Lines Matching +full:byte +full:- +full:len
1 // SPDX-License-Identifier: BSD-3-Clause
84 size_t offset, size_t len) in crypto_shash_update_sg() argument
92 for (i = 0; i < len; i += n) { in crypto_shash_update_sg()
94 n = min(miter.length, len - i); in crypto_shash_update_sg()
111 if (WARN_ON(in->len != out->len)) in rfc3961_do_encrypt()
112 return -EINVAL; in rfc3961_do_encrypt()
113 if (out->len % crypto_sync_skcipher_blocksize(tfm) != 0) in rfc3961_do_encrypt()
114 return -EINVAL; in rfc3961_do_encrypt()
117 return -EINVAL; in rfc3961_do_encrypt()
122 memcpy(out->data, in->data, out->len); in rfc3961_do_encrypt()
123 sg_init_one(sg, out->data, out->len); in rfc3961_do_encrypt()
127 skcipher_request_set_crypt(req, sg, sg, out->len, local_iv); in rfc3961_do_encrypt()
145 int ret = -ENOMEM; in rfc3961_calc_H()
147 tfm = crypto_alloc_shash(krb5->hash_name, 0, 0); in rfc3961_calc_H()
149 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); in rfc3961_calc_H()
157 digest->len = crypto_shash_digestsize(tfm); in rfc3961_calc_H()
158 digest->data = kzalloc(digest->len, gfp); in rfc3961_calc_H()
159 if (!digest->data) in rfc3961_calc_H()
162 desc->tfm = tfm; in rfc3961_calc_H()
167 ret = crypto_shash_finup(desc, data->data, data->len, digest->data); in rfc3961_calc_H()
174 kfree_sensitive(digest->data); in rfc3961_calc_H()
183 * This is the n-fold function as described in rfc3961, sec 5.1
188 const u8 *in = source->data; in rfc3961_nfold()
189 u8 *out = result->data; in rfc3961_nfold()
192 int byte, i, msbit; in rfc3961_nfold() local
195 inbits = source->len; in rfc3961_nfold()
196 outbits = result->len; in rfc3961_nfold()
203 byte = 0; in rfc3961_nfold()
208 for (i = ulcm-1; i >= 0; i--) { in rfc3961_nfold()
209 /* compute the msbit in k which gets added into this byte */ in rfc3961_nfold()
212 * unrotated byte in rfc3961_nfold()
214 ((inbits << 3) - 1) + in rfc3961_nfold()
215 /* then, for each byte, shift to the right in rfc3961_nfold()
219 /* last, pick out the correct byte within in rfc3961_nfold()
222 ((inbits - (i % inbits)) << 3) in rfc3961_nfold()
225 /* pull out the byte value itself */ in rfc3961_nfold()
226 byte += (((in[((inbits - 1) - (msbit >> 3)) % inbits] << 8) | in rfc3961_nfold()
227 (in[((inbits) - (msbit >> 3)) % inbits])) in rfc3961_nfold()
231 byte += out[i % outbits]; in rfc3961_nfold()
232 out[i % outbits] = byte & 0xff; in rfc3961_nfold()
235 byte >>= 8; in rfc3961_nfold()
239 if (byte) { in rfc3961_nfold()
240 for (i = outbits - 1; i >= 0; i--) { in rfc3961_nfold()
242 byte += out[i]; in rfc3961_nfold()
243 out[i] = byte & 0xff; in rfc3961_nfold()
246 byte >>= 8; in rfc3961_nfold()
252 * Calculate a derived key, DK(Base Key, Well-Known Constant)
254 * DK(Key, Constant) = random-to-key(DR(Key, Constant))
255 * DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state))
256 * K1 = E(Key, n-fold(Constant), initial-cipher-state)
257 * K2 = E(Key, K1, initial-cipher-state)
258 * K3 = E(Key, K2, initial-cipher-state)
260 * DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)
272 int ret = -EINVAL; in rfc3961_calc_DK()
274 blocksize = krb5->block_len; in rfc3961_calc_DK()
275 keybytes = krb5->key_bytes; in rfc3961_calc_DK()
276 keylength = krb5->key_len; in rfc3961_calc_DK()
278 if (inkey->len != keylength || result->len != keylength) in rfc3961_calc_DK()
279 return -EINVAL; in rfc3961_calc_DK()
280 if (!krb5->random_to_key && result->len != keybytes) in rfc3961_calc_DK()
281 return -EINVAL; in rfc3961_calc_DK()
283 cipher = crypto_alloc_sync_skcipher(krb5->derivation_enc, 0, 0); in rfc3961_calc_DK()
285 ret = (PTR_ERR(cipher) == -ENOENT) ? -ENOPKG : PTR_ERR(cipher); in rfc3961_calc_DK()
288 ret = crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len); in rfc3961_calc_DK()
292 ret = -ENOMEM; in rfc3961_calc_DK()
297 inblock.len = blocksize; in rfc3961_calc_DK()
299 outblock.len = blocksize; in rfc3961_calc_DK()
301 rawkey.len = keybytes; in rfc3961_calc_DK()
305 if (in_constant->len == inblock.len) in rfc3961_calc_DK()
306 memcpy(inblock.data, in_constant->data, inblock.len); in rfc3961_calc_DK()
312 while (n < rawkey.len) { in rfc3961_calc_DK()
315 if (keybytes - n <= outblock.len) { in rfc3961_calc_DK()
316 memcpy(rawkey.data + n, outblock.data, keybytes - n); in rfc3961_calc_DK()
320 memcpy(rawkey.data + n, outblock.data, outblock.len); in rfc3961_calc_DK()
321 memcpy(inblock.data, outblock.data, outblock.len); in rfc3961_calc_DK()
322 n += outblock.len; in rfc3961_calc_DK()
326 if (!krb5->random_to_key) { in rfc3961_calc_DK()
327 /* Identity random-to-key function. */ in rfc3961_calc_DK()
328 memcpy(result->data, rawkey.data, rawkey.len); in rfc3961_calc_DK()
331 ret = krb5->random_to_key(krb5, &rawkey, result); in rfc3961_calc_DK()
355 cipher = crypto_alloc_sync_skcipher(krb5->derivation_enc, 0, 0); in rfc3961_calc_E()
357 ret = (PTR_ERR(cipher) == -ENOENT) ? -ENOPKG : PTR_ERR(cipher); in rfc3961_calc_E()
361 ret = crypto_sync_skcipher_setkey(cipher, key->data, key->len); in rfc3961_calc_E()
374 * Calculate the pseudo-random function, PRF().
376 * tmp1 = H(octet-string)
378 * PRF = E(DK(protocol-key, prfconstant), tmp2, initial-cipher-state)
380 * The "prfconstant" used in the PRF operation is the three-octet string
393 unsigned int m = krb5->block_len; in rfc3961_calc_PRF()
397 if (result->len != krb5->prf_len) in rfc3961_calc_PRF()
398 return -EINVAL; in rfc3961_calc_PRF()
400 tmp1.len = krb5->hash_len; in rfc3961_calc_PRF()
401 derived_key.len = krb5->key_bytes; in rfc3961_calc_PRF()
402 buffer = kzalloc(round16(tmp1.len) + round16(derived_key.len), gfp); in rfc3961_calc_PRF()
404 return -ENOMEM; in rfc3961_calc_PRF()
407 derived_key.data = buffer + round16(tmp1.len); in rfc3961_calc_PRF()
413 tmp2.len = tmp1.len & ~(m - 1); in rfc3961_calc_PRF()
442 Ke.len = krb5->Ke_len; in authenc_derive_encrypt_keys()
443 Ki.len = krb5->Ki_len; in authenc_derive_encrypt_keys()
444 setkey->len = RTA_LENGTH(sizeof(*param)) + Ke.len + Ki.len; in authenc_derive_encrypt_keys()
445 setkey->data = kzalloc(setkey->len, GFP_KERNEL); in authenc_derive_encrypt_keys()
446 if (!setkey->data) in authenc_derive_encrypt_keys()
447 return -ENOMEM; in authenc_derive_encrypt_keys()
449 rta = setkey->data; in authenc_derive_encrypt_keys()
450 rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; in authenc_derive_encrypt_keys()
451 rta->rta_len = RTA_LENGTH(sizeof(*param)); in authenc_derive_encrypt_keys()
453 param->enckeylen = htonl(Ke.len); in authenc_derive_encrypt_keys()
456 Ke.data = Ki.data + Ki.len; in authenc_derive_encrypt_keys()
482 setkey->len = RTA_LENGTH(sizeof(*param)) + Ke->len + Ki->len; in authenc_load_encrypt_keys()
483 setkey->data = kzalloc(setkey->len, GFP_KERNEL); in authenc_load_encrypt_keys()
484 if (!setkey->data) in authenc_load_encrypt_keys()
485 return -ENOMEM; in authenc_load_encrypt_keys()
487 rta = setkey->data; in authenc_load_encrypt_keys()
488 rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; in authenc_load_encrypt_keys()
489 rta->rta_len = RTA_LENGTH(sizeof(*param)); in authenc_load_encrypt_keys()
491 param->enckeylen = htonl(Ke->len); in authenc_load_encrypt_keys()
492 memcpy((void *)(param + 1), Ki->data, Ki->len); in authenc_load_encrypt_keys()
493 memcpy((void *)(param + 1) + Ki->len, Ke->data, Ke->len); in authenc_load_encrypt_keys()
498 * Derive the Kc key for checksum-only mode and package it into a key parameter
509 setkey->len = krb5->Kc_len; in rfc3961_derive_checksum_key()
510 setkey->data = kzalloc(setkey->len, GFP_KERNEL); in rfc3961_derive_checksum_key()
511 if (!setkey->data) in rfc3961_derive_checksum_key()
512 return -ENOMEM; in rfc3961_derive_checksum_key()
521 * Package a predefined Kc key for checksum-only mode into a key parameter that
529 setkey->len = krb5->Kc_len; in rfc3961_load_checksum_key()
530 setkey->data = kmemdup(Kc->data, Kc->len, GFP_KERNEL); in rfc3961_load_checksum_key()
531 if (!setkey->data) in rfc3961_load_checksum_key()
532 return -ENOMEM; in rfc3961_load_checksum_key()
551 if (WARN_ON(data_offset != krb5->conf_len)) in krb5_aead_encrypt()
552 return -EINVAL; /* Data is in wrong place */ in krb5_aead_encrypt()
555 base_len = krb5->conf_len + data_len; in krb5_aead_encrypt()
559 if (WARN_ON(cksum_offset + krb5->cksum_len > sg_len)) in krb5_aead_encrypt()
560 return -EFAULT; in krb5_aead_encrypt()
566 return -ENOMEM; in krb5_aead_encrypt()
569 ret = -EFAULT; in krb5_aead_encrypt()
571 get_random_bytes(buffer, krb5->conf_len); in krb5_aead_encrypt()
572 done = sg_pcopy_from_buffer(sg, nr_sg, buffer, krb5->conf_len, in krb5_aead_encrypt()
574 if (done != krb5->conf_len) in krb5_aead_encrypt()
596 ret = secure_len + krb5->cksum_len; in krb5_aead_encrypt()
619 return -EINVAL; /* Can't set offset on aead */ in krb5_aead_decrypt()
621 if (*_len < krb5->conf_len + krb5->cksum_len) in krb5_aead_decrypt()
622 return -EPROTO; in krb5_aead_decrypt()
628 return -ENOMEM; in krb5_aead_decrypt()
642 *_offset += krb5->conf_len; in krb5_aead_decrypt()
643 *_len -= krb5->conf_len + krb5->cksum_len; in krb5_aead_decrypt()
666 if (WARN_ON(data_offset != krb5->cksum_len)) in rfc3961_get_mic()
667 return -EMSGSIZE; in rfc3961_get_mic()
673 return -ENOMEM; in rfc3961_get_mic()
677 desc->tfm = shash; in rfc3961_get_mic()
683 ret = crypto_shash_update(desc, metadata->data, metadata->len); in rfc3961_get_mic()
697 ret = -EFAULT; in rfc3961_get_mic()
698 done = sg_pcopy_from_buffer(sg, nr_sg, digest, krb5->cksum_len, in rfc3961_get_mic()
699 data_offset - krb5->cksum_len); in rfc3961_get_mic()
700 if (done != krb5->cksum_len) in rfc3961_get_mic()
703 ret = krb5->cksum_len + data_len; in rfc3961_get_mic()
722 size_t bsize, data_offset, data_len, offset = *_offset, len = *_len; in rfc3961_verify_mic() local
727 if (len < krb5->cksum_len) in rfc3961_verify_mic()
728 return -EPROTO; in rfc3961_verify_mic()
729 data_offset = offset + krb5->cksum_len; in rfc3961_verify_mic()
730 data_len = len - krb5->cksum_len; in rfc3961_verify_mic()
736 return -ENOMEM; in rfc3961_verify_mic()
746 desc->tfm = shash; in rfc3961_verify_mic()
752 ret = crypto_shash_update(desc, metadata->data, metadata->len); in rfc3961_verify_mic()
760 ret = -EFAULT; in rfc3961_verify_mic()
761 done = sg_pcopy_to_buffer(sg, nr_sg, cksum2, krb5->cksum_len, offset); in rfc3961_verify_mic()
762 if (done != krb5->cksum_len) in rfc3961_verify_mic()
765 if (memcmp(cksum, cksum2, krb5->cksum_len) != 0) { in rfc3961_verify_mic()
766 ret = -EBADMSG; in rfc3961_verify_mic()
770 *_offset += krb5->cksum_len; in rfc3961_verify_mic()
771 *_len -= krb5->cksum_len; in rfc3961_verify_mic()