2 * Linux kernel userspace API crypto backend implementation (skcipher)
4 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
5 * Copyright (C) 2012, Milan Broz
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * version 2 as published by the Free Software Foundation.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #include <sys/socket.h>
28 #include <linux/if_alg.h>
29 #include "crypto_backend.h"
43 int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
45 *tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
49 if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
55 *opfd = accept(*tfmfd, NULL, 0);
65 static int crypt_kernel_cipher_available(void)
69 if(stat("/sys/module/algif_skcipher", &st) < 0)
78 * ENOENT - no API available
79 * ENOTSUP - algorithm not available
81 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
82 const char *mode, const void *buffer, size_t length)
84 struct crypt_cipher *h;
85 struct sockaddr_alg sa = {
86 .salg_family = AF_ALG,
87 .salg_type = "skcipher",
91 h = malloc(sizeof(*h));
95 snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
96 "%s(%s)", mode, name);
98 r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
102 return crypt_kernel_cipher_available();
106 if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
107 crypt_cipher_destroy(h);
115 /* The in/out should be aligned to page boundary */
116 static int crypt_cipher_crypt(struct crypt_cipher *ctx,
117 const char *in, char *out, size_t length,
118 const char *iv, size_t iv_length,
123 struct af_alg_iv *alg_iv;
124 struct cmsghdr *header;
127 .iov_base = (void*)(uintptr_t)in,
130 int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
131 char buffer[CMSG_SPACE(sizeof(type)) + iv_msg_size];
132 struct msghdr msg = {
133 .msg_control = buffer,
134 .msg_controllen = sizeof(buffer),
139 if (!in || !out || !length)
142 if ((!iv && iv_length) || (iv && !iv_length))
145 memset(buffer, 0, sizeof(buffer));
147 /* Set encrypt/decrypt operation */
148 header = CMSG_FIRSTHDR(&msg);
149 header->cmsg_level = SOL_ALG;
150 header->cmsg_type = ALG_SET_OP;
151 header->cmsg_len = CMSG_LEN(sizeof(type));
152 type = (void*)CMSG_DATA(header);
157 header = CMSG_NXTHDR(&msg, header);
158 header->cmsg_level = SOL_ALG;
159 header->cmsg_type = ALG_SET_IV;
160 header->cmsg_len = iv_msg_size;
161 alg_iv = (void*)CMSG_DATA(header);
162 alg_iv->ivlen = iv_length;
163 memcpy(alg_iv->iv, iv, iv_length);
166 len = sendmsg(ctx->opfd, &msg, 0);
167 if (len != (ssize_t)length) {
172 len = read(ctx->opfd, out, length);
173 if (len != (ssize_t)length)
176 memset(buffer, 0, sizeof(buffer));
180 int crypt_cipher_encrypt(struct crypt_cipher *ctx,
181 const char *in, char *out, size_t length,
182 const char *iv, size_t iv_length)
184 return crypt_cipher_crypt(ctx, in, out, length,
185 iv, iv_length, ALG_OP_ENCRYPT);
188 int crypt_cipher_decrypt(struct crypt_cipher *ctx,
189 const char *in, char *out, size_t length,
190 const char *iv, size_t iv_length)
192 return crypt_cipher_crypt(ctx, in, out, length,
193 iv, iv_length, ALG_OP_DECRYPT);
196 int crypt_cipher_destroy(struct crypt_cipher *ctx)
198 if (ctx->tfmfd != -1)
202 memset(ctx, 0, sizeof(*ctx));