From 0184cfe72d2f139c4feed7f3820ba2269f5de322 Mon Sep 17 00:00:00 2001 From: Stephan Mueller Date: Fri, 21 Oct 2016 04:57:27 +0200 Subject: crypto: doc - fix source comments for Sphinx Update comments to avoid any complaints from Sphinx during compilation. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet --- include/crypto/aead.h | 14 +++++++------- include/crypto/hash.h | 2 +- include/crypto/skcipher.h | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) (limited to 'include/crypto') diff --git a/include/crypto/aead.h b/include/crypto/aead.h index 12f84327ca36..e725155c6389 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -55,14 +55,14 @@ * The scatter list pointing to the input data must contain: * * * for RFC4106 ciphers, the concatenation of - * associated authentication data || IV || plaintext or ciphertext. Note, the - * same IV (buffer) is also set with the aead_request_set_crypt call. Note, - * the API call of aead_request_set_ad must provide the length of the AAD and - * the IV. The API call of aead_request_set_crypt only points to the size of - * the input plaintext or ciphertext. + * associated authentication data || IV || plaintext or ciphertext. Note, the + * same IV (buffer) is also set with the aead_request_set_crypt call. Note, + * the API call of aead_request_set_ad must provide the length of the AAD and + * the IV. The API call of aead_request_set_crypt only points to the size of + * the input plaintext or ciphertext. * * * for "normal" AEAD ciphers, the concatenation of - * associated authentication data || plaintext or ciphertext. + * associated authentication data || plaintext or ciphertext. * * It is important to note that if multiple scatter gather list entries form * the input data mentioned above, the first entry must not point to a NULL @@ -452,7 +452,7 @@ static inline void aead_request_free(struct aead_request *req) * completes * * The callback function is registered with the aead_request handle and - * must comply with the following template + * must comply with the following template:: * * void callback_function(struct crypto_async_request *req, int error) */ diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 26605888a199..216a2b876147 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -605,7 +605,7 @@ static inline struct ahash_request *ahash_request_cast( * the cipher operation completes. * * The callback function is registered with the &ahash_request handle and - * must comply with the following template + * must comply with the following template:: * * void callback_function(struct crypto_async_request *req, int error) */ diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index cc4d98a7892e..750b14f1ada4 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -516,7 +516,7 @@ static inline void skcipher_request_zero(struct skcipher_request *req) * skcipher_request_set_callback() - set asynchronous callback function * @req: request handle * @flags: specify zero or an ORing of the flags - * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and + * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and * increase the wait queue beyond the initial maximum size; * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep * @compl: callback function pointer to be registered with the request handle @@ -533,7 +533,7 @@ static inline void skcipher_request_zero(struct skcipher_request *req) * cipher operation completes. * * The callback function is registered with the skcipher_request handle and - * must comply with the following template + * must comply with the following template:: * * void callback_function(struct crypto_async_request *req, int error) */ -- cgit v1.2.3 From 8d23da22ac33be784451fb005cde300c09cdb19d Mon Sep 17 00:00:00 2001 From: Stephan Mueller Date: Fri, 21 Oct 2016 04:58:20 +0200 Subject: crypto: doc - add KPP documentation Add the KPP API documentation to the kernel crypto API Sphinx documentation. This addition includes the documentation of the ECDH and DH helpers which are needed to create the approrpiate input data for the crypto_kpp_set_secret function. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet --- Documentation/crypto/api-kpp.rst | 92 +++++++++++++++++++++++++++++++++++ Documentation/crypto/api.rst | 1 + Documentation/crypto/architecture.rst | 6 +++ include/crypto/dh.h | 58 ++++++++++++++++++++++ include/crypto/ecdh.h | 58 ++++++++++++++++++++++ include/crypto/kpp.h | 15 ++++-- 6 files changed, 227 insertions(+), 3 deletions(-) create mode 100644 Documentation/crypto/api-kpp.rst (limited to 'include/crypto') diff --git a/Documentation/crypto/api-kpp.rst b/Documentation/crypto/api-kpp.rst new file mode 100644 index 000000000000..d87be9224f49 --- /dev/null +++ b/Documentation/crypto/api-kpp.rst @@ -0,0 +1,92 @@ +Key-agreement Protocol Primitives (KPP) Cipher Algorithm Definitions +-------------------------------------------------------------------- + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_kpp + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_alg + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_secret + +Key-agreement Protocol Primitives (KPP) Cipher API +-------------------------------------------------- + +.. kernel-doc:: include/crypto/kpp.h + :doc: Generic Key-agreement Protocol Primitives API + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_alloc_kpp + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_free_kpp + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_kpp_set_secret + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_kpp_generate_public_key + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_kpp_compute_shared_secret + +.. kernel-doc:: include/crypto/kpp.h + :functions: crypto_kpp_maxsize + +Key-agreement Protocol Primitives (KPP) Cipher Request Handle +------------------------------------------------------------- + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request_alloc + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request_free + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request_set_callback + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request_set_input + +.. kernel-doc:: include/crypto/kpp.h + :functions: kpp_request_set_output + +ECDH Helper Functions +--------------------- + +.. kernel-doc:: include/crypto/ecdh.h + :doc: ECDH Helper Functions + +.. kernel-doc:: include/crypto/ecdh.h + :functions: ecdh + +.. kernel-doc:: include/crypto/ecdh.h + :functions: crypto_ecdh_key_len + +.. kernel-doc:: include/crypto/ecdh.h + :functions: crypto_ecdh_encode_key + +.. kernel-doc:: include/crypto/ecdh.h + :functions: crypto_ecdh_decode_key + +DH Helper Functions +------------------- + +.. kernel-doc:: include/crypto/dh.h + :doc: DH Helper Functions + +.. kernel-doc:: include/crypto/dh.h + :functions: dh + +.. kernel-doc:: include/crypto/dh.h + :functions: crypto_dh_key_len + +.. kernel-doc:: include/crypto/dh.h + :functions: crypto_dh_encode_key + +.. kernel-doc:: include/crypto/dh.h + :functions: crypto_dh_decode_key diff --git a/Documentation/crypto/api.rst b/Documentation/crypto/api.rst index f2bbeb0fe9aa..2e519193ab4a 100644 --- a/Documentation/crypto/api.rst +++ b/Documentation/crypto/api.rst @@ -22,3 +22,4 @@ the IV. Different IV generators are available. api-digest api-rng api-akcipher + api-kpp diff --git a/Documentation/crypto/architecture.rst b/Documentation/crypto/architecture.rst index 34e396bbc6e6..ca2d09b991f5 100644 --- a/Documentation/crypto/architecture.rst +++ b/Documentation/crypto/architecture.rst @@ -161,6 +161,9 @@ applicable to a cipher, it is not displayed: entry below for the specification of the IV generator type used by the cipher implementation) + - kpp for a Key-agreement Protocol Primitive (KPP) cipher such as + an ECDH or DH implementation + - blocksize: blocksize of cipher in bytes - keysize: key size in bytes @@ -219,6 +222,9 @@ the aforementioned cipher types: together with an IV generator (see geniv field in the /proc/crypto listing for the known IV generators) +- CRYPTO_ALG_TYPE_KPP Key-agreement Protocol Primitive (KPP) such as + an ECDH or DH implementation + - CRYPTO_ALG_TYPE_DIGEST Raw message digest - CRYPTO_ALG_TYPE_HASH Alias for CRYPTO_ALG_TYPE_DIGEST diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 5102a8f282e6..6b424ad3482e 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -13,6 +13,27 @@ #ifndef _CRYPTO_DH_ #define _CRYPTO_DH_ +/** + * DOC: DH Helper Functions + * + * To use DH with the KPP cipher API, the following data structure and + * functions should be used. + * + * To use DH with KPP, the following functions should be used to operate on + * a DH private key. The packet private key that can be set with + * the KPP API function call of crypto_kpp_set_secret. + */ + +/** + * struct dh - define a DH private key + * + * @key: Private DH key + * @p: Diffie-Hellman parameter P + * @g: Diffie-Hellman generator G + * @key_size: Size of the private DH key + * @p_size: Size of DH parameter P + * @g_size: Size of DH generator G + */ struct dh { void *key; void *p; @@ -22,8 +43,45 @@ struct dh { unsigned int g_size; }; +/** + * crypto_dh_key_len() - Obtain the size of the private DH key + * @params: private DH key + * + * This function returns the packet DH key size. A caller can use that + * with the provided DH private key reference to obtain the required + * memory size to hold a packet key. + * + * Return: size of the key in bytes + */ int crypto_dh_key_len(const struct dh *params); + +/** + * crypto_dh_encode_key() - encode the private key + * @buf: Buffer allocated by the caller to hold the packet DH + * private key. The buffer should be at least crypto_dh_key_len + * bytes in size. + * @len: Length of the packet private key buffer + * @params: Buffer with the caller-specified private key + * + * The DH implementations operate on a packet representation of the private + * key. + * + * Return: -EINVAL if buffer has insufficient size, 0 on success + */ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params); + +/** + * crypto_dh_decode_key() - decode a private key + * @buf: Buffer holding a packet key that should be decoded + * @len: Lenth of the packet private key buffer + * @params: Buffer allocated by the caller that is filled with the + * unpacket DH private key. + * + * The unpacking obtains the private key by pointing @p to the correct location + * in @buf. Thus, both pointers refer to the same memory. + * + * Return: -EINVAL if buffer has insufficient size, 0 on success + */ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params); #endif diff --git a/include/crypto/ecdh.h b/include/crypto/ecdh.h index 84bad548d194..03a64f62ba7a 100644 --- a/include/crypto/ecdh.h +++ b/include/crypto/ecdh.h @@ -13,18 +13,76 @@ #ifndef _CRYPTO_ECDH_ #define _CRYPTO_ECDH_ +/** + * DOC: ECDH Helper Functions + * + * To use ECDH with the KPP cipher API, the following data structure and + * functions should be used. + * + * The ECC curves known to the ECDH implementation are specified in this + * header file. + * + * To use ECDH with KPP, the following functions should be used to operate on + * an ECDH private key. The packet private key that can be set with + * the KPP API function call of crypto_kpp_set_secret. + */ + /* Curves IDs */ #define ECC_CURVE_NIST_P192 0x0001 #define ECC_CURVE_NIST_P256 0x0002 +/** + * struct ecdh - define an ECDH private key + * + * @curve_id: ECC curve the key is based on. + * @key: Private ECDH key + * @key_size: Size of the private ECDH key + */ struct ecdh { unsigned short curve_id; char *key; unsigned short key_size; }; +/** + * crypto_ecdh_key_len() - Obtain the size of the private ECDH key + * @params: private ECDH key + * + * This function returns the packet ECDH key size. A caller can use that + * with the provided ECDH private key reference to obtain the required + * memory size to hold a packet key. + * + * Return: size of the key in bytes + */ int crypto_ecdh_key_len(const struct ecdh *params); + +/** + * crypto_ecdh_encode_key() - encode the private key + * @buf: Buffer allocated by the caller to hold the packet ECDH + * private key. The buffer should be at least crypto_ecdh_key_len + * bytes in size. + * @len: Length of the packet private key buffer + * @p: Buffer with the caller-specified private key + * + * The ECDH implementations operate on a packet representation of the private + * key. + * + * Return: -EINVAL if buffer has insufficient size, 0 on success + */ int crypto_ecdh_encode_key(char *buf, unsigned int len, const struct ecdh *p); + +/** + * crypto_ecdh_decode_key() - decode a private key + * @buf: Buffer holding a packet key that should be decoded + * @len: Lenth of the packet private key buffer + * @p: Buffer allocated by the caller that is filled with the + * unpacket ECDH private key. + * + * The unpacking obtains the private key by pointing @p to the correct location + * in @buf. Thus, both pointers refer to the same memory. + * + * Return: -EINVAL if buffer has insufficient size, 0 on success + */ int crypto_ecdh_decode_key(const char *buf, unsigned int len, struct ecdh *p); #endif diff --git a/include/crypto/kpp.h b/include/crypto/kpp.h index 30791f75c180..4307a2f2365f 100644 --- a/include/crypto/kpp.h +++ b/include/crypto/kpp.h @@ -71,7 +71,7 @@ struct crypto_kpp { * * @reqsize: Request context size required by algorithm * implementation - * @base Common crypto API algorithm data structure + * @base: Common crypto API algorithm data structure */ struct kpp_alg { int (*set_secret)(struct crypto_kpp *tfm, void *buffer, @@ -89,7 +89,7 @@ struct kpp_alg { }; /** - * DOC: Generic Key-agreement Protocol Primitevs API + * DOC: Generic Key-agreement Protocol Primitives API * * The KPP API is used with the algorithm type * CRYPTO_ALG_TYPE_KPP (listed as type "kpp" in /proc/crypto) @@ -264,6 +264,12 @@ struct kpp_secret { * Function invokes the specific kpp operation for a given alg. * * @tfm: tfm handle + * @buffer: Buffer holding the packet representation of the private + * key. The structure of the packet key depends on the particular + * KPP implementation. Packing and unpacking helpers are provided + * for ECDH and DH (see the respective header files for those + * implementations). + * @len: Length of the packet private key buffer. * * Return: zero on success; error code in case of error */ @@ -279,7 +285,10 @@ static inline int crypto_kpp_set_secret(struct crypto_kpp *tfm, void *buffer, * crypto_kpp_generate_public_key() - Invoke kpp operation * * Function invokes the specific kpp operation for generating the public part - * for a given kpp algorithm + * for a given kpp algorithm. + * + * To generate a private key, the caller should use a random number generator. + * The output of the requested length serves as the private key. * * @req: kpp key request * -- cgit v1.2.3 From 3f692d5f97cb834a42bcfb3cc10f5e390a9d7867 Mon Sep 17 00:00:00 2001 From: Stephan Mueller Date: Fri, 21 Oct 2016 04:59:24 +0200 Subject: crypto: doc - clarify AEAD memory structure The previous description have been misleading and partially incorrect. Reported-by: Harsh Jain Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet --- crypto/algif_aead.c | 14 ++------------ include/crypto/aead.h | 36 ++++++++++++------------------------ 2 files changed, 14 insertions(+), 36 deletions(-) (limited to 'include/crypto') diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 80a0f1a78551..a0d8377729a4 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -551,18 +551,8 @@ static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags) lock_sock(sk); /* - * AEAD memory structure: For encryption, the tag is appended to the - * ciphertext which implies that the memory allocated for the ciphertext - * must be increased by the tag length. For decryption, the tag - * is expected to be concatenated to the ciphertext. The plaintext - * therefore has a memory size of the ciphertext minus the tag length. - * - * The memory structure for cipher operation has the following - * structure: - * AEAD encryption input: assoc data || plaintext - * AEAD encryption output: cipherntext || auth tag - * AEAD decryption input: assoc data || ciphertext || auth tag - * AEAD decryption output: plaintext + * Please see documentation of aead_request_set_crypt for the + * description of the AEAD memory structure expected from the caller. */ if (ctx->more) { diff --git a/include/crypto/aead.h b/include/crypto/aead.h index e725155c6389..03b97629442c 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -483,30 +483,18 @@ static inline void aead_request_set_callback(struct aead_request *req, * destination is the ciphertext. For a decryption operation, the use is * reversed - the source is the ciphertext and the destination is the plaintext. * - * For both src/dst the layout is associated data, plain/cipher text, - * authentication tag. - * - * The content of the AD in the destination buffer after processing - * will either be untouched, or it will contain a copy of the AD - * from the source buffer. In order to ensure that it always has - * a copy of the AD, the user must copy the AD over either before - * or after processing. Of course this is not relevant if the user - * is doing in-place processing where src == dst. - * - * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption, - * the caller must concatenate the ciphertext followed by the - * authentication tag and provide the entire data stream to the - * decryption operation (i.e. the data length used for the - * initialization of the scatterlist and the data length for the - * decryption operation is identical). For encryption, however, - * the authentication tag is created while encrypting the data. - * The destination buffer must hold sufficient space for the - * ciphertext and the authentication tag while the encryption - * invocation must only point to the plaintext data size. The - * following code snippet illustrates the memory usage - * buffer = kmalloc(ptbuflen + (enc ? authsize : 0)); - * sg_init_one(&sg, buffer, ptbuflen + (enc ? authsize : 0)); - * aead_request_set_crypt(req, &sg, &sg, ptbuflen, iv); + * The memory structure for cipher operation has the following structure: + * + * - AEAD encryption input: assoc data || plaintext + * - AEAD encryption output: assoc data || cipherntext || auth tag + * - AEAD decryption input: assoc data || ciphertext || auth tag + * - AEAD decryption output: assoc data || plaintext + * + * Albeit the kernel requires the presence of the AAD buffer, however, + * the kernel does not fill the AAD buffer in the output case. If the + * caller wants to have that data buffer filled, the caller must either + * use an in-place cipher operation (i.e. same memory location for + * input/output memory location). */ static inline void aead_request_set_crypt(struct aead_request *req, struct scatterlist *src, -- cgit v1.2.3