Lines Matching +full:tightly +full:- +full:coupled
1 // SPDX-License-Identifier: GPL-2.0
6 * dm-crypt and fscrypt, which converts the initial vector for the skcipher
8 * skcipher key as encryption key. Usually, the input IV is a 64-bit sector
9 * number in LE representation zero-padded to the size of the IV, but this
14 * fscrypt, and the most relevant one for dm-crypt. However, dm-crypt
20 * flavor produced by this template is tightly coupled to the way dm-crypt
26 * adiantum length-preserving encryption mode
72 crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); in essiv_skcipher_setkey()
73 crypto_skcipher_set_flags(tctx->u.skcipher, in essiv_skcipher_setkey()
76 err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen); in essiv_skcipher_setkey()
80 err = crypto_shash_tfm_digest(tctx->hash, key, keylen, salt); in essiv_skcipher_setkey()
84 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); in essiv_skcipher_setkey()
85 crypto_cipher_set_flags(tctx->essiv_cipher, in essiv_skcipher_setkey()
88 return crypto_cipher_setkey(tctx->essiv_cipher, salt, in essiv_skcipher_setkey()
89 crypto_shash_digestsize(tctx->hash)); in essiv_skcipher_setkey()
96 SHASH_DESC_ON_STACK(desc, tctx->hash); in essiv_aead_setkey()
101 crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK); in essiv_aead_setkey()
102 crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) & in essiv_aead_setkey()
104 err = crypto_aead_setkey(tctx->u.aead, key, keylen); in essiv_aead_setkey()
109 return -EINVAL; in essiv_aead_setkey()
111 desc->tfm = tctx->hash; in essiv_aead_setkey()
118 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); in essiv_aead_setkey()
119 crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) & in essiv_aead_setkey()
121 return crypto_cipher_setkey(tctx->essiv_cipher, salt, in essiv_aead_setkey()
122 crypto_shash_digestsize(tctx->hash)); in essiv_aead_setkey()
130 return crypto_aead_setauthsize(tctx->u.aead, authsize); in essiv_aead_setauthsize()
135 struct skcipher_request *req = areq->data; in essiv_skcipher_done()
146 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); in essiv_skcipher_crypt()
148 skcipher_request_set_tfm(subreq, tctx->u.skcipher); in essiv_skcipher_crypt()
149 skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, in essiv_skcipher_crypt()
150 req->iv); in essiv_skcipher_crypt()
170 struct aead_request *req = areq->data; in essiv_aead_done()
173 kfree(rctx->assoc); in essiv_aead_done()
182 struct aead_request *subreq = &rctx->aead_req; in essiv_aead_crypt()
183 struct scatterlist *src = req->src; in essiv_aead_crypt()
186 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); in essiv_aead_crypt()
189 * dm-crypt embeds the sector number and the IV in the AAD region, so in essiv_aead_crypt()
193 rctx->assoc = NULL; in essiv_aead_crypt()
194 if (req->src == req->dst || !enc) { in essiv_aead_crypt()
195 scatterwalk_map_and_copy(req->iv, req->dst, in essiv_aead_crypt()
196 req->assoclen - crypto_aead_ivsize(tfm), in essiv_aead_crypt()
199 u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset; in essiv_aead_crypt()
201 int ssize = req->assoclen - ivsize; in essiv_aead_crypt()
206 return -EINVAL; in essiv_aead_crypt()
208 nents = sg_nents_for_len(req->src, ssize); in essiv_aead_crypt()
210 return -EINVAL; in essiv_aead_crypt()
212 memcpy(iv, req->iv, ivsize); in essiv_aead_crypt()
213 sg_init_table(rctx->sg, 4); in essiv_aead_crypt()
220 rctx->assoc = kmalloc(ssize, GFP_ATOMIC); in essiv_aead_crypt()
221 if (!rctx->assoc) in essiv_aead_crypt()
222 return -ENOMEM; in essiv_aead_crypt()
224 scatterwalk_map_and_copy(rctx->assoc, req->src, 0, in essiv_aead_crypt()
226 sg_set_buf(rctx->sg, rctx->assoc, ssize); in essiv_aead_crypt()
228 sg_set_page(rctx->sg, sg_page(req->src), ssize, in essiv_aead_crypt()
229 req->src->offset); in essiv_aead_crypt()
232 sg_set_buf(rctx->sg + 1, iv, ivsize); in essiv_aead_crypt()
233 sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen); in essiv_aead_crypt()
234 if (sg != rctx->sg + 2) in essiv_aead_crypt()
235 sg_chain(rctx->sg, 3, sg); in essiv_aead_crypt()
237 src = rctx->sg; in essiv_aead_crypt()
240 aead_request_set_tfm(subreq, tctx->u.aead); in essiv_aead_crypt()
241 aead_request_set_ad(subreq, req->assoclen); in essiv_aead_crypt()
244 aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv); in essiv_aead_crypt()
249 if (rctx->assoc && err != -EINPROGRESS) in essiv_aead_crypt()
250 kfree(rctx->assoc); in essiv_aead_crypt()
271 essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0); in essiv_init_tfm()
275 hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0); in essiv_init_tfm()
281 tctx->essiv_cipher = essiv_cipher; in essiv_init_tfm()
282 tctx->hash = hash; in essiv_init_tfm()
299 skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn); in essiv_skcipher_init_tfm()
312 tctx->u.skcipher = skcipher; in essiv_skcipher_init_tfm()
328 aead = crypto_spawn_aead(&ictx->u.aead_spawn); in essiv_aead_init_tfm()
335 tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) + in essiv_aead_init_tfm()
337 crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead)); in essiv_aead_init_tfm()
345 tctx->u.aead = aead; in essiv_aead_init_tfm()
353 crypto_free_skcipher(tctx->u.skcipher); in essiv_skcipher_exit_tfm()
354 crypto_free_cipher(tctx->essiv_cipher); in essiv_skcipher_exit_tfm()
355 crypto_free_shash(tctx->hash); in essiv_skcipher_exit_tfm()
362 crypto_free_aead(tctx->u.aead); in essiv_aead_exit_tfm()
363 crypto_free_cipher(tctx->essiv_cipher); in essiv_aead_exit_tfm()
364 crypto_free_shash(tctx->hash); in essiv_aead_exit_tfm()
371 crypto_drop_skcipher(&ictx->u.skcipher_spawn); in essiv_skcipher_free_instance()
379 crypto_drop_aead(&ictx->u.aead_spawn); in essiv_aead_free_instance()
398 len = q - p; in parse_cipher_name()
420 if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || in essiv_supported_algorithms()
421 hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) in essiv_supported_algorithms()
424 if (ivsize != alg->cra_blocksize) in essiv_supported_algorithms()
468 type = algt->type & algt->mask; in essiv_create()
476 return -ENOMEM; in essiv_create()
478 base = &skcipher_inst->alg.base; in essiv_create()
482 err = crypto_grab_skcipher(&ictx->u.skcipher_spawn, inst, in essiv_create()
486 skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn); in essiv_create()
487 block_base = &skcipher_alg->base; in essiv_create()
495 return -ENOMEM; in essiv_create()
497 base = &aead_inst->alg.base; in essiv_create()
501 err = crypto_grab_aead(&ictx->u.aead_spawn, inst, in essiv_create()
505 aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn); in essiv_create()
506 block_base = &aead_alg->base; in essiv_create()
507 if (!strstarts(block_base->cra_name, "authenc(")) { in essiv_create()
509 err = -EINVAL; in essiv_create()
512 ivsize = aead_alg->ivsize; in essiv_create()
516 return -EINVAL; in essiv_create()
519 if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) { in essiv_create()
521 err = -EINVAL; in essiv_create()
536 if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg, in essiv_create()
539 block_base->cra_name, hash_alg->base.cra_name); in essiv_create()
540 err = -EINVAL; in essiv_create()
545 strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name, in essiv_create()
550 err = -ENAMETOOLONG; in essiv_create()
551 if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, in essiv_create()
552 "essiv(%s,%s)", block_base->cra_name, in essiv_create()
553 hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) in essiv_create()
555 if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, in essiv_create()
556 "essiv(%s,%s)", block_base->cra_driver_name, in essiv_create()
557 hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) in essiv_create()
564 base->cra_flags |= (hash_alg->base.cra_flags & in essiv_create()
566 base->cra_blocksize = block_base->cra_blocksize; in essiv_create()
567 base->cra_ctxsize = sizeof(struct essiv_tfm_ctx); in essiv_create()
568 base->cra_alignmask = block_base->cra_alignmask; in essiv_create()
569 base->cra_priority = block_base->cra_priority; in essiv_create()
572 skcipher_inst->alg.setkey = essiv_skcipher_setkey; in essiv_create()
573 skcipher_inst->alg.encrypt = essiv_skcipher_encrypt; in essiv_create()
574 skcipher_inst->alg.decrypt = essiv_skcipher_decrypt; in essiv_create()
575 skcipher_inst->alg.init = essiv_skcipher_init_tfm; in essiv_create()
576 skcipher_inst->alg.exit = essiv_skcipher_exit_tfm; in essiv_create()
578 skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg); in essiv_create()
579 skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg); in essiv_create()
580 skcipher_inst->alg.ivsize = ivsize; in essiv_create()
581 skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg); in essiv_create()
582 skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg); in essiv_create()
584 skcipher_inst->free = essiv_skcipher_free_instance; in essiv_create()
588 aead_inst->alg.setkey = essiv_aead_setkey; in essiv_create()
589 aead_inst->alg.setauthsize = essiv_aead_setauthsize; in essiv_create()
590 aead_inst->alg.encrypt = essiv_aead_encrypt; in essiv_create()
591 aead_inst->alg.decrypt = essiv_aead_decrypt; in essiv_create()
592 aead_inst->alg.init = essiv_aead_init_tfm; in essiv_create()
593 aead_inst->alg.exit = essiv_aead_exit_tfm; in essiv_create()
595 aead_inst->alg.ivsize = ivsize; in essiv_create()
596 aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg); in essiv_create()
597 aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg); in essiv_create()
599 aead_inst->free = essiv_aead_free_instance; in essiv_create()
614 crypto_drop_skcipher(&ictx->u.skcipher_spawn); in essiv_create()
616 crypto_drop_aead(&ictx->u.aead_spawn); in essiv_create()