crypto: cfb - add support for Cipher FeedBack mode

	  CBC: Cipher Block Chaining mode

	  This block cipher algorithm is required for IPSec.

config CRYPTO_CFB

	tristate "CFB support"

	select CRYPTO_BLKCIPHER

	select CRYPTO_MANAGER

	help

	  CFB: Cipher FeedBack mode

	  This block cipher algorithm is required for TPM2 Cryptography.

config CRYPTO_CTR

	tristate "CTR support"

	select CRYPTO_BLKCIPHER

obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o

obj-$(CONFIG_CRYPTO_ECB) += ecb.o

obj-$(CONFIG_CRYPTO_CBC) += cbc.o

obj-$(CONFIG_CRYPTO_CFB) += cfb.o

obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o

obj-$(CONFIG_CRYPTO_CTS) += cts.o

obj-$(CONFIG_CRYPTO_LRW) += lrw.o

//SPDX-License-Identifier: GPL-2.0

/*

 * CFB: Cipher FeedBack mode

 *

 * Copyright (c) 2018 James.Bottomley@HansenPartnership.com

 *

 * CFB is a stream cipher mode which is layered on to a block

 * encryption scheme.  It works very much like a one time pad where

 * the pad is generated initially from the encrypted IV and then

 * subsequently from the encrypted previous block of ciphertext.  The

 * pad is XOR'd into the plain text to get the final ciphertext.

 *

 * The scheme of CFB is best described by wikipedia:

 *

 * https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB

 *

 * Note that since the pad for both encryption and decryption is

 * generated by an encryption operation, CFB never uses the block

 * decryption function.

 */

#include <crypto/algapi.h>

#include <crypto/internal/skcipher.h>

#include <linux/err.h>

#include <linux/init.h>

#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/slab.h>

#include <linux/string.h>

#include <linux/types.h>

struct crypto_cfb_ctx {

	struct crypto_cipher *child;

};

static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm)

{

	struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);

	struct crypto_cipher *child = ctx->child;

	return crypto_cipher_blocksize(child);

}

static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm,

					  const u8 *src, u8 *dst)

{

	struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);

	crypto_cipher_encrypt_one(ctx->child, dst, src);

}

/* final encrypt and decrypt is the same */

static void crypto_cfb_final(struct skcipher_walk *walk,

			     struct crypto_skcipher *tfm)

{

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	const unsigned long alignmask = crypto_skcipher_alignmask(tfm);

	u8 tmp[bsize + alignmask];

	u8 *stream = PTR_ALIGN(tmp + 0, alignmask + 1);

	u8 *src = walk->src.virt.addr;

	u8 *dst = walk->dst.virt.addr;

	u8 *iv = walk->iv;

	unsigned int nbytes = walk->nbytes;

	crypto_cfb_encrypt_one(tfm, iv, stream);

	crypto_xor_cpy(dst, stream, src, nbytes);

}

static int crypto_cfb_encrypt_segment(struct skcipher_walk *walk,

				      struct crypto_skcipher *tfm)

{

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	unsigned int nbytes = walk->nbytes;

	u8 *src = walk->src.virt.addr;

	u8 *dst = walk->dst.virt.addr;

	u8 *iv = walk->iv;

	do {

		crypto_cfb_encrypt_one(tfm, iv, dst);

		crypto_xor(dst, src, bsize);

		memcpy(iv, dst, bsize);

		src += bsize;

		dst += bsize;

	} while ((nbytes -= bsize) >= bsize);

	return nbytes;

}

static int crypto_cfb_encrypt_inplace(struct skcipher_walk *walk,

				      struct crypto_skcipher *tfm)

{

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	unsigned int nbytes = walk->nbytes;

	u8 *src = walk->src.virt.addr;

	u8 *iv = walk->iv;

	u8 tmp[bsize];

	do {

		crypto_cfb_encrypt_one(tfm, iv, tmp);

		crypto_xor(src, tmp, bsize);

		iv = src;

		src += bsize;

	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;

}

static int crypto_cfb_encrypt(struct skcipher_request *req)

{

	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);

	struct skcipher_walk walk;

	unsigned int bsize = crypto_cfb_bsize(tfm);

	int err;

	err = skcipher_walk_virt(&walk, req, false);

	while (walk.nbytes >= bsize) {

		if (walk.src.virt.addr == walk.dst.virt.addr)

			err = crypto_cfb_encrypt_inplace(&walk, tfm);

		else

			err = crypto_cfb_encrypt_segment(&walk, tfm);

		err = skcipher_walk_done(&walk, err);

	}

	if (walk.nbytes) {

		crypto_cfb_final(&walk, tfm);

		err = skcipher_walk_done(&walk, 0);

	}

	return err;

}

static int crypto_cfb_decrypt_segment(struct skcipher_walk *walk,

				      struct crypto_skcipher *tfm)

{

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	unsigned int nbytes = walk->nbytes;

	u8 *src = walk->src.virt.addr;

	u8 *dst = walk->dst.virt.addr;

	u8 *iv = walk->iv;

	do {

		crypto_cfb_encrypt_one(tfm, iv, dst);

		crypto_xor(dst, iv, bsize);

		iv = src;

		src += bsize;

		dst += bsize;

	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;

}

static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk,

				      struct crypto_skcipher *tfm)

{

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	unsigned int nbytes = walk->nbytes;

	u8 *src = walk->src.virt.addr;

	u8 *iv = walk->iv;

	u8 tmp[bsize];

	do {

		crypto_cfb_encrypt_one(tfm, iv, tmp);

		memcpy(iv, src, bsize);

		crypto_xor(src, tmp, bsize);

		src += bsize;

	} while ((nbytes -= bsize) >= bsize);

	memcpy(walk->iv, iv, bsize);

	return nbytes;

}

static int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk,

				     struct crypto_skcipher *tfm)

{

	if (walk->src.virt.addr == walk->dst.virt.addr)

		return crypto_cfb_decrypt_inplace(walk, tfm);

	else

		return crypto_cfb_decrypt_segment(walk, tfm);

}

static int crypto_cfb_setkey(struct crypto_skcipher *parent, const u8 *key,

			     unsigned int keylen)

{

	struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(parent);

	struct crypto_cipher *child = ctx->child;

	int err;

	crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);

	crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) &

				       CRYPTO_TFM_REQ_MASK);

	err = crypto_cipher_setkey(child, key, keylen);

	crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) &

					  CRYPTO_TFM_RES_MASK);

	return err;

}

static int crypto_cfb_decrypt(struct skcipher_request *req)

{

	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);

	struct skcipher_walk walk;

	const unsigned int bsize = crypto_cfb_bsize(tfm);

	int err;

	err = skcipher_walk_virt(&walk, req, false);

	while (walk.nbytes >= bsize) {

		err = crypto_cfb_decrypt_blocks(&walk, tfm);

		err = skcipher_walk_done(&walk, err);

	}

	if (walk.nbytes) {

		crypto_cfb_final(&walk, tfm);

		err = skcipher_walk_done(&walk, 0);

	}

	return err;

}

static int crypto_cfb_init_tfm(struct crypto_skcipher *tfm)

{

	struct skcipher_instance *inst = skcipher_alg_instance(tfm);

	struct crypto_spawn *spawn = skcipher_instance_ctx(inst);

	struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);

	struct crypto_cipher *cipher;

	cipher = crypto_spawn_cipher(spawn);

	if (IS_ERR(cipher))

		return PTR_ERR(cipher);

	ctx->child = cipher;

	return 0;

}

static void crypto_cfb_exit_tfm(struct crypto_skcipher *tfm)

{

	struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);

	crypto_free_cipher(ctx->child);

}

static void crypto_cfb_free(struct skcipher_instance *inst)

{

	crypto_drop_skcipher(skcipher_instance_ctx(inst));

	kfree(inst);

}

static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb)

{

	struct skcipher_instance *inst;

	struct crypto_attr_type *algt;

	struct crypto_spawn *spawn;

	struct crypto_alg *alg;

	u32 mask;

	int err;

	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER);

	if (err)

		return err;

	inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);

	if (!inst)

		return -ENOMEM;

	algt = crypto_get_attr_type(tb);

	err = PTR_ERR(algt);

	if (IS_ERR(algt))

		goto err_free_inst;

	mask = CRYPTO_ALG_TYPE_MASK |

		crypto_requires_off(algt->type, algt->mask,

				    CRYPTO_ALG_NEED_FALLBACK);

	alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask);

	err = PTR_ERR(alg);

	if (IS_ERR(alg))

		goto err_free_inst;

	spawn = skcipher_instance_ctx(inst);

	err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst),

				CRYPTO_ALG_TYPE_MASK);

	crypto_mod_put(alg);

	if (err)

		goto err_free_inst;

	err = crypto_inst_setname(skcipher_crypto_instance(inst), "cfb", alg);

	if (err)

		goto err_drop_spawn;

	inst->alg.base.cra_priority = alg->cra_priority;

	/* we're a stream cipher independend of the crypto cra_blocksize */

	inst->alg.base.cra_blocksize = 1;

	inst->alg.base.cra_alignmask = alg->cra_alignmask;

	inst->alg.ivsize = alg->cra_blocksize;

	inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize;

	inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize;

	inst->alg.base.cra_ctxsize = sizeof(struct crypto_cfb_ctx);

	inst->alg.init = crypto_cfb_init_tfm;

	inst->alg.exit = crypto_cfb_exit_tfm;

	inst->alg.setkey = crypto_cfb_setkey;

	inst->alg.encrypt = crypto_cfb_encrypt;

	inst->alg.decrypt = crypto_cfb_decrypt;

	inst->free = crypto_cfb_free;

	err = skcipher_register_instance(tmpl, inst);

	if (err)

		goto err_drop_spawn;

out:

	return err;

err_drop_spawn:

	crypto_drop_spawn(spawn);

err_free_inst:

	kfree(inst);

	goto out;

}

static struct crypto_template crypto_cfb_tmpl = {

	.name = "cfb",

	.create = crypto_cfb_create,

	.module = THIS_MODULE,

};

static int __init crypto_cfb_module_init(void)

{

	return crypto_register_template(&crypto_cfb_tmpl);

}

static void __exit crypto_cfb_module_exit(void)

{

	crypto_unregister_template(&crypto_cfb_tmpl);

}

module_init(crypto_cfb_module_init);

module_exit(crypto_cfb_module_exit);

MODULE_LICENSE("GPL");

MODULE_DESCRIPTION("CFB block cipher algorithm");

MODULE_ALIAS_CRYPTO("cfb");