diff options
Diffstat (limited to 'include/linux/crypto.h')
-rw-r--r-- | include/linux/crypto.h | 121 |
1 files changed, 109 insertions, 12 deletions
diff --git a/include/linux/crypto.h b/include/linux/crypto.h index a6a7a1c..408bcb4 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -7,10 +7,10 @@ * * Portions derived from Cryptoapi, by Alexander Kjeldaas <astor@fast.no> * and Nettle, by Niels Möller. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) + * Software Foundation; either version 2 of the License, or (at your option) * any later version. * */ @@ -25,6 +25,9 @@ #include <linux/string.h> #include <linux/uaccess.h> +#ifdef CONFIG_CRYPTO_FIPS +#include <linux/err.h> +#endif /* * Algorithm masks and types. */ @@ -81,10 +84,10 @@ #define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200 #define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400 #define CRYPTO_TFM_RES_WEAK_KEY 0x00100000 -#define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000 -#define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000 -#define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000 -#define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000 +#define CRYPTO_TFM_RES_BAD_KEY_LEN 0x00200000 +#define CRYPTO_TFM_RES_BAD_KEY_SCHED 0x00400000 +#define CRYPTO_TFM_RES_BAD_BLOCK_LEN 0x00800000 +#define CRYPTO_TFM_RES_BAD_FLAGS 0x01000000 /* * Miscellaneous stuff. @@ -103,6 +106,10 @@ #define CRYPTO_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_MINALIGN))) +#ifdef CONFIG_CRYPTO_FIPS +bool in_fips_err(void); +#endif + struct scatterlist; struct crypto_ablkcipher; struct crypto_async_request; @@ -296,7 +303,7 @@ struct crypto_alg { int (*cra_init)(struct crypto_tfm *tfm); void (*cra_exit)(struct crypto_tfm *tfm); void (*cra_destroy)(struct crypto_alg *alg); - + struct module *cra_module; }; @@ -401,7 +408,7 @@ struct rng_tfm { struct crypto_tfm { u32 crt_flags; - + union { struct ablkcipher_tfm ablkcipher; struct aead_tfm aead; @@ -413,7 +420,7 @@ struct crypto_tfm { } crt_u; void (*exit)(struct crypto_tfm *tfm); - + struct crypto_alg *__crt_alg; void *__crt_ctx[] CRYPTO_MINALIGN_ATTR; @@ -473,10 +480,10 @@ struct crypto_attr_u32 { u32 num; }; -/* +/* * Transform user interface. */ - + struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask); void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm); @@ -654,6 +661,11 @@ static inline int crypto_ablkcipher_encrypt(struct ablkcipher_request *req) { struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(crypto_ablkcipher_reqtfm(req)); + +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif return crt->encrypt(req); } @@ -661,6 +673,12 @@ static inline int crypto_ablkcipher_decrypt(struct ablkcipher_request *req) { struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(crypto_ablkcipher_reqtfm(req)); + +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crt->decrypt(req); } @@ -687,6 +705,11 @@ static inline struct ablkcipher_request *ablkcipher_request_alloc( { struct ablkcipher_request *req; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return NULL; +#endif + req = kmalloc(sizeof(struct ablkcipher_request) + crypto_ablkcipher_reqsize(tfm), gfp); @@ -795,11 +818,21 @@ static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req) static inline int crypto_aead_encrypt(struct aead_request *req) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_aead_crt(crypto_aead_reqtfm(req))->encrypt(req); } static inline int crypto_aead_decrypt(struct aead_request *req) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_aead_crt(crypto_aead_reqtfm(req))->decrypt(req); } @@ -819,6 +852,11 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm, { struct aead_request *req; +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return NULL; +#endif + req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp); if (likely(req)) @@ -967,6 +1005,11 @@ static inline int crypto_blkcipher_encrypt(struct blkcipher_desc *desc, struct scatterlist *src, unsigned int nbytes) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + desc->info = crypto_blkcipher_crt(desc->tfm)->iv; return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes); } @@ -976,6 +1019,11 @@ static inline int crypto_blkcipher_encrypt_iv(struct blkcipher_desc *desc, struct scatterlist *src, unsigned int nbytes) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes); } @@ -984,6 +1032,11 @@ static inline int crypto_blkcipher_decrypt(struct blkcipher_desc *desc, struct scatterlist *src, unsigned int nbytes) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + desc->info = crypto_blkcipher_crt(desc->tfm)->iv; return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes); } @@ -993,6 +1046,11 @@ static inline int crypto_blkcipher_decrypt_iv(struct blkcipher_desc *desc, struct scatterlist *src, unsigned int nbytes) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes); } @@ -1090,6 +1148,11 @@ static inline int crypto_cipher_setkey(struct crypto_cipher *tfm, static inline void crypto_cipher_encrypt_one(struct crypto_cipher *tfm, u8 *dst, const u8 *src) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return; +#endif + crypto_cipher_crt(tfm)->cit_encrypt_one(crypto_cipher_tfm(tfm), dst, src); } @@ -1097,6 +1160,11 @@ static inline void crypto_cipher_encrypt_one(struct crypto_cipher *tfm, static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm, u8 *dst, const u8 *src) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return; +#endif + crypto_cipher_crt(tfm)->cit_decrypt_one(crypto_cipher_tfm(tfm), dst, src); } @@ -1181,6 +1249,11 @@ static inline void crypto_hash_clear_flags(struct crypto_hash *tfm, u32 flags) static inline int crypto_hash_init(struct hash_desc *desc) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_hash_crt(desc->tfm)->init(desc); } @@ -1188,11 +1261,21 @@ static inline int crypto_hash_update(struct hash_desc *desc, struct scatterlist *sg, unsigned int nbytes) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_hash_crt(desc->tfm)->update(desc, sg, nbytes); } static inline int crypto_hash_final(struct hash_desc *desc, u8 *out) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_hash_crt(desc->tfm)->final(desc, out); } @@ -1200,6 +1283,11 @@ static inline int crypto_hash_digest(struct hash_desc *desc, struct scatterlist *sg, unsigned int nbytes, u8 *out) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_hash_crt(desc->tfm)->digest(desc, sg, nbytes, out); } @@ -1264,6 +1352,11 @@ static inline int crypto_comp_compress(struct crypto_comp *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_comp_crt(tfm)->cot_compress(crypto_comp_tfm(tfm), src, slen, dst, dlen); } @@ -1272,9 +1365,13 @@ static inline int crypto_comp_decompress(struct crypto_comp *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen) { +#ifdef CONFIG_CRYPTO_FIPS + if (unlikely(in_fips_err())) + return -EACCES; +#endif + return crypto_comp_crt(tfm)->cot_decompress(crypto_comp_tfm(tfm), src, slen, dst, dlen); } #endif /* _LINUX_CRYPTO_H */ - |