cregit-Linux how code gets into the kernel

Release 4.7 crypto/chacha20poly1305.c

Directory: crypto
/*
 * ChaCha20-Poly1305 AEAD, RFC7539
 *
 * Copyright (C) 2015 Martin Willi
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 */

#include <crypto/internal/aead.h>
#include <crypto/internal/hash.h>
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
#include <crypto/chacha20.h>
#include <crypto/poly1305.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>

#include "internal.h"


#define CHACHAPOLY_IV_SIZE	12


struct chachapoly_instance_ctx {
	
struct crypto_skcipher_spawn chacha;
	
struct crypto_ahash_spawn poly;
	
unsigned int saltlen;
};


struct chachapoly_ctx {
	
struct crypto_ablkcipher *chacha;
	
struct crypto_ahash *poly;
	/* key bytes we use for the ChaCha20 IV */
	
unsigned int saltlen;
	
u8 salt[];
};


struct poly_req {
	/* zero byte padding for AD/ciphertext, as needed */
	
u8 pad[POLY1305_BLOCK_SIZE];
	/* tail data with AD/ciphertext lengths */
	struct {
		
__le64 assoclen;
		
__le64 cryptlen;
	} 
tail;
	
struct scatterlist src[1];
	
struct ahash_request req; /* must be last member */
};


struct chacha_req {
	
u8 iv[CHACHA20_IV_SIZE];
	
struct scatterlist src[1];
	
struct ablkcipher_request req; /* must be last member */
};


struct chachapoly_req_ctx {
	
struct scatterlist src[2];
	
struct scatterlist dst[2];
	/* the key we generate for Poly1305 using Chacha20 */
	
u8 key[POLY1305_KEY_SIZE];
	/* calculated Poly1305 tag */
	
u8 tag[POLY1305_DIGEST_SIZE];
	/* length of data to en/decrypt, without ICV */
	
unsigned int cryptlen;
	/* Actual AD, excluding IV */
	
unsigned int assoclen;
	union {
		
struct poly_req poly;
		
struct chacha_req chacha;
	} 
u;
};


static inline void async_done_continue(struct aead_request *req, int err, int (*cont)(struct aead_request *)) { if (!err) err = cont(req); if (err != -EINPROGRESS && err != -EBUSY) aead_request_complete(req, err); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi57100.00%1100.00%
Total57100.00%1100.00%


static void chacha_iv(u8 *iv, struct aead_request *req, u32 icb) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); __le32 leicb = cpu_to_le32(icb); memcpy(iv, &leicb, sizeof(leicb)); memcpy(iv + sizeof(leicb), ctx->salt, ctx->saltlen); memcpy(iv + sizeof(leicb) + ctx->saltlen, req->iv, CHACHA20_IV_SIZE - sizeof(leicb) - ctx->saltlen); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi99100.00%1100.00%
Total99100.00%1100.00%


static int poly_verify_tag(struct aead_request *req) { struct chachapoly_req_ctx *rctx = aead_request_ctx(req); u8 tag[sizeof(rctx->tag)]; scatterwalk_map_and_copy(tag, req->src, req->assoclen + rctx->cryptlen, sizeof(tag), 0); if (crypto_memneq(tag, rctx->tag, sizeof(tag))) return -EBADMSG; return 0; }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi7594.94%150.00%
herbert xuherbert xu45.06%150.00%
Total79100.00%2100.00%


static int poly_copy_tag(struct aead_request *req) { struct chachapoly_req_ctx *rctx = aead_request_ctx(req); scatterwalk_map_and_copy(rctx->tag, req->dst, req->assoclen + rctx->cryptlen, sizeof(rctx->tag), 1); return 0; }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi4892.31%150.00%
herbert xuherbert xu47.69%150.00%
Total52100.00%2100.00%


static void chacha_decrypt_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_verify_tag); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int chacha_decrypt(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct chacha_req *creq = &rctx->u.chacha; struct scatterlist *src, *dst; int err; if (rctx->cryptlen == 0) goto skip; chacha_iv(creq->iv, req, 1); sg_init_table(rctx->src, 2); src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen); dst = src; if (req->src != req->dst) { sg_init_table(rctx->dst, 2); dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen); } ablkcipher_request_set_callback(&creq->req, aead_request_flags(req), chacha_decrypt_done, req); ablkcipher_request_set_tfm(&creq->req, ctx->chacha); ablkcipher_request_set_crypt(&creq->req, src, dst, rctx->cryptlen, creq->iv); err = crypto_ablkcipher_decrypt(&creq->req); if (err) return err; skip: return poly_verify_tag(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi13259.73%133.33%
herbert xuherbert xu7634.39%133.33%
jason a. donenfeldjason a. donenfeld135.88%133.33%
Total221100.00%3100.00%


static int poly_tail_continue(struct aead_request *req) { struct chachapoly_req_ctx *rctx = aead_request_ctx(req); if (rctx->cryptlen == req->cryptlen) /* encrypting */ return poly_copy_tag(req); return chacha_decrypt(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi44100.00%1100.00%
Total44100.00%1100.00%


static void poly_tail_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_tail_continue); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int poly_tail(struct aead_request *req) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chachapoly_ctx *ctx = crypto_aead_ctx(tfm); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; __le64 len; int err; sg_init_table(preq->src, 1); len = cpu_to_le64(rctx->assoclen); memcpy(&preq->tail.assoclen, &len, sizeof(len)); len = cpu_to_le64(rctx->cryptlen); memcpy(&preq->tail.cryptlen, &len, sizeof(len)); sg_set_buf(preq->src, &preq->tail, sizeof(preq->tail)); ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_tail_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, preq->src, rctx->tag, sizeof(preq->tail)); err = crypto_ahash_finup(&preq->req); if (err) return err; return poly_tail_continue(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi20494.44%150.00%
herbert xuherbert xu125.56%150.00%
Total216100.00%2100.00%


static void poly_cipherpad_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_tail); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int poly_cipherpad(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; unsigned int padlen, bs = POLY1305_BLOCK_SIZE; int err; padlen = (bs - (rctx->cryptlen % bs)) % bs; memset(preq->pad, 0, sizeof(preq->pad)); sg_init_table(preq->src, 1); sg_set_buf(preq->src, &preq->pad, padlen); ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_cipherpad_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen); err = crypto_ahash_update(&preq->req); if (err) return err; return poly_tail(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi180100.00%1100.00%
Total180100.00%1100.00%


static void poly_cipher_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_cipherpad); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int poly_cipher(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; struct scatterlist *crypt = req->src; int err; if (rctx->cryptlen == req->cryptlen) /* encrypting */ crypt = req->dst; sg_init_table(rctx->src, 2); crypt = scatterwalk_ffwd(rctx->src, crypt, req->assoclen); ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_cipher_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, crypt, NULL, rctx->cryptlen); err = crypto_ahash_update(&preq->req); if (err) return err; return poly_cipherpad(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi14385.63%150.00%
herbert xuherbert xu2414.37%150.00%
Total167100.00%2100.00%


static void poly_adpad_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_cipher); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int poly_adpad(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; unsigned int padlen, bs = POLY1305_BLOCK_SIZE; int err; padlen = (bs - (rctx->assoclen % bs)) % bs; memset(preq->pad, 0, sizeof(preq->pad)); sg_init_table(preq->src, 1); sg_set_buf(preq->src, preq->pad, padlen); ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_adpad_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen); err = crypto_ahash_update(&preq->req); if (err) return err; return poly_cipher(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi17899.44%150.00%
herbert xuherbert xu10.56%150.00%
Total179100.00%2100.00%


static void poly_ad_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_adpad); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int poly_ad(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; int err; ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_ad_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, req->src, NULL, rctx->assoclen); err = crypto_ahash_update(&preq->req); if (err) return err; return poly_adpad(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi11798.32%150.00%
herbert xuherbert xu21.68%150.00%
Total119100.00%2100.00%


static void poly_setkey_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_ad); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%2100.00%
Total25100.00%2100.00%


static int poly_setkey(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; int err; sg_init_table(preq->src, 1); sg_set_buf(preq->src, rctx->key, sizeof(rctx->key)); ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_setkey_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); ahash_request_set_crypt(&preq->req, preq->src, NULL, sizeof(rctx->key)); err = crypto_ahash_update(&preq->req); if (err) return err; return poly_ad(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi149100.00%2100.00%
Total149100.00%2100.00%


static void poly_init_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_setkey); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%2100.00%
Total25100.00%2100.00%


static int poly_init(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct poly_req *preq = &rctx->u.poly; int err; ahash_request_set_callback(&preq->req, aead_request_flags(req), poly_init_done, req); ahash_request_set_tfm(&preq->req, ctx->poly); err = crypto_ahash_init(&preq->req); if (err) return err; return poly_setkey(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi101100.00%2100.00%
Total101100.00%2100.00%


static void poly_genkey_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_init); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%2100.00%
Total25100.00%2100.00%


static int poly_genkey(struct aead_request *req) { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct chachapoly_ctx *ctx = crypto_aead_ctx(tfm); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct chacha_req *creq = &rctx->u.chacha; int err; rctx->assoclen = req->assoclen; if (crypto_aead_ivsize(tfm) == 8) { if (rctx->assoclen < 8) return -EINVAL; rctx->assoclen -= 8; } sg_init_table(creq->src, 1); memset(rctx->key, 0, sizeof(rctx->key)); sg_set_buf(creq->src, rctx->key, sizeof(rctx->key)); chacha_iv(creq->iv, req, 0); ablkcipher_request_set_callback(&creq->req, aead_request_flags(req), poly_genkey_done, req); ablkcipher_request_set_tfm(&creq->req, ctx->chacha); ablkcipher_request_set_crypt(&creq->req, creq->src, creq->src, POLY1305_KEY_SIZE, creq->iv); err = crypto_ablkcipher_decrypt(&creq->req); if (err) return err; return poly_init(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi17378.28%266.67%
herbert xuherbert xu4821.72%133.33%
Total221100.00%3100.00%


static void chacha_encrypt_done(struct crypto_async_request *areq, int err) { async_done_continue(areq->data, err, poly_genkey); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi25100.00%1100.00%
Total25100.00%1100.00%


static int chacha_encrypt(struct aead_request *req) { struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct chachapoly_req_ctx *rctx = aead_request_ctx(req); struct chacha_req *creq = &rctx->u.chacha; struct scatterlist *src, *dst; int err; if (req->cryptlen == 0) goto skip; chacha_iv(creq->iv, req, 1); sg_init_table(rctx->src, 2); src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen); dst = src; if (req->src != req->dst) { sg_init_table(rctx->dst, 2); dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen); } ablkcipher_request_set_callback(&creq->req, aead_request_flags(req), chacha_encrypt_done, req); ablkcipher_request_set_tfm(&creq->req, ctx->chacha); ablkcipher_request_set_crypt(&creq->req, src, dst, req->cryptlen, creq->iv); err = crypto_ablkcipher_encrypt(&creq->req); if (err) return err; skip: return poly_genkey(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi11049.77%133.33%
herbert xuherbert xu9844.34%133.33%
jason a. donenfeldjason a. donenfeld135.88%133.33%
Total221100.00%3100.00%


static int chachapoly_encrypt(struct aead_request *req) { struct chachapoly_req_ctx *rctx = aead_request_ctx(req); rctx->cryptlen = req->cryptlen; /* encrypt call chain: * - chacha_encrypt/done() * - poly_genkey/done() * - poly_init/done() * - poly_setkey/done() * - poly_ad/done() * - poly_adpad/done() * - poly_cipher/done() * - poly_cipherpad/done() * - poly_tail/done/continue() * - poly_copy_tag() */ return chacha_encrypt(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi36100.00%2100.00%
Total36100.00%2100.00%


static int chachapoly_decrypt(struct aead_request *req) { struct chachapoly_req_ctx *rctx = aead_request_ctx(req); rctx->cryptlen = req->cryptlen - POLY1305_DIGEST_SIZE; /* decrypt call chain: * - poly_genkey/done() * - poly_init/done() * - poly_setkey/done() * - poly_ad/done() * - poly_adpad/done() * - poly_cipher/done() * - poly_cipherpad/done() * - poly_tail/done/continue() * - chacha_decrypt/done() * - poly_verify_tag() */ return poly_genkey(req); }

Contributors

PersonTokensPropCommitsCommitProp
martin willimartin willi38100.00%2100.00%
Total38100.00%2100.00%


static int chachapoly_setkey(struct crypto_aead *aead, const u8 *key, unsigned int keylen) { struct chachapoly_ctx *ctx = crypto_aead_ctx(aead); int err; if (keylen != ctx->saltlen + CHACHA20_KEY_SIZE) return -EINVAL; keylen -= ctx->saltlen; memcpy(ctx->salt, key + keylen, ctx->saltlen); crypto_ablkcipher_clear_flags(ctx->chacha, CRYPTO_TFM_REQ_MASK)