1 // SPDX-License-Identifier: GPL-2.0-or-later <<
2 /* XTS: as defined in IEEE1619/D16 1 /* XTS: as defined in IEEE1619/D16
3 * http://grouper.ieee.org/groups/1619/em 2 * http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
>> 3 * (sector sizes which are not a multiple of 16 bytes are,
>> 4 * however currently unsupported)
4 * 5 *
5 * Copyright (c) 2007 Rik Snel <rsnel@cube.dyn 6 * Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org>
6 * 7 *
7 * Based on ecb.c 8 * Based on ecb.c
8 * Copyright (c) 2006 Herbert Xu <herbert@gond 9 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
>> 10 *
>> 11 * This program is free software; you can redistribute it and/or modify it
>> 12 * under the terms of the GNU General Public License as published by the Free
>> 13 * Software Foundation; either version 2 of the License, or (at your option)
>> 14 * any later version.
9 */ 15 */
10 #include <crypto/internal/cipher.h> <<
11 #include <crypto/internal/skcipher.h> 16 #include <crypto/internal/skcipher.h>
12 #include <crypto/scatterwalk.h> 17 #include <crypto/scatterwalk.h>
13 #include <linux/err.h> 18 #include <linux/err.h>
14 #include <linux/init.h> 19 #include <linux/init.h>
15 #include <linux/kernel.h> 20 #include <linux/kernel.h>
16 #include <linux/module.h> 21 #include <linux/module.h>
17 #include <linux/scatterlist.h> 22 #include <linux/scatterlist.h>
18 #include <linux/slab.h> 23 #include <linux/slab.h>
19 24
20 #include <crypto/xts.h> 25 #include <crypto/xts.h>
21 #include <crypto/b128ops.h> 26 #include <crypto/b128ops.h>
22 #include <crypto/gf128mul.h> 27 #include <crypto/gf128mul.h>
23 28
24 struct xts_tfm_ctx { !! 29 #define XTS_BUFFER_SIZE 128u
>> 30
>> 31 struct priv {
25 struct crypto_skcipher *child; 32 struct crypto_skcipher *child;
26 struct crypto_cipher *tweak; 33 struct crypto_cipher *tweak;
27 }; 34 };
28 35
29 struct xts_instance_ctx { 36 struct xts_instance_ctx {
30 struct crypto_skcipher_spawn spawn; 37 struct crypto_skcipher_spawn spawn;
31 struct crypto_cipher_spawn tweak_spawn !! 38 char name[CRYPTO_MAX_ALG_NAME];
32 }; 39 };
33 40
34 struct xts_request_ctx { !! 41 struct rctx {
>> 42 le128 buf[XTS_BUFFER_SIZE / sizeof(le128)];
>> 43
35 le128 t; 44 le128 t;
36 struct scatterlist *tail; !! 45
37 struct scatterlist sg[2]; !! 46 le128 *ext;
>> 47
>> 48 struct scatterlist srcbuf[2];
>> 49 struct scatterlist dstbuf[2];
>> 50 struct scatterlist *src;
>> 51 struct scatterlist *dst;
>> 52
>> 53 unsigned int left;
>> 54
38 struct skcipher_request subreq; 55 struct skcipher_request subreq;
39 }; 56 };
40 57
41 static int xts_setkey(struct crypto_skcipher * !! 58 static int setkey(struct crypto_skcipher *parent, const u8 *key,
42 unsigned int keylen) !! 59 unsigned int keylen)
43 { 60 {
44 struct xts_tfm_ctx *ctx = crypto_skcip !! 61 struct priv *ctx = crypto_skcipher_ctx(parent);
45 struct crypto_skcipher *child; 62 struct crypto_skcipher *child;
46 struct crypto_cipher *tweak; 63 struct crypto_cipher *tweak;
47 int err; 64 int err;
48 65
49 err = xts_verify_key(parent, key, keyl 66 err = xts_verify_key(parent, key, keylen);
50 if (err) 67 if (err)
51 return err; 68 return err;
52 69
53 keylen /= 2; 70 keylen /= 2;
54 71
55 /* we need two cipher instances: one t 72 /* we need two cipher instances: one to compute the initial 'tweak'
56 * by encrypting the IV (usually the ' 73 * by encrypting the IV (usually the 'plain' iv) and the other
57 * one to encrypt and decrypt the data 74 * one to encrypt and decrypt the data */
58 75
59 /* tweak cipher, uses Key2 i.e. the se 76 /* tweak cipher, uses Key2 i.e. the second half of *key */
60 tweak = ctx->tweak; 77 tweak = ctx->tweak;
61 crypto_cipher_clear_flags(tweak, CRYPT 78 crypto_cipher_clear_flags(tweak, CRYPTO_TFM_REQ_MASK);
62 crypto_cipher_set_flags(tweak, crypto_ 79 crypto_cipher_set_flags(tweak, crypto_skcipher_get_flags(parent) &
63 CRYPTO_ 80 CRYPTO_TFM_REQ_MASK);
64 err = crypto_cipher_setkey(tweak, key 81 err = crypto_cipher_setkey(tweak, key + keylen, keylen);
>> 82 crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(tweak) &
>> 83 CRYPTO_TFM_RES_MASK);
65 if (err) 84 if (err)
66 return err; 85 return err;
67 86
68 /* data cipher, uses Key1 i.e. the fir 87 /* data cipher, uses Key1 i.e. the first half of *key */
69 child = ctx->child; 88 child = ctx->child;
70 crypto_skcipher_clear_flags(child, CRY 89 crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
71 crypto_skcipher_set_flags(child, crypt 90 crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(parent) &
72 CRYPT 91 CRYPTO_TFM_REQ_MASK);
73 return crypto_skcipher_setkey(child, k !! 92 err = crypto_skcipher_setkey(child, key, keylen);
>> 93 crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) &
>> 94 CRYPTO_TFM_RES_MASK);
>> 95
>> 96 return err;
74 } 97 }
75 98
76 /* !! 99 static int post_crypt(struct skcipher_request *req)
77 * We compute the tweak masks twice (both befo <<
78 * decryption) to avoid having to allocate a t <<
79 * mutliple calls to the 'ecb(..)' instance, w <<
80 * just doing the gf128mul_x_ble() calls again <<
81 */ <<
82 static int xts_xor_tweak(struct skcipher_reque <<
83 bool enc) <<
84 { 100 {
85 struct xts_request_ctx *rctx = skciphe !! 101 struct rctx *rctx = skcipher_request_ctx(req);
86 struct crypto_skcipher *tfm = crypto_s !! 102 le128 *buf = rctx->ext ?: rctx->buf;
87 const bool cts = (req->cryptlen % XTS_ !! 103 struct skcipher_request *subreq;
88 const int bs = XTS_BLOCK_SIZE; 104 const int bs = XTS_BLOCK_SIZE;
89 struct skcipher_walk w; 105 struct skcipher_walk w;
90 le128 t = rctx->t; !! 106 struct scatterlist *sg;
>> 107 unsigned offset;
91 int err; 108 int err;
92 109
93 if (second_pass) { !! 110 subreq = &rctx->subreq;
94 req = &rctx->subreq; !! 111 err = skcipher_walk_virt(&w, subreq, false);
95 /* set to our TFM to enforce c <<
96 skcipher_request_set_tfm(req, <<
97 } <<
98 err = skcipher_walk_virt(&w, req, fals <<
99 112
100 while (w.nbytes) { 113 while (w.nbytes) {
101 unsigned int avail = w.nbytes; 114 unsigned int avail = w.nbytes;
102 le128 *wsrc; <<
103 le128 *wdst; 115 le128 *wdst;
104 116
105 wsrc = w.src.virt.addr; <<
106 wdst = w.dst.virt.addr; 117 wdst = w.dst.virt.addr;
107 118
108 do { 119 do {
109 if (unlikely(cts) && !! 120 le128_xor(wdst, buf++, wdst);
110 w.total - w.nbytes !! 121 wdst++;
111 if (!enc) { <<
112 if (se <<
113 <<
114 gf128m <<
115 } <<
116 le128_xor(wdst <<
117 if (enc && sec <<
118 gf128m <<
119 skcipher_walk_ <<
120 return 0; <<
121 } <<
122 <<
123 le128_xor(wdst++, &t, <<
124 gf128mul_x_ble(&t, &t) <<
125 } while ((avail -= bs) >= bs); 122 } while ((avail -= bs) >= bs);
126 123
127 err = skcipher_walk_done(&w, a 124 err = skcipher_walk_done(&w, avail);
128 } 125 }
129 126
>> 127 rctx->left -= subreq->cryptlen;
>> 128
>> 129 if (err || !rctx->left)
>> 130 goto out;
>> 131
>> 132 rctx->dst = rctx->dstbuf;
>> 133
>> 134 scatterwalk_done(&w.out, 0, 1);
>> 135 sg = w.out.sg;
>> 136 offset = w.out.offset;
>> 137
>> 138 if (rctx->dst != sg) {
>> 139 rctx->dst[0] = *sg;
>> 140 sg_unmark_end(rctx->dst);
>> 141 scatterwalk_crypto_chain(rctx->dst, sg_next(sg), 2);
>> 142 }
>> 143 rctx->dst[0].length -= offset - sg->offset;
>> 144 rctx->dst[0].offset = offset;
>> 145
>> 146 out:
130 return err; 147 return err;
131 } 148 }
132 149
133 static int xts_xor_tweak_pre(struct skcipher_r !! 150 static int pre_crypt(struct skcipher_request *req)
134 { 151 {
135 return xts_xor_tweak(req, false, enc); !! 152 struct rctx *rctx = skcipher_request_ctx(req);
136 } !! 153 le128 *buf = rctx->ext ?: rctx->buf;
>> 154 struct skcipher_request *subreq;
>> 155 const int bs = XTS_BLOCK_SIZE;
>> 156 struct skcipher_walk w;
>> 157 struct scatterlist *sg;
>> 158 unsigned cryptlen;
>> 159 unsigned offset;
>> 160 bool more;
>> 161 int err;
137 162
138 static int xts_xor_tweak_post(struct skcipher_ !! 163 subreq = &rctx->subreq;
139 { !! 164 cryptlen = subreq->cryptlen;
140 return xts_xor_tweak(req, true, enc); <<
141 } <<
142 165
143 static void xts_cts_done(void *data, int err) !! 166 more = rctx->left > cryptlen;
144 { !! 167 if (!more)
145 struct skcipher_request *req = data; !! 168 cryptlen = rctx->left;
146 le128 b; <<
147 169
148 if (!err) { !! 170 skcipher_request_set_crypt(subreq, rctx->src, rctx->dst,
149 struct xts_request_ctx *rctx = !! 171 cryptlen, NULL);
150 172
151 scatterwalk_map_and_copy(&b, r !! 173 err = skcipher_walk_virt(&w, subreq, false);
152 le128_xor(&b, &rctx->t, &b); !! 174
153 scatterwalk_map_and_copy(&b, r !! 175 while (w.nbytes) {
>> 176 unsigned int avail = w.nbytes;
>> 177 le128 *wsrc;
>> 178 le128 *wdst;
>> 179
>> 180 wsrc = w.src.virt.addr;
>> 181 wdst = w.dst.virt.addr;
>> 182
>> 183 do {
>> 184 *buf++ = rctx->t;
>> 185 le128_xor(wdst++, &rctx->t, wsrc++);
>> 186 gf128mul_x_ble(&rctx->t, &rctx->t);
>> 187 } while ((avail -= bs) >= bs);
>> 188
>> 189 err = skcipher_walk_done(&w, avail);
154 } 190 }
155 191
156 skcipher_request_complete(req, err); !! 192 skcipher_request_set_crypt(subreq, rctx->dst, rctx->dst,
157 } !! 193 cryptlen, NULL);
158 194
159 static int xts_cts_final(struct skcipher_reque !! 195 if (err || !more)
160 int (*crypt)(struct s !! 196 goto out;
161 { <<
162 const struct xts_tfm_ctx *ctx = <<
163 crypto_skcipher_ctx(crypto_skc <<
164 int offset = req->cryptlen & ~(XTS_BLO <<
165 struct xts_request_ctx *rctx = skciphe <<
166 struct skcipher_request *subreq = &rct <<
167 int tail = req->cryptlen % XTS_BLOCK_S <<
168 le128 b[2]; <<
169 int err; <<
170 197
171 rctx->tail = scatterwalk_ffwd(rctx->sg !! 198 rctx->src = rctx->srcbuf;
172 offset - <<
173 199
174 scatterwalk_map_and_copy(b, rctx->tail !! 200 scatterwalk_done(&w.in, 0, 1);
175 b[1] = b[0]; !! 201 sg = w.in.sg;
176 scatterwalk_map_and_copy(b, req->src, !! 202 offset = w.in.offset;
>> 203
>> 204 if (rctx->src != sg) {
>> 205 rctx->src[0] = *sg;
>> 206 sg_unmark_end(rctx->src);
>> 207 scatterwalk_crypto_chain(rctx->src, sg_next(sg), 2);
>> 208 }
>> 209 rctx->src[0].length -= offset - sg->offset;
>> 210 rctx->src[0].offset = offset;
177 211
178 le128_xor(b, &rctx->t, b); !! 212 out:
>> 213 return err;
>> 214 }
179 215
180 scatterwalk_map_and_copy(b, rctx->tail !! 216 static int init_crypt(struct skcipher_request *req, crypto_completion_t done)
>> 217 {
>> 218 struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
>> 219 struct rctx *rctx = skcipher_request_ctx(req);
>> 220 struct skcipher_request *subreq;
>> 221 gfp_t gfp;
181 222
>> 223 subreq = &rctx->subreq;
182 skcipher_request_set_tfm(subreq, ctx-> 224 skcipher_request_set_tfm(subreq, ctx->child);
183 skcipher_request_set_callback(subreq, !! 225 skcipher_request_set_callback(subreq, req->base.flags, done, req);
184 req); <<
185 skcipher_request_set_crypt(subreq, rct <<
186 XTS_BLOCK_S <<
187 226
188 err = crypt(subreq); !! 227 gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
189 if (err) !! 228 GFP_ATOMIC;
190 return err; !! 229 rctx->ext = NULL;
>> 230
>> 231 subreq->cryptlen = XTS_BUFFER_SIZE;
>> 232 if (req->cryptlen > XTS_BUFFER_SIZE) {
>> 233 unsigned int n = min(req->cryptlen, (unsigned int)PAGE_SIZE);
>> 234
>> 235 rctx->ext = kmalloc(n, gfp);
>> 236 if (rctx->ext)
>> 237 subreq->cryptlen = n;
>> 238 }
191 239
192 scatterwalk_map_and_copy(b, rctx->tail !! 240 rctx->src = req->src;
193 le128_xor(b, &rctx->t, b); !! 241 rctx->dst = req->dst;
194 scatterwalk_map_and_copy(b, rctx->tail !! 242 rctx->left = req->cryptlen;
>> 243
>> 244 /* calculate first value of T */
>> 245 crypto_cipher_encrypt_one(ctx->tweak, (u8 *)&rctx->t, req->iv);
195 246
196 return 0; 247 return 0;
197 } 248 }
198 249
199 static void xts_encrypt_done(void *data, int e !! 250 static void exit_crypt(struct skcipher_request *req)
200 { 251 {
201 struct skcipher_request *req = data; !! 252 struct rctx *rctx = skcipher_request_ctx(req);
202 253
203 if (!err) { !! 254 rctx->left = 0;
204 struct xts_request_ctx *rctx = <<
205 255
206 rctx->subreq.base.flags &= CRY !! 256 if (rctx->ext)
207 err = xts_xor_tweak_post(req, !! 257 kzfree(rctx->ext);
208 <<
209 if (!err && unlikely(req->cryp <<
210 err = xts_cts_final(re <<
211 if (err == -EINPROGRES <<
212 return; <<
213 } <<
214 } <<
215 <<
216 skcipher_request_complete(req, err); <<
217 } 258 }
218 259
219 static void xts_decrypt_done(void *data, int e !! 260 static int do_encrypt(struct skcipher_request *req, int err)
220 { 261 {
221 struct skcipher_request *req = data; !! 262 struct rctx *rctx = skcipher_request_ctx(req);
>> 263 struct skcipher_request *subreq;
222 264
223 if (!err) { !! 265 subreq = &rctx->subreq;
224 struct xts_request_ctx *rctx = <<
225 266
226 rctx->subreq.base.flags &= CRY !! 267 while (!err && rctx->left) {
227 err = xts_xor_tweak_post(req, !! 268 err = pre_crypt(req) ?:
>> 269 crypto_skcipher_encrypt(subreq) ?:
>> 270 post_crypt(req);
228 271
229 if (!err && unlikely(req->cryp !! 272 if (err == -EINPROGRESS || err == -EBUSY)
230 err = xts_cts_final(re !! 273 return err;
231 if (err == -EINPROGRES <<
232 return; <<
233 } <<
234 } 274 }
235 275
236 skcipher_request_complete(req, err); !! 276 exit_crypt(req);
>> 277 return err;
237 } 278 }
238 279
239 static int xts_init_crypt(struct skcipher_requ !! 280 static void encrypt_done(struct crypto_async_request *areq, int err)
240 crypto_completion_t <<
241 { 281 {
242 const struct xts_tfm_ctx *ctx = !! 282 struct skcipher_request *req = areq->data;
243 crypto_skcipher_ctx(crypto_skc !! 283 struct skcipher_request *subreq;
244 struct xts_request_ctx *rctx = skciphe !! 284 struct rctx *rctx;
245 struct skcipher_request *subreq = &rct !! 285
>> 286 rctx = skcipher_request_ctx(req);
>> 287
>> 288 if (err == -EINPROGRESS) {
>> 289 if (rctx->left != req->cryptlen)
>> 290 return;
>> 291 goto out;
>> 292 }
246 293
247 if (req->cryptlen < XTS_BLOCK_SIZE) !! 294 subreq = &rctx->subreq;
248 return -EINVAL; !! 295 subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
249 296
250 skcipher_request_set_tfm(subreq, ctx-> !! 297 err = do_encrypt(req, err ?: post_crypt(req));
251 skcipher_request_set_callback(subreq, !! 298 if (rctx->left)
252 skcipher_request_set_crypt(subreq, req !! 299 return;
253 req->cryptl <<
254 300
255 /* calculate first value of T */ !! 301 out:
256 crypto_cipher_encrypt_one(ctx->tweak, !! 302 skcipher_request_complete(req, err);
>> 303 }
257 304
258 return 0; !! 305 static int encrypt(struct skcipher_request *req)
>> 306 {
>> 307 return do_encrypt(req, init_crypt(req, encrypt_done));
259 } 308 }
260 309
261 static int xts_encrypt(struct skcipher_request !! 310 static int do_decrypt(struct skcipher_request *req, int err)
262 { 311 {
263 struct xts_request_ctx *rctx = skciphe !! 312 struct rctx *rctx = skcipher_request_ctx(req);
264 struct skcipher_request *subreq = &rct !! 313 struct skcipher_request *subreq;
265 int err; <<
266 314
267 err = xts_init_crypt(req, xts_encrypt_ !! 315 subreq = &rctx->subreq;
268 xts_xor_tweak_pre(req, true) ?: <<
269 crypto_skcipher_encrypt(subreq) <<
270 xts_xor_tweak_post(req, true); <<
271 316
272 if (err || likely((req->cryptlen % XTS !! 317 while (!err && rctx->left) {
273 return err; !! 318 err = pre_crypt(req) ?:
>> 319 crypto_skcipher_decrypt(subreq) ?:
>> 320 post_crypt(req);
>> 321
>> 322 if (err == -EINPROGRESS || err == -EBUSY)
>> 323 return err;
>> 324 }
274 325
275 return xts_cts_final(req, crypto_skcip !! 326 exit_crypt(req);
>> 327 return err;
276 } 328 }
277 329
278 static int xts_decrypt(struct skcipher_request !! 330 static void decrypt_done(struct crypto_async_request *areq, int err)
279 { 331 {
280 struct xts_request_ctx *rctx = skciphe !! 332 struct skcipher_request *req = areq->data;
281 struct skcipher_request *subreq = &rct !! 333 struct skcipher_request *subreq;
282 int err; !! 334 struct rctx *rctx;
>> 335
>> 336 rctx = skcipher_request_ctx(req);
>> 337
>> 338 if (err == -EINPROGRESS) {
>> 339 if (rctx->left != req->cryptlen)
>> 340 return;
>> 341 goto out;
>> 342 }
283 343
284 err = xts_init_crypt(req, xts_decrypt_ !! 344 subreq = &rctx->subreq;
285 xts_xor_tweak_pre(req, false) ?: !! 345 subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
286 crypto_skcipher_decrypt(subreq) <<
287 xts_xor_tweak_post(req, false); <<
288 346
289 if (err || likely((req->cryptlen % XTS !! 347 err = do_decrypt(req, err ?: post_crypt(req));
290 return err; !! 348 if (rctx->left)
>> 349 return;
291 350
292 return xts_cts_final(req, crypto_skcip !! 351 out:
>> 352 skcipher_request_complete(req, err);
293 } 353 }
294 354
295 static int xts_init_tfm(struct crypto_skcipher !! 355 static int decrypt(struct skcipher_request *req)
>> 356 {
>> 357 return do_decrypt(req, init_crypt(req, decrypt_done));
>> 358 }
>> 359
>> 360 static int init_tfm(struct crypto_skcipher *tfm)
296 { 361 {
297 struct skcipher_instance *inst = skcip 362 struct skcipher_instance *inst = skcipher_alg_instance(tfm);
298 struct xts_instance_ctx *ictx = skciph 363 struct xts_instance_ctx *ictx = skcipher_instance_ctx(inst);
299 struct xts_tfm_ctx *ctx = crypto_skcip !! 364 struct priv *ctx = crypto_skcipher_ctx(tfm);
300 struct crypto_skcipher *child; 365 struct crypto_skcipher *child;
301 struct crypto_cipher *tweak; 366 struct crypto_cipher *tweak;
302 367
303 child = crypto_spawn_skcipher(&ictx->s 368 child = crypto_spawn_skcipher(&ictx->spawn);
304 if (IS_ERR(child)) 369 if (IS_ERR(child))
305 return PTR_ERR(child); 370 return PTR_ERR(child);
306 371
307 ctx->child = child; 372 ctx->child = child;
308 373
309 tweak = crypto_spawn_cipher(&ictx->twe !! 374 tweak = crypto_alloc_cipher(ictx->name, 0, 0);
310 if (IS_ERR(tweak)) { 375 if (IS_ERR(tweak)) {
311 crypto_free_skcipher(ctx->chil 376 crypto_free_skcipher(ctx->child);
312 return PTR_ERR(tweak); 377 return PTR_ERR(tweak);
313 } 378 }
314 379
315 ctx->tweak = tweak; 380 ctx->tweak = tweak;
316 381
317 crypto_skcipher_set_reqsize(tfm, crypt 382 crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(child) +
318 sizeo !! 383 sizeof(struct rctx));
319 384
320 return 0; 385 return 0;
321 } 386 }
322 387
323 static void xts_exit_tfm(struct crypto_skciphe !! 388 static void exit_tfm(struct crypto_skcipher *tfm)
324 { 389 {
325 struct xts_tfm_ctx *ctx = crypto_skcip !! 390 struct priv *ctx = crypto_skcipher_ctx(tfm);
326 391
327 crypto_free_skcipher(ctx->child); 392 crypto_free_skcipher(ctx->child);
328 crypto_free_cipher(ctx->tweak); 393 crypto_free_cipher(ctx->tweak);
329 } 394 }
330 395
331 static void xts_free_instance(struct skcipher_ !! 396 static void free_inst(struct skcipher_instance *inst)
332 { 397 {
333 struct xts_instance_ctx *ictx = skciph !! 398 crypto_drop_skcipher(skcipher_instance_ctx(inst));
334 <<
335 crypto_drop_skcipher(&ictx->spawn); <<
336 crypto_drop_cipher(&ictx->tweak_spawn) <<
337 kfree(inst); 399 kfree(inst);
338 } 400 }
339 401
340 static int xts_create(struct crypto_template * !! 402 static int create(struct crypto_template *tmpl, struct rtattr **tb)
341 { 403 {
342 struct skcipher_alg_common *alg; <<
343 char name[CRYPTO_MAX_ALG_NAME]; <<
344 struct skcipher_instance *inst; 404 struct skcipher_instance *inst;
>> 405 struct crypto_attr_type *algt;
345 struct xts_instance_ctx *ctx; 406 struct xts_instance_ctx *ctx;
>> 407 struct skcipher_alg *alg;
346 const char *cipher_name; 408 const char *cipher_name;
347 u32 mask; 409 u32 mask;
348 int err; 410 int err;
349 411
350 err = crypto_check_attr_type(tb, CRYPT !! 412 algt = crypto_get_attr_type(tb);
351 if (err) !! 413 if (IS_ERR(algt))
352 return err; !! 414 return PTR_ERR(algt);
>> 415
>> 416 if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask)
>> 417 return -EINVAL;
353 418
354 cipher_name = crypto_attr_alg_name(tb[ 419 cipher_name = crypto_attr_alg_name(tb[1]);
355 if (IS_ERR(cipher_name)) 420 if (IS_ERR(cipher_name))
356 return PTR_ERR(cipher_name); 421 return PTR_ERR(cipher_name);
357 422
358 inst = kzalloc(sizeof(*inst) + sizeof( 423 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
359 if (!inst) 424 if (!inst)
360 return -ENOMEM; 425 return -ENOMEM;
361 426
362 ctx = skcipher_instance_ctx(inst); 427 ctx = skcipher_instance_ctx(inst);
363 428
364 err = crypto_grab_skcipher(&ctx->spawn !! 429 crypto_set_skcipher_spawn(&ctx->spawn, skcipher_crypto_instance(inst));
365 cipher_name !! 430
>> 431 mask = crypto_requires_off(algt->type, algt->mask,
>> 432 CRYPTO_ALG_NEED_FALLBACK |
>> 433 CRYPTO_ALG_ASYNC);
>> 434
>> 435 err = crypto_grab_skcipher(&ctx->spawn, cipher_name, 0, mask);
366 if (err == -ENOENT) { 436 if (err == -ENOENT) {
367 err = -ENAMETOOLONG; 437 err = -ENAMETOOLONG;
368 if (snprintf(name, CRYPTO_MAX_ !! 438 if (snprintf(ctx->name, CRYPTO_MAX_ALG_NAME, "ecb(%s)",
369 cipher_name) >= C 439 cipher_name) >= CRYPTO_MAX_ALG_NAME)
370 goto err_free_inst; 440 goto err_free_inst;
371 441
372 err = crypto_grab_skcipher(&ct !! 442 err = crypto_grab_skcipher(&ctx->spawn, ctx->name, 0, mask);
373 skc <<
374 nam <<
375 } 443 }
376 444
377 if (err) 445 if (err)
378 goto err_free_inst; 446 goto err_free_inst;
379 447
380 alg = crypto_spawn_skcipher_alg_common !! 448 alg = crypto_skcipher_spawn_alg(&ctx->spawn);
381 449
382 err = -EINVAL; 450 err = -EINVAL;
383 if (alg->base.cra_blocksize != XTS_BLO 451 if (alg->base.cra_blocksize != XTS_BLOCK_SIZE)
384 goto err_free_inst; !! 452 goto err_drop_spawn;
385 453
386 if (alg->ivsize) !! 454 if (crypto_skcipher_alg_ivsize(alg))
387 goto err_free_inst; !! 455 goto err_drop_spawn;
388 456
389 err = crypto_inst_setname(skcipher_cry 457 err = crypto_inst_setname(skcipher_crypto_instance(inst), "xts",
390 &alg->base); 458 &alg->base);
391 if (err) 459 if (err)
392 goto err_free_inst; !! 460 goto err_drop_spawn;
393 461
394 err = -EINVAL; 462 err = -EINVAL;
395 cipher_name = alg->base.cra_name; 463 cipher_name = alg->base.cra_name;
396 464
397 /* Alas we screwed up the naming so we 465 /* Alas we screwed up the naming so we have to mangle the
398 * cipher name. 466 * cipher name.
399 */ 467 */
400 if (!strncmp(cipher_name, "ecb(", 4)) 468 if (!strncmp(cipher_name, "ecb(", 4)) {
401 int len; !! 469 unsigned len;
402 470
403 len = strscpy(name, cipher_nam !! 471 len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
404 if (len < 2) !! 472 if (len < 2 || len >= sizeof(ctx->name))
405 goto err_free_inst; !! 473 goto err_drop_spawn;
406 474
407 if (name[len - 1] != ')') !! 475 if (ctx->name[len - 1] != ')')
408 goto err_free_inst; !! 476 goto err_drop_spawn;
409 477
410 name[len - 1] = 0; !! 478 ctx->name[len - 1] = 0;
411 479
412 if (snprintf(inst->alg.base.cr 480 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
413 "xts(%s)", name) !! 481 "xts(%s)", ctx->name) >= CRYPTO_MAX_ALG_NAME) {
414 err = -ENAMETOOLONG; 482 err = -ENAMETOOLONG;
415 goto err_free_inst; !! 483 goto err_drop_spawn;
416 } 484 }
417 } else 485 } else
418 goto err_free_inst; !! 486 goto err_drop_spawn;
419 <<
420 err = crypto_grab_cipher(&ctx->tweak_s <<
421 skcipher_cryp <<
422 if (err) <<
423 goto err_free_inst; <<
424 487
>> 488 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
425 inst->alg.base.cra_priority = alg->bas 489 inst->alg.base.cra_priority = alg->base.cra_priority;
426 inst->alg.base.cra_blocksize = XTS_BLO 490 inst->alg.base.cra_blocksize = XTS_BLOCK_SIZE;
427 inst->alg.base.cra_alignmask = alg->ba 491 inst->alg.base.cra_alignmask = alg->base.cra_alignmask |
428 (__alig 492 (__alignof__(u64) - 1);
429 493
430 inst->alg.ivsize = XTS_BLOCK_SIZE; 494 inst->alg.ivsize = XTS_BLOCK_SIZE;
431 inst->alg.min_keysize = alg->min_keysi !! 495 inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(alg) * 2;
432 inst->alg.max_keysize = alg->max_keysi !! 496 inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(alg) * 2;
433 497
434 inst->alg.base.cra_ctxsize = sizeof(st !! 498 inst->alg.base.cra_ctxsize = sizeof(struct priv);
435 499
436 inst->alg.init = xts_init_tfm; !! 500 inst->alg.init = init_tfm;
437 inst->alg.exit = xts_exit_tfm; !! 501 inst->alg.exit = exit_tfm;
438 502
439 inst->alg.setkey = xts_setkey; !! 503 inst->alg.setkey = setkey;
440 inst->alg.encrypt = xts_encrypt; !! 504 inst->alg.encrypt = encrypt;
441 inst->alg.decrypt = xts_decrypt; !! 505 inst->alg.decrypt = decrypt;
442 506
443 inst->free = xts_free_instance; !! 507 inst->free = free_inst;
444 508
445 err = skcipher_register_instance(tmpl, 509 err = skcipher_register_instance(tmpl, inst);
446 if (err) { !! 510 if (err)
447 err_free_inst: !! 511 goto err_drop_spawn;
448 xts_free_instance(inst); !! 512
449 } !! 513 out:
450 return err; 514 return err;
>> 515
>> 516 err_drop_spawn:
>> 517 crypto_drop_skcipher(&ctx->spawn);
>> 518 err_free_inst:
>> 519 kfree(inst);
>> 520 goto out;
451 } 521 }
452 522
453 static struct crypto_template xts_tmpl = { !! 523 static struct crypto_template crypto_tmpl = {
454 .name = "xts", 524 .name = "xts",
455 .create = xts_create, !! 525 .create = create,
456 .module = THIS_MODULE, 526 .module = THIS_MODULE,
457 }; 527 };
458 528
459 static int __init xts_module_init(void) !! 529 static int __init crypto_module_init(void)
460 { 530 {
461 return crypto_register_template(&xts_t !! 531 return crypto_register_template(&crypto_tmpl);
462 } 532 }
463 533
464 static void __exit xts_module_exit(void) !! 534 static void __exit crypto_module_exit(void)
465 { 535 {
466 crypto_unregister_template(&xts_tmpl); !! 536 crypto_unregister_template(&crypto_tmpl);
467 } 537 }
468 538
469 subsys_initcall(xts_module_init); !! 539 module_init(crypto_module_init);
470 module_exit(xts_module_exit); !! 540 module_exit(crypto_module_exit);
471 541
472 MODULE_LICENSE("GPL"); 542 MODULE_LICENSE("GPL");
473 MODULE_DESCRIPTION("XTS block cipher mode"); 543 MODULE_DESCRIPTION("XTS block cipher mode");
474 MODULE_ALIAS_CRYPTO("xts"); 544 MODULE_ALIAS_CRYPTO("xts");
475 MODULE_IMPORT_NS(CRYPTO_INTERNAL); <<
476 MODULE_SOFTDEP("pre: ecb"); <<
477 545
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.