2019-05-27 06:55:01 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2011-06-08 13:26:00 +00:00
|
|
|
/*
|
2005-04-16 22:20:36 +00:00
|
|
|
* Cryptographic API
|
|
|
|
*
|
|
|
|
* ARC4 Cipher Algorithm
|
|
|
|
*
|
|
|
|
* Jon Oberheide <jon@oberheide.org>
|
|
|
|
*/
|
2012-06-09 15:25:40 +00:00
|
|
|
|
2019-02-08 13:50:08 +00:00
|
|
|
#include <crypto/arc4.h>
|
2019-01-04 04:16:23 +00:00
|
|
|
#include <crypto/internal/skcipher.h>
|
|
|
|
#include <linux/init.h>
|
crypto: arc4 - mark ecb(arc4) skcipher as obsolete
Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.
RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.
Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.
[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6b
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:49 +00:00
|
|
|
#include <linux/kernel.h>
|
2019-01-04 04:16:23 +00:00
|
|
|
#include <linux/module.h>
|
crypto: arc4 - mark ecb(arc4) skcipher as obsolete
Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.
RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.
Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.
[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6b
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:49 +00:00
|
|
|
#include <linux/sched.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2023-10-03 03:43:18 +00:00
|
|
|
static int crypto_arc4_setkey(struct crypto_lskcipher *tfm, const u8 *in_key,
|
2019-06-12 16:19:57 +00:00
|
|
|
unsigned int key_len)
|
2019-01-04 04:16:23 +00:00
|
|
|
{
|
2023-10-03 03:43:18 +00:00
|
|
|
struct arc4_ctx *ctx = crypto_lskcipher_ctx(tfm);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2019-06-12 16:19:53 +00:00
|
|
|
return arc4_setkey(ctx, in_key, key_len);
|
2012-06-09 15:25:40 +00:00
|
|
|
}
|
|
|
|
|
2023-10-03 03:43:18 +00:00
|
|
|
static int crypto_arc4_crypt(struct crypto_lskcipher *tfm, const u8 *src,
|
crypto: skcipher - Add internal state support
Unlike chaining modes such as CBC, stream ciphers other than CTR
usually hold an internal state that must be preserved if the
operation is to be done piecemeal. This has not been represented
in the API, resulting in the inability to split up stream cipher
operations.
This patch adds the basic representation of an internal state to
skcipher and lskcipher. In the interest of backwards compatibility,
the default has been set such that existing users are assumed to
be operating in one go as opposed to piecemeal.
With the new API, each lskcipher/skcipher algorithm has a new
attribute called statesize. For skcipher, this is the size of
the buffer that can be exported or imported similar to ahash.
For lskcipher, instead of providing a buffer of ivsize, the user
now has to provide a buffer of ivsize + statesize.
Each skcipher operation is assumed to be final as they are now,
but this may be overridden with a request flag. When the override
occurs, the user may then export the partial state and reimport
it later.
For lskcipher operations this is reversed. All operations are
not final and the state will be exported unless the FINAL bit is
set. However, the CONT bit still has to be set for the state
to be used.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-11-27 10:14:08 +00:00
|
|
|
u8 *dst, unsigned nbytes, u8 *iv, u32 flags)
|
2012-06-09 15:25:40 +00:00
|
|
|
{
|
2023-10-03 03:43:18 +00:00
|
|
|
struct arc4_ctx *ctx = crypto_lskcipher_ctx(tfm);
|
2012-06-09 15:25:40 +00:00
|
|
|
|
2023-10-03 03:43:18 +00:00
|
|
|
arc4_crypt(ctx, dst, src, nbytes);
|
|
|
|
return 0;
|
2012-06-09 15:25:40 +00:00
|
|
|
}
|
|
|
|
|
2023-10-03 03:43:18 +00:00
|
|
|
static int crypto_arc4_init(struct crypto_lskcipher *tfm)
|
crypto: arc4 - mark ecb(arc4) skcipher as obsolete
Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.
RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.
Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.
[0] https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c64523
[1] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=53482ce421b727c2
[2] https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=7f6a137809d42f6b
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-08-31 15:16:49 +00:00
|
|
|
{
|
|
|
|
pr_warn_ratelimited("\"%s\" (%ld) uses obsolete ecb(arc4) skcipher\n",
|
|
|
|
current->comm, (unsigned long)current->pid);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2023-10-03 03:43:18 +00:00
|
|
|
static struct lskcipher_alg arc4_alg = {
|
|
|
|
.co.base.cra_name = "arc4",
|
|
|
|
.co.base.cra_driver_name = "arc4-generic",
|
|
|
|
.co.base.cra_priority = 100,
|
|
|
|
.co.base.cra_blocksize = ARC4_BLOCK_SIZE,
|
|
|
|
.co.base.cra_ctxsize = sizeof(struct arc4_ctx),
|
|
|
|
.co.base.cra_module = THIS_MODULE,
|
|
|
|
.co.min_keysize = ARC4_MIN_KEY_SIZE,
|
|
|
|
.co.max_keysize = ARC4_MAX_KEY_SIZE,
|
|
|
|
.setkey = crypto_arc4_setkey,
|
|
|
|
.encrypt = crypto_arc4_crypt,
|
|
|
|
.decrypt = crypto_arc4_crypt,
|
|
|
|
.init = crypto_arc4_init,
|
2019-01-04 04:16:23 +00:00
|
|
|
};
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
static int __init arc4_init(void)
|
|
|
|
{
|
2023-10-03 03:43:18 +00:00
|
|
|
return crypto_register_lskcipher(&arc4_alg);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit arc4_exit(void)
|
|
|
|
{
|
2023-10-03 03:43:18 +00:00
|
|
|
crypto_unregister_lskcipher(&arc4_alg);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
2019-04-12 04:57:42 +00:00
|
|
|
subsys_initcall(arc4_init);
|
2005-04-16 22:20:36 +00:00
|
|
|
module_exit(arc4_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
|
|
|
|
MODULE_AUTHOR("Jon Oberheide <jon@oberheide.org>");
|
2019-06-12 16:19:57 +00:00
|
|
|
MODULE_ALIAS_CRYPTO("ecb(arc4)");
|