2 * Authenc: Simple AEAD wrapper for IPsec
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/algapi.h>
14 #include <crypto/authenc.h>
15 #include <crypto/scatterwalk.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/slab.h>
22 #include <linux/spinlock.h>
24 struct authenc_instance_ctx
{
25 struct crypto_spawn auth
;
26 struct crypto_spawn enc
;
29 struct crypto_authenc_ctx
{
31 struct crypto_hash
*auth
;
32 struct crypto_ablkcipher
*enc
;
35 static int crypto_authenc_setkey(struct crypto_aead
*authenc
, const u8
*key
,
38 unsigned int authkeylen
;
39 unsigned int enckeylen
;
40 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
41 struct crypto_hash
*auth
= ctx
->auth
;
42 struct crypto_ablkcipher
*enc
= ctx
->enc
;
43 struct rtattr
*rta
= (void *)key
;
44 struct crypto_authenc_key_param
*param
;
47 if (keylen
< sizeof(*rta
))
49 if (rta
->rta_type
!= CRYPTO_AUTHENC_KEYA_PARAM
)
51 if (RTA_PAYLOAD(rta
) < sizeof(*param
))
54 param
= RTA_DATA(rta
);
55 enckeylen
= be32_to_cpu(param
->enckeylen
);
57 key
+= RTA_ALIGN(rta
->rta_len
);
58 keylen
-= RTA_ALIGN(rta
->rta_len
);
60 if (keylen
< enckeylen
)
63 authkeylen
= keylen
- enckeylen
;
65 crypto_hash_clear_flags(auth
, CRYPTO_TFM_REQ_MASK
);
66 crypto_hash_set_flags(auth
, crypto_aead_get_flags(authenc
) &
68 err
= crypto_hash_setkey(auth
, key
, authkeylen
);
69 crypto_aead_set_flags(authenc
, crypto_hash_get_flags(auth
) &
75 crypto_ablkcipher_clear_flags(enc
, CRYPTO_TFM_REQ_MASK
);
76 crypto_ablkcipher_set_flags(enc
, crypto_aead_get_flags(authenc
) &
78 err
= crypto_ablkcipher_setkey(enc
, key
+ authkeylen
, enckeylen
);
79 crypto_aead_set_flags(authenc
, crypto_ablkcipher_get_flags(enc
) &
86 crypto_aead_set_flags(authenc
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
90 static int crypto_authenc_hash(struct aead_request
*req
)
92 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
93 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
94 struct crypto_hash
*auth
= ctx
->auth
;
95 struct hash_desc desc
= {
98 u8
*hash
= aead_request_ctx(req
);
99 struct scatterlist
*dst
= req
->dst
;
100 unsigned int cryptlen
= req
->cryptlen
;
103 hash
= (u8
*)ALIGN((unsigned long)hash
+ crypto_hash_alignmask(auth
),
104 crypto_hash_alignmask(auth
) + 1);
106 spin_lock_bh(&ctx
->auth_lock
);
107 err
= crypto_hash_init(&desc
);
111 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
115 err
= crypto_hash_update(&desc
, dst
, cryptlen
);
119 err
= crypto_hash_final(&desc
, hash
);
121 spin_unlock_bh(&ctx
->auth_lock
);
126 scatterwalk_map_and_copy(hash
, dst
, cryptlen
,
127 crypto_aead_authsize(authenc
), 1);
131 static void crypto_authenc_encrypt_done(struct crypto_async_request
*req
,
135 err
= crypto_authenc_hash(req
->data
);
137 aead_request_complete(req
->data
, err
);
140 static int crypto_authenc_encrypt(struct aead_request
*req
)
142 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
143 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
144 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
147 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
148 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
149 crypto_authenc_encrypt_done
, req
);
150 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, req
->cryptlen
,
153 err
= crypto_ablkcipher_encrypt(abreq
);
157 return crypto_authenc_hash(req
);
160 static int crypto_authenc_verify(struct aead_request
*req
,
161 unsigned int cryptlen
)
163 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
164 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
165 struct crypto_hash
*auth
= ctx
->auth
;
166 struct hash_desc desc
= {
168 .flags
= aead_request_flags(req
),
170 u8
*ohash
= aead_request_ctx(req
);
172 struct scatterlist
*src
= req
->src
;
173 unsigned int authsize
;
176 ohash
= (u8
*)ALIGN((unsigned long)ohash
+ crypto_hash_alignmask(auth
),
177 crypto_hash_alignmask(auth
) + 1);
178 ihash
= ohash
+ crypto_hash_digestsize(auth
);
180 spin_lock_bh(&ctx
->auth_lock
);
181 err
= crypto_hash_init(&desc
);
185 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
189 err
= crypto_hash_update(&desc
, src
, cryptlen
);
193 err
= crypto_hash_final(&desc
, ohash
);
195 spin_unlock_bh(&ctx
->auth_lock
);
200 authsize
= crypto_aead_authsize(authenc
);
201 scatterwalk_map_and_copy(ihash
, src
, cryptlen
, authsize
, 0);
202 return memcmp(ihash
, ohash
, authsize
) ? -EBADMSG
: 0;
205 static void crypto_authenc_decrypt_done(struct crypto_async_request
*req
,
208 aead_request_complete(req
->data
, err
);
211 static int crypto_authenc_decrypt(struct aead_request
*req
)
213 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
214 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
215 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
216 unsigned int cryptlen
= req
->cryptlen
;
217 unsigned int authsize
= crypto_aead_authsize(authenc
);
220 if (cryptlen
< authsize
)
222 cryptlen
-= authsize
;
224 err
= crypto_authenc_verify(req
, cryptlen
);
228 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
229 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
230 crypto_authenc_decrypt_done
, req
);
231 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, cryptlen
,
234 return crypto_ablkcipher_decrypt(abreq
);
237 static int crypto_authenc_init_tfm(struct crypto_tfm
*tfm
)
239 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
240 struct authenc_instance_ctx
*ictx
= crypto_instance_ctx(inst
);
241 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
242 struct crypto_hash
*auth
;
243 struct crypto_ablkcipher
*enc
;
246 auth
= crypto_spawn_hash(&ictx
->auth
);
248 return PTR_ERR(auth
);
250 enc
= crypto_spawn_ablkcipher(&ictx
->enc
);
257 tfm
->crt_aead
.reqsize
= max_t(unsigned int,
258 (crypto_hash_alignmask(auth
) &
259 ~(crypto_tfm_ctx_alignment() - 1)) +
260 crypto_hash_digestsize(auth
) * 2,
261 sizeof(struct ablkcipher_request
) +
262 crypto_ablkcipher_reqsize(enc
));
264 spin_lock_init(&ctx
->auth_lock
);
269 crypto_free_hash(auth
);
273 static void crypto_authenc_exit_tfm(struct crypto_tfm
*tfm
)
275 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
277 crypto_free_hash(ctx
->auth
);
278 crypto_free_ablkcipher(ctx
->enc
);
281 static struct crypto_instance
*crypto_authenc_alloc(struct rtattr
**tb
)
283 struct crypto_instance
*inst
;
284 struct crypto_alg
*auth
;
285 struct crypto_alg
*enc
;
286 struct authenc_instance_ctx
*ctx
;
289 err
= crypto_check_attr_type(tb
, CRYPTO_ALG_TYPE_AEAD
);
293 auth
= crypto_attr_alg(tb
[1], CRYPTO_ALG_TYPE_HASH
,
294 CRYPTO_ALG_TYPE_HASH_MASK
);
296 return ERR_PTR(PTR_ERR(auth
));
298 enc
= crypto_attr_alg(tb
[2], CRYPTO_ALG_TYPE_BLKCIPHER
,
299 CRYPTO_ALG_TYPE_BLKCIPHER_MASK
);
300 inst
= ERR_PTR(PTR_ERR(enc
));
304 inst
= kzalloc(sizeof(*inst
) + sizeof(*ctx
), GFP_KERNEL
);
310 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
311 "authenc(%s,%s)", auth
->cra_name
, enc
->cra_name
) >=
315 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
316 "authenc(%s,%s)", auth
->cra_driver_name
,
317 enc
->cra_driver_name
) >= CRYPTO_MAX_ALG_NAME
)
320 ctx
= crypto_instance_ctx(inst
);
322 err
= crypto_init_spawn(&ctx
->auth
, auth
, inst
, CRYPTO_ALG_TYPE_MASK
);
326 err
= crypto_init_spawn(&ctx
->enc
, enc
, inst
, CRYPTO_ALG_TYPE_MASK
);
330 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_ASYNC
;
331 inst
->alg
.cra_priority
= enc
->cra_priority
* 10 + auth
->cra_priority
;
332 inst
->alg
.cra_blocksize
= enc
->cra_blocksize
;
333 inst
->alg
.cra_alignmask
= auth
->cra_alignmask
| enc
->cra_alignmask
;
334 inst
->alg
.cra_type
= &crypto_aead_type
;
336 inst
->alg
.cra_aead
.ivsize
= enc
->cra_blkcipher
.ivsize
;
337 inst
->alg
.cra_aead
.maxauthsize
= auth
->cra_type
== &crypto_hash_type
?
338 auth
->cra_hash
.digestsize
:
339 auth
->cra_digest
.dia_digestsize
;
341 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_authenc_ctx
);
343 inst
->alg
.cra_init
= crypto_authenc_init_tfm
;
344 inst
->alg
.cra_exit
= crypto_authenc_exit_tfm
;
346 inst
->alg
.cra_aead
.setkey
= crypto_authenc_setkey
;
347 inst
->alg
.cra_aead
.encrypt
= crypto_authenc_encrypt
;
348 inst
->alg
.cra_aead
.decrypt
= crypto_authenc_decrypt
;
353 crypto_mod_put(auth
);
357 crypto_drop_spawn(&ctx
->auth
);
365 static void crypto_authenc_free(struct crypto_instance
*inst
)
367 struct authenc_instance_ctx
*ctx
= crypto_instance_ctx(inst
);
369 crypto_drop_spawn(&ctx
->enc
);
370 crypto_drop_spawn(&ctx
->auth
);
374 static struct crypto_template crypto_authenc_tmpl
= {
376 .alloc
= crypto_authenc_alloc
,
377 .free
= crypto_authenc_free
,
378 .module
= THIS_MODULE
,
381 static int __init
crypto_authenc_module_init(void)
383 return crypto_register_template(&crypto_authenc_tmpl
);
386 static void __exit
crypto_authenc_module_exit(void)
388 crypto_unregister_template(&crypto_authenc_tmpl
);
391 module_init(crypto_authenc_module_init
);
392 module_exit(crypto_authenc_module_exit
);
394 MODULE_LICENSE("GPL");
395 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");