mirror of
https://github.com/torvalds/linux.git
synced 2024-11-18 01:51:53 +00:00
453431a549
As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or something. The "zero" part of the interface isn't even _relevant_. The main reason that kzfree() exists is to clear sensitive information that should not be leaked to other future users of the same memory objects. Rename kzfree() to kfree_sensitive() to follow the example of the recently added kvfree_sensitive() and make the intention of the API more explicit. In addition, memzero_explicit() is used to clear the memory to make sure that it won't get optimized away by the compiler. The renaming is done by using the command sequence: git grep -w --name-only kzfree |\ xargs sed -i 's/kzfree/kfree_sensitive/' followed by some editing of the kfree_sensitive() kerneldoc and adding a kzfree backward compatibility macro in slab.h. [akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h] [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more] Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: David Howells <dhowells@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Joe Perches <joe@perches.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: David Rientjes <rientjes@google.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
189 lines
4.5 KiB
C
189 lines
4.5 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* seqiv: Sequence Number IV Generator
|
|
*
|
|
* This generator generates an IV based on a sequence number by xoring it
|
|
* with a salt. This algorithm is mainly useful for CTR and similar modes.
|
|
*
|
|
* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
|
|
*/
|
|
|
|
#include <crypto/internal/geniv.h>
|
|
#include <crypto/scatterwalk.h>
|
|
#include <crypto/skcipher.h>
|
|
#include <linux/err.h>
|
|
#include <linux/init.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/string.h>
|
|
|
|
static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)
|
|
{
|
|
struct aead_request *subreq = aead_request_ctx(req);
|
|
struct crypto_aead *geniv;
|
|
|
|
if (err == -EINPROGRESS)
|
|
return;
|
|
|
|
if (err)
|
|
goto out;
|
|
|
|
geniv = crypto_aead_reqtfm(req);
|
|
memcpy(req->iv, subreq->iv, crypto_aead_ivsize(geniv));
|
|
|
|
out:
|
|
kfree_sensitive(subreq->iv);
|
|
}
|
|
|
|
static void seqiv_aead_encrypt_complete(struct crypto_async_request *base,
|
|
int err)
|
|
{
|
|
struct aead_request *req = base->data;
|
|
|
|
seqiv_aead_encrypt_complete2(req, err);
|
|
aead_request_complete(req, err);
|
|
}
|
|
|
|
static int seqiv_aead_encrypt(struct aead_request *req)
|
|
{
|
|
struct crypto_aead *geniv = crypto_aead_reqtfm(req);
|
|
struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
|
|
struct aead_request *subreq = aead_request_ctx(req);
|
|
crypto_completion_t compl;
|
|
void *data;
|
|
u8 *info;
|
|
unsigned int ivsize = 8;
|
|
int err;
|
|
|
|
if (req->cryptlen < ivsize)
|
|
return -EINVAL;
|
|
|
|
aead_request_set_tfm(subreq, ctx->child);
|
|
|
|
compl = req->base.complete;
|
|
data = req->base.data;
|
|
info = req->iv;
|
|
|
|
if (req->src != req->dst) {
|
|
SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);
|
|
|
|
skcipher_request_set_sync_tfm(nreq, ctx->sknull);
|
|
skcipher_request_set_callback(nreq, req->base.flags,
|
|
NULL, NULL);
|
|
skcipher_request_set_crypt(nreq, req->src, req->dst,
|
|
req->assoclen + req->cryptlen,
|
|
NULL);
|
|
|
|
err = crypto_skcipher_encrypt(nreq);
|
|
if (err)
|
|
return err;
|
|
}
|
|
|
|
if (unlikely(!IS_ALIGNED((unsigned long)info,
|
|
crypto_aead_alignmask(geniv) + 1))) {
|
|
info = kmemdup(req->iv, ivsize, req->base.flags &
|
|
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
|
|
GFP_ATOMIC);
|
|
if (!info)
|
|
return -ENOMEM;
|
|
|
|
compl = seqiv_aead_encrypt_complete;
|
|
data = req;
|
|
}
|
|
|
|
aead_request_set_callback(subreq, req->base.flags, compl, data);
|
|
aead_request_set_crypt(subreq, req->dst, req->dst,
|
|
req->cryptlen - ivsize, info);
|
|
aead_request_set_ad(subreq, req->assoclen + ivsize);
|
|
|
|
crypto_xor(info, ctx->salt, ivsize);
|
|
scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
|
|
|
|
err = crypto_aead_encrypt(subreq);
|
|
if (unlikely(info != req->iv))
|
|
seqiv_aead_encrypt_complete2(req, err);
|
|
return err;
|
|
}
|
|
|
|
static int seqiv_aead_decrypt(struct aead_request *req)
|
|
{
|
|
struct crypto_aead *geniv = crypto_aead_reqtfm(req);
|
|
struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
|
|
struct aead_request *subreq = aead_request_ctx(req);
|
|
crypto_completion_t compl;
|
|
void *data;
|
|
unsigned int ivsize = 8;
|
|
|
|
if (req->cryptlen < ivsize + crypto_aead_authsize(geniv))
|
|
return -EINVAL;
|
|
|
|
aead_request_set_tfm(subreq, ctx->child);
|
|
|
|
compl = req->base.complete;
|
|
data = req->base.data;
|
|
|
|
aead_request_set_callback(subreq, req->base.flags, compl, data);
|
|
aead_request_set_crypt(subreq, req->src, req->dst,
|
|
req->cryptlen - ivsize, req->iv);
|
|
aead_request_set_ad(subreq, req->assoclen + ivsize);
|
|
|
|
scatterwalk_map_and_copy(req->iv, req->src, req->assoclen, ivsize, 0);
|
|
|
|
return crypto_aead_decrypt(subreq);
|
|
}
|
|
|
|
static int seqiv_aead_create(struct crypto_template *tmpl, struct rtattr **tb)
|
|
{
|
|
struct aead_instance *inst;
|
|
int err;
|
|
|
|
inst = aead_geniv_alloc(tmpl, tb);
|
|
|
|
if (IS_ERR(inst))
|
|
return PTR_ERR(inst);
|
|
|
|
err = -EINVAL;
|
|
if (inst->alg.ivsize != sizeof(u64))
|
|
goto free_inst;
|
|
|
|
inst->alg.encrypt = seqiv_aead_encrypt;
|
|
inst->alg.decrypt = seqiv_aead_decrypt;
|
|
|
|
inst->alg.init = aead_init_geniv;
|
|
inst->alg.exit = aead_exit_geniv;
|
|
|
|
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
|
|
inst->alg.base.cra_ctxsize += inst->alg.ivsize;
|
|
|
|
err = aead_register_instance(tmpl, inst);
|
|
if (err) {
|
|
free_inst:
|
|
inst->free(inst);
|
|
}
|
|
return err;
|
|
}
|
|
|
|
static struct crypto_template seqiv_tmpl = {
|
|
.name = "seqiv",
|
|
.create = seqiv_aead_create,
|
|
.module = THIS_MODULE,
|
|
};
|
|
|
|
static int __init seqiv_module_init(void)
|
|
{
|
|
return crypto_register_template(&seqiv_tmpl);
|
|
}
|
|
|
|
static void __exit seqiv_module_exit(void)
|
|
{
|
|
crypto_unregister_template(&seqiv_tmpl);
|
|
}
|
|
|
|
subsys_initcall(seqiv_module_init);
|
|
module_exit(seqiv_module_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("Sequence Number IV Generator");
|
|
MODULE_ALIAS_CRYPTO("seqiv");
|