/src/cryptsetup/lib/crypto_backend/cipher_generic.c

Source
// SPDX-License-Identifier: LGPL-2.1-or-later
/*
 * Linux kernel cipher generic utilities
 *
 * Copyright (C) 2018-2025 Red Hat, Inc. All rights reserved.
 * Copyright (C) 2018-2025 Milan Broz
 */

#include <errno.h>
#include <strings.h>
#include <unistd.h>
#include <fcntl.h>
#include "crypto_backend.h"

struct cipher_alg {
  const char *name;
  const char *mode;
  int blocksize;
  bool wrapped_key;
};

static const struct cipher_alg cipher_algs[] = {
  { "cipher_null", NULL, 16, false },
  { "aes",         NULL, 16, false },
  { "serpent",     NULL, 16, false },
  { "twofish",     NULL, 16, false },
  { "anubis",      NULL, 16, false },
  { "blowfish",    NULL,  8, false },
  { "camellia",    NULL, 16, false },
  { "cast5",       NULL,  8, false },
  { "cast6",       NULL, 16, false },
  { "des",         NULL,  8, false },
  { "des3_ede",    NULL,  8, false },
  { "khazad",      NULL,  8, false },
  { "seed",        NULL, 16, false },
  { "tea",         NULL,  8, false },
  { "xtea",        NULL,  8, false },
  { "paes",        NULL, 16,  true }, /* protected AES, s390 wrapped key scheme */
  { "xchacha12,aes", "adiantum", 32, false },
  { "xchacha20,aes", "adiantum", 32, false },
  { "sm4",         NULL, 16, false },
  { "aria",        NULL, 16, false },
  { NULL,          NULL,  0, false }
};

static const struct cipher_alg *_get_alg(const char *name, const char *mode)
{
  int i = 0;

  while (name && cipher_algs[i].name) {
    if (!strcasecmp(name, cipher_algs[i].name))
      if (!mode || !cipher_algs[i].mode ||
          !strncasecmp(mode, cipher_algs[i].mode, strlen(cipher_algs[i].mode)))
        return &cipher_algs[i];
    i++;
  }
  return NULL;
}

int crypt_cipher_ivsize(const char *name, const char *mode)
{
  const struct cipher_alg *ca = _get_alg(name, mode);

  if (!ca)
    return -EINVAL;

  if (mode && !strcasecmp(mode, "hctr2"))
    return 32;

  if (mode && !strcasecmp(mode, "ecb"))
    return 0;

  return ca->blocksize;
}

int crypt_cipher_wrapped_key(const char *name, const char *mode)
{
  const struct cipher_alg *ca = _get_alg(name, mode);

  return ca ? (int)ca->wrapped_key : 0;
}

bool crypt_fips_mode_kernel(void)
{
  int fd;
  char buf = 0;

  fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);

  if (fd < 0)
    return false;

  if (read(fd, &buf, 1) != 1)
    buf = '0';

  close(fd);

  return (buf == '1');
}

Line	Count	Source
1		// SPDX-License-Identifier: LGPL-2.1-or-later
2		/*
3		* Linux kernel cipher generic utilities
4		*
5		* Copyright (C) 2018-2025 Red Hat, Inc. All rights reserved.
6		* Copyright (C) 2018-2025 Milan Broz
7		*/
8
9		#include <errno.h>
10		#include <strings.h>
11		#include <unistd.h>
12		#include <fcntl.h>
13		#include "crypto_backend.h"
14
15		struct cipher_alg {
16		const char *name;
17		const char *mode;
18		int blocksize;
19		bool wrapped_key;
20		};
21
22		static const struct cipher_alg cipher_algs[] = {
23		{ "cipher_null", NULL, 16, false },
24		{ "aes", NULL, 16, false },
25		{ "serpent", NULL, 16, false },
26		{ "twofish", NULL, 16, false },
27		{ "anubis", NULL, 16, false },
28		{ "blowfish", NULL, 8, false },
29		{ "camellia", NULL, 16, false },
30		{ "cast5", NULL, 8, false },
31		{ "cast6", NULL, 16, false },
32		{ "des", NULL, 8, false },
33		{ "des3_ede", NULL, 8, false },
34		{ "khazad", NULL, 8, false },
35		{ "seed", NULL, 16, false },
36		{ "tea", NULL, 8, false },
37		{ "xtea", NULL, 8, false },
38		{ "paes", NULL, 16, true }, /* protected AES, s390 wrapped key scheme */
39		{ "xchacha12,aes", "adiantum", 32, false },
40		{ "xchacha20,aes", "adiantum", 32, false },
41		{ "sm4", NULL, 16, false },
42		{ "aria", NULL, 16, false },
43		{ NULL, NULL, 0, false }
44		};
45
46		static const struct cipher_alg _get_alg(const char name, const char *mode)
47	0	{
48	0	int i = 0;
49
50	0	while (name && cipher_algs[i].name) {
51	0	if (!strcasecmp(name, cipher_algs[i].name))
52	0	if (!mode \|\| !cipher_algs[i].mode \|\|
53	0	!strncasecmp(mode, cipher_algs[i].mode, strlen(cipher_algs[i].mode)))
54	0	return &cipher_algs[i];
55	0	i++;
56	0	}
57	0	return NULL;
58	0	}
59
60		int crypt_cipher_ivsize(const char name, const char mode)
61	0	{
62	0	const struct cipher_alg *ca = _get_alg(name, mode);
63
64	0	if (!ca)
65	0	return -EINVAL;
66
67	0	if (mode && !strcasecmp(mode, "hctr2"))
68	0	return 32;
69
70	0	if (mode && !strcasecmp(mode, "ecb"))
71	0	return 0;
72
73	0	return ca->blocksize;
74	0	}
75
76		int crypt_cipher_wrapped_key(const char name, const char mode)
77	0	{
78	0	const struct cipher_alg *ca = _get_alg(name, mode);
79
80	0	return ca ? (int)ca->wrapped_key : 0;
81	0	}
82
83		bool crypt_fips_mode_kernel(void)
84	0	{
85	0	int fd;
86	0	char buf = 0;
87
88	0	fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
89
90	0	if (fd < 0)
91	0	return false;
92
93	0	if (read(fd, &buf, 1) != 1)
94	0	buf = '0';
95
96	0	close(fd);
97
98	0	return (buf == '1');
99	0	}

Coverage Report

Created: 2026-06-08 06:07