[PATCH 3/5] Revert "dm-crypt: Add IV generation templates"

From: Xiongfeng Wang wangxiongfeng2@huawei.com

hulk inclusion category: bugfix bugzilla: 31797 CVE: NA

--------------------------------

We come across a KASAN double-free issue which seems to be related with this patch. Let's revert this patch for now.

This reverts commit 3449c349585d560f37db2fb938347eb37e78bcae.

Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com Reviewed-by: ZhangXiaoxu zhangxiaoxu5@huawei.com Reviewed-by: Hou Tao houtao1@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- drivers/md/dm-crypt.c | 1929 ++++++------------------------------------------ include/crypto/geniv.h | 42 -- 2 files changed, 219 insertions(+), 1752 deletions(-) delete mode 100644 include/crypto/geniv.h

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 82060f1..e225246 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -33,60 +33,13 @@ #include <crypto/skcipher.h> #include <crypto/aead.h> #include <crypto/authenc.h> -#include <crypto/geniv.h> -#include <crypto/internal/aead.h> -#include <crypto/internal/skcipher.h> #include <linux/rtnetlink.h> /* for struct rtattr and RTA macros only */ #include <keys/user-type.h> -#include <linux/backing-dev.h> + #include <linux/device-mapper.h> -#include <linux/log2.h>

#define DM_MSG_PREFIX "crypt"

-struct geniv_ctx; -struct geniv_req_ctx; - -/* Sub request for each of the skcipher_request's for a segment */ -struct geniv_subreq { - struct scatterlist sg_in[4]; - struct scatterlist sg_out[4]; - sector_t iv_sector; - struct geniv_req_ctx *rctx; - union { - struct skcipher_request req; - struct aead_request req_aead; - } r CRYPTO_MINALIGN_ATTR; -}; - -/* used to iter the src scatterlist of the input parent request */ -struct scatterlist_iter { - /* current segment to be processed */ - unsigned int seg_no; - /* bytes had been processed in current segment */ - unsigned int done; - /* bytes to be processed in the next request */ - unsigned int len; -}; - -/* contex of the input parent request */ -struct geniv_req_ctx { - struct geniv_subreq *subreq; - bool is_write; - bool is_aead_request; - sector_t cc_sector; - /* array size of src scatterlist of parent request */ - unsigned int nents; - struct scatterlist_iter iter; - struct completion restart; - atomic_t req_pending; - u8 *integrity_metadata; - /* point to the input parent request */ - union { - struct skcipher_request *req; - struct aead_request *req_aead; - } r; -}; /* * context holding the current state of a multi-part conversion */ @@ -145,19 +98,6 @@ struct crypt_iv_operations { struct dm_crypt_request *dmreq); };

-struct crypt_geniv_operations { - int (*ctr)(struct geniv_ctx *ctx); - void (*dtr)(struct geniv_ctx *ctx); - int (*init)(struct geniv_ctx *ctx); - int (*wipe)(struct geniv_ctx *ctx); - int (*generator)(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - struct geniv_subreq *subreq, u8 *iv); - int (*post)(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - struct geniv_subreq *subreq, u8 *iv); -}; - struct iv_essiv_private { struct crypto_shash *hash_tfm; u8 *salt; @@ -280,7 +220,6 @@ struct crypt_config { #define MIN_IOS 64 #define MAX_TAG_SIZE 480 #define POOL_ENTRY_SIZE 512 -#define SECTOR_MASK ((1 << SECTOR_SHIFT) - 1)

static DEFINE_SPINLOCK(dm_crypt_clients_lock); static unsigned dm_crypt_clients_n = 0; @@ -306,55 +245,6 @@ static struct crypto_aead *any_tfm_aead(struct crypt_config *cc) return cc->cipher_tfm.tfms_aead[0]; }

-/* context of geniv tfm */ -struct geniv_ctx { - unsigned int tfms_count; - union { - struct crypto_skcipher *tfm; - struct crypto_aead *tfm_aead; - } tfm_child; - union { - struct crypto_skcipher **tfms; - struct crypto_aead **tfms_aead; - } tfms; - - char *ivmode; - unsigned int iv_size; - unsigned int iv_start; - unsigned int rctx_start; - sector_t iv_offset; - unsigned short int sector_size; - unsigned char sector_shift; - char *algname; - char *ivopts; - char *cipher; - char *ciphermode; - unsigned long cipher_flags; - - const struct crypt_geniv_operations *iv_gen_ops; - union { - struct iv_essiv_private essiv; - struct iv_benbi_private benbi; - struct iv_lmk_private lmk; - struct iv_tcw_private tcw; - } iv_gen_private; - void *iv_private; - - mempool_t *subreq_pool; - unsigned int key_size; - unsigned int key_parts; /* independent parts in key buffer */ - unsigned int key_extra_size; /* additional keys length */ - unsigned int key_mac_size; - - unsigned int integrity_tag_size; - unsigned int integrity_iv_size; - unsigned int on_disk_tag_size; - - char *msg; - u8 *authenc_key; /* space for keys in authenc() format (if used) */ - u8 *key; -}; - /* * Different IV generation algorithms: * @@ -748,1662 +638,262 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv, return r;

for (i = 0; i < MD5_HASH_WORDS; i++) - __cpu_to_le32s(&md5state.hash[i]); - memcpy(iv, &md5state.hash, cc->iv_size); - - return 0; -} - -static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - struct scatterlist *sg; - u8 *src; - int r = 0; - - if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) { - sg = crypt_get_sg_data(cc, dmreq->sg_in); - src = kmap_atomic(sg_page(sg)); - r = crypt_iv_lmk_one(cc, iv, dmreq, src + sg->offset); - kunmap_atomic(src); - } else - memset(iv, 0, cc->iv_size); - - return r; -} - -static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - struct scatterlist *sg; - u8 *dst; - int r; - - if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) - return 0; - - sg = crypt_get_sg_data(cc, dmreq->sg_out); - dst = kmap_atomic(sg_page(sg)); - r = crypt_iv_lmk_one(cc, iv, dmreq, dst + sg->offset); - - /* Tweak the first block of plaintext sector */ - if (!r) - crypto_xor(dst + sg->offset, iv, cc->iv_size); - - kunmap_atomic(dst); - return r; -} - -static void crypt_iv_tcw_dtr(struct crypt_config *cc) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - - kzfree(tcw->iv_seed); - tcw->iv_seed = NULL; - kzfree(tcw->whitening); - tcw->whitening = NULL; - - if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm)) - crypto_free_shash(tcw->crc32_tfm); - tcw->crc32_tfm = NULL; -} - -static int crypt_iv_tcw_ctr(struct crypt_config *cc, struct dm_target *ti, - const char *opts) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - - if (cc->sector_size != (1 << SECTOR_SHIFT)) { - ti->error = "Unsupported sector size for TCW"; - return -EINVAL; - } - - if (cc->key_size <= (cc->iv_size + TCW_WHITENING_SIZE)) { - ti->error = "Wrong key size for TCW"; - return -EINVAL; - } - - tcw->crc32_tfm = crypto_alloc_shash("crc32", 0, 0); - if (IS_ERR(tcw->crc32_tfm)) { - ti->error = "Error initializing CRC32 in TCW"; - return PTR_ERR(tcw->crc32_tfm); - } - - tcw->iv_seed = kzalloc(cc->iv_size, GFP_KERNEL); - tcw->whitening = kzalloc(TCW_WHITENING_SIZE, GFP_KERNEL); - if (!tcw->iv_seed || !tcw->whitening) { - crypt_iv_tcw_dtr(cc); - ti->error = "Error allocating seed storage in TCW"; - return -ENOMEM; - } - - return 0; -} - -static int crypt_iv_tcw_init(struct crypt_config *cc) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE; - - memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size); - memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size], - TCW_WHITENING_SIZE); - - return 0; -} - -static int crypt_iv_tcw_wipe(struct crypt_config *cc) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - - memset(tcw->iv_seed, 0, cc->iv_size); - memset(tcw->whitening, 0, TCW_WHITENING_SIZE); - - return 0; -} - -static int crypt_iv_tcw_whitening(struct crypt_config *cc, - struct dm_crypt_request *dmreq, - u8 *data) -{ - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - __le64 sector = cpu_to_le64(dmreq->iv_sector); - u8 buf[TCW_WHITENING_SIZE]; - SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm); - int i, r; - - /* xor whitening with sector number */ - crypto_xor_cpy(buf, tcw->whitening, (u8 *)&sector, 8); - crypto_xor_cpy(&buf[8], tcw->whitening + 8, (u8 *)&sector, 8); - - /* calculate crc32 for every 32bit part and xor it */ - desc->tfm = tcw->crc32_tfm; - desc->flags = 0; - for (i = 0; i < 4; i++) { - r = crypto_shash_init(desc); - if (r) - goto out; - r = crypto_shash_update(desc, &buf[i * 4], 4); - if (r) - goto out; - r = crypto_shash_final(desc, &buf[i * 4]); - if (r) - goto out; - } - crypto_xor(&buf[0], &buf[12], 4); - crypto_xor(&buf[4], &buf[8], 4); - - /* apply whitening (8 bytes) to whole sector */ - for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) - crypto_xor(data + i * 8, buf, 8); -out: - memzero_explicit(buf, sizeof(buf)); - return r; -} - -static int crypt_iv_tcw_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - struct scatterlist *sg; - struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; - __le64 sector = cpu_to_le64(dmreq->iv_sector); - u8 *src; - int r = 0; - - /* Remove whitening from ciphertext */ - if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) { - sg = crypt_get_sg_data(cc, dmreq->sg_in); - src = kmap_atomic(sg_page(sg)); - r = crypt_iv_tcw_whitening(cc, dmreq, src + sg->offset); - kunmap_atomic(src); - } - - /* Calculate IV */ - crypto_xor_cpy(iv, tcw->iv_seed, (u8 *)&sector, 8); - if (cc->iv_size > 8) - crypto_xor_cpy(&iv[8], tcw->iv_seed + 8, (u8 *)&sector, - cc->iv_size - 8); - - return r; -} - -static int crypt_iv_tcw_post(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - struct scatterlist *sg; - u8 *dst; - int r; - - if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) - return 0; - - /* Apply whitening on ciphertext */ - sg = crypt_get_sg_data(cc, dmreq->sg_out); - dst = kmap_atomic(sg_page(sg)); - r = crypt_iv_tcw_whitening(cc, dmreq, dst + sg->offset); - kunmap_atomic(dst); - - return r; -} - -static int crypt_iv_random_gen(struct crypt_config *cc, u8 *iv, - struct dm_crypt_request *dmreq) -{ - /* Used only for writes, there must be an additional space to store IV */ - get_random_bytes(iv, cc->iv_size); - return 0; -} - -static const struct crypt_iv_operations crypt_iv_plain_ops = { - .generator = crypt_iv_plain_gen -}; - -static const struct crypt_iv_operations crypt_iv_plain64_ops = { - .generator = crypt_iv_plain64_gen -}; - -static const struct crypt_iv_operations crypt_iv_plain64be_ops = { - .generator = crypt_iv_plain64be_gen -}; - -static const struct crypt_iv_operations crypt_iv_essiv_ops = { - .ctr = crypt_iv_essiv_ctr, - .dtr = crypt_iv_essiv_dtr, - .init = crypt_iv_essiv_init, - .wipe = crypt_iv_essiv_wipe, - .generator = crypt_iv_essiv_gen -}; - -static const struct crypt_iv_operations crypt_iv_benbi_ops = { - .ctr = crypt_iv_benbi_ctr, - .dtr = crypt_iv_benbi_dtr, - .generator = crypt_iv_benbi_gen -}; - -static const struct crypt_iv_operations crypt_iv_null_ops = { - .generator = crypt_iv_null_gen -}; - -static const struct crypt_iv_operations crypt_iv_lmk_ops = { - .ctr = crypt_iv_lmk_ctr, - .dtr = crypt_iv_lmk_dtr, - .init = crypt_iv_lmk_init, - .wipe = crypt_iv_lmk_wipe, - .generator = crypt_iv_lmk_gen, - .post = crypt_iv_lmk_post -}; - -static const struct crypt_iv_operations crypt_iv_tcw_ops = { - .ctr = crypt_iv_tcw_ctr, - .dtr = crypt_iv_tcw_dtr, - .init = crypt_iv_tcw_init, - .wipe = crypt_iv_tcw_wipe, - .generator = crypt_iv_tcw_gen, - .post = crypt_iv_tcw_post -}; - -static struct crypt_iv_operations crypt_iv_random_ops = { - .generator = crypt_iv_random_gen -}; - - -static bool geniv_integrity_aead(struct geniv_ctx *ctx) -{ - return test_bit(CRYPT_MODE_INTEGRITY_AEAD, &ctx->cipher_flags); -} - -static bool geniv_integrity_hmac(struct geniv_ctx *ctx) -{ - return geniv_integrity_aead(ctx) && ctx->key_mac_size; -} - -static struct geniv_req_ctx *geniv_skcipher_req_ctx(struct skcipher_request *req) -{ - return (void *)PTR_ALIGN((u8 *)skcipher_request_ctx(req), __alignof__(struct geniv_req_ctx)); -} - -static struct geniv_req_ctx *geniv_aead_req_ctx(struct aead_request *req) -{ - return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), __alignof__(struct geniv_req_ctx)); -} - -static u8 *iv_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - if (geniv_integrity_aead(ctx)) - return (u8 *)ALIGN((unsigned long)((char *)subreq + ctx->iv_start), - crypto_aead_alignmask(crypto_aead_reqtfm(subreq->rctx->r.req_aead)) + 1); - else - return (u8 *)ALIGN((unsigned long)((char *)subreq + ctx->iv_start), - crypto_skcipher_alignmask(crypto_skcipher_reqtfm(subreq->rctx->r.req)) + 1); -} - -static const struct crypt_geniv_operations crypt_geniv_plain_ops; -static const struct crypt_geniv_operations crypt_geniv_plain64_ops; -static const struct crypt_geniv_operations crypt_geniv_essiv_ops; -static const struct crypt_geniv_operations crypt_geniv_benbi_ops; -static const struct crypt_geniv_operations crypt_geniv_null_ops; -static const struct crypt_geniv_operations crypt_geniv_lmk_ops; -static const struct crypt_geniv_operations crypt_geniv_tcw_ops; -static const struct crypt_geniv_operations crypt_geniv_random_ops; - -static int geniv_init_iv(struct geniv_ctx *ctx) -{ - int ret; - - DMDEBUG("IV Generation algorithm : %s\n", ctx->ivmode); - - if (ctx->ivmode == NULL) - ctx->iv_gen_ops = NULL; - else if (strcmp(ctx->ivmode, "plain") == 0) - ctx->iv_gen_ops = &crypt_geniv_plain_ops; - else if (strcmp(ctx->ivmode, "plain64") == 0) - ctx->iv_gen_ops = &crypt_geniv_plain64_ops; - else if (strcmp(ctx->ivmode, "essiv") == 0) - ctx->iv_gen_ops = &crypt_geniv_essiv_ops; - else if (strcmp(ctx->ivmode, "benbi") == 0) - ctx->iv_gen_ops = &crypt_geniv_benbi_ops; - else if (strcmp(ctx->ivmode, "null") == 0) - ctx->iv_gen_ops = &crypt_geniv_null_ops; - else if (strcmp(ctx->ivmode, "lmk") == 0) { - ctx->iv_gen_ops = &crypt_geniv_lmk_ops; - /* - * Version 2 and 3 is recognised according - * to length of provided multi-key string. - * If present (version 3), last key is used as IV seed. - * All keys (including IV seed) are always the same size. - */ - if (ctx->key_size % ctx->key_parts) { - ctx->key_parts++; - ctx->key_extra_size = ctx->key_size / ctx->key_parts; - } - } else if (strcmp(ctx->ivmode, "tcw") == 0) { - ctx->iv_gen_ops = &crypt_geniv_tcw_ops; - ctx->key_parts += 2; /* IV + whitening */ - ctx->key_extra_size = ctx->iv_size + TCW_WHITENING_SIZE; - } else if (strcmp(ctx->ivmode, "random") == 0) { - ctx->iv_gen_ops = &crypt_geniv_random_ops; - /* Need storage space in integrity fields. */ - ctx->integrity_iv_size = ctx->iv_size; - } else { - DMERR("Invalid IV mode %s\n", ctx->ivmode); - return -EINVAL; - } - - /* Allocate IV */ - if (ctx->iv_gen_ops && ctx->iv_gen_ops->ctr) { - ret = ctx->iv_gen_ops->ctr(ctx); - if (ret < 0) { - DMERR("Error creating IV for %s\n", ctx->ivmode); - return ret; - } - } - - /* Initialize IV (set keys for ESSIV etc) */ - if (ctx->iv_gen_ops && ctx->iv_gen_ops->init) { - ret = ctx->iv_gen_ops->init(ctx); - if (ret < 0) { - DMERR("Error creating IV for %s\n", ctx->ivmode); - return ret; - } - } - - return 0; -} - -static void geniv_free_tfms_aead(struct geniv_ctx *ctx) -{ - if (!ctx->tfms.tfms_aead) - return; - - if (ctx->tfms.tfms_aead[0] && IS_ERR(ctx->tfms.tfms_aead[0])) { - crypto_free_aead(ctx->tfms.tfms_aead[0]); - ctx->tfms.tfms_aead[0] = NULL; - } - - kfree(ctx->tfms.tfms_aead); - ctx->tfms.tfms_aead = NULL; -} - -static void geniv_free_tfms_skcipher(struct geniv_ctx *ctx) -{ - unsigned int i; - - if (!ctx->tfms.tfms) - return; - - for (i = 0; i < ctx->tfms_count; i++) - if (ctx->tfms.tfms[i] && IS_ERR(ctx->tfms.tfms[i])) { - crypto_free_skcipher(ctx->tfms.tfms[i]); - ctx->tfms.tfms[i] = NULL; - } - - kfree(ctx->tfms.tfms); - ctx->tfms.tfms = NULL; -} - -static void geniv_free_tfms(struct geniv_ctx *ctx) -{ - if (geniv_integrity_aead(ctx)) - geniv_free_tfms_aead(ctx); - else - geniv_free_tfms_skcipher(ctx); -} - -static int geniv_alloc_tfms_aead(struct crypto_aead *parent, - struct geniv_ctx *ctx) -{ - unsigned int reqsize, align; - - ctx->tfms.tfms_aead = kcalloc(1, sizeof(struct crypto_aead *), - GFP_KERNEL); - if (!ctx->tfms.tfms_aead) - return -ENOMEM; - - /* First instance is already allocated in geniv_init_tfm */ - ctx->tfms.tfms_aead[0] = ctx->tfm_child.tfm_aead; - - /* Setup the current cipher's request structure */ - align = crypto_aead_alignmask(parent); - align &= ~(crypto_tfm_ctx_alignment() - 1); - reqsize = align + sizeof(struct geniv_req_ctx) + - crypto_aead_reqsize(ctx->tfms.tfms_aead[0]); - - crypto_aead_set_reqsize(parent, reqsize); - - return 0; -} - -/* - * Allocate memory for the underlying cipher algorithm. Ex: cbc(aes) - */ -static int geniv_alloc_tfms_skcipher(struct crypto_skcipher *parent, - struct geniv_ctx *ctx) -{ - unsigned int i, reqsize, align, err; - - ctx->tfms.tfms = kcalloc(ctx->tfms_count, sizeof(struct crypto_skcipher *), - GFP_KERNEL); - if (!ctx->tfms.tfms) - return -ENOMEM; - - /* First instance is already allocated in geniv_init_tfm */ - ctx->tfms.tfms[0] = ctx->tfm_child.tfm; - for (i = 1; i < ctx->tfms_count; i++) { - ctx->tfms.tfms[i] = crypto_alloc_skcipher(ctx->ciphermode, 0, 0); - if (IS_ERR(ctx->tfms.tfms[i])) { - err = PTR_ERR(ctx->tfms.tfms[i]); - geniv_free_tfms(ctx); - return err; - } - - /* Setup the current cipher's request structure */ - align = crypto_skcipher_alignmask(parent); - align &= ~(crypto_tfm_ctx_alignment() - 1); - reqsize = align + sizeof(struct geniv_req_ctx) + - crypto_skcipher_reqsize(ctx->tfms.tfms[i]); - - crypto_skcipher_set_reqsize(parent, reqsize); - } - - return 0; -} - -static unsigned int geniv_authenckey_size(struct geniv_ctx *ctx) -{ - return ctx->key_size - ctx->key_extra_size + - RTA_SPACE(sizeof(struct crypto_authenc_key_param)); -} - -/* - * Initialize the cipher's context with the key, ivmode and other parameters. - * Also allocate IV generation template ciphers and initialize them. - */ -static int geniv_setkey_init(void *parent, struct geniv_key_info *info) -{ - struct geniv_ctx *ctx; - int ret; - - if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) - ctx = crypto_aead_ctx((struct crypto_aead *)parent); - else - ctx = crypto_skcipher_ctx((struct crypto_skcipher *)parent); - - ctx->tfms_count = info->tfms_count; - ctx->key = info->key; - ctx->cipher_flags = info->cipher_flags; - ctx->ivopts = info->ivopts; - ctx->iv_offset = info->iv_offset; - ctx->sector_size = info->sector_size; - ctx->sector_shift = __ffs(ctx->sector_size) - SECTOR_SHIFT; - - ctx->key_size = info->key_size; - ctx->key_parts = info->key_parts; - ctx->key_mac_size = info->key_mac_size; - ctx->on_disk_tag_size = info->on_disk_tag_size; - - if (geniv_integrity_hmac(ctx)) { - ctx->authenc_key = kmalloc(geniv_authenckey_size(ctx), GFP_KERNEL); - if (!ctx->authenc_key) - return -ENOMEM; - } - - if (geniv_integrity_aead(ctx)) - ret = geniv_alloc_tfms_aead((struct crypto_aead *)parent, ctx); - else - ret = geniv_alloc_tfms_skcipher((struct crypto_skcipher *)parent, ctx); - if (ret) - return ret; - - ret = geniv_init_iv(ctx); - - if (geniv_integrity_aead(ctx)) - ctx->integrity_tag_size = ctx->on_disk_tag_size - ctx->integrity_iv_size; - - return ret; -} - -/* - * If AEAD is composed like authenc(hmac(sha256),xts(aes)), - * the key must be for some reason in special format. - * This function converts cc->key to this special format. - */ -static void crypt_copy_authenckey(char *p, const void *key, - unsigned int enckeylen, unsigned int authkeylen) -{ - struct crypto_authenc_key_param *param; - struct rtattr *rta; - - rta = (struct rtattr *)p; - param = RTA_DATA(rta); - param->enckeylen = cpu_to_be32(enckeylen); - rta->rta_len = RTA_LENGTH(sizeof(*param)); - rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; - p += RTA_SPACE(sizeof(*param)); - memcpy(p, key + enckeylen, authkeylen); - p += authkeylen; - memcpy(p, key, enckeylen); -} - -static int geniv_setkey_tfms_aead(struct crypto_aead *parent, struct geniv_ctx *ctx, - struct geniv_key_info *info) -{ - unsigned int key_size; - unsigned int authenc_key_size; - struct crypto_aead *child_aead; - int ret = 0; - - /* Ignore extra keys (which are used for IV etc) */ - key_size = ctx->key_size - ctx->key_extra_size; - authenc_key_size = key_size + RTA_SPACE(sizeof(struct crypto_authenc_key_param)); - - child_aead = ctx->tfms.tfms_aead[0]; - crypto_aead_clear_flags(child_aead, CRYPTO_TFM_REQ_MASK); - crypto_aead_set_flags(child_aead, crypto_aead_get_flags(parent) & CRYPTO_TFM_REQ_MASK); - - if (geniv_integrity_hmac(ctx)) { - if (key_size < ctx->key_mac_size) - return -EINVAL; - - crypt_copy_authenckey(ctx->authenc_key, ctx->key, key_size - ctx->key_mac_size, - ctx->key_mac_size); - } - - if (geniv_integrity_hmac(ctx)) - ret = crypto_aead_setkey(child_aead, ctx->authenc_key, authenc_key_size); - else - ret = crypto_aead_setkey(child_aead, ctx->key, key_size); - if (ret) { - DMERR("Error setting key for tfms[0]\n"); - goto out; - } - - crypto_aead_set_flags(parent, crypto_aead_get_flags(child_aead) & CRYPTO_TFM_RES_MASK); - -out: - if (geniv_integrity_hmac(ctx)) - memzero_explicit(ctx->authenc_key, authenc_key_size); - - return ret; -} - -static int geniv_setkey_tfms_skcipher(struct crypto_skcipher *parent, struct geniv_ctx *ctx, - struct geniv_key_info *info) -{ - unsigned int subkey_size; - char *subkey; - struct crypto_skcipher *child; - int ret, i; - - /* Ignore extra keys (which are used for IV etc) */ - subkey_size = (ctx->key_size - ctx->key_extra_size) - >> ilog2(ctx->tfms_count); - - for (i = 0; i < ctx->tfms_count; i++) { - child = ctx->tfms.tfms[i]; - crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_skcipher_set_flags(child, - crypto_skcipher_get_flags(parent) & CRYPTO_TFM_REQ_MASK); - - subkey = ctx->key + (subkey_size) * i; - - ret = crypto_skcipher_setkey(child, subkey, subkey_size); - if (ret) { - DMERR("Error setting key for tfms[%d]\n", i); - return ret; - } - - crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - } - - return 0; -} - -static int geniv_setkey_set(struct geniv_ctx *ctx) -{ - if (ctx->iv_gen_ops && ctx->iv_gen_ops->init) - return ctx->iv_gen_ops->init(ctx); - else - return 0; -} - -static int geniv_setkey_wipe(struct geniv_ctx *ctx) -{ - int ret; - - if (ctx->iv_gen_ops && ctx->iv_gen_ops->wipe) { - ret = ctx->iv_gen_ops->wipe(ctx); - if (ret) - return ret; - } - - if (geniv_integrity_hmac(ctx)) - kzfree(ctx->authenc_key); - - return 0; -} - -static int geniv_setkey(void *parent, const u8 *key, unsigned int keylen) -{ - int err = 0; - struct geniv_ctx *ctx; - struct geniv_key_info *info = (struct geniv_key_info *) key; - - if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) - ctx = crypto_aead_ctx((struct crypto_aead *)parent); - else - ctx = crypto_skcipher_ctx((struct crypto_skcipher *)parent); - - DMDEBUG("SETKEY Operation : %d\n", info->keyop); - - switch (info->keyop) { - case SETKEY_OP_INIT: - err = geniv_setkey_init(parent, info); - break; - case SETKEY_OP_SET: - err = geniv_setkey_set(ctx); - break; - case SETKEY_OP_WIPE: - err = geniv_setkey_wipe(ctx); - break; - } - - if (err) - return err; - - if (test_bit(CRYPT_MODE_INTEGRITY_AEAD, &info->cipher_flags)) - return geniv_setkey_tfms_aead((struct crypto_aead *)parent, ctx, info); - else - return geniv_setkey_tfms_skcipher((struct crypto_skcipher *)parent, ctx, info); -} - -static int geniv_aead_setkey(struct crypto_aead *parent, - const u8 *key, unsigned int keylen) -{ - return geniv_setkey(parent, key, keylen); -} - -static int geniv_skcipher_setkey(struct crypto_skcipher *parent, - const u8 *key, unsigned int keylen) -{ - return geniv_setkey(parent, key, keylen); -} - -static void geniv_async_done(struct crypto_async_request *async_req, int error); - -static int geniv_alloc_subreq_aead(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - u32 req_flags) -{ - struct aead_request *req; - - if (!rctx->subreq) { - rctx->subreq = mempool_alloc(ctx->subreq_pool, GFP_NOIO); - if (!rctx->subreq) - return -ENOMEM; - } - - req = &rctx->subreq->r.req_aead; - rctx->subreq->rctx = rctx; - - aead_request_set_tfm(req, ctx->tfms.tfms_aead[0]); - aead_request_set_callback(req, req_flags, - geniv_async_done, rctx->subreq); - - return 0; -} - -/* req_flags: flags from parent request */ -static int geniv_alloc_subreq_skcipher(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - u32 req_flags) -{ - int key_index; - struct skcipher_request *req; - - if (!rctx->subreq) { - rctx->subreq = mempool_alloc(ctx->subreq_pool, GFP_NOIO); - if (!rctx->subreq) - return -ENOMEM; - } - - req = &rctx->subreq->r.req; - rctx->subreq->rctx = rctx; - - key_index = rctx->cc_sector & (ctx->tfms_count - 1); - - skcipher_request_set_tfm(req, ctx->tfms.tfms[key_index]); - skcipher_request_set_callback(req, req_flags, - geniv_async_done, rctx->subreq); - - return 0; -} - -/* - * Asynchronous IO completion callback for each sector in a segment. When all - * pending i/o are completed the parent cipher's async function is called. - */ -static void geniv_async_done(struct crypto_async_request *async_req, int error) -{ - struct geniv_subreq *subreq = async_req->data; - struct geniv_req_ctx *rctx = subreq->rctx; - struct skcipher_request *req = NULL; - struct aead_request *req_aead = NULL; - struct geniv_ctx *ctx; - u8 *iv; - - if (!rctx->is_aead_request) { - req = rctx->r.req; - ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); - } else { - req_aead = rctx->r.req_aead; - ctx = crypto_aead_ctx(crypto_aead_reqtfm(req_aead)); - } - - /* - * A request from crypto driver backlog is going to be processed now, - * finish the completion and continue in crypt_convert(). - * (Callback will be called for the second time for this request.) - */ - if (error == -EINPROGRESS) { - complete(&rctx->restart); - return; - } - - iv = iv_of_subreq(ctx, subreq); - if (!error && ctx->iv_gen_ops && ctx->iv_gen_ops->post) - error = ctx->iv_gen_ops->post(ctx, rctx, subreq, iv); - - mempool_free(subreq, ctx->subreq_pool); - - /* - * req_pending needs to be checked before req->base.complete is called - * as we need 'req_pending' to be equal to 1 to ensure all subrequests - * are processed. - */ - if (atomic_dec_and_test(&rctx->req_pending)) { - /* Call the parent cipher's completion function */ - if (!rctx->is_aead_request) - skcipher_request_complete(req, error); - else - aead_request_complete(req_aead, error); - - } -} - -static unsigned int geniv_get_sectors(struct scatterlist *sg1, - struct scatterlist *sg2, - unsigned int segments) -{ - unsigned int i, n1, n2; - - n1 = n2 = 0; - for (i = 0; i < segments ; i++) { - n1 += sg1[i].length >> SECTOR_SHIFT; - n1 += (sg1[i].length & SECTOR_MASK) ? 1 : 0; - } - - for (i = 0; i < segments ; i++) { - n2 += sg2[i].length >> SECTOR_SHIFT; - n2 += (sg2[i].length & SECTOR_MASK) ? 1 : 0; - } - - return max(n1, n2); -} - -/* - * Iterate scatterlist of segments to retrieve the 512-byte sectors so that - * unique IVs could be generated for each 512-byte sector. This split may not - * be necessary e.g. when these ciphers are modelled in hardware, where it can - * make use of the hardware's IV generation capabilities. - */ -static int geniv_iter_block(void *req_in, - struct geniv_ctx *ctx, struct geniv_req_ctx *rctx) - -{ - unsigned int rem; - struct scatterlist *src_org, *dst_org; - struct scatterlist *src1, *dst1; - struct scatterlist_iter *iter = &rctx->iter; - - if (unlikely(iter->seg_no >= rctx->nents)) - return 0; - - if (geniv_integrity_aead(ctx)) { - struct aead_request *req_aead = (struct aead_request *)req_in; - src_org = &req_aead->src[0]; - dst_org = &req_aead->dst[0]; - } else { - struct skcipher_request *req = (struct skcipher_request *)req_in; - src_org = &req->src[0]; - dst_org = &req->dst[0]; - } - - src1 = &src_org[iter->seg_no]; - dst1 = &dst_org[iter->seg_no]; - iter->done += iter->len; - - if (iter->done >= src1->length) { - iter->seg_no++; - - if (iter->seg_no >= rctx->nents) - return 0; - - src1 = &src_org[iter->seg_no]; - dst1 = &dst_org[iter->seg_no]; - iter->done = 0; - } - - rem = src1->length - iter->done; - - iter->len = rem > ctx->sector_size ? ctx->sector_size : rem; - - DMDEBUG("segment:(%d/%u), done:%d, rem:%d\n", - iter->seg_no, rctx->nents, iter->done, rem); - - return iter->len; -} - -static u8 *org_iv_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - return iv_of_subreq(ctx, subreq) + ctx->iv_size; -} - -static uint64_t *org_sector_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - u8 *ptr = iv_of_subreq(ctx, subreq) + ctx->iv_size + ctx->iv_size; - - return (uint64_t *) ptr; -} - -static unsigned int *org_tag_of_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - u8 *ptr = iv_of_subreq(ctx, subreq) + ctx->iv_size + - ctx->iv_size + sizeof(uint64_t); - - return (unsigned int *)ptr; -} - -static void *tag_from_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - return &subreq->rctx->integrity_metadata[*org_tag_of_subreq(ctx, subreq) * - ctx->on_disk_tag_size]; -} - -static void *iv_tag_from_subreq(struct geniv_ctx *ctx, struct geniv_subreq *subreq) -{ - return tag_from_subreq(ctx, subreq) + ctx->integrity_tag_size; -} - -static int geniv_convert_block_aead(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - struct geniv_subreq *subreq, - unsigned int tag_offset) -{ - struct scatterlist *sg_in, *sg_out; - u8 *iv, *org_iv, *tag_iv, *tag; - uint64_t *sector; - int r = 0; - struct scatterlist_iter *iter = &rctx->iter; - struct aead_request *req_aead; - struct aead_request *parent_req = rctx->r.req_aead; - - BUG_ON(ctx->integrity_iv_size && ctx->integrity_iv_size != ctx->iv_size); - - /* Reject unexpected unaligned bio. */ - if (unlikely(iter->len & (ctx->sector_size - 1))) - return -EIO; - - subreq->iv_sector = rctx->cc_sector; - if (test_bit(CRYPT_IV_LARGE_SECTORS, &ctx->cipher_flags)) - subreq->iv_sector >>= ctx->sector_shift; - - *org_tag_of_subreq(ctx, subreq) = tag_offset; - - sector = org_sector_of_subreq(ctx, subreq); - *sector = cpu_to_le64(rctx->cc_sector - ctx->iv_offset); - - iv = iv_of_subreq(ctx, subreq); - org_iv = org_iv_of_subreq(ctx, subreq); - tag = tag_from_subreq(ctx, subreq); - tag_iv = iv_tag_from_subreq(ctx, subreq); - - sg_in = subreq->sg_in; - sg_out = subreq->sg_out; - - /* - * AEAD request: - * |----- AAD -------|------ DATA -------|-- AUTH TAG --| - * | (authenticated) | (auth+encryption) | | - * | sector_LE | IV | sector in/out | tag in/out | - */ - sg_init_table(sg_in, 4); - sg_set_buf(&sg_in[0], sector, sizeof(uint64_t)); - sg_set_buf(&sg_in[1], org_iv, ctx->iv_size); - sg_set_page(&sg_in[2], sg_page(&parent_req->src[iter->seg_no]), - iter->len, parent_req->src[iter->seg_no].offset + iter->done); - sg_set_buf(&sg_in[3], tag, ctx->integrity_tag_size); - - sg_init_table(sg_out, 4); - sg_set_buf(&sg_out[0], sector, sizeof(uint64_t)); - sg_set_buf(&sg_out[1], org_iv, ctx->iv_size); - sg_set_page(&sg_out[2], sg_page(&parent_req->dst[iter->seg_no]), - iter->len, parent_req->dst[iter->seg_no].offset + iter->done); - sg_set_buf(&sg_out[3], tag, ctx->integrity_tag_size); - - if (ctx->iv_gen_ops) { - /* For READs use IV stored in integrity metadata */ - if (ctx->integrity_iv_size && !rctx->is_write) { - memcpy(org_iv, tag_iv, ctx->iv_size); - } else { - r = ctx->iv_gen_ops->generator(ctx, rctx, subreq, org_iv); - if (r < 0) - return r; - /* Store generated IV in integrity metadata */ - if (ctx->integrity_iv_size) - memcpy(tag_iv, org_iv, ctx->iv_size); - } - /* Working copy of IV, to be modified in crypto API */ - memcpy(iv, org_iv, ctx->iv_size); - } - - req_aead = &subreq->r.req_aead; - aead_request_set_ad(req_aead, sizeof(uint64_t) + ctx->iv_size); - if (rctx->is_write) { - aead_request_set_crypt(req_aead, subreq->sg_in, subreq->sg_out, - ctx->sector_size, iv); - r = crypto_aead_encrypt(req_aead); - if (ctx->integrity_tag_size + ctx->integrity_iv_size != ctx->on_disk_tag_size) - memset(tag + ctx->integrity_tag_size + ctx->integrity_iv_size, 0, - ctx->on_disk_tag_size - (ctx->integrity_tag_size + ctx->integrity_iv_size)); - } else { - aead_request_set_crypt(req_aead, subreq->sg_in, subreq->sg_out, - ctx->sector_size + ctx->integrity_tag_size, iv); - r = crypto_aead_decrypt(req_aead); - } - - if (r == -EBADMSG) - DMERR_LIMIT("INTEGRITY AEAD ERROR, sector %llu", - (unsigned long long)le64_to_cpu(*sector)); - - if (!r && ctx->iv_gen_ops && ctx->iv_gen_ops->post) - r = ctx->iv_gen_ops->post(ctx, rctx, subreq, org_iv); - - return r; -} - -static int geniv_convert_block_skcipher(struct geniv_ctx *ctx, - struct geniv_req_ctx *rctx, - struct geniv_subreq *subreq, - unsigned int tag_offset) -{ - struct scatterlist *sg_in, *sg_out; - u8 *iv, *org_iv, *tag_iv; - uint64_t *sector; - int r = 0; - struct scatterlist_iter *iter = &rctx->iter; - struct skcipher_request *req; - struct skcipher_request *parent_req = rctx->r.req; - - /* Reject unexpected unaligned bio. */ - if (unlikely(iter->len & (ctx->sector_size - 1))) - return -EIO; - - subreq->iv_sector = rctx->cc_sector; - if (test_bit(CRYPT_IV_LARGE_SECTORS, &ctx->cipher_flags)) - subreq->iv_sector >>= ctx->sector_shift; - - *org_tag_of_subreq(ctx, subreq) = tag_offset; - - iv = iv_of_subreq(ctx, subreq); - org_iv = org_iv_of_subreq(ctx, subreq); - tag_iv = iv_tag_from_subreq(ctx, subreq); - - sector = org_sector_of_subreq(ctx, subreq); - *sector = cpu_to_le64(rctx->cc_sector - ctx->iv_offset); - - /* For skcipher we use only the first sg item */ - sg_in = subreq->sg_in; - sg_out = subreq->sg_out; - - sg_init_table(sg_in, 1); - sg_set_page(sg_in, sg_page(&parent_req->src[iter->seg_no]), - iter->len, parent_req->src[iter->seg_no].offset + iter->done); - - sg_init_table(sg_out, 1); - sg_set_page(sg_out, sg_page(&parent_req->dst[iter->seg_no]), - iter->len, parent_req->dst[iter->seg_no].offset + iter->done); - - if (ctx->iv_gen_ops) { - /* For READs use IV stored in integrity metadata */ - if (ctx->integrity_iv_size && !rctx->is_write) { - memcpy(org_iv, tag_iv, ctx->integrity_iv_size); - } else { - r = ctx->iv_gen_ops->generator(ctx, rctx, subreq, org_iv); - if (r < 0) - return r; - /* Store generated IV in integrity metadata */ - if (ctx->integrity_iv_size) - memcpy(tag_iv, org_iv, ctx->integrity_iv_size); - } - /* Working copy of IV, to be modified in crypto API */ - memcpy(iv, org_iv, ctx->iv_size); - } - - req = &subreq->r.req; - skcipher_request_set_crypt(req, sg_in, sg_out, ctx->sector_size, iv); - - if (rctx->is_write) - r = crypto_skcipher_encrypt(req); - else - r = crypto_skcipher_decrypt(req); - - if (!r && ctx->iv_gen_ops && ctx->iv_gen_ops->post) - r = ctx->iv_gen_ops->post(ctx, rctx, subreq, org_iv); - - return r; -} - -/* - * Common encryt/decrypt function for geniv template cipher. Before the crypto - * operation, it splits the memory segments (in the scatterlist) into 512 byte - * sectors. The initialization vector(IV) used is based on a unique sector - * number which is generated here. - */ -static int geniv_crypt(struct geniv_ctx *ctx, void *parent_req, bool is_encrypt) -{ - struct skcipher_request *req = NULL; - struct aead_request *req_aead = NULL; - struct geniv_req_ctx *rctx; - struct geniv_req_info *rinfo; - int i, bytes, cryptlen, ret = 0; - unsigned int sectors; - unsigned int tag_offset = 0; - unsigned int sector_step = ctx->sector_size >> SECTOR_SHIFT; - char *str __maybe_unused = is_encrypt ? "encrypt" : "decrypt"; - - if (geniv_integrity_aead(ctx)) { - req_aead = (struct aead_request *)parent_req; - rctx = geniv_aead_req_ctx(req_aead); - rctx->r.req_aead = req_aead; - rinfo = (struct geniv_req_info *)req_aead->iv; - } else { - req = (struct skcipher_request *)parent_req; - rctx = geniv_skcipher_req_ctx(req); - rctx->r.req = req; - rinfo = (struct geniv_req_info *)req->iv; - } - - /* Instance of 'struct geniv_req_info' is stored in IV ptr */ - rctx->is_write = is_encrypt; - rctx->is_aead_request = geniv_integrity_aead(ctx); - rctx->cc_sector = rinfo->cc_sector; - rctx->nents = rinfo->nents; - rctx->integrity_metadata = rinfo->integrity_metadata; - rctx->subreq = NULL; - cryptlen = req->cryptlen; - - rctx->iter.seg_no = 0; - rctx->iter.done = 0; - rctx->iter.len = 0; - - DMDEBUG("geniv:%s: starting sector=%d, #segments=%u\n", str, - (unsigned int)rctx->cc_sector, rctx->nents); - - if (geniv_integrity_aead(ctx)) - sectors = geniv_get_sectors(req_aead->src, req_aead->dst, rctx->nents); - else - sectors = geniv_get_sectors(req->src, req->dst, rctx->nents); - - init_completion(&rctx->restart); - atomic_set(&rctx->req_pending, 1); - - for (i = 0; i < sectors; i++) { - struct geniv_subreq *subreq; - - if (geniv_integrity_aead(ctx)) - ret = geniv_alloc_subreq_aead(ctx, rctx, req_aead->base.flags); - else - ret = geniv_alloc_subreq_skcipher(ctx, rctx, req->base.flags); - if (ret) - return -ENOMEM; - - subreq = rctx->subreq; - - if (geniv_integrity_aead(ctx)) - bytes = geniv_iter_block(req_aead, ctx, rctx); - else - bytes = geniv_iter_block(req, ctx, rctx); - - if (bytes == 0) - break; - - cryptlen -= bytes; - atomic_inc(&rctx->req_pending); - - if (geniv_integrity_aead(ctx)) - ret = geniv_convert_block_aead(ctx, rctx, subreq, tag_offset); - else - ret = geniv_convert_block_skcipher(ctx, rctx, subreq, tag_offset); - - switch (ret) { - /* - * The request was queued by a crypto driver - * but the driver request queue is full, let's wait. - */ - case -EBUSY: - wait_for_completion(&rctx->restart); - reinit_completion(&rctx->restart); - /* fall through */ - /* - * The request is queued and processed asynchronously, - * completion function geniv_async_done() is called. - */ - case -EINPROGRESS: - /* Marking this NULL lets the creation of a new sub- - * request when 'geniv_alloc_subreq' is called. - */ - rctx->subreq = NULL; - rctx->cc_sector += sector_step; - tag_offset++; - cond_resched(); - break; - /* - * The request was already processed (synchronously). - */ - case 0: - atomic_dec(&rctx->req_pending); - rctx->cc_sector += sector_step; - tag_offset++; - cond_resched(); - continue; - - /* There was an error while processing the request. */ - default: - atomic_dec(&rctx->req_pending); - mempool_free(rctx->subreq, ctx->subreq_pool); - atomic_dec(&rctx->req_pending); - return ret; - } - } - - if (rctx->subreq) - mempool_free(rctx->subreq, ctx->subreq_pool); - - if (atomic_dec_and_test(&rctx->req_pending)) - return 0; - else - return -EINPROGRESS; -} - -static int geniv_skcipher_encrypt(struct skcipher_request *req) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); - - return geniv_crypt(ctx, req, true); -} - -static int geniv_skcipher_decrypt(struct skcipher_request *req) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); - - return geniv_crypt(ctx, req, false); -} - -static int geniv_aead_encrypt(struct aead_request *req) -{ - struct crypto_aead *tfm = crypto_aead_reqtfm(req); - struct geniv_ctx *ctx = crypto_aead_ctx(tfm); - - return geniv_crypt(ctx, req, true); -} - -static int geniv_aead_decrypt(struct aead_request *req) -{ - struct crypto_aead *tfm = crypto_aead_reqtfm(req); - struct geniv_ctx *ctx = crypto_aead_ctx(tfm); - - return geniv_crypt(ctx, req, false); -} - -/* - * Workaround to parse cipher algorithm from crypto API spec. - * The ctx->cipher is currently used only in ESSIV. - * This should be probably done by crypto-api calls (once available...) - */ -static int geniv_blkdev_cipher(struct geniv_ctx *ctx, bool is_crypto_aead) -{ - const char *alg_name = NULL; - char *start, *end; - - alg_name = ctx->ciphermode; - if (!alg_name) - return -EINVAL; - - if (is_crypto_aead) { - alg_name = strchr(alg_name, ','); - if (!alg_name) - alg_name = ctx->ciphermode; - alg_name++; - } - - start = strchr(alg_name, '('); - end = strchr(alg_name, ')'); - - if (!start && !end) { - ctx->cipher = kstrdup(alg_name, GFP_KERNEL); - return ctx->cipher ? 0 : -ENOMEM; - } - - if (!start || !end || ++start >= end) - return -EINVAL; - - ctx->cipher = kzalloc(end - start + 1, GFP_KERNEL); - if (!ctx->cipher) - return -ENOMEM; - - strncpy(ctx->cipher, start, end - start); - - return 0; -} - -static int geniv_init_tfm(void *tfm_tmp, bool is_crypto_aead) -{ - struct geniv_ctx *ctx; - struct crypto_skcipher *tfm; - struct crypto_aead *tfm_aead; - unsigned int reqsize; - size_t iv_size_padding; - char *algname; - int psize, ret; - - if (is_crypto_aead) { - tfm_aead = (struct crypto_aead *)tfm_tmp; - ctx = crypto_aead_ctx(tfm_aead); - algname = (char *) crypto_tfm_alg_name(crypto_aead_tfm(tfm_aead)); - } else { - tfm = (struct crypto_skcipher *)tfm_tmp; - ctx = crypto_skcipher_ctx(tfm); - algname = (char *) crypto_tfm_alg_name(crypto_skcipher_tfm(tfm)); - } - - ctx->ciphermode = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL); - if (!ctx->ciphermode) - return -ENOMEM; - - ctx->algname = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL); - if (!ctx->algname) { - ret = -ENOMEM; - goto free_ciphermode; - } - - strlcpy(ctx->algname, algname, CRYPTO_MAX_ALG_NAME); - algname = ctx->algname; - - /* Parse the algorithm name 'ivmode(ciphermode)' */ - ctx->ivmode = strsep(&algname, "("); - strlcpy(ctx->ciphermode, algname, CRYPTO_MAX_ALG_NAME); - ctx->ciphermode[strlen(algname) - 1] = '\0'; - - DMDEBUG("ciphermode=%s, ivmode=%s\n", ctx->ciphermode, ctx->ivmode); - - /* - * Usually the underlying cipher instances are spawned here, but since - * the value of tfms_count (which is equal to the key_count) is not - * known yet, create only one instance and delay the creation of the - * rest of the instances of the underlying cipher 'cbc(aes)' until - * the setkey operation is invoked. - * The first instance created i.e. ctx->child will later be assigned as - * the 1st element in the array ctx->tfms. Creation of atleast one - * instance of the cipher is necessary to be created here to uncover - * any errors earlier than during the setkey operation later where the - * remaining instances are created. - */ - if (is_crypto_aead) - ctx->tfm_child.tfm_aead = crypto_alloc_aead(ctx->ciphermode, 0, 0); - else - ctx->tfm_child.tfm = crypto_alloc_skcipher(ctx->ciphermode, 0, 0); - if (IS_ERR(ctx->tfm_child.tfm)) { - ret = PTR_ERR(ctx->tfm_child.tfm); - DMERR("Failed to create cipher %s. err %d\n", - ctx->ciphermode, ret); - goto free_algname; - } - - /* Setup the current cipher's request structure */ - if (is_crypto_aead) { - reqsize = sizeof(struct geniv_req_ctx) + __alignof__(struct geniv_req_ctx); - crypto_aead_set_reqsize(tfm_aead, reqsize); - - ctx->iv_start = sizeof(struct geniv_subreq); - ctx->iv_start += crypto_aead_reqsize(ctx->tfm_child.tfm_aead); - - ctx->iv_size = crypto_aead_ivsize(tfm_aead); - } else { - reqsize = sizeof(struct geniv_req_ctx) + __alignof__(struct geniv_req_ctx); - crypto_skcipher_set_reqsize(tfm, reqsize); - - ctx->iv_start = sizeof(struct geniv_subreq); - ctx->iv_start += crypto_skcipher_reqsize(ctx->tfm_child.tfm); - - ctx->iv_size = crypto_skcipher_ivsize(tfm); - } - /* at least a 64 bit sector number should fit in our buffer */ - if (ctx->iv_size) - ctx->iv_size = max(ctx->iv_size, - (unsigned int)(sizeof(u64) / sizeof(u8))); - - if (is_crypto_aead) { - if (crypto_aead_alignmask(tfm_aead) < CRYPTO_MINALIGN) { - /* Allocate the padding exactly */ - iv_size_padding = -ctx->iv_start - & crypto_aead_alignmask(ctx->tfm_child.tfm_aead); - } else { - /* - * If the cipher requires greater alignment than kmalloc - * alignment, we don't know the exact position of the - * initialization vector. We must assume worst case. - */ - iv_size_padding = crypto_aead_alignmask(ctx->tfm_child.tfm_aead); - } - } else { - if (crypto_skcipher_alignmask(tfm) < CRYPTO_MINALIGN) { - iv_size_padding = -ctx->iv_start - & crypto_skcipher_alignmask(ctx->tfm_child.tfm); - } else { - iv_size_padding = crypto_skcipher_alignmask(ctx->tfm_child.tfm); - } - } - - /* - * create memory pool for sub-request structure - * ...| IV + padding | original IV | original sec. number | bio tag offset | - */ - psize = ctx->iv_start + iv_size_padding + ctx->iv_size + ctx->iv_size + - sizeof(uint64_t) + sizeof(unsigned int); - - ctx->subreq_pool = mempool_create_kmalloc_pool(MIN_IOS, psize); - if (!ctx->subreq_pool) { - ret = -ENOMEM; - DMERR("Could not allocate crypt sub-request mempool\n"); - goto free_tfm; - } - - ret = geniv_blkdev_cipher(ctx, is_crypto_aead); - if (ret < 0) { - ret = -ENOMEM; - DMERR("Cannot allocate cipher string\n"); - goto free_tfm; - } + __cpu_to_le32s(&md5state.hash[i]); + memcpy(iv, &md5state.hash, cc->iv_size);

return 0; - -free_tfm: - if (is_crypto_aead) - crypto_free_aead(ctx->tfm_child.tfm_aead); - else - crypto_free_skcipher(ctx->tfm_child.tfm); -free_algname: - kfree(ctx->algname); -free_ciphermode: - kfree(ctx->ciphermode); - return ret; }

-static int geniv_skcipher_init_tfm(struct crypto_skcipher *tfm) +static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) { - return geniv_init_tfm(tfm, 0); -} + struct scatterlist *sg; + u8 *src; + int r = 0;

-static int geniv_aead_init_tfm(struct crypto_aead *tfm) -{ - return geniv_init_tfm(tfm, 1); -} + if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) { + sg = crypt_get_sg_data(cc, dmreq->sg_in); + src = kmap_atomic(sg_page(sg)); + r = crypt_iv_lmk_one(cc, iv, dmreq, src + sg->offset); + kunmap_atomic(src); + } else + memset(iv, 0, cc->iv_size);

-static void geniv_exit_tfm(struct geniv_ctx *ctx) -{ - if (ctx->iv_gen_ops && ctx->iv_gen_ops->dtr) - ctx->iv_gen_ops->dtr(ctx); - - mempool_destroy(ctx->subreq_pool); - geniv_free_tfms(ctx); - kzfree(ctx->ciphermode); - kzfree(ctx->algname); - kzfree(ctx->cipher); + return r; }

-static void geniv_skcipher_exit_tfm(struct crypto_skcipher *tfm) +static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) { - struct geniv_ctx *ctx = crypto_skcipher_ctx(tfm); - - geniv_exit_tfm(ctx); -} + struct scatterlist *sg; + u8 *dst; + int r;

-static void geniv_aead_exit_tfm(struct crypto_aead *tfm) -{ - struct geniv_ctx *ctx = crypto_aead_ctx(tfm); + if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) + return 0;

- geniv_exit_tfm(ctx); -} + sg = crypt_get_sg_data(cc, dmreq->sg_out); + dst = kmap_atomic(sg_page(sg)); + r = crypt_iv_lmk_one(cc, iv, dmreq, dst + sg->offset);

-static void geniv_skcipher_free(struct skcipher_instance *inst) -{ - struct crypto_skcipher_spawn *spawn = skcipher_instance_ctx(inst); + /* Tweak the first block of plaintext sector */ + if (!r) + crypto_xor(dst + sg->offset, iv, cc->iv_size);

- crypto_drop_skcipher(spawn); - kfree(inst); + kunmap_atomic(dst); + return r; }

-static void geniv_aead_free(struct aead_instance *inst) +static void crypt_iv_tcw_dtr(struct crypt_config *cc) { - struct crypto_aead_spawn *spawn = aead_instance_ctx(inst); + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + + kzfree(tcw->iv_seed); + tcw->iv_seed = NULL; + kzfree(tcw->whitening); + tcw->whitening = NULL;

- crypto_drop_aead(spawn); - kfree(inst); + if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm)) + crypto_free_shash(tcw->crc32_tfm); + tcw->crc32_tfm = NULL; }

-static int geniv_skcipher_create(struct crypto_template *tmpl, - struct rtattr **tb, char *algname) +static int crypt_iv_tcw_ctr(struct crypt_config *cc, struct dm_target *ti, + const char *opts) { - struct crypto_attr_type *algt; - struct skcipher_instance *inst; - struct skcipher_alg *alg; - struct crypto_skcipher_spawn *spawn; - const char *cipher_name; - int err; + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;

- algt = crypto_get_attr_type(tb); + if (cc->sector_size != (1 << SECTOR_SHIFT)) { + ti->error = "Unsupported sector size for TCW"; + return -EINVAL; + }

- cipher_name = crypto_attr_alg_name(tb[1]); + if (cc->key_size <= (cc->iv_size + TCW_WHITENING_SIZE)) { + ti->error = "Wrong key size for TCW"; + return -EINVAL; + }

- if (IS_ERR(cipher_name)) - return PTR_ERR(cipher_name); + tcw->crc32_tfm = crypto_alloc_shash("crc32", 0, 0); + if (IS_ERR(tcw->crc32_tfm)) { + ti->error = "Error initializing CRC32 in TCW"; + return PTR_ERR(tcw->crc32_tfm); + }

- inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) + tcw->iv_seed = kzalloc(cc->iv_size, GFP_KERNEL); + tcw->whitening = kzalloc(TCW_WHITENING_SIZE, GFP_KERNEL); + if (!tcw->iv_seed || !tcw->whitening) { + crypt_iv_tcw_dtr(cc); + ti->error = "Error allocating seed storage in TCW"; return -ENOMEM; + }

- spawn = skcipher_instance_ctx(inst); - - crypto_set_skcipher_spawn(spawn, skcipher_crypto_instance(inst)); - err = crypto_grab_skcipher(spawn, cipher_name, 0, - crypto_requires_sync(algt->type, - algt->mask)); - - if (err) - goto err_free_inst; - - alg = crypto_spawn_skcipher_alg(spawn); + return 0; +}

- err = -EINVAL; +static int crypt_iv_tcw_init(struct crypt_config *cc) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;

- /* Only support blocks of size which is of a power of 2 */ - if (!is_power_of_2(alg->base.cra_blocksize)) - goto err_drop_spawn; + memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size); + memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size], + TCW_WHITENING_SIZE);

- /* algname: essiv, base.cra_name: cbc(aes) */ - err = -ENAMETOOLONG; - if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", - algname, alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) - goto err_drop_spawn; - if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, - "%s(%s)", algname, alg->base.cra_driver_name) >= - CRYPTO_MAX_ALG_NAME) - goto err_drop_spawn; + return 0; +}

- inst->alg.base.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; - inst->alg.base.cra_priority = alg->base.cra_priority; - inst->alg.base.cra_blocksize = alg->base.cra_blocksize; - inst->alg.base.cra_alignmask = alg->base.cra_alignmask; - inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.ivsize = alg->base.cra_blocksize; - inst->alg.chunksize = crypto_skcipher_alg_chunksize(alg); - inst->alg.min_keysize = sizeof(struct geniv_key_info); - inst->alg.max_keysize = sizeof(struct geniv_key_info); +static int crypt_iv_tcw_wipe(struct crypt_config *cc) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;

- inst->alg.setkey = geniv_skcipher_setkey; - inst->alg.encrypt = geniv_skcipher_encrypt; - inst->alg.decrypt = geniv_skcipher_decrypt; + memset(tcw->iv_seed, 0, cc->iv_size); + memset(tcw->whitening, 0, TCW_WHITENING_SIZE);

- inst->alg.base.cra_ctxsize = sizeof(struct geniv_ctx); + return 0; +}

- inst->alg.init = geniv_skcipher_init_tfm; - inst->alg.exit = geniv_skcipher_exit_tfm; +static int crypt_iv_tcw_whitening(struct crypt_config *cc, + struct dm_crypt_request *dmreq, + u8 *data) +{ + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + __le64 sector = cpu_to_le64(dmreq->iv_sector); + u8 buf[TCW_WHITENING_SIZE]; + SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm); + int i, r;

- inst->free = geniv_skcipher_free; + /* xor whitening with sector number */ + crypto_xor_cpy(buf, tcw->whitening, (u8 *)&sector, 8); + crypto_xor_cpy(&buf[8], tcw->whitening + 8, (u8 *)&sector, 8);

- err = skcipher_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; + /* calculate crc32 for every 32bit part and xor it */ + desc->tfm = tcw->crc32_tfm; + desc->flags = 0; + for (i = 0; i < 4; i++) { + r = crypto_shash_init(desc); + if (r) + goto out; + r = crypto_shash_update(desc, &buf[i * 4], 4); + if (r) + goto out; + r = crypto_shash_final(desc, &buf[i * 4]); + if (r) + goto out; + } + crypto_xor(&buf[0], &buf[12], 4); + crypto_xor(&buf[4], &buf[8], 4);

+ /* apply whitening (8 bytes) to whole sector */ + for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++) + crypto_xor(data + i * 8, buf, 8); out: - return err; - -err_drop_spawn: - crypto_drop_skcipher(spawn); -err_free_inst: - kfree(inst); - goto out; + memzero_explicit(buf, sizeof(buf)); + return r; }

- -static int geniv_aead_create(struct crypto_template *tmpl, - struct rtattr **tb, char *algname) +static int crypt_iv_tcw_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) { - struct crypto_attr_type *algt; - struct aead_instance *inst; - struct aead_alg *alg; - struct crypto_aead_spawn *spawn; - const char *cipher_name; - int err; - - algt = crypto_get_attr_type(tb); - - cipher_name = crypto_attr_alg_name(tb[1]); - if (IS_ERR(cipher_name)) - return PTR_ERR(cipher_name); - - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) - return -ENOMEM; + struct scatterlist *sg; + struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw; + __le64 sector = cpu_to_le64(dmreq->iv_sector); + u8 *src; + int r = 0;

- spawn = aead_instance_ctx(inst); + /* Remove whitening from ciphertext */ + if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) { + sg = crypt_get_sg_data(cc, dmreq->sg_in); + src = kmap_atomic(sg_page(sg)); + r = crypt_iv_tcw_whitening(cc, dmreq, src + sg->offset); + kunmap_atomic(src); + }

- crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); - err = crypto_grab_aead(spawn, cipher_name, 0, - crypto_requires_sync(algt->type, - algt->mask)); - if (err) - goto err_free_inst; + /* Calculate IV */ + crypto_xor_cpy(iv, tcw->iv_seed, (u8 *)&sector, 8); + if (cc->iv_size > 8) + crypto_xor_cpy(&iv[8], tcw->iv_seed + 8, (u8 *)&sector, + cc->iv_size - 8);

- alg = crypto_spawn_aead_alg(spawn); + return r; +}

- /* Only support blocks of size which is of a power of 2 */ - if (!is_power_of_2(alg->base.cra_blocksize)) { - err = -EINVAL; - goto err_drop_spawn; - } +static int crypt_iv_tcw_post(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + struct scatterlist *sg; + u8 *dst; + int r;

- /* algname: essiv, base.cra_name: cbc(aes) */ - if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", - algname, alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) { - err = -ENAMETOOLONG; - goto err_drop_spawn; - } + if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) + return 0;

- if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, - "%s(%s)", algname, alg->base.cra_driver_name) >= - CRYPTO_MAX_ALG_NAME) { - err = -ENAMETOOLONG; - goto err_drop_spawn; - } + /* Apply whitening on ciphertext */ + sg = crypt_get_sg_data(cc, dmreq->sg_out); + dst = kmap_atomic(sg_page(sg)); + r = crypt_iv_tcw_whitening(cc, dmreq, dst + sg->offset); + kunmap_atomic(dst);

- inst->alg.base.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; - inst->alg.base.cra_priority = alg->base.cra_priority; - inst->alg.base.cra_blocksize = alg->base.cra_blocksize; - inst->alg.base.cra_alignmask = alg->base.cra_alignmask; - inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; - inst->alg.ivsize = crypto_aead_alg_ivsize(alg); - inst->alg.chunksize = crypto_aead_alg_chunksize(alg); - inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); + return r; +}

- inst->alg.setkey = geniv_aead_setkey; - inst->alg.encrypt = geniv_aead_encrypt; - inst->alg.decrypt = geniv_aead_decrypt; +static int crypt_iv_random_gen(struct crypt_config *cc, u8 *iv, + struct dm_crypt_request *dmreq) +{ + /* Used only for writes, there must be an additional space to store IV */ + get_random_bytes(iv, cc->iv_size); + return 0; +}

- inst->alg.base.cra_ctxsize = sizeof(struct geniv_ctx); +static const struct crypt_iv_operations crypt_iv_plain_ops = { + .generator = crypt_iv_plain_gen +};

- inst->alg.init = geniv_aead_init_tfm; - inst->alg.exit = geniv_aead_exit_tfm; +static const struct crypt_iv_operations crypt_iv_plain64_ops = { + .generator = crypt_iv_plain64_gen +};

- inst->free = geniv_aead_free; +static const struct crypt_iv_operations crypt_iv_plain64be_ops = { + .generator = crypt_iv_plain64be_gen +};

- err = aead_register_instance(tmpl, inst); - if (err) - goto err_drop_spawn; +static const struct crypt_iv_operations crypt_iv_essiv_ops = { + .ctr = crypt_iv_essiv_ctr, + .dtr = crypt_iv_essiv_dtr, + .init = crypt_iv_essiv_init, + .wipe = crypt_iv_essiv_wipe, + .generator = crypt_iv_essiv_gen +};

- return 0; +static const struct crypt_iv_operations crypt_iv_benbi_ops = { + .ctr = crypt_iv_benbi_ctr, + .dtr = crypt_iv_benbi_dtr, + .generator = crypt_iv_benbi_gen +};

-err_drop_spawn: - crypto_drop_aead(spawn); -err_free_inst: - kfree(inst); - return err; -} +static const struct crypt_iv_operations crypt_iv_null_ops = { + .generator = crypt_iv_null_gen +};

-static int geniv_create(struct crypto_template *tmpl, - struct rtattr **tb, char *algname) -{ - if (!crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER)) - return geniv_skcipher_create(tmpl, tb, algname); - else if (!crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD)) - return geniv_aead_create(tmpl, tb, algname); - else - return -EINVAL; -} +static const struct crypt_iv_operations crypt_iv_lmk_ops = { + .ctr = crypt_iv_lmk_ctr, + .dtr = crypt_iv_lmk_dtr, + .init = crypt_iv_lmk_init, + .wipe = crypt_iv_lmk_wipe, + .generator = crypt_iv_lmk_gen, + .post = crypt_iv_lmk_post +};

-static int geniv_template_create(struct crypto_template *tmpl, - struct rtattr **tb) -{ - return geniv_create(tmpl, tb, tmpl->name); -} +static const struct crypt_iv_operations crypt_iv_tcw_ops = { + .ctr = crypt_iv_tcw_ctr, + .dtr = crypt_iv_tcw_dtr, + .init = crypt_iv_tcw_init, + .wipe = crypt_iv_tcw_wipe, + .generator = crypt_iv_tcw_gen, + .post = crypt_iv_tcw_post +};

-#define DECLARE_CRYPTO_TEMPLATE(type) \ - { .name = type, \ - .create = geniv_template_create, \ - .module = THIS_MODULE, }, - -static struct crypto_template geniv_tmpl[] = { - DECLARE_CRYPTO_TEMPLATE("plain") - DECLARE_CRYPTO_TEMPLATE("plain64") - DECLARE_CRYPTO_TEMPLATE("essiv") - DECLARE_CRYPTO_TEMPLATE("benbi") - DECLARE_CRYPTO_TEMPLATE("null") - DECLARE_CRYPTO_TEMPLATE("lmk") - DECLARE_CRYPTO_TEMPLATE("tcw") - DECLARE_CRYPTO_TEMPLATE("random") +static struct crypt_iv_operations crypt_iv_random_ops = { + .generator = crypt_iv_random_gen };

/* @@ -3435,8 +1925,27 @@ static unsigned crypt_authenckey_size(struct crypt_config *cc) return crypt_subkey_size(cc) + RTA_SPACE(sizeof(struct crypto_authenc_key_param)); }

+/* + * If AEAD is composed like authenc(hmac(sha256),xts(aes)), + * the key must be for some reason in special format. + * This funcion converts cc->key to this special format. + */ static void crypt_copy_authenckey(char *p, const void *key, - unsigned enckeylen, unsigned authkeylen); + unsigned enckeylen, unsigned authkeylen) +{ + struct crypto_authenc_key_param *param; + struct rtattr *rta; + + rta = (struct rtattr *)p; + param = RTA_DATA(rta); + param->enckeylen = cpu_to_be32(enckeylen); + rta->rta_len = RTA_LENGTH(sizeof(*param)); + rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; + p += RTA_SPACE(sizeof(*param)); + memcpy(p, key + enckeylen, authkeylen); + p += authkeylen; + memcpy(p, key, enckeylen); +}

static int crypt_setkey(struct crypt_config *cc) { diff --git a/include/crypto/geniv.h b/include/crypto/geniv.h deleted file mode 100644 index 6fcf93b..00000000 --- a/include/crypto/geniv.h +++ /dev/null @@ -1,42 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * geniv.h: common interface for IV generation algorithms - * - * Copyright (C) 2018, Linaro - * - * This file define the data structure the user should pass to the template. - */ - -#ifndef _CRYPTO_GENIV_H -#define _CRYPTO_GENIV_H - -#include <linux/types.h> - -enum setkey_op { - SETKEY_OP_INIT, - SETKEY_OP_SET, - SETKEY_OP_WIPE, -}; - -struct geniv_key_info { - enum setkey_op keyop; - unsigned int tfms_count; - u8 *key; - char *ivopts; - sector_t iv_offset; - unsigned long cipher_flags; - - unsigned short int sector_size; - unsigned int key_size; - unsigned int key_parts; - unsigned int key_mac_size; - unsigned int on_disk_tag_size; -}; - -struct geniv_req_info { - sector_t cc_sector; - unsigned int nents; - u8 *integrity_metadata; -}; - -#endif