static int p8_aes_cbc_init(struct crypto_tfm *tfm)
{
const char *alg;
struct crypto_blkcipher *fallback;
struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
if (!(alg = crypto_tfm_alg_name(tfm))) {
printk(KERN_ERR "Failed to get algorithm name.\n");
return -ENOENT;
}
fallback =
crypto_alloc_blkcipher(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
if (IS_ERR(fallback)) {
printk(KERN_ERR
"Failed to allocate transformation for '%s': %ld\n",
alg, PTR_ERR(fallback));
return PTR_ERR(fallback);
}
printk(KERN_INFO "Using '%s' as fallback implementation.\n",
crypto_tfm_alg_driver_name((struct crypto_tfm *) fallback));
crypto_blkcipher_set_flags(
fallback,
crypto_blkcipher_get_flags((struct crypto_blkcipher *)tfm));
ctx->fallback = fallback;
return 0;
}
static int crypto_rfc3686_setkey(struct crypto_tfm *parent, const u8 *key,
unsigned int keylen)
{
struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(parent);
struct crypto_blkcipher *child = ctx->child;
int err;
/* the nonce is stored in bytes at end of key */
if (keylen < CTR_RFC3686_NONCE_SIZE)
return -EINVAL;
memcpy(ctx->nonce, key + (keylen - CTR_RFC3686_NONCE_SIZE),
CTR_RFC3686_NONCE_SIZE);
keylen -= CTR_RFC3686_NONCE_SIZE;
crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
CRYPTO_TFM_REQ_MASK);
err = crypto_blkcipher_setkey(child, key, keylen);
crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
CRYPTO_TFM_RES_MASK);
return err;
}
static int crypto_cts_setkey(struct crypto_tfm *parent, const u8 *key,
unsigned int keylen)
{
struct crypto_cts_ctx *ctx = crypto_tfm_ctx(parent);
struct crypto_blkcipher *child = ctx->child;
int err;
crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
CRYPTO_TFM_REQ_MASK);
err = crypto_blkcipher_setkey(child, key, keylen);
crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
CRYPTO_TFM_RES_MASK);
return err;
}
static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen)
{
struct crypto_blkcipher **ctx = crypto_skcipher_ctx(tfm);
struct crypto_blkcipher *blkcipher = *ctx;
int err;
crypto_blkcipher_clear_flags(blkcipher, ~0);
crypto_blkcipher_set_flags(blkcipher, crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_MASK);
err = crypto_blkcipher_setkey(blkcipher, key, keylen);
crypto_skcipher_set_flags(tfm, crypto_blkcipher_get_flags(blkcipher) &
CRYPTO_TFM_RES_MASK);
return err;
}
void test_aes(void)
{
struct crypto_blkcipher *tfm;
struct blkcipher_desc desc;
u32 bs;
int i,j;
u32 npages;
struct scatterlist *src;
struct scatterlist *dst;
char *buf;
char **ins, **outs;
unsigned int ret;
u8 key[] = {0x00, 0x01, 0x02, 0x03, 0x05, 0x06, 0x07, 0x08, 0x0A, 0x0B, 0x0C, 0x0D, 0x0F, 0x10, 0x11, 0x12};
npages = MAX_BLK_SIZE/PAGE_SIZE;
src = kmalloc(npages*sizeof(struct scatterlist), __GFP_ZERO|GFP_KERNEL);
if (!src) {
printk("taes ERROR: failed to alloc src\n");
return;
}
dst = kmalloc(npages*sizeof(struct scatterlist), __GFP_ZERO|GFP_KERNEL);
if (!dst) {
printk("taes ERROR: failed to alloc dst\n");
kfree(src);
return;
}
ins = kmalloc(npages*sizeof(char*), __GFP_ZERO|GFP_KERNEL);
if (!ins) {
printk("taes ERROR: failed to alloc ins\n");
kfree(src);
kfree(dst);
return;
}
outs = kmalloc(npages*sizeof(char*), __GFP_ZERO|GFP_KERNEL);
if (!outs) {
printk("taes ERROR: failed to alloc outs\n");
kfree(src);
kfree(dst);
kfree(ins);
return;
}
tfm = crypto_alloc_blkcipher(CIPHER, 0, 0);
if (IS_ERR(tfm)) {
printk("failed to load transform for %s: %ld\n", CIPHER,
PTR_ERR(tfm));
goto out;
}
desc.tfm = tfm;
desc.flags = 0;
ret = crypto_blkcipher_setkey(tfm, key, sizeof(key));
if (ret) {
printk("setkey() failed flags=%x\n",
crypto_blkcipher_get_flags(tfm));
goto out;
}
sg_init_table(src, npages);
for (i=0; i<npages; i++) {
buf = (void *)__get_free_page(GFP_KERNEL);
if (!buf) {
printk("taes ERROR: alloc free page error\n");
goto free_err_pages;
}
ins[i] = buf;
strcpy(buf, "this is a plain text!");
sg_set_buf(src+i, buf, PAGE_SIZE);
buf = (void *)__get_free_page(GFP_KERNEL);
if (!buf) {
printk("taes ERROR: alloc free page error\n");
goto free_err_pages;
}
outs[i] = buf;
sg_set_buf(dst+i, buf, PAGE_SIZE);
}
for (bs = MAX_BLK_SIZE; bs >= MIN_BLK_SIZE; bs>>=1) {
struct timeval t0, t1;
long int enc, dec;
do_gettimeofday(&t0);
for (j=0; j<TEST_TIMES; j++) {
ret = crypto_blkcipher_encrypt(&desc, dst, src, bs);
if (ret) {
printk("taes ERROR: enc error\n");
goto free_err_pages;
}
}
do_gettimeofday(&t1);
enc = 1000000*(t1.tv_sec-t0.tv_sec) +
((int)(t1.tv_usec) - (int)(t0.tv_usec));
do_gettimeofday(&t0);
for (j=0; j<TEST_TIMES; j++) {
ret = crypto_blkcipher_decrypt(&desc, src, dst, bs);
if (ret) {
printk("taes ERROR: dec error\n");
goto free_err_pages;
}
}
do_gettimeofday(&t1);
dec = 1000000*(t1.tv_sec-t0.tv_sec) +
((int)(t1.tv_usec) - (int)(t0.tv_usec));
printk("Size %u, enc %ld, dec %ld\n",
bs, enc, dec);
}
free_err_pages:
for (i=0; i<npages && ins[i]; i++){
free_page((unsigned long)ins[i]);
}
for (i=0; i<npages && outs[i]; i++){
free_page((unsigned long)outs[i]);
}
out:
kfree(src);
kfree(dst);
kfree(ins);
kfree(outs);
crypto_free_blkcipher(tfm);
}
/*
* Function definition for sys_xcrypt.
* This function encrypts/decrypts files using AES Block Cipher algorithm using CBC mode.
*/
asmlinkage int sys_xcrypt( const char * const infile, const char * const opfile, const char * const keybuf, const int keylen, const short int flags ) {
const char algo[] = "cbc(aes)";
char *ipBuf = NULL, *opBuf = NULL, *iv = NULL, *inFile = NULL, *opFile = NULL, *keyBuf = NULL;
int errno = 0, ret = 0;
int actReadLen = 0, actWriteLen = 0, padLen = 0, blkSiz = 0, ipFileLen = 0, opFileLen = 0, keyLen = 0;
int delOpFile = 0, prmbLen = 0, idx = 0;
unsigned int fileSize = 0, factor = 1;
struct file *inFilePtr = NULL, *opFilePtr = NULL;
struct crypto_blkcipher *tfm = NULL;
struct blkcipher_desc desc;
struct scatterlist sg[2];
struct dentry *tmpDentry;
struct inode *tmpInode = NULL;
mm_segment_t oldfs;
/* Check for NULL pointers or invalid values */
if( ( NULL == infile ) || ( NULL == opfile ) || ( NULL == keybuf ) || ( ( _FLAG_ENCRYPT_ != flags ) && ( _FLAG_DECRYPT_ != flags ) ) ) {
printk( KERN_ALERT "Invalid I/P" );
errno = -EINVAL;
goto OUT_OK;
}
/* Verify if all the pointers belong to the user's own address space */
ret = access_ok( VERIFY_READ, infile, 0 );
if( !ret ) {
printk( KERN_ALERT "Invalid pointer to I/P file passed as argument" );
errno = -EFAULT;
goto OUT_OK;
}
ret = access_ok( VERIFY_READ, opfile, 0 );
if( !ret ) {
printk( KERN_ALERT "Invalid pointer to O/P file passed as argument" );
errno = -EFAULT;
goto OUT_OK;
}
ret = access_ok( VERIFY_READ, keybuf, 0 );
if( !ret ) {
printk( KERN_ALERT "Invalid pointer to Password passed as argument" );
errno = -EFAULT;
goto OUT_OK;
}
/* Find out the length of the i/p buffers */
ipFileLen = strlen_user( infile );
opFileLen = strlen_user( opfile );
keyLen = strlen_user( keybuf );
/* Allocate buffers to copy i/p arguments from user space to kernel space */
inFile = kmalloc( ipFileLen, GFP_KERNEL );
if( NULL == inFile ) {
errno = -ENOMEM;
goto OUT_OK;
}
else {
ret = strncpy_from_user( inFile, infile, ipFileLen );
if( ret < 0 ) {
errno = ret;
goto OUT_IP;
}
}
opFile = kmalloc( opFileLen, GFP_KERNEL );
if( NULL == opFile ) {
errno = -ENOMEM;
goto OUT_IP;
}
else {
ret = strncpy_from_user( opFile, opfile, opFileLen );
if( ret < 0 ) {
errno = ret;
goto OUT_IP;
}
}
keyBuf = kmalloc( keyLen, GFP_KERNEL );
if( NULL == keyBuf ) {
errno = -ENOMEM;
goto OUT_IP;
}
else {
ret = strncpy_from_user( keyBuf, keybuf, keyLen );
if( ret < 0 ) {
errno = ret;
goto OUT_IP;
}
}
/* Open I/P file. It will report error in case of non-existing file and bad permissions but not bad owner */
inFilePtr = filp_open( inFile, O_RDONLY, 0 );
if ( !inFilePtr || IS_ERR( inFilePtr ) ) {
errno = (int)PTR_ERR( inFilePtr );
printk( KERN_ALERT "Error opening i/p file: %d\n", errno );
inFilePtr = NULL;
goto OUT_IP;
}
/* Check if the file is a regular file or not */
if( !S_ISREG( inFilePtr->f_path.dentry->d_inode->i_mode ) ) {
printk( KERN_ALERT "Error as file is not a regular one" );
errno = -EBADF;
goto OUT_FILE;
}
/* Check if the I/p file and the process owner match */
if( ( current->real_cred->uid != inFilePtr->f_path.dentry->d_inode->i_uid ) && ( current->real_cred->uid != 0 ) ) {
printk( KERN_ALERT "Error as owner of file and process does not match" );
errno = -EACCES;
goto OUT_FILE;
}
/* Open O/P file with error handling */
opFilePtr = filp_open( opFile, O_WRONLY | O_CREAT | O_EXCL, 0 );
if ( !opFilePtr || IS_ERR( opFilePtr ) ) {
errno = (int)PTR_ERR( opFilePtr );
printk( KERN_ALERT "Error opening o/p file: %d\n", errno );
opFilePtr = NULL;
goto OUT_FILE;
}
/*
* Check if the infile and opfile point to the same file
* If they reside on the different file partition and have same name then it should be allowed else not
*/
if( ( inFilePtr->f_path.dentry->d_inode->i_sb == opFilePtr->f_path.dentry->d_inode->i_sb ) &&
( inFilePtr->f_path.dentry->d_inode->i_ino == opFilePtr->f_path.dentry->d_inode->i_ino ) ) {
printk( KERN_ALERT "I/p and O/p file cannot be same" );
errno = -EINVAL;
goto OUT_FILE;
}
/* Set the o/p file permission to i/p file */
opFilePtr->f_path.dentry->d_inode->i_mode = inFilePtr->f_path.dentry->d_inode->i_mode;
/* Set the file position to the beginning of the file */
inFilePtr->f_pos = 0;
opFilePtr->f_pos = 0;
/* Allocate buffer to read data into and to write data to. For performance reasons, set its size equal to PAGE_SIZE */
ipBuf = kmalloc( PAGE_SIZE, GFP_KERNEL );
if( NULL == ipBuf ) {
errno = -ENOMEM;
goto OUT_FILE;
}
memset( ipBuf, _NULL_CHAR_, PAGE_SIZE );
opBuf = kmalloc( PAGE_SIZE, GFP_KERNEL );
if( NULL == opBuf ) {
errno = -ENOMEM;
goto OUT_DATA_PAGE;
}
memset( opBuf, _NULL_CHAR_, PAGE_SIZE );
/* Allocate tfm */
tfm = crypto_alloc_blkcipher( algo, 0, CRYPTO_ALG_ASYNC );
if ( NULL == tfm ) {
printk( KERN_ALERT "Failed to load transform for %s: %ld\n", algo, PTR_ERR( tfm ) );
errno = -EINVAL;
goto OUT_DATA_PAGE;
}
/* Initialize desc */
desc.tfm = tfm;
desc.flags = 0;
ret = crypto_blkcipher_setkey( tfm, keybuf, keylen );
if( ret ) {
printk( "Setkey() failed. Flags=%x\n", crypto_blkcipher_get_flags( tfm ) );
errno = -EINVAL;
goto OUT_CIPHER;
}
/* Initialize sg structure */
FILL_SG( &sg[0], ipBuf, PAGE_SIZE );
FILL_SG( &sg[1], opBuf, PAGE_SIZE );
/* Get the block size */
blkSiz = ((tfm->base).__crt_alg)->cra_blocksize;
/* Initialize IV */
iv = kmalloc( blkSiz, GFP_KERNEL );
if( NULL == iv ) {
errno = -ENOMEM;
goto OUT_CIPHER;
}
memset( iv, _NULL_CHAR_, blkSiz );
crypto_blkcipher_set_iv( tfm, iv, crypto_blkcipher_ivsize( tfm ) );
/* Store the key and file size in encrypted form in the preamble */
switch( flags ) {
case _FLAG_ENCRYPT_:
memcpy( ipBuf, keybuf, keylen );
prmbLen = keylen;
fileSize = (unsigned int)inFilePtr->f_path.dentry->d_inode->i_size;
while( fileSize ) {
ipBuf[ prmbLen + idx ] = fileSize % 10;
fileSize /= 10;
++idx;
}
prmbLen += idx;
#ifdef _DEBUG_
printk( KERN_ALERT "idx=%d prmbLen=%d\n", idx, prmbLen );
#endif
memset( ipBuf + prmbLen, _ETX_, _UL_MAX_SIZE_ - idx );
prmbLen += ( _UL_MAX_SIZE_ - idx );
#ifdef _DEBUG_
printk( KERN_ALERT "prmbLen=%d\n", prmbLen );
#endif
padLen = blkSiz - ( prmbLen % blkSiz );
memset( ipBuf + prmbLen, _ETX_, padLen );
prmbLen += padLen;
#ifdef _DEBUG_
printk( KERN_ALERT "padLen=%d prmbLen=%d\n", padLen, prmbLen );
#endif
ret = crypto_blkcipher_encrypt( &desc, &sg[1], &sg[0], prmbLen );
if (ret) {
printk( KERN_ALERT "Encryption failed. Flags=0x%x\n", tfm->base.crt_flags );
delOpFile = 1;
goto OUT_IV;
}
oldfs = get_fs();
set_fs( KERNEL_DS );
opFilePtr->f_op->write( opFilePtr, opBuf, prmbLen, &opFilePtr->f_pos );
/* Reset the address space to user one */
set_fs( oldfs );
break;
case _FLAG_DECRYPT_:
/* Set the address space to kernel one */
oldfs = get_fs();
set_fs( KERNEL_DS );
prmbLen = keylen + _UL_MAX_SIZE_;
padLen = blkSiz - ( prmbLen % blkSiz );
prmbLen += padLen;
#ifdef _DEBUG_
printk( KERN_ALERT "padLen=%d prmbLen=%d\n", padLen, prmbLen );
#endif
actReadLen = inFilePtr->f_op->read( inFilePtr, ipBuf, prmbLen, &inFilePtr->f_pos );
if( actReadLen != prmbLen ) {
printk( KERN_ALERT "Requested number of bytes for preamble are lesser" );
delOpFile = 1;
goto OUT_IV;
}
#ifdef _DEBUG_
printk( KERN_ALERT "actReadLen=%d\n", actReadLen );
#endif
/* Reset the address space to user one */
set_fs( oldfs );
ret = crypto_blkcipher_decrypt( &desc, &sg[1], &sg[0], prmbLen );
if (ret) {
printk( KERN_ALERT "Decryption failed. Flags=0x%x\n", tfm->base.crt_flags );
delOpFile = 1;
goto OUT_IV;
}
ret = memcmp( keybuf, opBuf, keylen );
if( ret ) {
printk( "Wrong password entered." );
errno = -EKEYREJECTED;
goto OUT_IV;
}
idx = 0;
fileSize = 0;
while( opBuf[ keylen + idx ] != _ETX_ ) {
fileSize += opBuf[ keylen + idx ] * factor;
factor *= 10;
++idx;
}
#ifdef _DEBUG_
printk( KERN_ALERT "idx=%d fileSize=%u\n", idx, fileSize );
#endif
break;
}
/* Read file till the file pointer reaches to the EOF */
while( inFilePtr->f_pos < inFilePtr->f_path.dentry->d_inode->i_size ) {
/* Initialize it to NULL char */
memset( ipBuf, _NULL_CHAR_, PAGE_SIZE );
memset( opBuf, _NULL_CHAR_, PAGE_SIZE );
/* Set the address space to kernel one */
oldfs = get_fs();
set_fs( KERNEL_DS );
actReadLen = inFilePtr->f_op->read( inFilePtr, ipBuf, PAGE_SIZE, &inFilePtr->f_pos );
/* Reset the address space to user one */
set_fs( oldfs );
/* As per the i/p flag, do encryption/decryption */
switch( flags ) {
case _FLAG_ENCRYPT_:
/* For encryption ensure padding as per the block size */
#ifdef _DEBUG_
printk( KERN_ALERT "Bytes read from I/P file ::%d::\n", actReadLen );
#endif
if( actReadLen % blkSiz ) {
padLen = blkSiz - ( actReadLen % blkSiz );
memset( ipBuf + actReadLen, _ETX_, padLen );
actReadLen += padLen;
}
#ifdef _DEBUG_
printk( KERN_ALERT "Pad Length ::%d::\n", padLen );
printk( KERN_ALERT "Data read from I/P file ::%s::\n", ipBuf );
#endif
/* Encrypt the data */
ret = crypto_blkcipher_encrypt( &desc, &sg[1], &sg[0], PAGE_SIZE );
if (ret) {
printk( KERN_ALERT "Encryption failed. Flags=0x%x\n", tfm->base.crt_flags );
delOpFile = 1;
goto OUT_IV;
}
break;
case _FLAG_DECRYPT_:
/* Decrypt the data */
ret = crypto_blkcipher_decrypt( &desc, &sg[1], &sg[0], PAGE_SIZE );
if (ret) {
printk( KERN_ALERT "Decryption failed. Flags=0x%x\n", tfm->base.crt_flags );
delOpFile = 1;
goto OUT_IV;
}
#ifdef _DEBUG_
printk( KERN_ALERT "Bytes read from I/P file ::%d::\n", actReadLen );
#endif
while( _ETX_ == opBuf[ actReadLen - 1 ] ) {
opBuf[ actReadLen - 1 ] = _NULL_CHAR_;
--actReadLen;
}
#ifdef _DEBUG_
printk( KERN_ALERT "Bytes read from I/P file ::%d::\n", actReadLen );
printk( KERN_ALERT "Data read from I/P file ::%s::\n", opBuf );
#endif
break;
}
/*
* Start writing to the o/p file
* Set the address space to kernel one
*/
oldfs = get_fs();
set_fs( KERNEL_DS );
actWriteLen = opFilePtr->f_op->write( opFilePtr, opBuf, actReadLen, &opFilePtr->f_pos );
/* Reset the address space to user one */
set_fs( oldfs );
#ifdef _DEBUG_
printk( KERN_ALERT "Bytes written to O/P file ::%d::\n", actWriteLen );
#endif
}
/* Free iv */
OUT_IV:
kfree( iv );
iv = NULL;
printk( KERN_ALERT "Memory for IV freed ..." );
/* Free tfm */
OUT_CIPHER:
crypto_free_blkcipher( tfm );
printk( KERN_ALERT "Encryption Transform freed ..." );
/* Free i/p and o/p buffers */
OUT_DATA_PAGE:
if( ipBuf ) {
kfree( ipBuf );
ipBuf = NULL;
}
if( opBuf ) {
kfree( opBuf );
opBuf = NULL;
}
printk( KERN_ALERT "Memory for encrption/decryption freed ..." );
/* Close any open files */
OUT_FILE:
if( inFilePtr ) {
filp_close( inFilePtr, NULL );
inFilePtr = NULL;
printk( KERN_ALERT "I/p file closed ..." );
}
if( opFilePtr ) {
filp_close( opFilePtr, NULL );
opFilePtr = NULL;
printk( KERN_ALERT "O/p file closed ..." );
}
if( delOpFile ) {
opFilePtr = filp_open( opFile, O_WRONLY , 0 );
if ( !opFilePtr || IS_ERR( opFilePtr ) ) {
opFilePtr = NULL;
goto OUT_IP;
}
tmpDentry = opFilePtr->f_path.dentry;
tmpInode = tmpDentry->d_parent->d_inode;
filp_close( opFilePtr, NULL );
vfs_unlink( tmpInode, tmpDentry );
printk( KERN_ALERT "O/p file deleted ..." );
}
OUT_IP:
if( inFile ) {
kfree( inFile );
inFile = NULL;
}
if( opFile ) {
kfree( opFile );
opFile = NULL;
}
if( keyBuf ) {
kfree( keyBuf );
keyBuf = NULL;
}
printk( KERN_ALERT "Memory for I/P parameters freed ..." );
/* Return final status */
OUT_OK:
printk( KERN_ALERT "Exiting function sys_xcrypt ..." );
return errno;
}
