2 * AEAD: Authenticated Encryption with Associated Data
4 * This file provides API support for AEAD algorithms.
6 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
15 #include <crypto/internal/geniv.h>
16 #include <crypto/scatterwalk.h>
17 #include <linux/err.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/sched.h>
23 #include <linux/slab.h>
24 #include <linux/seq_file.h>
25 #include <linux/cryptouser.h>
26 #include <net/netlink.h>
30 struct compat_request_ctx
{
31 struct scatterlist src
[2];
32 struct scatterlist dst
[2];
33 struct scatterlist ivbuf
[2];
34 struct scatterlist
*ivsg
;
35 struct aead_givcrypt_request subreq
;
38 static int aead_null_givencrypt(struct aead_givcrypt_request
*req
);
39 static int aead_null_givdecrypt(struct aead_givcrypt_request
*req
);
41 static int setkey_unaligned(struct crypto_aead
*tfm
, const u8
*key
,
44 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
46 u8
*buffer
, *alignbuffer
;
49 absize
= keylen
+ alignmask
;
50 buffer
= kmalloc(absize
, GFP_ATOMIC
);
54 alignbuffer
= (u8
*)ALIGN((unsigned long)buffer
, alignmask
+ 1);
55 memcpy(alignbuffer
, key
, keylen
);
56 ret
= tfm
->setkey(tfm
, alignbuffer
, keylen
);
57 memset(alignbuffer
, 0, keylen
);
62 int crypto_aead_setkey(struct crypto_aead
*tfm
,
63 const u8
*key
, unsigned int keylen
)
65 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
69 if ((unsigned long)key
& alignmask
)
70 return setkey_unaligned(tfm
, key
, keylen
);
72 return tfm
->setkey(tfm
, key
, keylen
);
74 EXPORT_SYMBOL_GPL(crypto_aead_setkey
);
76 int crypto_aead_setauthsize(struct crypto_aead
*tfm
, unsigned int authsize
)
80 if (authsize
> crypto_aead_maxauthsize(tfm
))
83 if (tfm
->setauthsize
) {
84 err
= tfm
->setauthsize(tfm
->child
, authsize
);
89 tfm
->child
->authsize
= authsize
;
90 tfm
->authsize
= authsize
;
93 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize
);
95 struct aead_old_request
{
96 struct scatterlist srcbuf
[2];
97 struct scatterlist dstbuf
[2];
98 struct aead_request subreq
;
101 unsigned int crypto_aead_reqsize(struct crypto_aead
*tfm
)
103 return tfm
->reqsize
+ sizeof(struct aead_old_request
);
105 EXPORT_SYMBOL_GPL(crypto_aead_reqsize
);
107 static int old_crypt(struct aead_request
*req
,
108 int (*crypt
)(struct aead_request
*req
))
110 struct aead_old_request
*nreq
= aead_request_ctx(req
);
111 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
112 struct scatterlist
*src
, *dst
;
117 src
= scatterwalk_ffwd(nreq
->srcbuf
, req
->src
, req
->assoclen
);
118 dst
= req
->src
== req
->dst
?
119 src
: scatterwalk_ffwd(nreq
->dstbuf
, req
->dst
, req
->assoclen
);
121 aead_request_set_tfm(&nreq
->subreq
, aead
);
122 aead_request_set_callback(&nreq
->subreq
, aead_request_flags(req
),
123 req
->base
.complete
, req
->base
.data
);
124 aead_request_set_crypt(&nreq
->subreq
, src
, dst
, req
->cryptlen
,
126 aead_request_set_assoc(&nreq
->subreq
, req
->src
, req
->assoclen
);
128 return crypt(&nreq
->subreq
);
131 static int old_encrypt(struct aead_request
*req
)
133 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
134 struct old_aead_alg
*alg
= crypto_old_aead_alg(aead
);
136 return old_crypt(req
, alg
->encrypt
);
139 static int old_decrypt(struct aead_request
*req
)
141 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
142 struct old_aead_alg
*alg
= crypto_old_aead_alg(aead
);
144 return old_crypt(req
, alg
->decrypt
);
147 static int no_givcrypt(struct aead_givcrypt_request
*req
)
152 static int crypto_old_aead_init_tfm(struct crypto_tfm
*tfm
)
154 struct old_aead_alg
*alg
= &tfm
->__crt_alg
->cra_aead
;
155 struct crypto_aead
*crt
= __crypto_aead_cast(tfm
);
157 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
160 crt
->setkey
= alg
->setkey
;
161 crt
->setauthsize
= alg
->setauthsize
;
162 crt
->encrypt
= old_encrypt
;
163 crt
->decrypt
= old_decrypt
;
165 crt
->givencrypt
= alg
->givencrypt
?: no_givcrypt
;
166 crt
->givdecrypt
= alg
->givdecrypt
?: no_givcrypt
;
168 crt
->givencrypt
= aead_null_givencrypt
;
169 crt
->givdecrypt
= aead_null_givdecrypt
;
171 crt
->child
= __crypto_aead_cast(tfm
);
172 crt
->authsize
= alg
->maxauthsize
;
177 static int crypto_aead_init_tfm(struct crypto_tfm
*tfm
)
179 struct crypto_aead
*aead
= __crypto_aead_cast(tfm
);
180 struct aead_alg
*alg
= crypto_aead_alg(aead
);
182 if (crypto_old_aead_alg(aead
)->encrypt
)
183 return crypto_old_aead_init_tfm(tfm
);
185 aead
->setkey
= alg
->setkey
;
186 aead
->setauthsize
= alg
->setauthsize
;
187 aead
->encrypt
= alg
->encrypt
;
188 aead
->decrypt
= alg
->decrypt
;
189 aead
->child
= __crypto_aead_cast(tfm
);
190 aead
->authsize
= alg
->maxauthsize
;
196 static int crypto_old_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
198 struct crypto_report_aead raead
;
199 struct old_aead_alg
*aead
= &alg
->cra_aead
;
201 strncpy(raead
.type
, "aead", sizeof(raead
.type
));
202 strncpy(raead
.geniv
, aead
->geniv
?: "<built-in>", sizeof(raead
.geniv
));
204 raead
.blocksize
= alg
->cra_blocksize
;
205 raead
.maxauthsize
= aead
->maxauthsize
;
206 raead
.ivsize
= aead
->ivsize
;
208 if (nla_put(skb
, CRYPTOCFGA_REPORT_AEAD
,
209 sizeof(struct crypto_report_aead
), &raead
))
210 goto nla_put_failure
;
217 static int crypto_old_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
223 static void crypto_old_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
224 __attribute__ ((unused
));
225 static void crypto_old_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
227 struct old_aead_alg
*aead
= &alg
->cra_aead
;
229 seq_printf(m
, "type : aead\n");
230 seq_printf(m
, "async : %s\n", alg
->cra_flags
& CRYPTO_ALG_ASYNC
?
232 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
233 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
234 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
235 seq_printf(m
, "geniv : %s\n", aead
->geniv
?: "<built-in>");
238 const struct crypto_type crypto_aead_type
= {
239 .extsize
= crypto_alg_extsize
,
240 .init_tfm
= crypto_aead_init_tfm
,
241 #ifdef CONFIG_PROC_FS
242 .show
= crypto_old_aead_show
,
244 .report
= crypto_old_aead_report
,
245 .lookup
= crypto_lookup_aead
,
246 .maskclear
= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
),
247 .maskset
= CRYPTO_ALG_TYPE_MASK
,
248 .type
= CRYPTO_ALG_TYPE_AEAD
,
249 .tfmsize
= offsetof(struct crypto_aead
, base
),
251 EXPORT_SYMBOL_GPL(crypto_aead_type
);
254 static int crypto_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
256 struct crypto_report_aead raead
;
257 struct aead_alg
*aead
= container_of(alg
, struct aead_alg
, base
);
259 strncpy(raead
.type
, "aead", sizeof(raead
.type
));
260 strncpy(raead
.geniv
, "<none>", sizeof(raead
.geniv
));
262 raead
.blocksize
= alg
->cra_blocksize
;
263 raead
.maxauthsize
= aead
->maxauthsize
;
264 raead
.ivsize
= aead
->ivsize
;
266 if (nla_put(skb
, CRYPTOCFGA_REPORT_AEAD
,
267 sizeof(struct crypto_report_aead
), &raead
))
268 goto nla_put_failure
;
275 static int crypto_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
281 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
282 __attribute__ ((unused
));
283 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
285 struct aead_alg
*aead
= container_of(alg
, struct aead_alg
, base
);
287 seq_printf(m
, "type : aead\n");
288 seq_printf(m
, "async : %s\n", alg
->cra_flags
& CRYPTO_ALG_ASYNC
?
290 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
291 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
292 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
293 seq_printf(m
, "geniv : <none>\n");
296 static const struct crypto_type crypto_new_aead_type
= {
297 .extsize
= crypto_alg_extsize
,
298 .init_tfm
= crypto_aead_init_tfm
,
299 #ifdef CONFIG_PROC_FS
300 .show
= crypto_aead_show
,
302 .report
= crypto_aead_report
,
303 .maskclear
= ~CRYPTO_ALG_TYPE_MASK
,
304 .maskset
= CRYPTO_ALG_TYPE_MASK
,
305 .type
= CRYPTO_ALG_TYPE_AEAD
,
306 .tfmsize
= offsetof(struct crypto_aead
, base
),
309 static int aead_null_givencrypt(struct aead_givcrypt_request
*req
)
311 return crypto_aead_encrypt(&req
->areq
);
314 static int aead_null_givdecrypt(struct aead_givcrypt_request
*req
)
316 return crypto_aead_decrypt(&req
->areq
);
320 static int crypto_nivaead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
322 struct crypto_report_aead raead
;
323 struct old_aead_alg
*aead
= &alg
->cra_aead
;
325 strncpy(raead
.type
, "nivaead", sizeof(raead
.type
));
326 strncpy(raead
.geniv
, aead
->geniv
, sizeof(raead
.geniv
));
328 raead
.blocksize
= alg
->cra_blocksize
;
329 raead
.maxauthsize
= aead
->maxauthsize
;
330 raead
.ivsize
= aead
->ivsize
;
332 if (nla_put(skb
, CRYPTOCFGA_REPORT_AEAD
,
333 sizeof(struct crypto_report_aead
), &raead
))
334 goto nla_put_failure
;
341 static int crypto_nivaead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
348 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
349 __attribute__ ((unused
));
350 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
352 struct old_aead_alg
*aead
= &alg
->cra_aead
;
354 seq_printf(m
, "type : nivaead\n");
355 seq_printf(m
, "async : %s\n", alg
->cra_flags
& CRYPTO_ALG_ASYNC
?
357 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
358 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
359 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
360 seq_printf(m
, "geniv : %s\n", aead
->geniv
);
363 const struct crypto_type crypto_nivaead_type
= {
364 .extsize
= crypto_alg_extsize
,
365 .init_tfm
= crypto_aead_init_tfm
,
366 #ifdef CONFIG_PROC_FS
367 .show
= crypto_nivaead_show
,
369 .report
= crypto_nivaead_report
,
370 .maskclear
= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
),
371 .maskset
= CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
,
372 .type
= CRYPTO_ALG_TYPE_AEAD
,
373 .tfmsize
= offsetof(struct crypto_aead
, base
),
375 EXPORT_SYMBOL_GPL(crypto_nivaead_type
);
377 static int crypto_grab_nivaead(struct crypto_aead_spawn
*spawn
,
378 const char *name
, u32 type
, u32 mask
)
380 spawn
->base
.frontend
= &crypto_nivaead_type
;
381 return crypto_grab_spawn(&spawn
->base
, name
, type
, mask
);
384 static int aead_geniv_setkey(struct crypto_aead
*tfm
,
385 const u8
*key
, unsigned int keylen
)
387 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(tfm
);
389 return crypto_aead_setkey(ctx
->child
, key
, keylen
);
392 static int aead_geniv_setauthsize(struct crypto_aead
*tfm
,
393 unsigned int authsize
)
395 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(tfm
);
397 return crypto_aead_setauthsize(ctx
->child
, authsize
);
400 static void compat_encrypt_complete2(struct aead_request
*req
, int err
)
402 struct compat_request_ctx
*rctx
= aead_request_ctx(req
);
403 struct aead_givcrypt_request
*subreq
= &rctx
->subreq
;
404 struct crypto_aead
*geniv
;
406 if (err
== -EINPROGRESS
)
412 geniv
= crypto_aead_reqtfm(req
);
413 scatterwalk_map_and_copy(subreq
->giv
, rctx
->ivsg
, 0,
414 crypto_aead_ivsize(geniv
), 1);
420 static void compat_encrypt_complete(struct crypto_async_request
*base
, int err
)
422 struct aead_request
*req
= base
->data
;
424 compat_encrypt_complete2(req
, err
);
425 aead_request_complete(req
, err
);
428 static int compat_encrypt(struct aead_request
*req
)
430 struct crypto_aead
*geniv
= crypto_aead_reqtfm(req
);
431 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(geniv
);
432 struct compat_request_ctx
*rctx
= aead_request_ctx(req
);
433 struct aead_givcrypt_request
*subreq
= &rctx
->subreq
;
434 unsigned int ivsize
= crypto_aead_ivsize(geniv
);
435 struct scatterlist
*src
, *dst
;
436 crypto_completion_t
compl;
442 if (req
->cryptlen
< ivsize
)
445 compl = req
->base
.complete
;
446 data
= req
->base
.data
;
448 rctx
->ivsg
= scatterwalk_ffwd(rctx
->ivbuf
, req
->dst
, req
->assoclen
);
449 info
= PageHighMem(sg_page(rctx
->ivsg
)) ? NULL
: sg_virt(rctx
->ivsg
);
452 info
= kmalloc(ivsize
, req
->base
.flags
&
453 CRYPTO_TFM_REQ_MAY_SLEEP
? GFP_KERNEL
:
458 compl = compat_encrypt_complete
;
462 memcpy(&seq
, req
->iv
+ ivsize
- sizeof(seq
), sizeof(seq
));
464 src
= scatterwalk_ffwd(rctx
->src
, req
->src
, req
->assoclen
+ ivsize
);
465 dst
= req
->src
== req
->dst
?
466 src
: scatterwalk_ffwd(rctx
->dst
, rctx
->ivsg
, ivsize
);
468 aead_givcrypt_set_tfm(subreq
, ctx
->child
);
469 aead_givcrypt_set_callback(subreq
, req
->base
.flags
,
470 req
->base
.complete
, req
->base
.data
);
471 aead_givcrypt_set_crypt(subreq
, src
, dst
,
472 req
->cryptlen
- ivsize
, req
->iv
);
473 aead_givcrypt_set_assoc(subreq
, req
->src
, req
->assoclen
);
474 aead_givcrypt_set_giv(subreq
, info
, be64_to_cpu(seq
));
476 err
= crypto_aead_givencrypt(subreq
);
477 if (unlikely(PageHighMem(sg_page(rctx
->ivsg
))))
478 compat_encrypt_complete2(req
, err
);
482 static int compat_decrypt(struct aead_request
*req
)
484 struct crypto_aead
*geniv
= crypto_aead_reqtfm(req
);
485 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(geniv
);
486 struct compat_request_ctx
*rctx
= aead_request_ctx(req
);
487 struct aead_request
*subreq
= &rctx
->subreq
.areq
;
488 unsigned int ivsize
= crypto_aead_ivsize(geniv
);
489 struct scatterlist
*src
, *dst
;
490 crypto_completion_t
compl;
493 if (req
->cryptlen
< ivsize
)
496 aead_request_set_tfm(subreq
, ctx
->child
);
498 compl = req
->base
.complete
;
499 data
= req
->base
.data
;
501 src
= scatterwalk_ffwd(rctx
->src
, req
->src
, req
->assoclen
+ ivsize
);
502 dst
= req
->src
== req
->dst
?
503 src
: scatterwalk_ffwd(rctx
->dst
, req
->dst
,
504 req
->assoclen
+ ivsize
);
506 aead_request_set_callback(subreq
, req
->base
.flags
, compl, data
);
507 aead_request_set_crypt(subreq
, src
, dst
,
508 req
->cryptlen
- ivsize
, req
->iv
);
509 aead_request_set_assoc(subreq
, req
->src
, req
->assoclen
);
511 scatterwalk_map_and_copy(req
->iv
, req
->src
, req
->assoclen
, ivsize
, 0);
513 return crypto_aead_decrypt(subreq
);
516 static int compat_encrypt_first(struct aead_request
*req
)
518 struct crypto_aead
*geniv
= crypto_aead_reqtfm(req
);
519 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(geniv
);
522 spin_lock_bh(&ctx
->lock
);
523 if (geniv
->encrypt
!= compat_encrypt_first
)
526 geniv
->encrypt
= compat_encrypt
;
529 spin_unlock_bh(&ctx
->lock
);
534 return compat_encrypt(req
);
537 static int aead_geniv_init_compat(struct crypto_tfm
*tfm
)
539 struct crypto_aead
*geniv
= __crypto_aead_cast(tfm
);
540 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(geniv
);
543 spin_lock_init(&ctx
->lock
);
545 crypto_aead_set_reqsize(geniv
, sizeof(struct compat_request_ctx
));
547 err
= aead_geniv_init(tfm
);
549 ctx
->child
= geniv
->child
;
550 geniv
->child
= geniv
;
555 static void aead_geniv_exit_compat(struct crypto_tfm
*tfm
)
557 struct crypto_aead
*geniv
= __crypto_aead_cast(tfm
);
558 struct aead_geniv_ctx
*ctx
= crypto_aead_ctx(geniv
);
560 crypto_free_aead(ctx
->child
);
563 struct aead_instance
*aead_geniv_alloc(struct crypto_template
*tmpl
,
564 struct rtattr
**tb
, u32 type
, u32 mask
)
567 struct crypto_aead_spawn
*spawn
;
568 struct crypto_attr_type
*algt
;
569 struct aead_instance
*inst
;
570 struct aead_alg
*alg
;
572 unsigned int maxauthsize
;
575 algt
= crypto_get_attr_type(tb
);
577 return ERR_CAST(algt
);
579 if ((algt
->type
^ (CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
)) &
581 return ERR_PTR(-EINVAL
);
583 name
= crypto_attr_alg_name(tb
[1]);
585 return ERR_CAST(name
);
587 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
589 return ERR_PTR(-ENOMEM
);
591 spawn
= aead_instance_ctx(inst
);
593 /* Ignore async algorithms if necessary. */
594 mask
|= crypto_requires_sync(algt
->type
, algt
->mask
);
596 crypto_set_aead_spawn(spawn
, aead_crypto_instance(inst
));
597 err
= (algt
->mask
& CRYPTO_ALG_GENIV
) ?
598 crypto_grab_nivaead(spawn
, name
, type
, mask
) :
599 crypto_grab_aead(spawn
, name
, type
, mask
);
603 alg
= crypto_spawn_aead_alg(spawn
);
605 ivsize
= crypto_aead_alg_ivsize(alg
);
606 maxauthsize
= crypto_aead_alg_maxauthsize(alg
);
609 if (ivsize
< sizeof(u64
))
613 * This is only true if we're constructing an algorithm with its
614 * default IV generator. For the default generator we elide the
615 * template name and double-check the IV generator.
617 if (algt
->mask
& CRYPTO_ALG_GENIV
) {
618 if (!alg
->base
.cra_aead
.encrypt
)
620 if (strcmp(tmpl
->name
, alg
->base
.cra_aead
.geniv
))
623 memcpy(inst
->alg
.base
.cra_name
, alg
->base
.cra_name
,
624 CRYPTO_MAX_ALG_NAME
);
625 memcpy(inst
->alg
.base
.cra_driver_name
,
626 alg
->base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
);
628 inst
->alg
.base
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
|
630 inst
->alg
.base
.cra_flags
|= alg
->base
.cra_flags
&
632 inst
->alg
.base
.cra_priority
= alg
->base
.cra_priority
;
633 inst
->alg
.base
.cra_blocksize
= alg
->base
.cra_blocksize
;
634 inst
->alg
.base
.cra_alignmask
= alg
->base
.cra_alignmask
;
635 inst
->alg
.base
.cra_type
= &crypto_aead_type
;
637 inst
->alg
.base
.cra_aead
.ivsize
= ivsize
;
638 inst
->alg
.base
.cra_aead
.maxauthsize
= maxauthsize
;
640 inst
->alg
.base
.cra_aead
.setkey
= alg
->base
.cra_aead
.setkey
;
641 inst
->alg
.base
.cra_aead
.setauthsize
=
642 alg
->base
.cra_aead
.setauthsize
;
643 inst
->alg
.base
.cra_aead
.encrypt
= alg
->base
.cra_aead
.encrypt
;
644 inst
->alg
.base
.cra_aead
.decrypt
= alg
->base
.cra_aead
.decrypt
;
650 if (snprintf(inst
->alg
.base
.cra_name
, CRYPTO_MAX_ALG_NAME
,
651 "%s(%s)", tmpl
->name
, alg
->base
.cra_name
) >=
654 if (snprintf(inst
->alg
.base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
655 "%s(%s)", tmpl
->name
, alg
->base
.cra_driver_name
) >=
659 inst
->alg
.base
.cra_flags
= alg
->base
.cra_flags
& CRYPTO_ALG_ASYNC
;
660 inst
->alg
.base
.cra_priority
= alg
->base
.cra_priority
;
661 inst
->alg
.base
.cra_blocksize
= alg
->base
.cra_blocksize
;
662 inst
->alg
.base
.cra_alignmask
= alg
->base
.cra_alignmask
;
663 inst
->alg
.base
.cra_ctxsize
= sizeof(struct aead_geniv_ctx
);
665 inst
->alg
.setkey
= aead_geniv_setkey
;
666 inst
->alg
.setauthsize
= aead_geniv_setauthsize
;
668 inst
->alg
.ivsize
= ivsize
;
669 inst
->alg
.maxauthsize
= maxauthsize
;
671 inst
->alg
.encrypt
= compat_encrypt_first
;
672 inst
->alg
.decrypt
= compat_decrypt
;
674 inst
->alg
.base
.cra_init
= aead_geniv_init_compat
;
675 inst
->alg
.base
.cra_exit
= aead_geniv_exit_compat
;
681 crypto_drop_aead(spawn
);
687 EXPORT_SYMBOL_GPL(aead_geniv_alloc
);
689 void aead_geniv_free(struct aead_instance
*inst
)
691 crypto_drop_aead(aead_instance_ctx(inst
));
694 EXPORT_SYMBOL_GPL(aead_geniv_free
);
696 int aead_geniv_init(struct crypto_tfm
*tfm
)
698 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
699 struct crypto_aead
*child
;
700 struct crypto_aead
*aead
;
702 aead
= __crypto_aead_cast(tfm
);
704 child
= crypto_spawn_aead(crypto_instance_ctx(inst
));
706 return PTR_ERR(child
);
709 aead
->reqsize
+= crypto_aead_reqsize(child
);
713 EXPORT_SYMBOL_GPL(aead_geniv_init
);
715 void aead_geniv_exit(struct crypto_tfm
*tfm
)
717 crypto_free_aead(__crypto_aead_cast(tfm
)->child
);
719 EXPORT_SYMBOL_GPL(aead_geniv_exit
);
721 static int crypto_nivaead_default(struct crypto_alg
*alg
, u32 type
, u32 mask
)
723 struct rtattr
*tb
[3];
726 struct crypto_attr_type data
;
730 struct crypto_attr_alg data
;
732 struct crypto_template
*tmpl
;
733 struct crypto_instance
*inst
;
734 struct crypto_alg
*larval
;
738 larval
= crypto_larval_lookup(alg
->cra_driver_name
,
739 CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
,
740 CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
741 err
= PTR_ERR(larval
);
746 if (!crypto_is_larval(larval
))
749 ptype
.attr
.rta_len
= sizeof(ptype
);
750 ptype
.attr
.rta_type
= CRYPTOA_TYPE
;
751 ptype
.data
.type
= type
| CRYPTO_ALG_GENIV
;
752 /* GENIV tells the template that we're making a default geniv. */
753 ptype
.data
.mask
= mask
| CRYPTO_ALG_GENIV
;
756 palg
.attr
.rta_len
= sizeof(palg
);
757 palg
.attr
.rta_type
= CRYPTOA_ALG
;
758 /* Must use the exact name to locate ourselves. */
759 memcpy(palg
.data
.name
, alg
->cra_driver_name
, CRYPTO_MAX_ALG_NAME
);
764 geniv
= alg
->cra_aead
.geniv
;
766 tmpl
= crypto_lookup_template(geniv
);
772 err
= tmpl
->create(tmpl
, tb
);
778 inst
= tmpl
->alloc(tb
);
783 err
= crypto_register_instance(tmpl
, inst
);
790 /* Redo the lookup to use the instance we just registered. */
794 crypto_tmpl_put(tmpl
);
796 crypto_larval_kill(larval
);
798 crypto_mod_put(larval
);
804 struct crypto_alg
*crypto_lookup_aead(const char *name
, u32 type
, u32 mask
)
806 struct crypto_alg
*alg
;
808 alg
= crypto_alg_mod_lookup(name
, type
, mask
);
812 if (alg
->cra_type
== &crypto_aead_type
)
815 if (!alg
->cra_aead
.ivsize
)
819 alg
= crypto_alg_mod_lookup(name
, type
| CRYPTO_ALG_TESTED
,
820 mask
& ~CRYPTO_ALG_TESTED
);
824 if (alg
->cra_type
== &crypto_aead_type
) {
825 if (~alg
->cra_flags
& (type
^ ~mask
) & CRYPTO_ALG_TESTED
) {
827 alg
= ERR_PTR(-ENOENT
);
832 BUG_ON(!alg
->cra_aead
.ivsize
);
834 return ERR_PTR(crypto_nivaead_default(alg
, type
, mask
));
836 EXPORT_SYMBOL_GPL(crypto_lookup_aead
);
838 int crypto_grab_aead(struct crypto_aead_spawn
*spawn
, const char *name
,
841 spawn
->base
.frontend
= &crypto_aead_type
;
842 return crypto_grab_spawn(&spawn
->base
, name
, type
, mask
);
844 EXPORT_SYMBOL_GPL(crypto_grab_aead
);
846 struct crypto_aead
*crypto_alloc_aead(const char *alg_name
, u32 type
, u32 mask
)
848 return crypto_alloc_tfm(alg_name
, &crypto_aead_type
, type
, mask
);
850 EXPORT_SYMBOL_GPL(crypto_alloc_aead
);
852 static int aead_prepare_alg(struct aead_alg
*alg
)
854 struct crypto_alg
*base
= &alg
->base
;
856 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
859 base
->cra_type
= &crypto_new_aead_type
;
860 base
->cra_flags
&= ~CRYPTO_ALG_TYPE_MASK
;
861 base
->cra_flags
|= CRYPTO_ALG_TYPE_AEAD
;
866 int crypto_register_aead(struct aead_alg
*alg
)
868 struct crypto_alg
*base
= &alg
->base
;
871 err
= aead_prepare_alg(alg
);
875 return crypto_register_alg(base
);
877 EXPORT_SYMBOL_GPL(crypto_register_aead
);
879 int crypto_unregister_aead(struct aead_alg
*alg
)
881 return crypto_unregister_alg(&alg
->base
);
883 EXPORT_SYMBOL_GPL(crypto_unregister_aead
);
885 int aead_register_instance(struct crypto_template
*tmpl
,
886 struct aead_instance
*inst
)
890 err
= aead_prepare_alg(&inst
->alg
);
894 return crypto_register_instance(tmpl
, aead_crypto_instance(inst
));
896 EXPORT_SYMBOL_GPL(aead_register_instance
);
898 MODULE_LICENSE("GPL");
899 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");