Linux/crypto/xctr.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 // SPDX-License-Identifier: GPL-2.0-or-later 1 2 /* 3 * XCTR: XOR Counter mode - Adapted from ctr.c 4 * 5 * (C) Copyright IBM Corp. 2007 - Joy Latten < 6 * Copyright 2021 Google LLC 7 */ 8 9 /* 10 * XCTR mode is a blockcipher mode of operatio 11 * closely related to the CTR mode of operatio 12 * generates the keystream using E(CTR + IV) w 13 * keystream using E(CTR ^ IV). This allows im 14 * with multi-limb integers (as is required in 15 * using little-endian arithmetic which makes 16 * 17 * See the HCTR2 paper for more details: 18 * Length-preserving encryption with HCTR 19 * (https://eprint.iacr.org/2021/1441.pdf 20 */ 21 22 #include <crypto/algapi.h> 23 #include <crypto/internal/cipher.h> 24 #include <crypto/internal/skcipher.h> 25 #include <linux/err.h> 26 #include <linux/init.h> 27 #include <linux/kernel.h> 28 #include <linux/module.h> 29 #include <linux/slab.h> 30 31 /* For now this implementation is limited to 1 32 #define XCTR_BLOCKSIZE 16 33 34 static void crypto_xctr_crypt_final(struct skc 35 struct cryp 36 { 37 u8 keystream[XCTR_BLOCKSIZE]; 38 const u8 *src = walk->src.virt.addr; 39 u8 *dst = walk->dst.virt.addr; 40 unsigned int nbytes = walk->nbytes; 41 __le32 ctr32 = cpu_to_le32(byte_ctr / 42 43 crypto_xor(walk->iv, (u8 *)&ctr32, siz 44 crypto_cipher_encrypt_one(tfm, keystre 45 crypto_xor_cpy(dst, keystream, src, nb 46 crypto_xor(walk->iv, (u8 *)&ctr32, siz 47 } 48 49 static int crypto_xctr_crypt_segment(struct sk 50 struct cry 51 { 52 void (*fn)(struct crypto_tfm *, u8 *, 53 crypto_cipher_alg(tfm)->cia 54 const u8 *src = walk->src.virt.addr; 55 u8 *dst = walk->dst.virt.addr; 56 unsigned int nbytes = walk->nbytes; 57 __le32 ctr32 = cpu_to_le32(byte_ctr / 58 59 do { 60 crypto_xor(walk->iv, (u8 *)&ct 61 fn(crypto_cipher_tfm(tfm), dst 62 crypto_xor(dst, src, XCTR_BLOC 63 crypto_xor(walk->iv, (u8 *)&ct 64 65 le32_add_cpu(&ctr32, 1); 66 67 src += XCTR_BLOCKSIZE; 68 dst += XCTR_BLOCKSIZE; 69 } while ((nbytes -= XCTR_BLOCKSIZE) >= 70 71 return nbytes; 72 } 73 74 static int crypto_xctr_crypt_inplace(struct sk 75 struct cry 76 { 77 void (*fn)(struct crypto_tfm *, u8 *, 78 crypto_cipher_alg(tfm)->cia 79 unsigned long alignmask = crypto_ciphe 80 unsigned int nbytes = walk->nbytes; 81 u8 *data = walk->src.virt.addr; 82 u8 tmp[XCTR_BLOCKSIZE + MAX_CIPHER_ALI 83 u8 *keystream = PTR_ALIGN(tmp + 0, ali 84 __le32 ctr32 = cpu_to_le32(byte_ctr / 85 86 do { 87 crypto_xor(walk->iv, (u8 *)&ct 88 fn(crypto_cipher_tfm(tfm), key 89 crypto_xor(data, keystream, XC 90 crypto_xor(walk->iv, (u8 *)&ct 91 92 le32_add_cpu(&ctr32, 1); 93 94 data += XCTR_BLOCKSIZE; 95 } while ((nbytes -= XCTR_BLOCKSIZE) >= 96 97 return nbytes; 98 } 99 100 static int crypto_xctr_crypt(struct skcipher_r 101 { 102 struct crypto_skcipher *tfm = crypto_s 103 struct crypto_cipher *cipher = skciphe 104 struct skcipher_walk walk; 105 unsigned int nbytes; 106 int err; 107 u32 byte_ctr = 0; 108 109 err = skcipher_walk_virt(&walk, req, f 110 111 while (walk.nbytes >= XCTR_BLOCKSIZE) 112 if (walk.src.virt.addr == walk 113 nbytes = crypto_xctr_c 114 115 else 116 nbytes = crypto_xctr_c 117 118 119 byte_ctr += walk.nbytes - nbyt 120 err = skcipher_walk_done(&walk 121 } 122 123 if (walk.nbytes) { 124 crypto_xctr_crypt_final(&walk, 125 err = skcipher_walk_done(&walk 126 } 127 128 return err; 129 } 130 131 static int crypto_xctr_create(struct crypto_te 132 { 133 struct skcipher_instance *inst; 134 struct crypto_alg *alg; 135 int err; 136 137 inst = skcipher_alloc_instance_simple( 138 if (IS_ERR(inst)) 139 return PTR_ERR(inst); 140 141 alg = skcipher_ialg_simple(inst); 142 143 /* Block size must be 16 bytes. */ 144 err = -EINVAL; 145 if (alg->cra_blocksize != XCTR_BLOCKSI 146 goto out_free_inst; 147 148 /* XCTR mode is a stream cipher. */ 149 inst->alg.base.cra_blocksize = 1; 150 151 /* 152 * To simplify the implementation, con 153 * give a partial block at the very en 154 */ 155 inst->alg.chunksize = alg->cra_blocksi 156 157 inst->alg.encrypt = crypto_xctr_crypt; 158 inst->alg.decrypt = crypto_xctr_crypt; 159 160 err = skcipher_register_instance(tmpl, 161 if (err) { 162 out_free_inst: 163 inst->free(inst); 164 } 165 166 return err; 167 } 168 169 static struct crypto_template crypto_xctr_tmpl 170 .name = "xctr", 171 .create = crypto_xctr_create, 172 .module = THIS_MODULE, 173 }; 174 175 static int __init crypto_xctr_module_init(void 176 { 177 return crypto_register_template(&crypt 178 } 179 180 static void __exit crypto_xctr_module_exit(voi 181 { 182 crypto_unregister_template(&crypto_xct 183 } 184 185 subsys_initcall(crypto_xctr_module_init); 186 module_exit(crypto_xctr_module_exit); 187 188 MODULE_LICENSE("GPL"); 189 MODULE_DESCRIPTION("XCTR block cipher mode of 190 MODULE_ALIAS_CRYPTO("xctr"); 191 MODULE_IMPORT_NS(CRYPTO_INTERNAL); 192

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/crypto/xctr.c

Diff markup

Differences between /crypto/xctr.c (Version linux-6.11.5) and /crypto/xctr.c (Version linux-4.10.17)

TOMOYO Linux Cross Reference Linux/crypto/xctr.c

Diff markup

Differences between /crypto/xctr.c (Version linux-6.11.5) and /crypto/xctr.c (Version linux-4.10.17)

TOMOYO Linux Cross Reference
Linux/crypto/xctr.c