2 * Authenc: Simple AEAD wrapper for IPsec
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/algapi.h>
14 #include <crypto/authenc.h>
15 #include <linux/err.h>
16 #include <linux/init.h>
17 #include <linux/kernel.h>
18 #include <linux/module.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/slab.h>
21 #include <linux/spinlock.h>
23 #include "scatterwalk.h"
25 struct authenc_instance_ctx
{
26 struct crypto_spawn auth
;
27 struct crypto_spawn enc
;
30 struct crypto_authenc_ctx
{
32 struct crypto_hash
*auth
;
33 struct crypto_ablkcipher
*enc
;
36 static int crypto_authenc_setkey(struct crypto_aead
*authenc
, const u8
*key
,
39 unsigned int authkeylen
;
40 unsigned int enckeylen
;
41 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
42 struct crypto_hash
*auth
= ctx
->auth
;
43 struct crypto_ablkcipher
*enc
= ctx
->enc
;
44 struct rtattr
*rta
= (void *)key
;
45 struct crypto_authenc_key_param
*param
;
48 if (keylen
< sizeof(*rta
))
50 if (rta
->rta_type
!= CRYPTO_AUTHENC_KEYA_PARAM
)
52 if (RTA_PAYLOAD(rta
) < sizeof(*param
))
55 param
= RTA_DATA(rta
);
56 enckeylen
= be32_to_cpu(param
->enckeylen
);
58 key
+= RTA_ALIGN(rta
->rta_len
);
59 keylen
-= RTA_ALIGN(rta
->rta_len
);
61 if (keylen
< enckeylen
)
64 authkeylen
= keylen
- enckeylen
;
66 crypto_hash_clear_flags(auth
, CRYPTO_TFM_REQ_MASK
);
67 crypto_hash_set_flags(auth
, crypto_aead_get_flags(authenc
) &
69 err
= crypto_hash_setkey(auth
, key
, authkeylen
);
70 crypto_aead_set_flags(authenc
, crypto_hash_get_flags(auth
) &
76 crypto_ablkcipher_clear_flags(enc
, CRYPTO_TFM_REQ_MASK
);
77 crypto_ablkcipher_set_flags(enc
, crypto_aead_get_flags(authenc
) &
79 err
= crypto_ablkcipher_setkey(enc
, key
+ authkeylen
, enckeylen
);
80 crypto_aead_set_flags(authenc
, crypto_ablkcipher_get_flags(enc
) &
87 crypto_aead_set_flags(authenc
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
91 static int crypto_authenc_hash(struct aead_request
*req
)
93 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
94 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
95 struct crypto_hash
*auth
= ctx
->auth
;
96 struct hash_desc desc
= {
99 u8
*hash
= aead_request_ctx(req
);
100 struct scatterlist
*dst
= req
->dst
;
101 unsigned int cryptlen
= req
->cryptlen
;
104 hash
= (u8
*)ALIGN((unsigned long)hash
+ crypto_hash_alignmask(auth
),
105 crypto_hash_alignmask(auth
) + 1);
107 spin_lock_bh(&ctx
->auth_lock
);
108 err
= crypto_hash_init(&desc
);
112 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
116 err
= crypto_hash_update(&desc
, dst
, cryptlen
);
120 err
= crypto_hash_final(&desc
, hash
);
122 spin_unlock_bh(&ctx
->auth_lock
);
127 scatterwalk_map_and_copy(hash
, dst
, cryptlen
,
128 crypto_aead_authsize(authenc
), 1);
132 static void crypto_authenc_encrypt_done(struct crypto_async_request
*req
,
136 err
= crypto_authenc_hash(req
->data
);
138 aead_request_complete(req
->data
, err
);
141 static int crypto_authenc_encrypt(struct aead_request
*req
)
143 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
144 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
145 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
148 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
149 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
150 crypto_authenc_encrypt_done
, req
);
151 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, req
->cryptlen
,
154 err
= crypto_ablkcipher_encrypt(abreq
);
158 return crypto_authenc_hash(req
);
161 static int crypto_authenc_verify(struct aead_request
*req
)
163 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
164 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
165 struct crypto_hash
*auth
= ctx
->auth
;
166 struct hash_desc desc
= {
168 .flags
= aead_request_flags(req
),
170 u8
*ohash
= aead_request_ctx(req
);
172 struct scatterlist
*src
= req
->src
;
173 unsigned int cryptlen
= req
->cryptlen
;
174 unsigned int authsize
;
177 ohash
= (u8
*)ALIGN((unsigned long)ohash
+ crypto_hash_alignmask(auth
),
178 crypto_hash_alignmask(auth
) + 1);
179 ihash
= ohash
+ crypto_hash_digestsize(auth
);
181 spin_lock_bh(&ctx
->auth_lock
);
182 err
= crypto_hash_init(&desc
);
186 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
190 err
= crypto_hash_update(&desc
, src
, cryptlen
);
194 err
= crypto_hash_final(&desc
, ohash
);
196 spin_unlock_bh(&ctx
->auth_lock
);
201 authsize
= crypto_aead_authsize(authenc
);
202 scatterwalk_map_and_copy(ihash
, src
, cryptlen
, authsize
, 0);
203 return memcmp(ihash
, ohash
, authsize
) ? -EINVAL
: 0;
206 static void crypto_authenc_decrypt_done(struct crypto_async_request
*req
,
209 aead_request_complete(req
->data
, err
);
212 static int crypto_authenc_decrypt(struct aead_request
*req
)
214 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
215 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
216 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
219 err
= crypto_authenc_verify(req
);
223 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
224 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
225 crypto_authenc_decrypt_done
, req
);
226 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, req
->cryptlen
,
229 return crypto_ablkcipher_decrypt(abreq
);
232 static int crypto_authenc_init_tfm(struct crypto_tfm
*tfm
)
234 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
235 struct authenc_instance_ctx
*ictx
= crypto_instance_ctx(inst
);
236 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
237 struct crypto_hash
*auth
;
238 struct crypto_ablkcipher
*enc
;
241 auth
= crypto_spawn_hash(&ictx
->auth
);
243 return PTR_ERR(auth
);
245 enc
= crypto_spawn_ablkcipher(&ictx
->enc
);
252 tfm
->crt_aead
.reqsize
= max_t(unsigned int,
253 (crypto_hash_alignmask(auth
) &
254 ~(crypto_tfm_ctx_alignment() - 1)) +
255 crypto_hash_digestsize(auth
) * 2,
256 sizeof(struct ablkcipher_request
) +
257 crypto_ablkcipher_reqsize(enc
));
259 spin_lock_init(&ctx
->auth_lock
);
264 crypto_free_hash(auth
);
268 static void crypto_authenc_exit_tfm(struct crypto_tfm
*tfm
)
270 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
272 crypto_free_hash(ctx
->auth
);
273 crypto_free_ablkcipher(ctx
->enc
);
276 static struct crypto_instance
*crypto_authenc_alloc(struct rtattr
**tb
)
278 struct crypto_instance
*inst
;
279 struct crypto_alg
*auth
;
280 struct crypto_alg
*enc
;
281 struct authenc_instance_ctx
*ctx
;
284 err
= crypto_check_attr_type(tb
, CRYPTO_ALG_TYPE_AEAD
);
288 auth
= crypto_attr_alg(tb
[1], CRYPTO_ALG_TYPE_HASH
,
289 CRYPTO_ALG_TYPE_HASH_MASK
);
291 return ERR_PTR(PTR_ERR(auth
));
293 enc
= crypto_attr_alg(tb
[2], CRYPTO_ALG_TYPE_BLKCIPHER
,
294 CRYPTO_ALG_TYPE_BLKCIPHER_MASK
);
295 inst
= ERR_PTR(PTR_ERR(enc
));
299 inst
= kzalloc(sizeof(*inst
) + sizeof(*ctx
), GFP_KERNEL
);
305 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
306 "authenc(%s,%s)", auth
->cra_name
, enc
->cra_name
) >=
310 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
311 "authenc(%s,%s)", auth
->cra_driver_name
,
312 enc
->cra_driver_name
) >= CRYPTO_MAX_ALG_NAME
)
315 ctx
= crypto_instance_ctx(inst
);
317 err
= crypto_init_spawn(&ctx
->auth
, auth
, inst
, CRYPTO_ALG_TYPE_MASK
);
321 err
= crypto_init_spawn(&ctx
->enc
, enc
, inst
, CRYPTO_ALG_TYPE_MASK
);
325 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_ASYNC
;
326 inst
->alg
.cra_priority
= enc
->cra_priority
* 10 + auth
->cra_priority
;
327 inst
->alg
.cra_blocksize
= enc
->cra_blocksize
;
328 inst
->alg
.cra_alignmask
= auth
->cra_alignmask
| enc
->cra_alignmask
;
329 inst
->alg
.cra_type
= &crypto_aead_type
;
331 inst
->alg
.cra_aead
.ivsize
= enc
->cra_blkcipher
.ivsize
;
332 inst
->alg
.cra_aead
.maxauthsize
= auth
->cra_type
== &crypto_hash_type
?
333 auth
->cra_hash
.digestsize
:
334 auth
->cra_digest
.dia_digestsize
;
336 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_authenc_ctx
);
338 inst
->alg
.cra_init
= crypto_authenc_init_tfm
;
339 inst
->alg
.cra_exit
= crypto_authenc_exit_tfm
;
341 inst
->alg
.cra_aead
.setkey
= crypto_authenc_setkey
;
342 inst
->alg
.cra_aead
.encrypt
= crypto_authenc_encrypt
;
343 inst
->alg
.cra_aead
.decrypt
= crypto_authenc_decrypt
;
348 crypto_mod_put(auth
);
352 crypto_drop_spawn(&ctx
->auth
);
360 static void crypto_authenc_free(struct crypto_instance
*inst
)
362 struct authenc_instance_ctx
*ctx
= crypto_instance_ctx(inst
);
364 crypto_drop_spawn(&ctx
->enc
);
365 crypto_drop_spawn(&ctx
->auth
);
369 static struct crypto_template crypto_authenc_tmpl
= {
371 .alloc
= crypto_authenc_alloc
,
372 .free
= crypto_authenc_free
,
373 .module
= THIS_MODULE
,
376 static int __init
crypto_authenc_module_init(void)
378 return crypto_register_template(&crypto_authenc_tmpl
);
381 static void __exit
crypto_authenc_module_exit(void)
383 crypto_unregister_template(&crypto_authenc_tmpl
);
386 module_init(crypto_authenc_module_init
);
387 module_exit(crypto_authenc_module_exit
);
389 MODULE_LICENSE("GPL");
390 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");