int crypto_auth_run(struct fcrypt *fcr, struct kernel_crypt_auth_op *kcaop)
{
struct csession *ses_ptr;
struct crypt_auth_op *caop = &kcaop->caop;
int ret;
if (unlikely(caop->op != COP_ENCRYPT && caop->op != COP_DECRYPT)) {
dprintk(1, KERN_DEBUG, "invalid operation op=%u\n", caop->op);
return -EINVAL;
}
/* this also enters ses_ptr->sem */
ses_ptr = crypto_get_session_by_sid(fcr, caop->ses);
if (unlikely(!ses_ptr)) {
dprintk(1, KERN_ERR, "invalid session ID=0x%08X\n", caop->ses);
return -EINVAL;
}
if (unlikely(ses_ptr->cdata.init == 0)) {
dprintk(1, KERN_ERR, "cipher context not initialized\n");
ret = -EINVAL;
goto out_unlock;
}
/* If we have a hash/mac handle reset its state */
if (ses_ptr->hdata.init != 0) {
ret = cryptodev_hash_reset(&ses_ptr->hdata);
if (unlikely(ret)) {
dprintk(1, KERN_ERR,
"error in cryptodev_hash_reset()\n");
goto out_unlock;
}
}
cryptodev_cipher_set_iv(&ses_ptr->cdata, kcaop->iv,
min(ses_ptr->cdata.ivsize, kcaop->ivlen));
ret = __crypto_auth_run_zc(ses_ptr, kcaop);
if (unlikely(ret)) {
dprintk(1, KERN_ERR,
"error in __crypto_auth_run_zc()\n");
goto out_unlock;
}
ret = 0;
cryptodev_cipher_get_iv(&ses_ptr->cdata, kcaop->iv,
min(ses_ptr->cdata.ivsize, kcaop->ivlen));
out_unlock:
crypto_put_session(ses_ptr);
return ret;
}
int crypto_run(struct fcrypt *fcr, struct kernel_crypt_op *kcop)
{
struct csession *ses_ptr;
struct crypt_op *cop = &kcop->cop;
int ret;
if (unlikely(cop->op != COP_ENCRYPT && cop->op != COP_DECRYPT)) {
ddebug(1, "invalid operation op=%u", cop->op);
return -EINVAL;
}
/* this also enters ses_ptr->sem */
ses_ptr = crypto_get_session_by_sid(fcr, cop->ses);
if (unlikely(!ses_ptr)) {
derr(1, "invalid session ID=0x%08X", cop->ses);
return -EINVAL;
}
if (ses_ptr->hdata.init != 0 && (cop->flags == 0 || cop->flags & COP_FLAG_RESET)) {
ret = cryptodev_hash_reset(&ses_ptr->hdata);
if (unlikely(ret)) {
derr(1, "error in cryptodev_hash_reset()");
goto out_unlock;
}
}
if (ses_ptr->cdata.init != 0) {
int blocksize = ses_ptr->cdata.blocksize;
if (unlikely(cop->len % blocksize)) {
derr(1, "data size (%u) isn't a multiple of block size (%u)",
cop->len, blocksize);
ret = -EINVAL;
goto out_unlock;
}
cryptodev_cipher_set_iv(&ses_ptr->cdata, kcop->iv,
min(ses_ptr->cdata.ivsize, kcop->ivlen));
}
if (likely(cop->len)) {
if (cop->flags & COP_FLAG_NO_ZC) {
if (unlikely(ses_ptr->alignmask && !IS_ALIGNED((unsigned long)cop->src, ses_ptr->alignmask))) {
dwarning(2, "source address %p is not %d byte aligned - disabling zero copy",
cop->src, ses_ptr->alignmask + 1);
cop->flags &= ~COP_FLAG_NO_ZC;
}
if (unlikely(ses_ptr->alignmask && !IS_ALIGNED((unsigned long)cop->dst, ses_ptr->alignmask))) {
dwarning(2, "destination address %p is not %d byte aligned - disabling zero copy",
cop->dst, ses_ptr->alignmask + 1);
cop->flags &= ~COP_FLAG_NO_ZC;
}
}
if (cop->flags & COP_FLAG_NO_ZC)
ret = __crypto_run_std(ses_ptr, &kcop->cop);
else
ret = __crypto_run_zc(ses_ptr, kcop);
if (unlikely(ret))
goto out_unlock;
}
if (ses_ptr->cdata.init != 0) {
cryptodev_cipher_get_iv(&ses_ptr->cdata, kcop->iv,
min(ses_ptr->cdata.ivsize, kcop->ivlen));
}
if (ses_ptr->hdata.init != 0 &&
((cop->flags & COP_FLAG_FINAL) ||
(!(cop->flags & COP_FLAG_UPDATE) || cop->len == 0))) {
ret = cryptodev_hash_final(&ses_ptr->hdata, kcop->hash_output);
if (unlikely(ret)) {
derr(0, "CryptoAPI failure: %d", ret);
goto out_unlock;
}
kcop->digestsize = ses_ptr->hdata.digestsize;
}
if (ses_ptr->rdata.init != 0 && cop->len > 0) {
kcop->rng_output = kmalloc(cop->len, GFP_KERNEL);
if (unlikely(!kcop->rng_output)) {
derr(0, "Not enough space to store %d random bytes.", cop->len);
ret = -ENOMEM;
goto out_unlock;
}
ret = cryptodev_rng_get_bytes(&ses_ptr->rdata, kcop->rng_output, cop->len);
// some RNGs return 0 for success, while
// some return the number of bytes generated
if (unlikely(ret != 0 && ret != cop->len)) {
derr(0, "RNG failure: %d", ret);
kfree(kcop->rng_output); kcop->rng_output = NULL;
goto out_unlock;
}
ret = 0;
kcop->rnglen = cop->len;
}
out_unlock:
crypto_put_session(ses_ptr);
return ret;
}