Lines Matching +full:tightly +full:- +full:coupled
1 // SPDX-License-Identifier: GPL-2.0
6 * dm-crypt and fscrypt, which converts the initial vector for the skcipher
8 * skcipher key as encryption key. Usually, the input IV is a 64-bit sector
9 * number in LE representation zero-padded to the size of the IV, but this
14 * fscrypt, and the most relevant one for dm-crypt. However, dm-crypt
20 * flavor produced by this template is tightly coupled to the way dm-crypt
26 * adiantum length-preserving encryption mode
73 crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); in essiv_skcipher_setkey()
74 crypto_skcipher_set_flags(tctx->u.skcipher, in essiv_skcipher_setkey()
77 err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen); in essiv_skcipher_setkey()
81 err = crypto_shash_tfm_digest(tctx->hash, key, keylen, salt); in essiv_skcipher_setkey()
85 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); in essiv_skcipher_setkey()
86 crypto_cipher_set_flags(tctx->essiv_cipher, in essiv_skcipher_setkey()
89 return crypto_cipher_setkey(tctx->essiv_cipher, salt, in essiv_skcipher_setkey()
90 crypto_shash_digestsize(tctx->hash)); in essiv_skcipher_setkey()
97 SHASH_DESC_ON_STACK(desc, tctx->hash); in essiv_aead_setkey()
102 crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK); in essiv_aead_setkey()
103 crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) & in essiv_aead_setkey()
105 err = crypto_aead_setkey(tctx->u.aead, key, keylen); in essiv_aead_setkey()
110 return -EINVAL; in essiv_aead_setkey()
112 desc->tfm = tctx->hash; in essiv_aead_setkey()
119 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); in essiv_aead_setkey()
120 crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) & in essiv_aead_setkey()
122 return crypto_cipher_setkey(tctx->essiv_cipher, salt, in essiv_aead_setkey()
123 crypto_shash_digestsize(tctx->hash)); in essiv_aead_setkey()
131 return crypto_aead_setauthsize(tctx->u.aead, authsize); in essiv_aead_setauthsize()
136 struct skcipher_request *req = areq->data; in essiv_skcipher_done()
147 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); in essiv_skcipher_crypt()
149 skcipher_request_set_tfm(subreq, tctx->u.skcipher); in essiv_skcipher_crypt()
150 skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, in essiv_skcipher_crypt()
151 req->iv); in essiv_skcipher_crypt()
171 struct aead_request *req = areq->data; in essiv_aead_done()
174 kfree(rctx->assoc); in essiv_aead_done()
183 struct aead_request *subreq = &rctx->aead_req; in essiv_aead_crypt()
184 struct scatterlist *src = req->src; in essiv_aead_crypt()
187 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); in essiv_aead_crypt()
190 * dm-crypt embeds the sector number and the IV in the AAD region, so in essiv_aead_crypt()
194 rctx->assoc = NULL; in essiv_aead_crypt()
195 if (req->src == req->dst || !enc) { in essiv_aead_crypt()
196 scatterwalk_map_and_copy(req->iv, req->dst, in essiv_aead_crypt()
197 req->assoclen - crypto_aead_ivsize(tfm), in essiv_aead_crypt()
200 u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset; in essiv_aead_crypt()
202 int ssize = req->assoclen - ivsize; in essiv_aead_crypt()
207 return -EINVAL; in essiv_aead_crypt()
209 nents = sg_nents_for_len(req->src, ssize); in essiv_aead_crypt()
211 return -EINVAL; in essiv_aead_crypt()
213 memcpy(iv, req->iv, ivsize); in essiv_aead_crypt()
214 sg_init_table(rctx->sg, 4); in essiv_aead_crypt()
221 rctx->assoc = kmalloc(ssize, GFP_ATOMIC); in essiv_aead_crypt()
222 if (!rctx->assoc) in essiv_aead_crypt()
223 return -ENOMEM; in essiv_aead_crypt()
225 scatterwalk_map_and_copy(rctx->assoc, req->src, 0, in essiv_aead_crypt()
227 sg_set_buf(rctx->sg, rctx->assoc, ssize); in essiv_aead_crypt()
229 sg_set_page(rctx->sg, sg_page(req->src), ssize, in essiv_aead_crypt()
230 req->src->offset); in essiv_aead_crypt()
233 sg_set_buf(rctx->sg + 1, iv, ivsize); in essiv_aead_crypt()
234 sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen); in essiv_aead_crypt()
235 if (sg != rctx->sg + 2) in essiv_aead_crypt()
236 sg_chain(rctx->sg, 3, sg); in essiv_aead_crypt()
238 src = rctx->sg; in essiv_aead_crypt()
241 aead_request_set_tfm(subreq, tctx->u.aead); in essiv_aead_crypt()
242 aead_request_set_ad(subreq, req->assoclen); in essiv_aead_crypt()
245 aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv); in essiv_aead_crypt()
250 if (rctx->assoc && err != -EINPROGRESS) in essiv_aead_crypt()
251 kfree(rctx->assoc); in essiv_aead_crypt()
272 essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0); in essiv_init_tfm()
276 hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0); in essiv_init_tfm()
282 tctx->essiv_cipher = essiv_cipher; in essiv_init_tfm()
283 tctx->hash = hash; in essiv_init_tfm()
300 skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn); in essiv_skcipher_init_tfm()
313 tctx->u.skcipher = skcipher; in essiv_skcipher_init_tfm()
329 aead = crypto_spawn_aead(&ictx->u.aead_spawn); in essiv_aead_init_tfm()
336 tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) + in essiv_aead_init_tfm()
338 crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead)); in essiv_aead_init_tfm()
346 tctx->u.aead = aead; in essiv_aead_init_tfm()
354 crypto_free_skcipher(tctx->u.skcipher); in essiv_skcipher_exit_tfm()
355 crypto_free_cipher(tctx->essiv_cipher); in essiv_skcipher_exit_tfm()
356 crypto_free_shash(tctx->hash); in essiv_skcipher_exit_tfm()
363 crypto_free_aead(tctx->u.aead); in essiv_aead_exit_tfm()
364 crypto_free_cipher(tctx->essiv_cipher); in essiv_aead_exit_tfm()
365 crypto_free_shash(tctx->hash); in essiv_aead_exit_tfm()
372 crypto_drop_skcipher(&ictx->u.skcipher_spawn); in essiv_skcipher_free_instance()
380 crypto_drop_aead(&ictx->u.aead_spawn); in essiv_aead_free_instance()
399 len = q - p; in parse_cipher_name()
421 if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || in essiv_supported_algorithms()
422 hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) in essiv_supported_algorithms()
425 if (ivsize != alg->cra_blocksize) in essiv_supported_algorithms()
469 type = algt->type & algt->mask; in essiv_create()
477 return -ENOMEM; in essiv_create()
479 base = &skcipher_inst->alg.base; in essiv_create()
483 err = crypto_grab_skcipher(&ictx->u.skcipher_spawn, inst, in essiv_create()
487 skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn); in essiv_create()
488 block_base = &skcipher_alg->base; in essiv_create()
496 return -ENOMEM; in essiv_create()
498 base = &aead_inst->alg.base; in essiv_create()
502 err = crypto_grab_aead(&ictx->u.aead_spawn, inst, in essiv_create()
506 aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn); in essiv_create()
507 block_base = &aead_alg->base; in essiv_create()
508 if (!strstarts(block_base->cra_name, "authenc(")) { in essiv_create()
510 err = -EINVAL; in essiv_create()
513 ivsize = aead_alg->ivsize; in essiv_create()
517 return -EINVAL; in essiv_create()
520 if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) { in essiv_create()
522 err = -EINVAL; in essiv_create()
537 if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg, in essiv_create()
540 block_base->cra_name, hash_alg->base.cra_name); in essiv_create()
541 err = -EINVAL; in essiv_create()
546 strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name, in essiv_create()
551 err = -ENAMETOOLONG; in essiv_create()
552 if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, in essiv_create()
553 "essiv(%s,%s)", block_base->cra_name, in essiv_create()
554 hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) in essiv_create()
556 if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, in essiv_create()
557 "essiv(%s,%s)", block_base->cra_driver_name, in essiv_create()
558 hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) in essiv_create()
565 base->cra_flags |= (hash_alg->base.cra_flags & in essiv_create()
567 base->cra_blocksize = block_base->cra_blocksize; in essiv_create()
568 base->cra_ctxsize = sizeof(struct essiv_tfm_ctx); in essiv_create()
569 base->cra_alignmask = block_base->cra_alignmask; in essiv_create()
570 base->cra_priority = block_base->cra_priority; in essiv_create()
573 skcipher_inst->alg.setkey = essiv_skcipher_setkey; in essiv_create()
574 skcipher_inst->alg.encrypt = essiv_skcipher_encrypt; in essiv_create()
575 skcipher_inst->alg.decrypt = essiv_skcipher_decrypt; in essiv_create()
576 skcipher_inst->alg.init = essiv_skcipher_init_tfm; in essiv_create()
577 skcipher_inst->alg.exit = essiv_skcipher_exit_tfm; in essiv_create()
579 skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg); in essiv_create()
580 skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg); in essiv_create()
581 skcipher_inst->alg.ivsize = ivsize; in essiv_create()
582 skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg); in essiv_create()
583 skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg); in essiv_create()
585 skcipher_inst->free = essiv_skcipher_free_instance; in essiv_create()
589 aead_inst->alg.setkey = essiv_aead_setkey; in essiv_create()
590 aead_inst->alg.setauthsize = essiv_aead_setauthsize; in essiv_create()
591 aead_inst->alg.encrypt = essiv_aead_encrypt; in essiv_create()
592 aead_inst->alg.decrypt = essiv_aead_decrypt; in essiv_create()
593 aead_inst->alg.init = essiv_aead_init_tfm; in essiv_create()
594 aead_inst->alg.exit = essiv_aead_exit_tfm; in essiv_create()
596 aead_inst->alg.ivsize = ivsize; in essiv_create()
597 aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg); in essiv_create()
598 aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg); in essiv_create()
600 aead_inst->free = essiv_aead_free_instance; in essiv_create()
615 crypto_drop_skcipher(&ictx->u.skcipher_spawn); in essiv_create()
617 crypto_drop_aead(&ictx->u.aead_spawn); in essiv_create()