1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Cryptographic API for algorithms (i.e., low-level API).
5 * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
8 #include <crypto/algapi.h>
10 #include <linux/errno.h>
11 #include <linux/fips.h>
12 #include <linux/init.h>
13 #include <linux/kernel.h>
14 #include <linux/list.h>
15 #include <linux/module.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/string.h>
19 #include <linux/workqueue.h>
23 static LIST_HEAD(crypto_template_list);
25 static inline void crypto_check_module_sig(struct module *mod)
27 if (fips_enabled && mod && !module_sig_ok(mod))
28 panic("Module %s signature verification failed in FIPS mode\n",
32 static int crypto_check_alg(struct crypto_alg *alg)
34 crypto_check_module_sig(alg->cra_module);
36 if (!alg->cra_name[0] || !alg->cra_driver_name[0])
39 if (alg->cra_alignmask & (alg->cra_alignmask + 1))
42 /* General maximums for all algs. */
43 if (alg->cra_alignmask > MAX_ALGAPI_ALIGNMASK)
46 if (alg->cra_blocksize > MAX_ALGAPI_BLOCKSIZE)
49 /* Lower maximums for specific alg types. */
50 if (!alg->cra_type && (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
51 CRYPTO_ALG_TYPE_CIPHER) {
52 if (alg->cra_alignmask > MAX_CIPHER_ALIGNMASK)
55 if (alg->cra_blocksize > MAX_CIPHER_BLOCKSIZE)
59 if (alg->cra_priority < 0)
62 refcount_set(&alg->cra_refcnt, 1);
67 static void crypto_free_instance(struct crypto_instance *inst)
69 inst->alg.cra_type->free(inst);
72 static void crypto_destroy_instance_workfn(struct work_struct *w)
74 struct crypto_instance *inst = container_of(w, struct crypto_instance,
76 struct crypto_template *tmpl = inst->tmpl;
78 crypto_free_instance(inst);
79 crypto_tmpl_put(tmpl);
82 static void crypto_destroy_instance(struct crypto_alg *alg)
84 struct crypto_instance *inst = container_of(alg,
85 struct crypto_instance,
88 INIT_WORK(&inst->free_work, crypto_destroy_instance_workfn);
89 schedule_work(&inst->free_work);
93 * This function adds a spawn to the list secondary_spawns which
94 * will be used at the end of crypto_remove_spawns to unregister
95 * instances, unless the spawn happens to be one that is depended
96 * on by the new algorithm (nalg in crypto_remove_spawns).
98 * This function is also responsible for resurrecting any algorithms
99 * in the dependency chain of nalg by unsetting n->dead.
101 static struct list_head *crypto_more_spawns(struct crypto_alg *alg,
102 struct list_head *stack,
103 struct list_head *top,
104 struct list_head *secondary_spawns)
106 struct crypto_spawn *spawn, *n;
108 spawn = list_first_entry_or_null(stack, struct crypto_spawn, list);
112 n = list_prev_entry(spawn, list);
113 list_move(&spawn->list, secondary_spawns);
115 if (list_is_last(&n->list, stack))
118 n = list_next_entry(n, list);
122 return &n->inst->alg.cra_users;
125 static void crypto_remove_instance(struct crypto_instance *inst,
126 struct list_head *list)
128 struct crypto_template *tmpl = inst->tmpl;
130 if (crypto_is_dead(&inst->alg))
133 inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
135 if (!tmpl || !crypto_tmpl_get(tmpl))
138 list_move(&inst->alg.cra_list, list);
139 hlist_del(&inst->list);
140 inst->alg.cra_destroy = crypto_destroy_instance;
142 BUG_ON(!list_empty(&inst->alg.cra_users));
146 * Given an algorithm alg, remove all algorithms that depend on it
147 * through spawns. If nalg is not null, then exempt any algorithms
148 * that is depended on by nalg. This is useful when nalg itself
151 void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
152 struct crypto_alg *nalg)
154 u32 new_type = (nalg ?: alg)->cra_flags;
155 struct crypto_spawn *spawn, *n;
156 LIST_HEAD(secondary_spawns);
157 struct list_head *spawns;
161 spawns = &alg->cra_users;
162 list_for_each_entry_safe(spawn, n, spawns, list) {
163 if ((spawn->alg->cra_flags ^ new_type) & spawn->mask)
166 list_move(&spawn->list, &top);
170 * Perform a depth-first walk starting from alg through
171 * the cra_users tree. The list stack records the path
172 * from alg to the current spawn.
176 while (!list_empty(spawns)) {
177 struct crypto_instance *inst;
179 spawn = list_first_entry(spawns, struct crypto_spawn,
183 list_move(&spawn->list, &stack);
184 spawn->dead = !spawn->registered || &inst->alg != nalg;
186 if (!spawn->registered)
189 BUG_ON(&inst->alg == alg);
191 if (&inst->alg == nalg)
194 spawns = &inst->alg.cra_users;
197 * Even if spawn->registered is true, the
198 * instance itself may still be unregistered.
199 * This is because it may have failed during
200 * registration. Therefore we still need to
201 * make the following test.
203 * We may encounter an unregistered instance here, since
204 * an instance's spawns are set up prior to the instance
205 * being registered. An unregistered instance will have
206 * NULL ->cra_users.next, since ->cra_users isn't
207 * properly initialized until registration. But an
208 * unregistered instance cannot have any users, so treat
209 * it the same as ->cra_users being empty.
211 if (spawns->next == NULL)
214 } while ((spawns = crypto_more_spawns(alg, &stack, &top,
215 &secondary_spawns)));
218 * Remove all instances that are marked as dead. Also
219 * complete the resurrection of the others by moving them
220 * back to the cra_users list.
222 list_for_each_entry_safe(spawn, n, &secondary_spawns, list) {
224 list_move(&spawn->list, &spawn->alg->cra_users);
225 else if (spawn->registered)
226 crypto_remove_instance(spawn->inst, list);
229 EXPORT_SYMBOL_GPL(crypto_remove_spawns);
231 static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg)
233 struct crypto_alg *q;
234 struct crypto_larval *larval;
237 if (crypto_is_dead(alg))
240 INIT_LIST_HEAD(&alg->cra_users);
243 alg->cra_flags &= ~CRYPTO_ALG_TESTED;
247 list_for_each_entry(q, &crypto_alg_list, cra_list) {
251 if (crypto_is_moribund(q))
254 if (crypto_is_larval(q)) {
255 if (!strcmp(alg->cra_driver_name, q->cra_driver_name))
260 if (!strcmp(q->cra_driver_name, alg->cra_name) ||
261 !strcmp(q->cra_driver_name, alg->cra_driver_name) ||
262 !strcmp(q->cra_name, alg->cra_driver_name))
266 larval = crypto_larval_alloc(alg->cra_name,
267 alg->cra_flags | CRYPTO_ALG_TESTED, 0);
272 larval->adult = crypto_mod_get(alg);
276 refcount_set(&larval->alg.cra_refcnt, 1);
277 memcpy(larval->alg.cra_driver_name, alg->cra_driver_name,
278 CRYPTO_MAX_ALG_NAME);
279 larval->alg.cra_priority = alg->cra_priority;
281 list_add(&alg->cra_list, &crypto_alg_list);
282 list_add(&larval->alg.cra_list, &crypto_alg_list);
284 crypto_stats_init(alg);
292 larval = ERR_PTR(ret);
296 void crypto_alg_tested(const char *name, int err)
298 struct crypto_larval *test;
299 struct crypto_alg *alg;
300 struct crypto_alg *q;
304 down_write(&crypto_alg_sem);
305 list_for_each_entry(q, &crypto_alg_list, cra_list) {
306 if (crypto_is_moribund(q) || !crypto_is_larval(q))
309 test = (struct crypto_larval *)q;
311 if (!strcmp(q->cra_driver_name, name))
315 pr_err("alg: Unexpected test result for %s: %d\n", name, err);
319 q->cra_flags |= CRYPTO_ALG_DEAD;
321 if (err || list_empty(&alg->cra_list))
324 alg->cra_flags |= CRYPTO_ALG_TESTED;
326 /* Only satisfy larval waiters if we are the best. */
328 list_for_each_entry(q, &crypto_alg_list, cra_list) {
329 if (crypto_is_moribund(q) || !crypto_is_larval(q))
332 if (strcmp(alg->cra_name, q->cra_name))
335 if (q->cra_priority > alg->cra_priority) {
341 list_for_each_entry(q, &crypto_alg_list, cra_list) {
345 if (crypto_is_moribund(q))
348 if (crypto_is_larval(q)) {
349 struct crypto_larval *larval = (void *)q;
352 * Check to see if either our generic name or
353 * specific name can satisfy the name requested
354 * by the larval entry q.
356 if (strcmp(alg->cra_name, q->cra_name) &&
357 strcmp(alg->cra_driver_name, q->cra_name))
362 if ((q->cra_flags ^ alg->cra_flags) & larval->mask)
365 if (best && crypto_mod_get(alg))
368 larval->adult = ERR_PTR(-EAGAIN);
373 if (strcmp(alg->cra_name, q->cra_name))
376 if (strcmp(alg->cra_driver_name, q->cra_driver_name) &&
377 q->cra_priority > alg->cra_priority)
380 crypto_remove_spawns(q, &list, alg);
384 complete_all(&test->completion);
387 up_write(&crypto_alg_sem);
389 crypto_remove_final(&list);
391 EXPORT_SYMBOL_GPL(crypto_alg_tested);
393 void crypto_remove_final(struct list_head *list)
395 struct crypto_alg *alg;
396 struct crypto_alg *n;
398 list_for_each_entry_safe(alg, n, list, cra_list) {
399 list_del_init(&alg->cra_list);
403 EXPORT_SYMBOL_GPL(crypto_remove_final);
405 static void crypto_wait_for_test(struct crypto_larval *larval)
409 err = crypto_probing_notify(CRYPTO_MSG_ALG_REGISTER, larval->adult);
410 if (err != NOTIFY_STOP) {
411 if (WARN_ON(err != NOTIFY_DONE))
413 crypto_alg_tested(larval->alg.cra_driver_name, 0);
416 err = wait_for_completion_killable(&larval->completion);
419 crypto_notify(CRYPTO_MSG_ALG_LOADED, larval);
422 crypto_larval_kill(&larval->alg);
425 int crypto_register_alg(struct crypto_alg *alg)
427 struct crypto_larval *larval;
430 alg->cra_flags &= ~CRYPTO_ALG_DEAD;
431 err = crypto_check_alg(alg);
435 down_write(&crypto_alg_sem);
436 larval = __crypto_register_alg(alg);
437 up_write(&crypto_alg_sem);
440 return PTR_ERR(larval);
442 crypto_wait_for_test(larval);
445 EXPORT_SYMBOL_GPL(crypto_register_alg);
447 static int crypto_remove_alg(struct crypto_alg *alg, struct list_head *list)
449 if (unlikely(list_empty(&alg->cra_list)))
452 alg->cra_flags |= CRYPTO_ALG_DEAD;
454 list_del_init(&alg->cra_list);
455 crypto_remove_spawns(alg, list, NULL);
460 void crypto_unregister_alg(struct crypto_alg *alg)
465 down_write(&crypto_alg_sem);
466 ret = crypto_remove_alg(alg, &list);
467 up_write(&crypto_alg_sem);
469 if (WARN(ret, "Algorithm %s is not registered", alg->cra_driver_name))
472 if (WARN_ON(refcount_read(&alg->cra_refcnt) != 1))
475 if (alg->cra_destroy)
476 alg->cra_destroy(alg);
478 crypto_remove_final(&list);
480 EXPORT_SYMBOL_GPL(crypto_unregister_alg);
482 int crypto_register_algs(struct crypto_alg *algs, int count)
486 for (i = 0; i < count; i++) {
487 ret = crypto_register_alg(&algs[i]);
495 for (--i; i >= 0; --i)
496 crypto_unregister_alg(&algs[i]);
500 EXPORT_SYMBOL_GPL(crypto_register_algs);
502 void crypto_unregister_algs(struct crypto_alg *algs, int count)
506 for (i = 0; i < count; i++)
507 crypto_unregister_alg(&algs[i]);
509 EXPORT_SYMBOL_GPL(crypto_unregister_algs);
511 int crypto_register_template(struct crypto_template *tmpl)
513 struct crypto_template *q;
516 down_write(&crypto_alg_sem);
518 crypto_check_module_sig(tmpl->module);
520 list_for_each_entry(q, &crypto_template_list, list) {
525 list_add(&tmpl->list, &crypto_template_list);
528 up_write(&crypto_alg_sem);
531 EXPORT_SYMBOL_GPL(crypto_register_template);
533 int crypto_register_templates(struct crypto_template *tmpls, int count)
537 for (i = 0; i < count; i++) {
538 err = crypto_register_template(&tmpls[i]);
545 for (--i; i >= 0; --i)
546 crypto_unregister_template(&tmpls[i]);
549 EXPORT_SYMBOL_GPL(crypto_register_templates);
551 void crypto_unregister_template(struct crypto_template *tmpl)
553 struct crypto_instance *inst;
554 struct hlist_node *n;
555 struct hlist_head *list;
558 down_write(&crypto_alg_sem);
560 BUG_ON(list_empty(&tmpl->list));
561 list_del_init(&tmpl->list);
563 list = &tmpl->instances;
564 hlist_for_each_entry(inst, list, list) {
565 int err = crypto_remove_alg(&inst->alg, &users);
570 up_write(&crypto_alg_sem);
572 hlist_for_each_entry_safe(inst, n, list, list) {
573 BUG_ON(refcount_read(&inst->alg.cra_refcnt) != 1);
574 crypto_free_instance(inst);
576 crypto_remove_final(&users);
578 EXPORT_SYMBOL_GPL(crypto_unregister_template);
580 void crypto_unregister_templates(struct crypto_template *tmpls, int count)
584 for (i = count - 1; i >= 0; --i)
585 crypto_unregister_template(&tmpls[i]);
587 EXPORT_SYMBOL_GPL(crypto_unregister_templates);
589 static struct crypto_template *__crypto_lookup_template(const char *name)
591 struct crypto_template *q, *tmpl = NULL;
593 down_read(&crypto_alg_sem);
594 list_for_each_entry(q, &crypto_template_list, list) {
595 if (strcmp(q->name, name))
597 if (unlikely(!crypto_tmpl_get(q)))
603 up_read(&crypto_alg_sem);
608 struct crypto_template *crypto_lookup_template(const char *name)
610 return try_then_request_module(__crypto_lookup_template(name),
613 EXPORT_SYMBOL_GPL(crypto_lookup_template);
615 int crypto_register_instance(struct crypto_template *tmpl,
616 struct crypto_instance *inst)
618 struct crypto_larval *larval;
619 struct crypto_spawn *spawn;
622 err = crypto_check_alg(&inst->alg);
626 inst->alg.cra_module = tmpl->module;
627 inst->alg.cra_flags |= CRYPTO_ALG_INSTANCE;
629 down_write(&crypto_alg_sem);
631 larval = ERR_PTR(-EAGAIN);
632 for (spawn = inst->spawns; spawn;) {
633 struct crypto_spawn *next;
640 spawn->registered = true;
642 crypto_mod_put(spawn->alg);
647 larval = __crypto_register_alg(&inst->alg);
651 hlist_add_head(&inst->list, &tmpl->instances);
655 up_write(&crypto_alg_sem);
657 err = PTR_ERR(larval);
661 crypto_wait_for_test(larval);
667 EXPORT_SYMBOL_GPL(crypto_register_instance);
669 void crypto_unregister_instance(struct crypto_instance *inst)
673 down_write(&crypto_alg_sem);
675 crypto_remove_spawns(&inst->alg, &list, NULL);
676 crypto_remove_instance(inst, &list);
678 up_write(&crypto_alg_sem);
680 crypto_remove_final(&list);
682 EXPORT_SYMBOL_GPL(crypto_unregister_instance);
684 int crypto_grab_spawn(struct crypto_spawn *spawn, struct crypto_instance *inst,
685 const char *name, u32 type, u32 mask)
687 struct crypto_alg *alg;
690 if (WARN_ON_ONCE(inst == NULL))
693 /* Allow the result of crypto_attr_alg_name() to be passed directly */
695 return PTR_ERR(name);
697 alg = crypto_find_alg(name, spawn->frontend, type, mask);
701 down_write(&crypto_alg_sem);
702 if (!crypto_is_moribund(alg)) {
703 list_add(&spawn->list, &alg->cra_users);
706 spawn->next = inst->spawns;
707 inst->spawns = spawn;
708 inst->alg.cra_flags |=
709 (alg->cra_flags & CRYPTO_ALG_INHERITED_FLAGS);
712 up_write(&crypto_alg_sem);
717 EXPORT_SYMBOL_GPL(crypto_grab_spawn);
719 void crypto_drop_spawn(struct crypto_spawn *spawn)
721 if (!spawn->alg) /* not yet initialized? */
724 down_write(&crypto_alg_sem);
726 list_del(&spawn->list);
727 up_write(&crypto_alg_sem);
729 if (!spawn->registered)
730 crypto_mod_put(spawn->alg);
732 EXPORT_SYMBOL_GPL(crypto_drop_spawn);
734 static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
736 struct crypto_alg *alg = ERR_PTR(-EAGAIN);
737 struct crypto_alg *target;
740 down_read(&crypto_alg_sem);
743 if (!crypto_mod_get(alg)) {
744 target = crypto_alg_get(alg);
746 alg = ERR_PTR(-EAGAIN);
749 up_read(&crypto_alg_sem);
752 crypto_shoot_alg(target);
753 crypto_alg_put(target);
759 struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
762 struct crypto_alg *alg;
763 struct crypto_tfm *tfm;
765 alg = crypto_spawn_alg(spawn);
767 return ERR_CAST(alg);
769 tfm = ERR_PTR(-EINVAL);
770 if (unlikely((alg->cra_flags ^ type) & mask))
773 tfm = __crypto_alloc_tfm(alg, type, mask);
783 EXPORT_SYMBOL_GPL(crypto_spawn_tfm);
785 void *crypto_spawn_tfm2(struct crypto_spawn *spawn)
787 struct crypto_alg *alg;
788 struct crypto_tfm *tfm;
790 alg = crypto_spawn_alg(spawn);
792 return ERR_CAST(alg);
794 tfm = crypto_create_tfm(alg, spawn->frontend);
804 EXPORT_SYMBOL_GPL(crypto_spawn_tfm2);
806 int crypto_register_notifier(struct notifier_block *nb)
808 return blocking_notifier_chain_register(&crypto_chain, nb);
810 EXPORT_SYMBOL_GPL(crypto_register_notifier);
812 int crypto_unregister_notifier(struct notifier_block *nb)
814 return blocking_notifier_chain_unregister(&crypto_chain, nb);
816 EXPORT_SYMBOL_GPL(crypto_unregister_notifier);
818 struct crypto_attr_type *crypto_get_attr_type(struct rtattr **tb)
820 struct rtattr *rta = tb[0];
821 struct crypto_attr_type *algt;
824 return ERR_PTR(-ENOENT);
825 if (RTA_PAYLOAD(rta) < sizeof(*algt))
826 return ERR_PTR(-EINVAL);
827 if (rta->rta_type != CRYPTOA_TYPE)
828 return ERR_PTR(-EINVAL);
830 algt = RTA_DATA(rta);
834 EXPORT_SYMBOL_GPL(crypto_get_attr_type);
837 * crypto_check_attr_type() - check algorithm type and compute inherited mask
838 * @tb: the template parameters
839 * @type: the algorithm type the template would be instantiated as
840 * @mask_ret: (output) the mask that should be passed to crypto_grab_*()
841 * to restrict the flags of any inner algorithms
843 * Validate that the algorithm type the user requested is compatible with the
844 * one the template would actually be instantiated as. E.g., if the user is
845 * doing crypto_alloc_shash("cbc(aes)", ...), this would return an error because
846 * the "cbc" template creates an "skcipher" algorithm, not an "shash" algorithm.
848 * Also compute the mask to use to restrict the flags of any inner algorithms.
850 * Return: 0 on success; -errno on failure
852 int crypto_check_attr_type(struct rtattr **tb, u32 type, u32 *mask_ret)
854 struct crypto_attr_type *algt;
856 algt = crypto_get_attr_type(tb);
858 return PTR_ERR(algt);
860 if ((algt->type ^ type) & algt->mask)
863 *mask_ret = crypto_algt_inherited_mask(algt);
866 EXPORT_SYMBOL_GPL(crypto_check_attr_type);
868 const char *crypto_attr_alg_name(struct rtattr *rta)
870 struct crypto_attr_alg *alga;
873 return ERR_PTR(-ENOENT);
874 if (RTA_PAYLOAD(rta) < sizeof(*alga))
875 return ERR_PTR(-EINVAL);
876 if (rta->rta_type != CRYPTOA_ALG)
877 return ERR_PTR(-EINVAL);
879 alga = RTA_DATA(rta);
880 alga->name[CRYPTO_MAX_ALG_NAME - 1] = 0;
884 EXPORT_SYMBOL_GPL(crypto_attr_alg_name);
886 int crypto_attr_u32(struct rtattr *rta, u32 *num)
888 struct crypto_attr_u32 *nu32;
892 if (RTA_PAYLOAD(rta) < sizeof(*nu32))
894 if (rta->rta_type != CRYPTOA_U32)
897 nu32 = RTA_DATA(rta);
902 EXPORT_SYMBOL_GPL(crypto_attr_u32);
904 int crypto_inst_setname(struct crypto_instance *inst, const char *name,
905 struct crypto_alg *alg)
907 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, "%s(%s)", name,
908 alg->cra_name) >= CRYPTO_MAX_ALG_NAME)
909 return -ENAMETOOLONG;
911 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s(%s)",
912 name, alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
913 return -ENAMETOOLONG;
917 EXPORT_SYMBOL_GPL(crypto_inst_setname);
919 void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen)
921 INIT_LIST_HEAD(&queue->list);
922 queue->backlog = &queue->list;
924 queue->max_qlen = max_qlen;
926 EXPORT_SYMBOL_GPL(crypto_init_queue);
928 int crypto_enqueue_request(struct crypto_queue *queue,
929 struct crypto_async_request *request)
931 int err = -EINPROGRESS;
933 if (unlikely(queue->qlen >= queue->max_qlen)) {
934 if (!(request->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) {
939 if (queue->backlog == &queue->list)
940 queue->backlog = &request->list;
944 list_add_tail(&request->list, &queue->list);
949 EXPORT_SYMBOL_GPL(crypto_enqueue_request);
951 void crypto_enqueue_request_head(struct crypto_queue *queue,
952 struct crypto_async_request *request)
955 list_add(&request->list, &queue->list);
957 EXPORT_SYMBOL_GPL(crypto_enqueue_request_head);
959 struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
961 struct list_head *request;
963 if (unlikely(!queue->qlen))
968 if (queue->backlog != &queue->list)
969 queue->backlog = queue->backlog->next;
971 request = queue->list.next;
974 return list_entry(request, struct crypto_async_request, list);
976 EXPORT_SYMBOL_GPL(crypto_dequeue_request);
978 static inline void crypto_inc_byte(u8 *a, unsigned int size)
983 for (; size; size--) {
991 void crypto_inc(u8 *a, unsigned int size)
993 __be32 *b = (__be32 *)(a + size);
996 if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) ||
997 IS_ALIGNED((unsigned long)b, __alignof__(*b)))
998 for (; size >= 4; size -= 4) {
999 c = be32_to_cpu(*--b) + 1;
1000 *b = cpu_to_be32(c);
1005 crypto_inc_byte(a, size);
1007 EXPORT_SYMBOL_GPL(crypto_inc);
1009 void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len)
1013 if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)) {
1014 int size = sizeof(unsigned long);
1015 int d = (((unsigned long)dst ^ (unsigned long)src1) |
1016 ((unsigned long)dst ^ (unsigned long)src2)) &
1019 relalign = d ? 1 << __ffs(d) : size;
1022 * If we care about alignment, process as many bytes as
1023 * needed to advance dst and src to values whose alignments
1024 * equal their relative alignment. This will allow us to
1025 * process the remainder of the input using optimal strides.
1027 while (((unsigned long)dst & (relalign - 1)) && len > 0) {
1028 *dst++ = *src1++ ^ *src2++;
1033 while (IS_ENABLED(CONFIG_64BIT) && len >= 8 && !(relalign & 7)) {
1034 *(u64 *)dst = *(u64 *)src1 ^ *(u64 *)src2;
1041 while (len >= 4 && !(relalign & 3)) {
1042 *(u32 *)dst = *(u32 *)src1 ^ *(u32 *)src2;
1049 while (len >= 2 && !(relalign & 1)) {
1050 *(u16 *)dst = *(u16 *)src1 ^ *(u16 *)src2;
1058 *dst++ = *src1++ ^ *src2++;
1060 EXPORT_SYMBOL_GPL(__crypto_xor);
1062 unsigned int crypto_alg_extsize(struct crypto_alg *alg)
1064 return alg->cra_ctxsize +
1065 (alg->cra_alignmask & ~(crypto_tfm_ctx_alignment() - 1));
1067 EXPORT_SYMBOL_GPL(crypto_alg_extsize);
1069 int crypto_type_has_alg(const char *name, const struct crypto_type *frontend,
1073 struct crypto_alg *alg = crypto_find_alg(name, frontend, type, mask);
1076 crypto_mod_put(alg);
1082 EXPORT_SYMBOL_GPL(crypto_type_has_alg);
1084 #ifdef CONFIG_CRYPTO_STATS
1085 void crypto_stats_init(struct crypto_alg *alg)
1087 memset(&alg->stats, 0, sizeof(alg->stats));
1089 EXPORT_SYMBOL_GPL(crypto_stats_init);
1091 void crypto_stats_get(struct crypto_alg *alg)
1093 crypto_alg_get(alg);
1095 EXPORT_SYMBOL_GPL(crypto_stats_get);
1097 void crypto_stats_aead_encrypt(unsigned int cryptlen, struct crypto_alg *alg,
1100 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1101 atomic64_inc(&alg->stats.aead.err_cnt);
1103 atomic64_inc(&alg->stats.aead.encrypt_cnt);
1104 atomic64_add(cryptlen, &alg->stats.aead.encrypt_tlen);
1106 crypto_alg_put(alg);
1108 EXPORT_SYMBOL_GPL(crypto_stats_aead_encrypt);
1110 void crypto_stats_aead_decrypt(unsigned int cryptlen, struct crypto_alg *alg,
1113 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1114 atomic64_inc(&alg->stats.aead.err_cnt);
1116 atomic64_inc(&alg->stats.aead.decrypt_cnt);
1117 atomic64_add(cryptlen, &alg->stats.aead.decrypt_tlen);
1119 crypto_alg_put(alg);
1121 EXPORT_SYMBOL_GPL(crypto_stats_aead_decrypt);
1123 void crypto_stats_akcipher_encrypt(unsigned int src_len, int ret,
1124 struct crypto_alg *alg)
1126 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1127 atomic64_inc(&alg->stats.akcipher.err_cnt);
1129 atomic64_inc(&alg->stats.akcipher.encrypt_cnt);
1130 atomic64_add(src_len, &alg->stats.akcipher.encrypt_tlen);
1132 crypto_alg_put(alg);
1134 EXPORT_SYMBOL_GPL(crypto_stats_akcipher_encrypt);
1136 void crypto_stats_akcipher_decrypt(unsigned int src_len, int ret,
1137 struct crypto_alg *alg)
1139 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1140 atomic64_inc(&alg->stats.akcipher.err_cnt);
1142 atomic64_inc(&alg->stats.akcipher.decrypt_cnt);
1143 atomic64_add(src_len, &alg->stats.akcipher.decrypt_tlen);
1145 crypto_alg_put(alg);
1147 EXPORT_SYMBOL_GPL(crypto_stats_akcipher_decrypt);
1149 void crypto_stats_akcipher_sign(int ret, struct crypto_alg *alg)
1151 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1152 atomic64_inc(&alg->stats.akcipher.err_cnt);
1154 atomic64_inc(&alg->stats.akcipher.sign_cnt);
1155 crypto_alg_put(alg);
1157 EXPORT_SYMBOL_GPL(crypto_stats_akcipher_sign);
1159 void crypto_stats_akcipher_verify(int ret, struct crypto_alg *alg)
1161 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1162 atomic64_inc(&alg->stats.akcipher.err_cnt);
1164 atomic64_inc(&alg->stats.akcipher.verify_cnt);
1165 crypto_alg_put(alg);
1167 EXPORT_SYMBOL_GPL(crypto_stats_akcipher_verify);
1169 void crypto_stats_compress(unsigned int slen, int ret, struct crypto_alg *alg)
1171 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1172 atomic64_inc(&alg->stats.compress.err_cnt);
1174 atomic64_inc(&alg->stats.compress.compress_cnt);
1175 atomic64_add(slen, &alg->stats.compress.compress_tlen);
1177 crypto_alg_put(alg);
1179 EXPORT_SYMBOL_GPL(crypto_stats_compress);
1181 void crypto_stats_decompress(unsigned int slen, int ret, struct crypto_alg *alg)
1183 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1184 atomic64_inc(&alg->stats.compress.err_cnt);
1186 atomic64_inc(&alg->stats.compress.decompress_cnt);
1187 atomic64_add(slen, &alg->stats.compress.decompress_tlen);
1189 crypto_alg_put(alg);
1191 EXPORT_SYMBOL_GPL(crypto_stats_decompress);
1193 void crypto_stats_ahash_update(unsigned int nbytes, int ret,
1194 struct crypto_alg *alg)
1196 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1197 atomic64_inc(&alg->stats.hash.err_cnt);
1199 atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
1200 crypto_alg_put(alg);
1202 EXPORT_SYMBOL_GPL(crypto_stats_ahash_update);
1204 void crypto_stats_ahash_final(unsigned int nbytes, int ret,
1205 struct crypto_alg *alg)
1207 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1208 atomic64_inc(&alg->stats.hash.err_cnt);
1210 atomic64_inc(&alg->stats.hash.hash_cnt);
1211 atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
1213 crypto_alg_put(alg);
1215 EXPORT_SYMBOL_GPL(crypto_stats_ahash_final);
1217 void crypto_stats_kpp_set_secret(struct crypto_alg *alg, int ret)
1220 atomic64_inc(&alg->stats.kpp.err_cnt);
1222 atomic64_inc(&alg->stats.kpp.setsecret_cnt);
1223 crypto_alg_put(alg);
1225 EXPORT_SYMBOL_GPL(crypto_stats_kpp_set_secret);
1227 void crypto_stats_kpp_generate_public_key(struct crypto_alg *alg, int ret)
1230 atomic64_inc(&alg->stats.kpp.err_cnt);
1232 atomic64_inc(&alg->stats.kpp.generate_public_key_cnt);
1233 crypto_alg_put(alg);
1235 EXPORT_SYMBOL_GPL(crypto_stats_kpp_generate_public_key);
1237 void crypto_stats_kpp_compute_shared_secret(struct crypto_alg *alg, int ret)
1240 atomic64_inc(&alg->stats.kpp.err_cnt);
1242 atomic64_inc(&alg->stats.kpp.compute_shared_secret_cnt);
1243 crypto_alg_put(alg);
1245 EXPORT_SYMBOL_GPL(crypto_stats_kpp_compute_shared_secret);
1247 void crypto_stats_rng_seed(struct crypto_alg *alg, int ret)
1249 if (ret && ret != -EINPROGRESS && ret != -EBUSY)
1250 atomic64_inc(&alg->stats.rng.err_cnt);
1252 atomic64_inc(&alg->stats.rng.seed_cnt);
1253 crypto_alg_put(alg);
1255 EXPORT_SYMBOL_GPL(crypto_stats_rng_seed);
1257 void crypto_stats_rng_generate(struct crypto_alg *alg, unsigned int dlen,
1260 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1261 atomic64_inc(&alg->stats.rng.err_cnt);
1263 atomic64_inc(&alg->stats.rng.generate_cnt);
1264 atomic64_add(dlen, &alg->stats.rng.generate_tlen);
1266 crypto_alg_put(alg);
1268 EXPORT_SYMBOL_GPL(crypto_stats_rng_generate);
1270 void crypto_stats_skcipher_encrypt(unsigned int cryptlen, int ret,
1271 struct crypto_alg *alg)
1273 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1274 atomic64_inc(&alg->stats.cipher.err_cnt);
1276 atomic64_inc(&alg->stats.cipher.encrypt_cnt);
1277 atomic64_add(cryptlen, &alg->stats.cipher.encrypt_tlen);
1279 crypto_alg_put(alg);
1281 EXPORT_SYMBOL_GPL(crypto_stats_skcipher_encrypt);
1283 void crypto_stats_skcipher_decrypt(unsigned int cryptlen, int ret,
1284 struct crypto_alg *alg)
1286 if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
1287 atomic64_inc(&alg->stats.cipher.err_cnt);
1289 atomic64_inc(&alg->stats.cipher.decrypt_cnt);
1290 atomic64_add(cryptlen, &alg->stats.cipher.decrypt_tlen);
1292 crypto_alg_put(alg);
1294 EXPORT_SYMBOL_GPL(crypto_stats_skcipher_decrypt);
1297 static int __init crypto_algapi_init(void)
1303 static void __exit crypto_algapi_exit(void)
1308 module_init(crypto_algapi_init);
1309 module_exit(crypto_algapi_exit);
1311 MODULE_LICENSE("GPL");
1312 MODULE_DESCRIPTION("Cryptographic algorithms API");
1313 MODULE_SOFTDEP("pre: cryptomgr");