2 * Linux kernel userspace API crypto backend implementation (skcipher)
4 * Copyright (C) 2012-2020 Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012-2020 Milan Broz
7 * This file is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This file is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this file; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include <sys/socket.h>
30 #include "crypto_backend_internal.h"
34 #include <linux/if_alg.h>
43 #ifndef ALG_SET_AEAD_AUTHSIZE
44 #define ALG_SET_AEAD_AUTHSIZE 5
50 * ENOENT - algorithm not available
51 * ENOTSUP - AF_ALG family not available
52 * (but cannot check specifically for skcipher API)
54 static int _crypt_cipher_init(struct crypt_cipher_kernel *ctx,
55 const void *key, size_t key_length,
56 size_t tag_length, struct sockaddr_alg *sa)
62 ctx->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
64 crypt_cipher_destroy_kernel(ctx);
68 if (bind(ctx->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
69 crypt_cipher_destroy_kernel(ctx);
73 if (setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
74 crypt_cipher_destroy_kernel(ctx);
78 if (tag_length && setsockopt(ctx->tfmfd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, tag_length) < 0) {
79 crypt_cipher_destroy_kernel(ctx);
83 ctx->opfd = accept(ctx->tfmfd, NULL, 0);
85 crypt_cipher_destroy_kernel(ctx);
92 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
93 const char *mode, const void *key, size_t key_length)
95 struct sockaddr_alg sa = {
96 .salg_family = AF_ALG,
97 .salg_type = "skcipher",
100 if (!strcmp(name, "cipher_null"))
103 snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
105 return _crypt_cipher_init(ctx, key, key_length, 0, &sa);
108 /* The in/out should be aligned to page boundary */
109 static int _crypt_cipher_crypt(struct crypt_cipher_kernel *ctx,
110 const char *in, size_t in_length,
111 char *out, size_t out_length,
112 const char *iv, size_t iv_length,
117 struct af_alg_iv *alg_iv;
118 struct cmsghdr *header;
121 .iov_base = (void*)(uintptr_t)in,
122 .iov_len = in_length,
124 int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
125 char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
126 struct msghdr msg = {
127 .msg_control = buffer,
128 .msg_controllen = sizeof(buffer),
133 if (!in || !out || !in_length)
136 if ((!iv && iv_length) || (iv && !iv_length))
139 memset(buffer, 0, sizeof(buffer));
141 /* Set encrypt/decrypt operation */
142 header = CMSG_FIRSTHDR(&msg);
146 header->cmsg_level = SOL_ALG;
147 header->cmsg_type = ALG_SET_OP;
148 header->cmsg_len = CMSG_LEN(sizeof(*type));
149 type = (void*)CMSG_DATA(header);
154 header = CMSG_NXTHDR(&msg, header);
155 header->cmsg_level = SOL_ALG;
156 header->cmsg_type = ALG_SET_IV;
157 header->cmsg_len = iv_msg_size;
158 alg_iv = (void*)CMSG_DATA(header);
159 alg_iv->ivlen = iv_length;
160 memcpy(alg_iv->iv, iv, iv_length);
163 len = sendmsg(ctx->opfd, &msg, 0);
164 if (len != (ssize_t)(in_length)) {
169 len = read(ctx->opfd, out, out_length);
170 if (len != (ssize_t)out_length)
173 crypt_backend_memzero(buffer, sizeof(buffer));
177 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
178 const char *in, char *out, size_t length,
179 const char *iv, size_t iv_length)
181 return _crypt_cipher_crypt(ctx, in, length, out, length,
182 iv, iv_length, ALG_OP_ENCRYPT);
185 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
186 const char *in, char *out, size_t length,
187 const char *iv, size_t iv_length)
189 return _crypt_cipher_crypt(ctx, in, length, out, length,
190 iv, iv_length, ALG_OP_DECRYPT);
193 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
204 int crypt_cipher_check_kernel(const char *name, const char *mode,
205 const char *integrity, size_t key_length)
207 struct crypt_cipher_kernel c;
208 char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key;
209 const char *salg_type;
212 struct sockaddr_alg sa = {
213 .salg_family = AF_ALG,
216 aead = integrity && strcmp(integrity, "none");
218 /* Remove IV if present */
220 strncpy(mode_name, mode, sizeof(mode_name));
221 mode_name[sizeof(mode_name) - 1] = 0;
222 cipher_iv = strchr(mode_name, '-');
225 real_mode = mode_name;
229 salg_type = aead ? "aead" : "skcipher";
230 snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
231 memset(tmp_salg_name, 0, sizeof(tmp_salg_name));
233 /* FIXME: this is duplicating a part of devmapper backend */
234 if (aead && !strcmp(integrity, "poly1305"))
235 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc7539(%s,%s)", name, integrity);
237 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s", name);
238 else if (aead && !strcmp(real_mode, "ccm"))
239 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc4309(%s(%s))", real_mode, name);
241 r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name);
243 if (r <= 0 || r > (int)(sizeof(sa.salg_name) - 1))
246 memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name));
248 key = malloc(key_length);
252 /* We cannot use RNG yet, any key works here, tweak the first part if it is split key (XTS). */
253 memset(key, 0xab, key_length);
256 r = _crypt_cipher_init(&c, key, key_length, 0, &sa);
257 crypt_cipher_destroy_kernel(&c);
263 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
264 const char *in, char *out, size_t length,
265 const char *iv, size_t iv_length,
266 const char *tag, size_t tag_length)
268 struct crypt_cipher_kernel c;
269 struct sockaddr_alg sa = {
270 .salg_family = AF_ALG,
272 .salg_name = "ccm(aes)",
275 char buffer[128], ccm_iv[16];
277 if (length + tag_length > sizeof(buffer))
280 if (iv_length > sizeof(ccm_iv) - 2)
283 r = _crypt_cipher_init(&c, key, key_length, tag_length, &sa);
287 memcpy(buffer, in, length);
288 memcpy(buffer + length, tag, tag_length);
290 /* CCM IV - RFC3610 */
291 memset(ccm_iv, 0, sizeof(ccm_iv));
292 ccm_iv[0] = 15 - iv_length - 1;
293 memcpy(ccm_iv + 1, iv, iv_length);
294 memset(ccm_iv + 1 + iv_length, 0, ccm_iv[0] + 1);
295 iv_length = sizeof(ccm_iv);
297 r = _crypt_cipher_crypt(&c, buffer, length + tag_length, out, length,
298 ccm_iv, iv_length, ALG_OP_DECRYPT);
300 crypt_cipher_destroy_kernel(&c);
301 crypt_backend_memzero(buffer, sizeof(buffer));
306 #else /* ENABLE_AF_ALG */
307 int crypt_cipher_init_kernel(struct crypt_cipher_kernel *ctx, const char *name,
308 const char *mode, const void *key, size_t key_length)
313 void crypt_cipher_destroy_kernel(struct crypt_cipher_kernel *ctx)
318 int crypt_cipher_encrypt_kernel(struct crypt_cipher_kernel *ctx,
319 const char *in, char *out, size_t length,
320 const char *iv, size_t iv_length)
324 int crypt_cipher_decrypt_kernel(struct crypt_cipher_kernel *ctx,
325 const char *in, char *out, size_t length,
326 const char *iv, size_t iv_length)
330 int crypt_cipher_check_kernel(const char *name, const char *mode,
331 const char *integrity, size_t key_length)
333 /* Cannot check, expect success. */
336 int crypt_bitlk_decrypt_key_kernel(const void *key, size_t key_length,
337 const char *in, char *out, size_t length,
338 const char *iv, size_t iv_length,
339 const char *tag, size_t tag_length)