aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/crypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/crypto.h')
-rw-r--r--include/linux/crypto.h121
1 files changed, 109 insertions, 12 deletions
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index a6a7a1c..408bcb4 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -7,10 +7,10 @@
*
* Portions derived from Cryptoapi, by Alexander Kjeldaas <astor@fast.no>
* and Nettle, by Niels Möller.
- *
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
+ * Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
*/
@@ -25,6 +25,9 @@
#include <linux/string.h>
#include <linux/uaccess.h>
+#ifdef CONFIG_CRYPTO_FIPS
+#include <linux/err.h>
+#endif
/*
* Algorithm masks and types.
*/
@@ -81,10 +84,10 @@
#define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200
#define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400
#define CRYPTO_TFM_RES_WEAK_KEY 0x00100000
-#define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000
-#define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000
-#define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000
-#define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000
+#define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000
+#define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000
+#define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000
+#define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000
/*
* Miscellaneous stuff.
@@ -103,6 +106,10 @@
#define CRYPTO_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_MINALIGN)))
+#ifdef CONFIG_CRYPTO_FIPS
+bool in_fips_err(void);
+#endif
+
struct scatterlist;
struct crypto_ablkcipher;
struct crypto_async_request;
@@ -296,7 +303,7 @@ struct crypto_alg {
int (*cra_init)(struct crypto_tfm *tfm);
void (*cra_exit)(struct crypto_tfm *tfm);
void (*cra_destroy)(struct crypto_alg *alg);
-
+
struct module *cra_module;
};
@@ -401,7 +408,7 @@ struct rng_tfm {
struct crypto_tfm {
u32 crt_flags;
-
+
union {
struct ablkcipher_tfm ablkcipher;
struct aead_tfm aead;
@@ -413,7 +420,7 @@ struct crypto_tfm {
} crt_u;
void (*exit)(struct crypto_tfm *tfm);
-
+
struct crypto_alg *__crt_alg;
void *__crt_ctx[] CRYPTO_MINALIGN_ATTR;
@@ -473,10 +480,10 @@ struct crypto_attr_u32 {
u32 num;
};
-/*
+/*
* Transform user interface.
*/
-
+
struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask);
void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm);
@@ -654,6 +661,11 @@ static inline int crypto_ablkcipher_encrypt(struct ablkcipher_request *req)
{
struct ablkcipher_tfm *crt =
crypto_ablkcipher_crt(crypto_ablkcipher_reqtfm(req));
+
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
return crt->encrypt(req);
}
@@ -661,6 +673,12 @@ static inline int crypto_ablkcipher_decrypt(struct ablkcipher_request *req)
{
struct ablkcipher_tfm *crt =
crypto_ablkcipher_crt(crypto_ablkcipher_reqtfm(req));
+
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crt->decrypt(req);
}
@@ -687,6 +705,11 @@ static inline struct ablkcipher_request *ablkcipher_request_alloc(
{
struct ablkcipher_request *req;
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return NULL;
+#endif
+
req = kmalloc(sizeof(struct ablkcipher_request) +
crypto_ablkcipher_reqsize(tfm), gfp);
@@ -795,11 +818,21 @@ static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
static inline int crypto_aead_encrypt(struct aead_request *req)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_aead_crt(crypto_aead_reqtfm(req))->encrypt(req);
}
static inline int crypto_aead_decrypt(struct aead_request *req)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_aead_crt(crypto_aead_reqtfm(req))->decrypt(req);
}
@@ -819,6 +852,11 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
{
struct aead_request *req;
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return NULL;
+#endif
+
req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);
if (likely(req))
@@ -967,6 +1005,11 @@ static inline int crypto_blkcipher_encrypt(struct blkcipher_desc *desc,
struct scatterlist *src,
unsigned int nbytes)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
desc->info = crypto_blkcipher_crt(desc->tfm)->iv;
return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes);
}
@@ -976,6 +1019,11 @@ static inline int crypto_blkcipher_encrypt_iv(struct blkcipher_desc *desc,
struct scatterlist *src,
unsigned int nbytes)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes);
}
@@ -984,6 +1032,11 @@ static inline int crypto_blkcipher_decrypt(struct blkcipher_desc *desc,
struct scatterlist *src,
unsigned int nbytes)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
desc->info = crypto_blkcipher_crt(desc->tfm)->iv;
return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes);
}
@@ -993,6 +1046,11 @@ static inline int crypto_blkcipher_decrypt_iv(struct blkcipher_desc *desc,
struct scatterlist *src,
unsigned int nbytes)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes);
}
@@ -1090,6 +1148,11 @@ static inline int crypto_cipher_setkey(struct crypto_cipher *tfm,
static inline void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return;
+#endif
+
crypto_cipher_crt(tfm)->cit_encrypt_one(crypto_cipher_tfm(tfm),
dst, src);
}
@@ -1097,6 +1160,11 @@ static inline void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
u8 *dst, const u8 *src)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return;
+#endif
+
crypto_cipher_crt(tfm)->cit_decrypt_one(crypto_cipher_tfm(tfm),
dst, src);
}
@@ -1181,6 +1249,11 @@ static inline void crypto_hash_clear_flags(struct crypto_hash *tfm, u32 flags)
static inline int crypto_hash_init(struct hash_desc *desc)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_hash_crt(desc->tfm)->init(desc);
}
@@ -1188,11 +1261,21 @@ static inline int crypto_hash_update(struct hash_desc *desc,
struct scatterlist *sg,
unsigned int nbytes)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_hash_crt(desc->tfm)->update(desc, sg, nbytes);
}
static inline int crypto_hash_final(struct hash_desc *desc, u8 *out)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_hash_crt(desc->tfm)->final(desc, out);
}
@@ -1200,6 +1283,11 @@ static inline int crypto_hash_digest(struct hash_desc *desc,
struct scatterlist *sg,
unsigned int nbytes, u8 *out)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_hash_crt(desc->tfm)->digest(desc, sg, nbytes, out);
}
@@ -1264,6 +1352,11 @@ static inline int crypto_comp_compress(struct crypto_comp *tfm,
const u8 *src, unsigned int slen,
u8 *dst, unsigned int *dlen)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_comp_crt(tfm)->cot_compress(crypto_comp_tfm(tfm),
src, slen, dst, dlen);
}
@@ -1272,9 +1365,13 @@ static inline int crypto_comp_decompress(struct crypto_comp *tfm,
const u8 *src, unsigned int slen,
u8 *dst, unsigned int *dlen)
{
+#ifdef CONFIG_CRYPTO_FIPS
+ if (unlikely(in_fips_err()))
+ return -EACCES;
+#endif
+
return crypto_comp_crt(tfm)->cot_decompress(crypto_comp_tfm(tfm),
src, slen, dst, dlen);
}
#endif /* _LINUX_CRYPTO_H */
-