Apply Crypto API wrappers to the exported crypto symbol in CONFIG_CRYPTO_SKCIPHER2-related crypto to convert them into pluggable interface.
This patch is partially based on work by Vegard Nossum, with modifications. Unlike the original, we do not include DEFINE_CRYPTO_API since only one copy of the crypto symbols is kept, either in the crypto module or in the main kernel, and we ensure such wrapper do not have impact on crypto already chosen built as module. Co-developed-by: Vegard Nossum <[email protected]> Signed-off-by: Jay Wang <[email protected]> --- crypto/Makefile | 4 +- crypto/bpf_crypto_skcipher.c | 4 +- crypto/fips140/fips140-api.c | 47 +++++++++++++++ include/crypto/internal/skcipher.h | 91 +++++++++++++++++++----------- include/crypto/skcipher.h | 56 +++++++++++------- 5 files changed, 145 insertions(+), 57 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index b05fdfacf170..546f80e014e1 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -21,9 +21,9 @@ crypto-objs-$(CONFIG_CRYPTO_GENIV) += geniv.o crypto_skcipher-y += lskcipher.o crypto_skcipher-y += skcipher.o -obj-$(CONFIG_CRYPTO_SKCIPHER2) += crypto_skcipher.o +crypto-objs-$(CONFIG_CRYPTO_SKCIPHER2) += crypto_skcipher.o ifeq ($(CONFIG_BPF_SYSCALL),y) -obj-$(CONFIG_CRYPTO_SKCIPHER2) += bpf_crypto_skcipher.o +crypto-objs-$(CONFIG_CRYPTO_SKCIPHER2) += bpf_crypto_skcipher.o endif obj-$(CONFIG_CRYPTO_SEQIV) += seqiv.o diff --git a/crypto/bpf_crypto_skcipher.c b/crypto/bpf_crypto_skcipher.c index a88798d3e8c8..764bfc27e477 100644 --- a/crypto/bpf_crypto_skcipher.c +++ b/crypto/bpf_crypto_skcipher.c @@ -77,7 +77,7 @@ static void __exit bpf_crypto_skcipher_exit(void) WARN_ON_ONCE(err); } -module_init(bpf_crypto_skcipher_init); -module_exit(bpf_crypto_skcipher_exit); +crypto_module_init(bpf_crypto_skcipher_init); +crypto_module_exit(bpf_crypto_skcipher_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Symmetric key cipher support for BPF"); diff --git a/crypto/fips140/fips140-api.c b/crypto/fips140/fips140-api.c index 55129c62d813..e256b0f3e4a6 100644 --- a/crypto/fips140/fips140-api.c +++ b/crypto/fips140/fips140-api.c @@ -142,4 +142,51 @@ DEFINE_CRYPTO_API_STUB(aead_geniv_alloc); DEFINE_CRYPTO_API_STUB(aead_init_geniv); DEFINE_CRYPTO_API_STUB(aead_exit_geniv); +#endif + +/* + * crypto/lskcipher.c + */ +#if IS_BUILTIN(CONFIG_CRYPTO_SKCIPHER2) + +#include <crypto/skcipher.h> + +DEFINE_CRYPTO_API_STUB(crypto_alloc_lskcipher); +DEFINE_CRYPTO_API_STUB(crypto_lskcipher_setkey); +DEFINE_CRYPTO_API_STUB(crypto_lskcipher_encrypt); +DEFINE_CRYPTO_API_STUB(crypto_lskcipher_decrypt); + +#include <crypto/internal/skcipher.h> + +DEFINE_CRYPTO_API_STUB(crypto_grab_lskcipher); +DEFINE_CRYPTO_API_STUB(crypto_register_lskcipher); +DEFINE_CRYPTO_API_STUB(crypto_unregister_lskcipher); +DEFINE_CRYPTO_API_STUB(crypto_register_lskciphers); +DEFINE_CRYPTO_API_STUB(crypto_unregister_lskciphers); +DEFINE_CRYPTO_API_STUB(lskcipher_register_instance); +DEFINE_CRYPTO_API_STUB(lskcipher_alloc_instance_simple); + +/* + * crypto/skcipher.c + */ +DEFINE_CRYPTO_API_STUB(crypto_alloc_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_alloc_sync_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_has_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_skcipher_setkey); +DEFINE_CRYPTO_API_STUB(crypto_skcipher_encrypt); +DEFINE_CRYPTO_API_STUB(crypto_skcipher_decrypt); +DEFINE_CRYPTO_API_STUB(crypto_skcipher_export); +DEFINE_CRYPTO_API_STUB(crypto_skcipher_import); +DEFINE_CRYPTO_API_STUB(crypto_grab_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_register_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_unregister_skcipher); +DEFINE_CRYPTO_API_STUB(crypto_register_skciphers); +DEFINE_CRYPTO_API_STUB(crypto_unregister_skciphers); +DEFINE_CRYPTO_API_STUB(skcipher_register_instance); +DEFINE_CRYPTO_API_STUB(skcipher_walk_done); +DEFINE_CRYPTO_API_STUB(skcipher_walk_virt); +DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_encrypt); +DEFINE_CRYPTO_API_STUB(skcipher_walk_aead_decrypt); +DEFINE_CRYPTO_API_STUB(skcipher_alloc_instance_simple); + #endif \ No newline at end of file diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index a965b6aabf61..b571c58269bc 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -8,6 +8,7 @@ #ifndef _CRYPTO_INTERNAL_SKCIPHER_H #define _CRYPTO_INTERNAL_SKCIPHER_H +#include <crypto/api.h> #include <crypto/algapi.h> #include <crypto/internal/cipher.h> #include <crypto/skcipher.h> @@ -136,13 +137,13 @@ static inline void skcipher_request_complete(struct skcipher_request *req, int e crypto_request_complete(&req->base, err); } -int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn, - struct crypto_instance *inst, - const char *name, u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_grab_skcipher, int, + (struct crypto_skcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask), + (spawn, inst, name, type, mask)); -int crypto_grab_lskcipher(struct crypto_lskcipher_spawn *spawn, - struct crypto_instance *inst, - const char *name, u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_grab_lskcipher, int, + (struct crypto_lskcipher_spawn *spawn, struct crypto_instance *inst, const char *name, u32 type, u32 mask), + (spawn, inst, name, type, mask)); static inline void crypto_drop_skcipher(struct crypto_skcipher_spawn *spawn) { @@ -197,30 +198,50 @@ static inline void crypto_skcipher_set_reqsize_dma( skcipher->reqsize = reqsize; } -int crypto_register_skcipher(struct skcipher_alg *alg); -void crypto_unregister_skcipher(struct skcipher_alg *alg); -int crypto_register_skciphers(struct skcipher_alg *algs, int count); -void crypto_unregister_skciphers(struct skcipher_alg *algs, int count); -int skcipher_register_instance(struct crypto_template *tmpl, - struct skcipher_instance *inst); - -int crypto_register_lskcipher(struct lskcipher_alg *alg); -void crypto_unregister_lskcipher(struct lskcipher_alg *alg); -int crypto_register_lskciphers(struct lskcipher_alg *algs, int count); -void crypto_unregister_lskciphers(struct lskcipher_alg *algs, int count); -int lskcipher_register_instance(struct crypto_template *tmpl, - struct lskcipher_instance *inst); - -int skcipher_walk_done(struct skcipher_walk *walk, int res); -int skcipher_walk_virt(struct skcipher_walk *__restrict walk, - struct skcipher_request *__restrict req, - bool atomic); -int skcipher_walk_aead_encrypt(struct skcipher_walk *__restrict walk, - struct aead_request *__restrict req, - bool atomic); -int skcipher_walk_aead_decrypt(struct skcipher_walk *__restrict walk, - struct aead_request *__restrict req, - bool atomic); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_register_skcipher, int, + (struct skcipher_alg *alg), + (alg)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_unregister_skcipher, void, + (struct skcipher_alg *alg), + (alg)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_register_skciphers, int, + (struct skcipher_alg *algs, int count), + (algs, count)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_unregister_skciphers, void, + (struct skcipher_alg *algs, int count), + (algs, count)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_register_instance, int, + (struct crypto_template *tmpl, struct skcipher_instance *inst), + (tmpl, inst)); + +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_register_lskcipher, int, + (struct lskcipher_alg *alg), + (alg)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_unregister_lskcipher, void, + (struct lskcipher_alg *alg), + (alg)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_register_lskciphers, int, + (struct lskcipher_alg *algs, int count), + (algs, count)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_unregister_lskciphers, void, + (struct lskcipher_alg *algs, int count), + (algs, count)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, lskcipher_register_instance, int, + (struct crypto_template *tmpl, struct lskcipher_instance *inst), + (tmpl, inst)); + +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_walk_done, int, + (struct skcipher_walk *walk, int res), + (walk, res)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_walk_virt, int, + (struct skcipher_walk *__restrict walk, struct skcipher_request *__restrict req, bool atomic), + (walk, req, atomic)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_walk_aead_encrypt, int, + (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic), + (walk, req, atomic)); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_walk_aead_decrypt, int, + (struct skcipher_walk *__restrict walk, struct aead_request *__restrict req, bool atomic), + (walk, req, atomic)); static inline void skcipher_walk_abort(struct skcipher_walk *walk) { @@ -281,8 +302,9 @@ skcipher_cipher_simple(struct crypto_skcipher *tfm) return ctx->cipher; } -struct skcipher_instance *skcipher_alloc_instance_simple( - struct crypto_template *tmpl, struct rtattr **tb); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, skcipher_alloc_instance_simple, struct skcipher_instance *, + (struct crypto_template *tmpl, struct rtattr **tb), + (tmpl, tb)); static inline struct crypto_alg *skcipher_ialg_simple( struct skcipher_instance *inst) @@ -300,8 +322,9 @@ static inline struct crypto_lskcipher *lskcipher_cipher_simple( return *ctx; } -struct lskcipher_instance *lskcipher_alloc_instance_simple( - struct crypto_template *tmpl, struct rtattr **tb); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, lskcipher_alloc_instance_simple, struct lskcipher_instance *, + (struct crypto_template *tmpl, struct rtattr **tb), + (tmpl, tb)); static inline struct lskcipher_alg *lskcipher_ialg_simple( struct lskcipher_instance *inst) diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 9e5853464345..39282b83a280 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -8,6 +8,7 @@ #ifndef _CRYPTO_SKCIPHER_H #define _CRYPTO_SKCIPHER_H +#include <crypto/api.h> #include <linux/atomic.h> #include <linux/container_of.h> #include <linux/crypto.h> @@ -276,11 +277,13 @@ static inline struct crypto_skcipher *__crypto_skcipher_cast( * Return: allocated cipher handle in case of success; IS_ERR() is true in case * of an error, PTR_ERR() returns the error code. */ -struct crypto_skcipher *crypto_alloc_skcipher(const char *alg_name, - u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_alloc_skcipher, struct crypto_skcipher *, + (const char *alg_name, u32 type, u32 mask), + (alg_name, type, mask)); -struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, - u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_alloc_sync_skcipher, struct crypto_sync_skcipher *, + (const char *alg_name, u32 type, u32 mask), + (alg_name, type, mask)); /** @@ -297,8 +300,9 @@ struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(const char *alg_name, * Return: allocated cipher handle in case of success; IS_ERR() is true in case * of an error, PTR_ERR() returns the error code. */ -struct crypto_lskcipher *crypto_alloc_lskcipher(const char *alg_name, - u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_alloc_lskcipher, struct crypto_lskcipher *, + (const char *alg_name, u32 type, u32 mask), + (alg_name, type, mask)); static inline struct crypto_tfm *crypto_skcipher_tfm( struct crypto_skcipher *tfm) @@ -355,7 +359,9 @@ static inline void crypto_free_lskcipher(struct crypto_lskcipher *tfm) * Return: true when the skcipher is known to the kernel crypto API; false * otherwise */ -int crypto_has_skcipher(const char *alg_name, u32 type, u32 mask); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_has_skcipher, int, + (const char *alg_name, u32 type, u32 mask), + (alg_name, type, mask)); static inline const char *crypto_skcipher_driver_name( struct crypto_skcipher *tfm) @@ -611,8 +617,9 @@ static inline void crypto_lskcipher_clear_flags(struct crypto_lskcipher *tfm, * * Return: 0 if the setting of the key was successful; < 0 if an error occurred */ -int crypto_skcipher_setkey(struct crypto_skcipher *tfm, - const u8 *key, unsigned int keylen); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_skcipher_setkey, int, + (struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen), + (tfm, key, keylen)); static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, const u8 *key, unsigned int keylen) @@ -636,8 +643,9 @@ static inline int crypto_sync_skcipher_setkey(struct crypto_sync_skcipher *tfm, * * Return: 0 if the setting of the key was successful; < 0 if an error occurred */ -int crypto_lskcipher_setkey(struct crypto_lskcipher *tfm, - const u8 *key, unsigned int keylen); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_lskcipher_setkey, int, + (struct crypto_lskcipher *tfm, const u8 *key, unsigned int keylen), + (tfm, key, keylen)); static inline unsigned int crypto_skcipher_min_keysize( struct crypto_skcipher *tfm) @@ -697,7 +705,9 @@ static inline struct crypto_sync_skcipher *crypto_sync_skcipher_reqtfm( * * Return: 0 if the cipher operation was successful; < 0 if an error occurred */ -int crypto_skcipher_encrypt(struct skcipher_request *req); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_skcipher_encrypt, int, + (struct skcipher_request *req), + (req)); /** * crypto_skcipher_decrypt() - decrypt ciphertext @@ -710,7 +720,9 @@ int crypto_skcipher_encrypt(struct skcipher_request *req); * * Return: 0 if the cipher operation was successful; < 0 if an error occurred */ -int crypto_skcipher_decrypt(struct skcipher_request *req); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_skcipher_decrypt, int, + (struct skcipher_request *req), + (req)); /** * crypto_skcipher_export() - export partial state @@ -728,7 +740,9 @@ int crypto_skcipher_decrypt(struct skcipher_request *req); * * Return: 0 if the cipher operation was successful; < 0 if an error occurred */ -int crypto_skcipher_export(struct skcipher_request *req, void *out); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_skcipher_export, int, + (struct skcipher_request *req, void *out), + (req, out)); /** * crypto_skcipher_import() - import partial state @@ -743,7 +757,9 @@ int crypto_skcipher_export(struct skcipher_request *req, void *out); * * Return: 0 if the cipher operation was successful; < 0 if an error occurred */ -int crypto_skcipher_import(struct skcipher_request *req, const void *in); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_skcipher_import, int, + (struct skcipher_request *req, const void *in), + (req, in)); /** * crypto_lskcipher_encrypt() - encrypt plaintext @@ -761,8 +777,9 @@ int crypto_skcipher_import(struct skcipher_request *req, const void *in); * then this many bytes have been left unprocessed; * < 0 if an error occurred */ -int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, - u8 *dst, unsigned len, u8 *siv); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_lskcipher_encrypt, int, + (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv), + (tfm, src, dst, len, siv)); /** * crypto_lskcipher_decrypt() - decrypt ciphertext @@ -781,8 +798,9 @@ int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, * then this many bytes have been left unprocessed; * < 0 if an error occurred */ -int crypto_lskcipher_decrypt(struct crypto_lskcipher *tfm, const u8 *src, - u8 *dst, unsigned len, u8 *siv); +DECLARE_CRYPTO_API(CONFIG_CRYPTO_SKCIPHER2, crypto_lskcipher_decrypt, int, + (struct crypto_lskcipher *tfm, const u8 *src, u8 *dst, unsigned len, u8 *siv), + (tfm, src, dst, len, siv)); /** * DOC: Symmetric Key Cipher Request Handle -- 2.47.3
