a cipher algorithm. For example, AES-XCBC-MAC is a MAC algorithm based on the AES cipher algorithm. Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/Kconfig11
-rw-r--r--crypto/Makefile1
-rw-r--r--crypto/xcbc.c346
3 files changed, 358 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index cbae8392ce11..4495e46660bf 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -39,6 +39,17 @@ config CRYPTO_HMAC
39 HMAC: Keyed-Hashing for Message Authentication (RFC2104). 39 HMAC: Keyed-Hashing for Message Authentication (RFC2104).
40 This is required for IPSec. 40 This is required for IPSec.
41 41
42config CRYPTO_XCBC
43 tristate "XCBC support"
44 depends on EXPERIMENTAL
45 select CRYPTO_HASH
46 select CRYPTO_MANAGER
47 help
48 XCBC: Keyed-Hashing with encryption algorithm
49 http://www.ietf.org/rfc/rfc3566.txt
50 http://csrc.nist.gov/encryption/modes/proposedmodes/
51 xcbc-mac/xcbc-mac-spec.pdf
52
42config CRYPTO_NULL 53config CRYPTO_NULL
43 tristate "Null algorithms" 54 tristate "Null algorithms"
44 select CRYPTO_ALGAPI 55 select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index 72366208e291..aba9625fb429 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -15,6 +15,7 @@ obj-$(CONFIG_CRYPTO_HASH) += crypto_hash.o
15 15
16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o 16obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 17obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
18obj-$(CONFIG_CRYPTO_XCBC) += xcbc.o
18obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o 19obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
19obj-$(CONFIG_CRYPTO_MD4) += md4.o 20obj-$(CONFIG_CRYPTO_MD4) += md4.o
20obj-$(CONFIG_CRYPTO_MD5) += md5.o 21obj-$(CONFIG_CRYPTO_MD5) += md5.o
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
new file mode 100644
index 000000000000..f5929501bd48
--- /dev/null
+++ b/crypto/xcbc.c
@@ -0,0 +1,346 @@
1/*
2 * Copyright (C)2006 USAGI/WIDE Project
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 * Author:
19 * Kazunori Miyazawa <miyazawa@linux-ipv6.org>
20 */
21
22#include <linux/crypto.h>
23#include <linux/err.h>
24#include <linux/kernel.h>
25#include <linux/mm.h>
26#include <linux/rtnetlink.h>
27#include <linux/slab.h>
28#include <linux/scatterlist.h>
29#include "internal.h"
30
31u_int32_t ks[12] = {0x01010101, 0x01010101, 0x01010101, 0x01010101,
32 0x02020202, 0x02020202, 0x02020202, 0x02020202,
33 0x03030303, 0x03030303, 0x03030303, 0x03030303};
34/*
35 * +------------------------
36 * | <parent tfm>
37 * +------------------------
38 * | crypto_xcbc_ctx
39 * +------------------------
40 * | odds (block size)
41 * +------------------------
42 * | prev (block size)
43 * +------------------------
44 * | key (block size)
45 * +------------------------
46 * | consts (block size * 3)
47 * +------------------------
48 */
49struct crypto_xcbc_ctx {
50 struct crypto_tfm *child;
51 u8 *odds;
52 u8 *prev;
53 u8 *key;
54 u8 *consts;
55 void (*xor)(u8 *a, const u8 *b, unsigned int bs);
56 unsigned int keylen;
57 unsigned int len;
58};
59
60static void xor_128(u8 *a, const u8 *b, unsigned int bs)
61{
62 ((u32 *)a)[0] ^= ((u32 *)b)[0];
63 ((u32 *)a)[1] ^= ((u32 *)b)[1];
64 ((u32 *)a)[2] ^= ((u32 *)b)[2];
65 ((u32 *)a)[3] ^= ((u32 *)b)[3];
66}
67
68static int _crypto_xcbc_digest_setkey(struct crypto_hash *parent,
69 struct crypto_xcbc_ctx *ctx)
70{
71 int bs = crypto_hash_blocksize(parent);
72 int err = 0;
73 u8 key1[bs];
74
75 if ((err = crypto_cipher_setkey(ctx->child, ctx->key, ctx->keylen)))
76 return err;
77
78 ctx->child->__crt_alg->cra_cipher.cia_encrypt(ctx->child, key1,
79 ctx->consts);
80
81 return crypto_cipher_setkey(ctx->child, key1, bs);
82}
83
84static int crypto_xcbc_digest_setkey(struct crypto_hash *parent,
85 const u8 *inkey, unsigned int keylen)
86{
87 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
88
89 if (keylen != crypto_tfm_alg_blocksize(ctx->child))
90 return -EINVAL;
91
92 ctx->keylen = keylen;
93 memcpy(ctx->key, inkey, keylen);
94 ctx->consts = (u8*)ks;
95
96 return _crypto_xcbc_digest_setkey(parent, ctx);
97}
98
99int crypto_xcbc_digest_init(struct hash_desc *pdesc)
100{
101 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(pdesc->tfm);
102 int bs = crypto_hash_blocksize(pdesc->tfm);
103
104 ctx->len = 0;
105 memset(ctx->odds, 0, bs);
106 memset(ctx->prev, 0, bs);
107
108 return 0;
109}
110
111int crypto_xcbc_digest_update(struct hash_desc *pdesc, struct scatterlist *sg, unsigned int nbytes)
112{
113 struct crypto_hash *parent = pdesc->tfm;
114 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
115 struct crypto_tfm *tfm = ctx->child;
116 int bs = crypto_hash_blocksize(parent);
117 unsigned int i = 0;
118
119 do {
120
121 struct page *pg = sg[i].page;
122 unsigned int offset = sg[i].offset;
123 unsigned int slen = sg[i].length;
124
125 while (slen > 0) {
126 unsigned int len = min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
127 char *p = crypto_kmap(pg, 0) + offset;
128
129 /* checking the data can fill the block */
130 if ((ctx->len + len) <= bs) {
131 memcpy(ctx->odds + ctx->len, p, len);
132 ctx->len += len;
133 slen -= len;
134
135 /* checking the rest of the page */
136 if (len + offset >= PAGE_SIZE) {
137 offset = 0;
138 pg++;
139 } else
140 offset += len;
141
142 crypto_kunmap(p, 0);
143 crypto_yield(tfm->crt_flags);
144 continue;
145 }
146
147 /* filling odds with new data and encrypting it */
148 memcpy(ctx->odds + ctx->len, p, bs - ctx->len);
149 len -= bs - ctx->len;
150 p += bs - ctx->len;
151
152 ctx->xor(ctx->prev, ctx->odds, bs);
153 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
154
155 /* clearing the length */
156 ctx->len = 0;
157
158 /* encrypting the rest of data */
159 while (len > bs) {
160 ctx->xor(ctx->prev, p, bs);
161 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, ctx->prev, ctx->prev);
162 p += bs;
163 len -= bs;
164 }
165
166 /* keeping the surplus of blocksize */
167 if (len) {
168 memcpy(ctx->odds, p, len);
169 ctx->len = len;
170 }
171 crypto_kunmap(p, 0);
172 crypto_yield(tfm->crt_flags);
173 slen -= min(slen, ((unsigned int)(PAGE_SIZE)) - offset);
174 offset = 0;
175 pg++;
176 }
177 nbytes-=sg[i].length;
178 i++;
179 } while (nbytes>0);
180
181 return 0;
182}
183
184int crypto_xcbc_digest_final(struct hash_desc *pdesc, u8 *out)
185{
186 struct crypto_hash *parent = pdesc->tfm;
187 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent);
188 struct crypto_tfm *tfm = ctx->child;
189 int bs = crypto_hash_blocksize(parent);
190 int err = 0;
191
192 if (ctx->len == bs) {
193 u8 key2[bs];
194
195 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
196 return err;
197
198 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key2, (const u8*)(ctx->consts+bs));
199
200 ctx->xor(ctx->prev, ctx->odds, bs);
201 ctx->xor(ctx->prev, key2, bs);
202 _crypto_xcbc_digest_setkey(parent, ctx);
203
204 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
205 } else {
206 u8 key3[bs];
207 unsigned int rlen;
208 u8 *p = ctx->odds + ctx->len;
209 *p = 0x80;
210 p++;
211
212 rlen = bs - ctx->len -1;
213 if (rlen)
214 memset(p, 0, rlen);
215
216 if ((err = crypto_cipher_setkey(tfm, ctx->key, ctx->keylen)) != 0)
217 return err;
218
219 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, key3, (const u8*)(ctx->consts+bs*2));
220
221 ctx->xor(ctx->prev, ctx->odds, bs);
222 ctx->xor(ctx->prev, key3, bs);
223
224 _crypto_xcbc_digest_setkey(parent, ctx);
225
226 tfm->__crt_alg->cra_cipher.cia_encrypt(tfm, out, ctx->prev);
227 }
228
229 return 0;
230}
231
232static int crypto_xcbc_digest(struct hash_desc *pdesc,
233 struct scatterlist *sg, unsigned int nbytes, u8 *out)
234{
235 crypto_xcbc_digest_init(pdesc);
236 crypto_xcbc_digest_update(pdesc, sg, nbytes);
237 return crypto_xcbc_digest_final(pdesc, out);
238}
239
240static int xcbc_init_tfm(struct crypto_tfm *tfm)
241{
242 struct crypto_instance *inst = (void *)tfm->__crt_alg;
243 struct crypto_spawn *spawn = crypto_instance_ctx(inst);
244 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
245 int bs = crypto_hash_blocksize(__crypto_hash_cast(tfm));
246
247 tfm = crypto_spawn_tfm(spawn);
248 if (IS_ERR(tfm))
249 return PTR_ERR(tfm);
250
251 switch(bs) {
252 case 16:
253 ctx->xor = xor_128;
254 break;
255 default:
256 return -EINVAL;
257 }
258
259 ctx->child = crypto_cipher_cast(tfm);
260 ctx->odds = (u8*)(ctx+1);
261 ctx->prev = ctx->odds + bs;
262 ctx->key = ctx->prev + bs;
263
264 return 0;
265};
266
267static void xcbc_exit_tfm(struct crypto_tfm *tfm)
268{
269 struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(__crypto_hash_cast(tfm));
270 crypto_free_cipher(ctx->child);
271}
272
273static struct crypto_instance *xcbc_alloc(void *param, unsigned int len)
274{
275 struct crypto_instance *inst;
276 struct crypto_alg *alg;
277 alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
278 CRYPTO_ALG_TYPE_HASH_MASK | CRYPTO_ALG_ASYNC);
279 if (IS_ERR(alg))
280 return ERR_PTR(PTR_ERR(alg));
281
282 switch(alg->cra_blocksize) {
283 case 16:
284 break;
285 default:
286 return ERR_PTR(PTR_ERR(alg));
287 }
288
289 inst = crypto_alloc_instance("xcbc", alg);
290 if (IS_ERR(inst))
291 goto out_put_alg;
292
293 inst->alg.cra_flags = CRYPTO_ALG_TYPE_HASH;
294 inst->alg.cra_priority = alg->cra_priority;
295 inst->alg.cra_blocksize = alg->cra_blocksize;
296 inst->alg.cra_alignmask = alg->cra_alignmask;
297 inst->alg.cra_type = &crypto_hash_type;
298
299 inst->alg.cra_hash.digestsize =
300 (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
301 CRYPTO_ALG_TYPE_HASH ? alg->cra_hash.digestsize :
302 alg->cra_blocksize;
303 inst->alg.cra_ctxsize = sizeof(struct crypto_xcbc_ctx) +
304 ALIGN(inst->alg.cra_blocksize * 3, sizeof(void *));
305 inst->alg.cra_init = xcbc_init_tfm;
306 inst->alg.cra_exit = xcbc_exit_tfm;
307
308 inst->alg.cra_hash.init = crypto_xcbc_digest_init;
309 inst->alg.cra_hash.update = crypto_xcbc_digest_update;
310 inst->alg.cra_hash.final = crypto_xcbc_digest_final;
311 inst->alg.cra_hash.digest = crypto_xcbc_digest;
312 inst->alg.cra_hash.setkey = crypto_xcbc_digest_setkey;
313
314out_put_alg:
315 crypto_mod_put(alg);
316 return inst;
317}
318
319static void xcbc_free(struct crypto_instance *inst)
320{
321 crypto_drop_spawn(crypto_instance_ctx(inst));
322 kfree(inst);
323}
324
325static struct crypto_template crypto_xcbc_tmpl = {
326 .name = "xcbc",
327 .alloc = xcbc_alloc,
328 .free = xcbc_free,
329 .module = THIS_MODULE,
330};
331
332static int __init crypto_xcbc_module_init(void)
333{
334 return crypto_register_template(&crypto_xcbc_tmpl);
335}
336
337static void __exit crypto_xcbc_module_exit(void)
338{
339 crypto_unregister_template(&crypto_xcbc_tmpl);
340}
341
342module_init(crypto_xcbc_module_init);
343module_exit(crypto_xcbc_module_exit);
344
345MODULE_LICENSE("GPL");
346MODULE_DESCRIPTION("XCBC keyed hash algorithm");