1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * CFB: Cipher FeedBack mode |
4 | * |
5 | * Copyright (c) 2018 James.Bottomley@HansenPartnership.com |
6 | * |
7 | * CFB is a stream cipher mode which is layered on to a block |
8 | * encryption scheme. It works very much like a one time pad where |
9 | * the pad is generated initially from the encrypted IV and then |
10 | * subsequently from the encrypted previous block of ciphertext. The |
11 | * pad is XOR'd into the plain text to get the final ciphertext. |
12 | * |
13 | * The scheme of CFB is best described by wikipedia: |
14 | * |
15 | * https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB |
16 | * |
17 | * Note that since the pad for both encryption and decryption is |
18 | * generated by an encryption operation, CFB never uses the block |
19 | * decryption function. |
20 | */ |
21 | |
22 | #include <crypto/algapi.h> |
23 | #include <crypto/internal/cipher.h> |
24 | #include <crypto/internal/skcipher.h> |
25 | #include <linux/err.h> |
26 | #include <linux/init.h> |
27 | #include <linux/kernel.h> |
28 | #include <linux/module.h> |
29 | #include <linux/string.h> |
30 | |
31 | static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm) |
32 | { |
33 | return crypto_cipher_blocksize(tfm: skcipher_cipher_simple(tfm)); |
34 | } |
35 | |
36 | static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm, |
37 | const u8 *src, u8 *dst) |
38 | { |
39 | crypto_cipher_encrypt_one(tfm: skcipher_cipher_simple(tfm), dst, src); |
40 | } |
41 | |
42 | /* final encrypt and decrypt is the same */ |
43 | static void crypto_cfb_final(struct skcipher_walk *walk, |
44 | struct crypto_skcipher *tfm) |
45 | { |
46 | const unsigned long alignmask = crypto_skcipher_alignmask(tfm); |
47 | u8 tmp[MAX_CIPHER_BLOCKSIZE + MAX_CIPHER_ALIGNMASK]; |
48 | u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1); |
49 | u8 *src = walk->src.virt.addr; |
50 | u8 *dst = walk->dst.virt.addr; |
51 | u8 *iv = walk->iv; |
52 | unsigned int nbytes = walk->nbytes; |
53 | |
54 | crypto_cfb_encrypt_one(tfm, src: iv, dst: stream); |
55 | crypto_xor_cpy(dst, src1: stream, src2: src, size: nbytes); |
56 | } |
57 | |
58 | static int crypto_cfb_encrypt_segment(struct skcipher_walk *walk, |
59 | struct crypto_skcipher *tfm) |
60 | { |
61 | const unsigned int bsize = crypto_cfb_bsize(tfm); |
62 | unsigned int nbytes = walk->nbytes; |
63 | u8 *src = walk->src.virt.addr; |
64 | u8 *dst = walk->dst.virt.addr; |
65 | u8 *iv = walk->iv; |
66 | |
67 | do { |
68 | crypto_cfb_encrypt_one(tfm, src: iv, dst); |
69 | crypto_xor(dst, src, size: bsize); |
70 | iv = dst; |
71 | |
72 | src += bsize; |
73 | dst += bsize; |
74 | } while ((nbytes -= bsize) >= bsize); |
75 | |
76 | memcpy(walk->iv, iv, bsize); |
77 | |
78 | return nbytes; |
79 | } |
80 | |
81 | static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk, |
82 | struct crypto_skcipher *tfm) |
83 | { |
84 | const unsigned int bsize = crypto_cfb_bsize(tfm); |
85 | unsigned int nbytes = walk->nbytes; |
86 | u8 *src = walk->src.virt.addr; |
87 | u8 *iv = walk->iv; |
88 | u8 tmp[MAX_CIPHER_BLOCKSIZE]; |
89 | |
90 | do { |
91 | crypto_cfb_encrypt_one(tfm, src: iv, dst: tmp); |
92 | crypto_xor(dst: src, src: tmp, size: bsize); |
93 | iv = src; |
94 | |
95 | src += bsize; |
96 | } while ((nbytes -= bsize) >= bsize); |
97 | |
98 | memcpy(walk->iv, iv, bsize); |
99 | |
100 | return nbytes; |
101 | } |
102 | |
103 | static int crypto_cfb_encrypt(struct skcipher_request *req) |
104 | { |
105 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
106 | struct skcipher_walk walk; |
107 | unsigned int bsize = crypto_cfb_bsize(tfm); |
108 | int err; |
109 | |
110 | err = skcipher_walk_virt(walk: &walk, req, atomic: false); |
111 | |
112 | while (walk.nbytes >= bsize) { |
113 | if (walk.src.virt.addr == walk.dst.virt.addr) |
114 | err = crypto_cfb_encrypt_inplace(walk: &walk, tfm); |
115 | else |
116 | err = crypto_cfb_encrypt_segment(walk: &walk, tfm); |
117 | err = skcipher_walk_done(walk: &walk, err); |
118 | } |
119 | |
120 | if (walk.nbytes) { |
121 | crypto_cfb_final(walk: &walk, tfm); |
122 | err = skcipher_walk_done(walk: &walk, err: 0); |
123 | } |
124 | |
125 | return err; |
126 | } |
127 | |
128 | static int crypto_cfb_decrypt_segment(struct skcipher_walk *walk, |
129 | struct crypto_skcipher *tfm) |
130 | { |
131 | const unsigned int bsize = crypto_cfb_bsize(tfm); |
132 | unsigned int nbytes = walk->nbytes; |
133 | u8 *src = walk->src.virt.addr; |
134 | u8 *dst = walk->dst.virt.addr; |
135 | u8 *iv = walk->iv; |
136 | |
137 | do { |
138 | crypto_cfb_encrypt_one(tfm, src: iv, dst); |
139 | crypto_xor(dst, src, size: bsize); |
140 | iv = src; |
141 | |
142 | src += bsize; |
143 | dst += bsize; |
144 | } while ((nbytes -= bsize) >= bsize); |
145 | |
146 | memcpy(walk->iv, iv, bsize); |
147 | |
148 | return nbytes; |
149 | } |
150 | |
151 | static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk, |
152 | struct crypto_skcipher *tfm) |
153 | { |
154 | const unsigned int bsize = crypto_cfb_bsize(tfm); |
155 | unsigned int nbytes = walk->nbytes; |
156 | u8 *src = walk->src.virt.addr; |
157 | u8 * const iv = walk->iv; |
158 | u8 tmp[MAX_CIPHER_BLOCKSIZE]; |
159 | |
160 | do { |
161 | crypto_cfb_encrypt_one(tfm, src: iv, dst: tmp); |
162 | memcpy(iv, src, bsize); |
163 | crypto_xor(dst: src, src: tmp, size: bsize); |
164 | src += bsize; |
165 | } while ((nbytes -= bsize) >= bsize); |
166 | |
167 | return nbytes; |
168 | } |
169 | |
170 | static int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk, |
171 | struct crypto_skcipher *tfm) |
172 | { |
173 | if (walk->src.virt.addr == walk->dst.virt.addr) |
174 | return crypto_cfb_decrypt_inplace(walk, tfm); |
175 | else |
176 | return crypto_cfb_decrypt_segment(walk, tfm); |
177 | } |
178 | |
179 | static int crypto_cfb_decrypt(struct skcipher_request *req) |
180 | { |
181 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
182 | struct skcipher_walk walk; |
183 | const unsigned int bsize = crypto_cfb_bsize(tfm); |
184 | int err; |
185 | |
186 | err = skcipher_walk_virt(walk: &walk, req, atomic: false); |
187 | |
188 | while (walk.nbytes >= bsize) { |
189 | err = crypto_cfb_decrypt_blocks(walk: &walk, tfm); |
190 | err = skcipher_walk_done(walk: &walk, err); |
191 | } |
192 | |
193 | if (walk.nbytes) { |
194 | crypto_cfb_final(walk: &walk, tfm); |
195 | err = skcipher_walk_done(walk: &walk, err: 0); |
196 | } |
197 | |
198 | return err; |
199 | } |
200 | |
201 | static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb) |
202 | { |
203 | struct skcipher_instance *inst; |
204 | struct crypto_alg *alg; |
205 | int err; |
206 | |
207 | inst = skcipher_alloc_instance_simple(tmpl, tb); |
208 | if (IS_ERR(ptr: inst)) |
209 | return PTR_ERR(ptr: inst); |
210 | |
211 | alg = skcipher_ialg_simple(inst); |
212 | |
213 | /* CFB mode is a stream cipher. */ |
214 | inst->alg.base.cra_blocksize = 1; |
215 | |
216 | /* |
217 | * To simplify the implementation, configure the skcipher walk to only |
218 | * give a partial block at the very end, never earlier. |
219 | */ |
220 | inst->alg.chunksize = alg->cra_blocksize; |
221 | |
222 | inst->alg.encrypt = crypto_cfb_encrypt; |
223 | inst->alg.decrypt = crypto_cfb_decrypt; |
224 | |
225 | err = skcipher_register_instance(tmpl, inst); |
226 | if (err) |
227 | inst->free(inst); |
228 | |
229 | return err; |
230 | } |
231 | |
232 | static struct crypto_template crypto_cfb_tmpl = { |
233 | .name = "cfb" , |
234 | .create = crypto_cfb_create, |
235 | .module = THIS_MODULE, |
236 | }; |
237 | |
238 | static int __init crypto_cfb_module_init(void) |
239 | { |
240 | return crypto_register_template(tmpl: &crypto_cfb_tmpl); |
241 | } |
242 | |
243 | static void __exit crypto_cfb_module_exit(void) |
244 | { |
245 | crypto_unregister_template(tmpl: &crypto_cfb_tmpl); |
246 | } |
247 | |
248 | subsys_initcall(crypto_cfb_module_init); |
249 | module_exit(crypto_cfb_module_exit); |
250 | |
251 | MODULE_LICENSE("GPL" ); |
252 | MODULE_DESCRIPTION("CFB block cipher mode of operation" ); |
253 | MODULE_ALIAS_CRYPTO("cfb" ); |
254 | MODULE_IMPORT_NS(CRYPTO_INTERNAL); |
255 | |