[CRYPTO] users: Use crypto_hash interface instead of crypto_digest
[linux-2.6.git] / drivers / md / dm-crypt.c
index 259e86f..73f8be8 100644 (file)
@@ -5,6 +5,7 @@
  * This file is released under the GPL.
  */
 
+#include <linux/err.h>
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
@@ -20,7 +21,7 @@
 
 #include "dm.h"
 
-#define PFX    "crypt: "
+#define DM_MSG_PREFIX "crypt"
 
 /*
  * per bio private data
@@ -78,11 +79,13 @@ struct crypt_config {
         */
        struct crypt_iv_operations *iv_gen_ops;
        char *iv_mode;
-       void *iv_gen_private;
+       struct crypto_cipher *iv_gen_private;
        sector_t iv_offset;
        unsigned int iv_size;
 
-       struct crypto_tfm *tfm;
+       char cipher[CRYPTO_MAX_ALG_NAME];
+       char chainmode[CRYPTO_MAX_ALG_NAME];
+       struct crypto_blkcipher *tfm;
        unsigned int key_size;
        u8 key[0];
 };
@@ -118,88 +121,84 @@ static int crypt_iv_plain_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
 static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
                              const char *opts)
 {
-       struct crypto_tfm *essiv_tfm;
-       struct crypto_tfm *hash_tfm;
+       struct crypto_cipher *essiv_tfm;
+       struct crypto_hash *hash_tfm;
+       struct hash_desc desc;
        struct scatterlist sg;
        unsigned int saltsize;
        u8 *salt;
+       int err;
 
        if (opts == NULL) {
-               ti->error = PFX "Digest algorithm missing for ESSIV mode";
+               ti->error = "Digest algorithm missing for ESSIV mode";
                return -EINVAL;
        }
 
        /* Hash the cipher key with the given hash algorithm */
-       hash_tfm = crypto_alloc_tfm(opts, CRYPTO_TFM_REQ_MAY_SLEEP);
-       if (hash_tfm == NULL) {
-               ti->error = PFX "Error initializing ESSIV hash";
-               return -EINVAL;
+       hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
+       if (IS_ERR(hash_tfm)) {
+               ti->error = "Error initializing ESSIV hash";
+               return PTR_ERR(hash_tfm);
        }
 
-       if (crypto_tfm_alg_type(hash_tfm) != CRYPTO_ALG_TYPE_DIGEST) {
-               ti->error = PFX "Expected digest algorithm for ESSIV hash";
-               crypto_free_tfm(hash_tfm);
-               return -EINVAL;
-       }
-
-       saltsize = crypto_tfm_alg_digestsize(hash_tfm);
+       saltsize = crypto_hash_digestsize(hash_tfm);
        salt = kmalloc(saltsize, GFP_KERNEL);
        if (salt == NULL) {
-               ti->error = PFX "Error kmallocing salt storage in ESSIV";
-               crypto_free_tfm(hash_tfm);
+               ti->error = "Error kmallocing salt storage in ESSIV";
+               crypto_free_hash(hash_tfm);
                return -ENOMEM;
        }
 
        sg_set_buf(&sg, cc->key, cc->key_size);
-       crypto_digest_digest(hash_tfm, &sg, 1, salt);
-       crypto_free_tfm(hash_tfm);
+       desc.tfm = hash_tfm;
+       desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+       err = crypto_hash_digest(&desc, &sg, cc->key_size, salt);
+       crypto_free_hash(hash_tfm);
+
+       if (err) {
+               ti->error = "Error calculating hash in ESSIV";
+               return err;
+       }
 
        /* Setup the essiv_tfm with the given salt */
-       essiv_tfm = crypto_alloc_tfm(crypto_tfm_alg_name(cc->tfm),
-                                    CRYPTO_TFM_MODE_ECB |
-                                    CRYPTO_TFM_REQ_MAY_SLEEP);
-       if (essiv_tfm == NULL) {
-               ti->error = PFX "Error allocating crypto tfm for ESSIV";
+       essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
+       if (IS_ERR(essiv_tfm)) {
+               ti->error = "Error allocating crypto tfm for ESSIV";
                kfree(salt);
-               return -EINVAL;
+               return PTR_ERR(essiv_tfm);
        }
-       if (crypto_tfm_alg_blocksize(essiv_tfm)
-           != crypto_tfm_alg_ivsize(cc->tfm)) {
-               ti->error = PFX "Block size of ESSIV cipher does "
+       if (crypto_cipher_blocksize(essiv_tfm) !=
+           crypto_blkcipher_ivsize(cc->tfm)) {
+               ti->error = "Block size of ESSIV cipher does "
                                "not match IV size of block cipher";
-               crypto_free_tfm(essiv_tfm);
+               crypto_free_cipher(essiv_tfm);
                kfree(salt);
                return -EINVAL;
        }
-       if (crypto_cipher_setkey(essiv_tfm, salt, saltsize) < 0) {
-               ti->error = PFX "Failed to set key for ESSIV cipher";
-               crypto_free_tfm(essiv_tfm);
+       err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
+       if (err) {
+               ti->error = "Failed to set key for ESSIV cipher";
+               crypto_free_cipher(essiv_tfm);
                kfree(salt);
-               return -EINVAL;
+               return err;
        }
        kfree(salt);
 
-       cc->iv_gen_private = (void *)essiv_tfm;
+       cc->iv_gen_private = essiv_tfm;
        return 0;
 }
 
 static void crypt_iv_essiv_dtr(struct crypt_config *cc)
 {
-       crypto_free_tfm((struct crypto_tfm *)cc->iv_gen_private);
+       crypto_free_cipher(cc->iv_gen_private);
        cc->iv_gen_private = NULL;
 }
 
 static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
 {
-       struct scatterlist sg;
-
        memset(iv, 0, cc->iv_size);
        *(u64 *)iv = cpu_to_le64(sector);
-
-       sg_set_buf(&sg, iv, cc->iv_size);
-       crypto_cipher_encrypt((struct crypto_tfm *)cc->iv_gen_private,
-                             &sg, &sg, cc->iv_size);
-
+       crypto_cipher_encrypt_one(cc->iv_gen_private, iv, iv);
        return 0;
 }
 
@@ -220,6 +219,11 @@ crypt_convert_scatterlist(struct crypt_config *cc, struct scatterlist *out,
                           int write, sector_t sector)
 {
        u8 iv[cc->iv_size];
+       struct blkcipher_desc desc = {
+               .tfm = cc->tfm,
+               .info = iv,
+               .flags = CRYPTO_TFM_REQ_MAY_SLEEP,
+       };
        int r;
 
        if (cc->iv_gen_ops) {
@@ -228,14 +232,14 @@ crypt_convert_scatterlist(struct crypt_config *cc, struct scatterlist *out,
                        return r;
 
                if (write)
-                       r = crypto_cipher_encrypt_iv(cc->tfm, out, in, length, iv);
+                       r = crypto_blkcipher_encrypt_iv(&desc, out, in, length);
                else
-                       r = crypto_cipher_decrypt_iv(cc->tfm, out, in, length, iv);
+                       r = crypto_blkcipher_decrypt_iv(&desc, out, in, length);
        } else {
                if (write)
-                       r = crypto_cipher_encrypt(cc->tfm, out, in, length);
+                       r = crypto_blkcipher_encrypt(&desc, out, in, length);
                else
-                       r = crypto_cipher_decrypt(cc->tfm, out, in, length);
+                       r = crypto_blkcipher_decrypt(&desc, out, in, length);
        }
 
        return r;
@@ -510,17 +514,17 @@ static void crypt_encode_key(char *hex, u8 *key, unsigned int size)
 static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 {
        struct crypt_config *cc;
-       struct crypto_tfm *tfm;
+       struct crypto_blkcipher *tfm;
        char *tmp;
        char *cipher;
        char *chainmode;
        char *ivmode;
        char *ivopts;
-       unsigned int crypto_flags;
        unsigned int key_size;
+       unsigned long long tmpll;
 
        if (argc != 5) {
-               ti->error = PFX "Not enough arguments";
+               ti->error = "Not enough arguments";
                return -EINVAL;
        }
 
@@ -531,21 +535,21 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
        ivmode = strsep(&ivopts, ":");
 
        if (tmp)
-               DMWARN(PFX "Unexpected additional cipher options");
+               DMWARN("Unexpected additional cipher options");
 
        key_size = strlen(argv[1]) >> 1;
 
        cc = kmalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL);
        if (cc == NULL) {
                ti->error =
-                       PFX "Cannot allocate transparent encryption context";
+                       "Cannot allocate transparent encryption context";
                return -ENOMEM;
        }
 
        cc->key_size = key_size;
        if ((!key_size && strcmp(argv[1], "-") != 0) ||
            (key_size && crypt_decode_key(cc->key, argv[1], key_size) < 0)) {
-               ti->error = PFX "Error decoding key";
+               ti->error = "Error decoding key";
                goto bad1;
        }
 
@@ -555,31 +559,25 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
                ivmode = "plain";
        }
 
-       /* Choose crypto_flags according to chainmode */
-       if (strcmp(chainmode, "cbc") == 0)
-               crypto_flags = CRYPTO_TFM_MODE_CBC;
-       else if (strcmp(chainmode, "ecb") == 0)
-               crypto_flags = CRYPTO_TFM_MODE_ECB;
-       else {
-               ti->error = PFX "Unknown chaining mode";
+       if (strcmp(chainmode, "ecb") && !ivmode) {
+               ti->error = "This chaining mode requires an IV mechanism";
                goto bad1;
        }
 
-       if (crypto_flags != CRYPTO_TFM_MODE_ECB && !ivmode) {
-               ti->error = PFX "This chaining mode requires an IV mechanism";
+       if (snprintf(cc->cipher, CRYPTO_MAX_ALG_NAME, "%s(%s)", chainmode, 
+                    cipher) >= CRYPTO_MAX_ALG_NAME) {
+               ti->error = "Chain mode + cipher name is too long";
                goto bad1;
        }
 
-       tfm = crypto_alloc_tfm(cipher, crypto_flags | CRYPTO_TFM_REQ_MAY_SLEEP);
-       if (!tfm) {
-               ti->error = PFX "Error allocating crypto tfm";
+       tfm = crypto_alloc_blkcipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
+       if (IS_ERR(tfm)) {
+               ti->error = "Error allocating crypto tfm";
                goto bad1;
        }
-       if (crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER) {
-               ti->error = PFX "Expected cipher algorithm";
-               goto bad2;
-       }
 
+       strcpy(cc->cipher, cipher);
+       strcpy(cc->chainmode, chainmode);
        cc->tfm = tfm;
 
        /*
@@ -594,7 +592,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
        else if (strcmp(ivmode, "essiv") == 0)
                cc->iv_gen_ops = &crypt_iv_essiv_ops;
        else {
-               ti->error = PFX "Invalid IV mode";
+               ti->error = "Invalid IV mode";
                goto bad2;
        }
 
@@ -602,14 +600,14 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
            cc->iv_gen_ops->ctr(cc, ti, ivopts) < 0)
                goto bad2;
 
-       if (tfm->crt_cipher.cit_decrypt_iv && tfm->crt_cipher.cit_encrypt_iv)
+       cc->iv_size = crypto_blkcipher_ivsize(tfm);
+       if (cc->iv_size)
                /* at least a 64 bit sector number should fit in our buffer */
-               cc->iv_size = max(crypto_tfm_alg_ivsize(tfm),
+               cc->iv_size = max(cc->iv_size,
                                  (unsigned int)(sizeof(u64) / sizeof(u8)));
        else {
-               cc->iv_size = 0;
                if (cc->iv_gen_ops) {
-                       DMWARN(PFX "Selected cipher does not support IVs");
+                       DMWARN("Selected cipher does not support IVs");
                        if (cc->iv_gen_ops->dtr)
                                cc->iv_gen_ops->dtr(cc);
                        cc->iv_gen_ops = NULL;
@@ -618,34 +616,36 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 
        cc->io_pool = mempool_create_slab_pool(MIN_IOS, _crypt_io_pool);
        if (!cc->io_pool) {
-               ti->error = PFX "Cannot allocate crypt io mempool";
+               ti->error = "Cannot allocate crypt io mempool";
                goto bad3;
        }
 
        cc->page_pool = mempool_create_page_pool(MIN_POOL_PAGES, 0);
        if (!cc->page_pool) {
-               ti->error = PFX "Cannot allocate page mempool";
+               ti->error = "Cannot allocate page mempool";
                goto bad4;
        }
 
-       if (tfm->crt_cipher.cit_setkey(tfm, cc->key, key_size) < 0) {
-               ti->error = PFX "Error setting key";
+       if (crypto_blkcipher_setkey(tfm, cc->key, key_size) < 0) {
+               ti->error = "Error setting key";
                goto bad5;
        }
 
-       if (sscanf(argv[2], SECTOR_FORMAT, &cc->iv_offset) != 1) {
-               ti->error = PFX "Invalid iv_offset sector";
+       if (sscanf(argv[2], "%llu", &tmpll) != 1) {
+               ti->error = "Invalid iv_offset sector";
                goto bad5;
        }
+       cc->iv_offset = tmpll;
 
-       if (sscanf(argv[4], SECTOR_FORMAT, &cc->start) != 1) {
-               ti->error = PFX "Invalid device sector";
+       if (sscanf(argv[4], "%llu", &tmpll) != 1) {
+               ti->error = "Invalid device sector";
                goto bad5;
        }
+       cc->start = tmpll;
 
        if (dm_get_device(ti, argv[3], cc->start, ti->len,
                          dm_table_get_mode(ti->table), &cc->dev)) {
-               ti->error = PFX "Device lookup failed";
+               ti->error = "Device lookup failed";
                goto bad5;
        }
 
@@ -654,7 +654,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
                        *(ivopts - 1) = ':';
                cc->iv_mode = kmalloc(strlen(ivmode) + 1, GFP_KERNEL);
                if (!cc->iv_mode) {
-                       ti->error = PFX "Error kmallocing iv_mode string";
+                       ti->error = "Error kmallocing iv_mode string";
                        goto bad5;
                }
                strcpy(cc->iv_mode, ivmode);
@@ -672,7 +672,7 @@ bad3:
        if (cc->iv_gen_ops && cc->iv_gen_ops->dtr)
                cc->iv_gen_ops->dtr(cc);
 bad2:
-       crypto_free_tfm(tfm);
+       crypto_free_blkcipher(tfm);
 bad1:
        /* Must zero key material before freeing */
        memset(cc, 0, sizeof(*cc) + cc->key_size * sizeof(u8));
@@ -690,7 +690,7 @@ static void crypt_dtr(struct dm_target *ti)
        kfree(cc->iv_mode);
        if (cc->iv_gen_ops && cc->iv_gen_ops->dtr)
                cc->iv_gen_ops->dtr(cc);
-       crypto_free_tfm(cc->tfm);
+       crypto_free_blkcipher(cc->tfm);
        dm_put_device(ti, cc->dev);
 
        /* Must zero key material before freeing */
@@ -855,18 +855,9 @@ static int crypt_status(struct dm_target *ti, status_type_t type,
                break;
 
        case STATUSTYPE_TABLE:
-               cipher = crypto_tfm_alg_name(cc->tfm);
+               cipher = crypto_blkcipher_name(cc->tfm);
 
-               switch(cc->tfm->crt_cipher.cit_mode) {
-               case CRYPTO_TFM_MODE_CBC:
-                       chainmode = "cbc";
-                       break;
-               case CRYPTO_TFM_MODE_ECB:
-                       chainmode = "ecb";
-                       break;
-               default:
-                       BUG();
-               }
+               chainmode = cc->chainmode;
 
                if (cc->iv_mode)
                        DMEMIT("%s-%s-%s ", cipher, chainmode, cc->iv_mode);
@@ -885,8 +876,8 @@ static int crypt_status(struct dm_target *ti, status_type_t type,
                        result[sz++] = '-';
                }
 
-               DMEMIT(" " SECTOR_FORMAT " %s " SECTOR_FORMAT,
-                      cc->iv_offset, cc->dev->name, cc->start);
+               DMEMIT(" %llu %s %llu", (unsigned long long)cc->iv_offset,
+                               cc->dev->name, (unsigned long long)cc->start);
                break;
        }
        return 0;
@@ -915,13 +906,13 @@ static int __init dm_crypt_init(void)
        _kcryptd_workqueue = create_workqueue("kcryptd");
        if (!_kcryptd_workqueue) {
                r = -ENOMEM;
-               DMERR(PFX "couldn't create kcryptd");
+               DMERR("couldn't create kcryptd");
                goto bad1;
        }
 
        r = dm_register_target(&crypt_target);
        if (r < 0) {
-               DMERR(PFX "register failed %d", r);
+               DMERR("register failed %d", r);
                goto bad2;
        }
 
@@ -939,7 +930,7 @@ static void __exit dm_crypt_exit(void)
        int r = dm_unregister_target(&crypt_target);
 
        if (r < 0)
-               DMERR(PFX "unregister failed %d", r);
+               DMERR("unregister failed %d", r);
 
        destroy_workqueue(_kcryptd_workqueue);
        kmem_cache_destroy(_crypt_io_pool);