[mirror_ubuntu-artful-kernel.git] / crypto / aead.c

/*
 * AEAD: Authenticated Encryption with Associated Data
 *
 * This file provides API support for AEAD algorithms.
 *
 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */

#include <crypto/internal/aead.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/rtnetlink.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/seq_file.h>
#include <linux/cryptouser.h>
#include <net/netlink.h>

#include "internal.h"

static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
			    unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);
	int ret;
	u8 *buffer, *alignbuffer;
	unsigned long absize;

	absize = keylen + alignmask;
	buffer = kmalloc(absize, GFP_ATOMIC);
	if (!buffer)
		return -ENOMEM;

	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	memcpy(alignbuffer, key, keylen);
	ret = aead->setkey(tfm, alignbuffer, keylen);
	memset(alignbuffer, 0, keylen);
	kfree(buffer);
	return ret;
}

static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);

	if ((unsigned long)key & alignmask)
		return setkey_unaligned(tfm, key, keylen);

	return aead->setkey(tfm, key, keylen);
}

int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
{
	struct aead_tfm *crt = crypto_aead_crt(tfm);
	int err;

	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
		return -EINVAL;

	if (crypto_aead_alg(tfm)->setauthsize) {
		err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
		if (err)
			return err;
	}

	crypto_aead_crt(crt->base)->authsize = authsize;
	crt->authsize = authsize;
	return 0;
}
EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);

static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
					u32 mask)
{
	return alg->cra_ctxsize;
}

static int no_givcrypt(struct aead_givcrypt_request *req)
{
	return -ENOSYS;
}

static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
		      alg->setkey : setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	struct crypto_report_aead raead;
	struct aead_alg *aead = &alg->cra_aead;

	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
		 aead->geniv ?: "<built-in>");

	raead.blocksize = alg->cra_blocksize;
	raead.maxauthsize = aead->maxauthsize;
	raead.ivsize = aead->ivsize;

	NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
		sizeof(struct crypto_report_aead), &raead);

	return 0;

nla_put_failure:
	return -EMSGSIZE;
}

static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : aead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv ?: "<built-in>");
}

const struct crypto_type crypto_aead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_aead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_aead_show,
#endif
	.report = crypto_aead_report,
};
EXPORT_SYMBOL_GPL(crypto_aead_type);

static int aead_null_givencrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_encrypt(&req->areq);
}

static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_decrypt(&req->areq);
}

static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	if (!alg->ivsize) {
		crt->givencrypt = aead_null_givencrypt;
		crt->givdecrypt = aead_null_givdecrypt;
	}
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	struct crypto_report_aead raead;
	struct aead_alg *aead = &alg->cra_aead;

	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);

	raead.blocksize = alg->cra_blocksize;
	raead.maxauthsize = aead->maxauthsize;
	raead.ivsize = aead->ivsize;

	NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
		sizeof(struct crypto_report_aead), &raead);

	return 0;

nla_put_failure:
	return -EMSGSIZE;
}


static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : nivaead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv);
}

const struct crypto_type crypto_nivaead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_nivaead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_nivaead_show,
#endif
	.report = crypto_nivaead_report,
};
EXPORT_SYMBOL_GPL(crypto_nivaead_type);

static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
			       const char *name, u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}

struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl,
					 struct rtattr **tb, u32 type,
					 u32 mask)
{
	const char *name;
	struct crypto_aead_spawn *spawn;
	struct crypto_attr_type *algt;
	struct crypto_instance *inst;
	struct crypto_alg *alg;
	int err;

	algt = crypto_get_attr_type(tb);
	err = PTR_ERR(algt);
	if (IS_ERR(algt))
		return ERR_PTR(err);

	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) &
	    algt->mask)
		return ERR_PTR(-EINVAL);

	name = crypto_attr_alg_name(tb[1]);
	err = PTR_ERR(name);
	if (IS_ERR(name))
		return ERR_PTR(err);

	inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
	if (!inst)
		return ERR_PTR(-ENOMEM);

	spawn = crypto_instance_ctx(inst);

	/* Ignore async algorithms if necessary. */
	mask |= crypto_requires_sync(algt->type, algt->mask);

	crypto_set_aead_spawn(spawn, inst);
	err = crypto_grab_nivaead(spawn, name, type, mask);
	if (err)
		goto err_free_inst;

	alg = crypto_aead_spawn_alg(spawn);

	err = -EINVAL;
	if (!alg->cra_aead.ivsize)
		goto err_drop_alg;

	/*
	 * This is only true if we're constructing an algorithm with its
	 * default IV generator.  For the default generator we elide the
	 * template name and double-check the IV generator.
	 */
	if (algt->mask & CRYPTO_ALG_GENIV) {
		if (strcmp(tmpl->name, alg->cra_aead.geniv))
			goto err_drop_alg;

		memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
		memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
		       CRYPTO_MAX_ALG_NAME);
	} else {
		err = -ENAMETOOLONG;
		if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
		if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_driver_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
	}

	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV;
	inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
	inst->alg.cra_priority = alg->cra_priority;
	inst->alg.cra_blocksize = alg->cra_blocksize;
	inst->alg.cra_alignmask = alg->cra_alignmask;
	inst->alg.cra_type = &crypto_aead_type;

	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;

	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;

out:
	return inst;

err_drop_alg:
	crypto_drop_aead(spawn);
err_free_inst:
	kfree(inst);
	inst = ERR_PTR(err);
	goto out;
}
EXPORT_SYMBOL_GPL(aead_geniv_alloc);

void aead_geniv_free(struct crypto_instance *inst)
{
	crypto_drop_aead(crypto_instance_ctx(inst));
	kfree(inst);
}
EXPORT_SYMBOL_GPL(aead_geniv_free);

int aead_geniv_init(struct crypto_tfm *tfm)
{
	struct crypto_instance *inst = (void *)tfm->__crt_alg;
	struct crypto_aead *aead;

	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
	if (IS_ERR(aead))
		return PTR_ERR(aead);

	tfm->crt_aead.base = aead;
	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);

	return 0;
}
EXPORT_SYMBOL_GPL(aead_geniv_init);

void aead_geniv_exit(struct crypto_tfm *tfm)
{
	crypto_free_aead(tfm->crt_aead.base);
}
EXPORT_SYMBOL_GPL(aead_geniv_exit);

static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
{
	struct rtattr *tb[3];
	struct {
		struct rtattr attr;
		struct crypto_attr_type data;
	} ptype;
	struct {
		struct rtattr attr;
		struct crypto_attr_alg data;
	} palg;
	struct crypto_template *tmpl;
	struct crypto_instance *inst;
	struct crypto_alg *larval;
	const char *geniv;
	int err;

	larval = crypto_larval_lookup(alg->cra_driver_name,
				      CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV,
				      CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	err = PTR_ERR(larval);
	if (IS_ERR(larval))
		goto out;

	err = -EAGAIN;
	if (!crypto_is_larval(larval))
		goto drop_larval;

	ptype.attr.rta_len = sizeof(ptype);
	ptype.attr.rta_type = CRYPTOA_TYPE;
	ptype.data.type = type | CRYPTO_ALG_GENIV;
	/* GENIV tells the template that we're making a default geniv. */
	ptype.data.mask = mask | CRYPTO_ALG_GENIV;
	tb[0] = &ptype.attr;

	palg.attr.rta_len = sizeof(palg);
	palg.attr.rta_type = CRYPTOA_ALG;
	/* Must use the exact name to locate ourselves. */
	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	tb[1] = &palg.attr;

	tb[2] = NULL;

	geniv = alg->cra_aead.geniv;

	tmpl = crypto_lookup_template(geniv);
	err = -ENOENT;
	if (!tmpl)
		goto kill_larval;

	inst = tmpl->alloc(tb);
	err = PTR_ERR(inst);
	if (IS_ERR(inst))
		goto put_tmpl;

	if ((err = crypto_register_instance(tmpl, inst))) {
		tmpl->free(inst);
		goto put_tmpl;
	}

	/* Redo the lookup to use the instance we just registered. */
	err = -EAGAIN;

put_tmpl:
	crypto_tmpl_put(tmpl);
kill_larval:
	crypto_larval_kill(larval);
drop_larval:
	crypto_mod_put(larval);
out:
	crypto_mod_put(alg);
	return err;
}

static struct crypto_alg *crypto_lookup_aead(const char *name, u32 type,
					     u32 mask)
{
	struct crypto_alg *alg;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type)
		return alg;

	if (!alg->cra_aead.ivsize)
		return alg;

	crypto_mod_put(alg);
	alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED,
				    mask & ~CRYPTO_ALG_TESTED);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type) {
		if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
			crypto_mod_put(alg);
			alg = ERR_PTR(-ENOENT);
		}
		return alg;
	}

	BUG_ON(!alg->cra_aead.ivsize);

	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
}

int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name,
		     u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	alg = crypto_lookup_aead(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}
EXPORT_SYMBOL_GPL(crypto_grab_aead);

struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
{
	struct crypto_tfm *tfm;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	for (;;) {
		struct crypto_alg *alg;

		alg = crypto_lookup_aead(alg_name, type, mask);
		if (IS_ERR(alg)) {
			err = PTR_ERR(alg);
			goto err;
		}

		tfm = __crypto_alloc_tfm(alg, type, mask);
		if (!IS_ERR(tfm))
			return __crypto_aead_cast(tfm);

		crypto_mod_put(alg);
		err = PTR_ERR(tfm);

err:
		if (err != -EAGAIN)
			break;
		if (signal_pending(current)) {
			err = -EINTR;
			break;
		}
	}

	return ERR_PTR(err);
}
EXPORT_SYMBOL_GPL(crypto_alloc_aead);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
Commit	Line	Data
1ae97820 HX	1	/*
1ae97820 HX	2	* AEAD: Authenticated Encryption with Associated Data
3922538f	3	*
1ae97820 HX	4	* This file provides API support for AEAD algorithms.
	5	*
	6	* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
	7	*
	8	* This program is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the Free
3922538f	10	* Software Foundation; either version 2 of the License, or (at your option)
1ae97820 HX	11	* any later version.
	12	*
	13	*/
	14
5b6d2d7f HX	15	#include <crypto/internal/aead.h>
5b6d2d7f HX	16	#include <linux/err.h>
1ae97820 HX	17	#include <linux/init.h>
	18	#include <linux/kernel.h>
	19	#include <linux/module.h>
d29ce988	20	#include <linux/rtnetlink.h>
d43c36dc	21	#include <linux/sched.h>
1ae97820 HX	22	#include <linux/slab.h>
1ae97820 HX	23	#include <linux/seq_file.h>
6ad414fe SK	24	#include <linux/cryptouser.h>
6ad414fe SK	25	#include <net/netlink.h>
1ae97820	26
5b6d2d7f HX	27	#include "internal.h"
5b6d2d7f HX	28
1ae97820 HX	29	static int setkey_unaligned(struct crypto_aead tfm, const u8 key,
	30	unsigned int keylen)
	31	{
	32	struct aead_alg *aead = crypto_aead_alg(tfm);
	33	unsigned long alignmask = crypto_aead_alignmask(tfm);
	34	int ret;
	35	u8 buffer, alignbuffer;
	36	unsigned long absize;
	37
	38	absize = keylen + alignmask;
	39	buffer = kmalloc(absize, GFP_ATOMIC);
	40	if (!buffer)
	41	return -ENOMEM;
	42
	43	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	44	memcpy(alignbuffer, key, keylen);
	45	ret = aead->setkey(tfm, alignbuffer, keylen);
	46	memset(alignbuffer, 0, keylen);
	47	kfree(buffer);
	48	return ret;
	49	}
	50
	51	static int setkey(struct crypto_aead tfm, const u8 key, unsigned int keylen)
	52	{
	53	struct aead_alg *aead = crypto_aead_alg(tfm);
	54	unsigned long alignmask = crypto_aead_alignmask(tfm);
	55
	56	if ((unsigned long)key & alignmask)
	57	return setkey_unaligned(tfm, key, keylen);
	58
	59	return aead->setkey(tfm, key, keylen);
	60	}
	61
7ba683a6 HX	62	int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
7ba683a6 HX	63	{
5b6d2d7f	64	struct aead_tfm *crt = crypto_aead_crt(tfm);
7ba683a6 HX	65	int err;
	66
	67	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
	68	return -EINVAL;
	69
	70	if (crypto_aead_alg(tfm)->setauthsize) {
5b6d2d7f	71	err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
7ba683a6 HX	72	if (err)
	73	return err;
	74	}
	75
5b6d2d7f HX	76	crypto_aead_crt(crt->base)->authsize = authsize;
5b6d2d7f HX	77	crt->authsize = authsize;
7ba683a6 HX	78	return 0;
	79	}
	80	EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
	81
1ae97820 HX	82	static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
	83	u32 mask)
	84	{
	85	return alg->cra_ctxsize;
	86	}
	87
aedb30dc	88	static int no_givcrypt(struct aead_givcrypt_request *req)
743edf57 HX	89	{
	90	return -ENOSYS;
	91	}
	92
1ae97820 HX	93	static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	94	{
	95	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	96	struct aead_tfm *crt = &tfm->crt_aead;
	97
7ba683a6	98	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
1ae97820 HX	99	return -EINVAL;
1ae97820 HX	100
5b6d2d7f HX	101	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
5b6d2d7f HX	102	alg->setkey : setkey;
1ae97820 HX	103	crt->encrypt = alg->encrypt;
1ae97820 HX	104	crt->decrypt = alg->decrypt;
aedb30dc HX	105	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
aedb30dc HX	106	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
5b6d2d7f	107	crt->base = __crypto_aead_cast(tfm);
1ae97820	108	crt->ivsize = alg->ivsize;
7ba683a6	109	crt->authsize = alg->maxauthsize;
1ae97820 HX	110
	111	return 0;
	112	}
	113
6ad414fe SK	114	static int crypto_aead_report(struct sk_buff skb, struct crypto_alg alg)
	115	{
	116	struct crypto_report_aead raead;
	117	struct aead_alg *aead = &alg->cra_aead;
	118
	119	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
	120	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
	121	aead->geniv ?: "<built-in>");
	122
	123	raead.blocksize = alg->cra_blocksize;
	124	raead.maxauthsize = aead->maxauthsize;
	125	raead.ivsize = aead->ivsize;
	126
	127	NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
	128	sizeof(struct crypto_report_aead), &raead);
	129
	130	return 0;
	131
	132	nla_put_failure:
	133	return -EMSGSIZE;
	134	}
	135
1ae97820 HX	136	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	137	__attribute__ ((unused));
	138	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	139	{
	140	struct aead_alg *aead = &alg->cra_aead;
	141
	142	seq_printf(m, "type : aead\n");
189ed66e HX	143	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	144	"yes" : "no");
1ae97820 HX	145	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
1ae97820 HX	146	seq_printf(m, "ivsize : %u\n", aead->ivsize);
7ba683a6	147	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
5b6d2d7f	148	seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>");
1ae97820 HX	149	}
	150
	151	const struct crypto_type crypto_aead_type = {
	152	.ctxsize = crypto_aead_ctxsize,
	153	.init = crypto_init_aead_ops,
	154	#ifdef CONFIG_PROC_FS
	155	.show = crypto_aead_show,
	156	#endif
6ad414fe	157	.report = crypto_aead_report,
1ae97820 HX	158	};
	159	EXPORT_SYMBOL_GPL(crypto_aead_type);
	160
5b6d2d7f HX	161	static int aead_null_givencrypt(struct aead_givcrypt_request *req)
	162	{
	163	return crypto_aead_encrypt(&req->areq);
	164	}
	165
	166	static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
	167	{
	168	return crypto_aead_decrypt(&req->areq);
	169	}
	170
	171	static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	172	{
	173	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	174	struct aead_tfm *crt = &tfm->crt_aead;
	175
	176	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
	177	return -EINVAL;
	178
	179	crt->setkey = setkey;
	180	crt->encrypt = alg->encrypt;
	181	crt->decrypt = alg->decrypt;
	182	if (!alg->ivsize) {
	183	crt->givencrypt = aead_null_givencrypt;
	184	crt->givdecrypt = aead_null_givdecrypt;
	185	}
	186	crt->base = __crypto_aead_cast(tfm);
	187	crt->ivsize = alg->ivsize;
	188	crt->authsize = alg->maxauthsize;
	189
	190	return 0;
	191	}
	192
b735d0a9 SK	193	static int crypto_nivaead_report(struct sk_buff skb, struct crypto_alg alg)
	194	{
	195	struct crypto_report_aead raead;
	196	struct aead_alg *aead = &alg->cra_aead;
	197
	198	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
	199	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);
	200
	201	raead.blocksize = alg->cra_blocksize;
	202	raead.maxauthsize = aead->maxauthsize;
	203	raead.ivsize = aead->ivsize;
	204
	205	NLA_PUT(skb, CRYPTOCFGA_REPORT_AEAD,
	206	sizeof(struct crypto_report_aead), &raead);
	207
	208	return 0;
	209
	210	nla_put_failure:
	211	return -EMSGSIZE;
	212	}
	213
	214
5b6d2d7f HX	215	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	216	__attribute__ ((unused));
	217	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	218	{
	219	struct aead_alg *aead = &alg->cra_aead;
	220
	221	seq_printf(m, "type : nivaead\n");
189ed66e HX	222	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	223	"yes" : "no");
5b6d2d7f HX	224	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
	225	seq_printf(m, "ivsize : %u\n", aead->ivsize);
	226	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
	227	seq_printf(m, "geniv : %s\n", aead->geniv);
	228	}
	229
	230	const struct crypto_type crypto_nivaead_type = {
	231	.ctxsize = crypto_aead_ctxsize,
	232	.init = crypto_init_nivaead_ops,
	233	#ifdef CONFIG_PROC_FS
	234	.show = crypto_nivaead_show,
	235	#endif
b735d0a9	236	.report = crypto_nivaead_report,
5b6d2d7f HX	237	};
	238	EXPORT_SYMBOL_GPL(crypto_nivaead_type);
	239
	240	static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
	241	const char *name, u32 type, u32 mask)
	242	{
	243	struct crypto_alg *alg;
	244	int err;
	245
	246	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	247	type \|= CRYPTO_ALG_TYPE_AEAD;
	248	mask \|= CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV;
	249
	250	alg = crypto_alg_mod_lookup(name, type, mask);
	251	if (IS_ERR(alg))
	252	return PTR_ERR(alg);
	253
	254	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	255	crypto_mod_put(alg);
	256	return err;
	257	}
	258
	259	struct crypto_instance aead_geniv_alloc(struct crypto_template tmpl,
	260	struct rtattr **tb, u32 type,
	261	u32 mask)
	262	{
	263	const char *name;
	264	struct crypto_aead_spawn *spawn;
	265	struct crypto_attr_type *algt;
	266	struct crypto_instance *inst;
	267	struct crypto_alg *alg;
	268	int err;
	269
	270	algt = crypto_get_attr_type(tb);
	271	err = PTR_ERR(algt);
	272	if (IS_ERR(algt))
	273	return ERR_PTR(err);
	274
	275	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV)) &
	276	algt->mask)
	277	return ERR_PTR(-EINVAL);
	278
	279	name = crypto_attr_alg_name(tb[1]);
	280	err = PTR_ERR(name);
	281	if (IS_ERR(name))
	282	return ERR_PTR(err);
	283
	284	inst = kzalloc(sizeof(inst) + sizeof(spawn), GFP_KERNEL);
	285	if (!inst)
	286	return ERR_PTR(-ENOMEM);
	287
	288	spawn = crypto_instance_ctx(inst);
	289
	290	/* Ignore async algorithms if necessary. */
	291	mask \|= crypto_requires_sync(algt->type, algt->mask);
	292
	293	crypto_set_aead_spawn(spawn, inst);
	294	err = crypto_grab_nivaead(spawn, name, type, mask);
	295	if (err)
	296	goto err_free_inst;
	297
	298	alg = crypto_aead_spawn_alg(spawn);
	299
	300	err = -EINVAL;
301	if (!alg->cra_aead.ivsize)
302	goto err_drop_alg;
303
304	/*
305	* This is only true if we're constructing an algorithm with its
306	* default IV generator. For the default generator we elide the
307	* template name and double-check the IV generator.
308	*/
309	if (algt->mask & CRYPTO_ALG_GENIV) {
310	if (strcmp(tmpl->name, alg->cra_aead.geniv))
311	goto err_drop_alg;
312
313	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
314	memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
315	CRYPTO_MAX_ALG_NAME);
316	} else {
317	err = -ENAMETOOLONG;
318	if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
319	"%s(%s)", tmpl->name, alg->cra_name) >=
320	CRYPTO_MAX_ALG_NAME)
321	goto err_drop_alg;
322	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
323	"%s(%s)", tmpl->name, alg->cra_driver_name) >=
324	CRYPTO_MAX_ALG_NAME)
325	goto err_drop_alg;
326	}
327
328	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV;
329	inst->alg.cra_flags \|= alg->cra_flags & CRYPTO_ALG_ASYNC;
330	inst->alg.cra_priority = alg->cra_priority;
331	inst->alg.cra_blocksize = alg->cra_blocksize;
332	inst->alg.cra_alignmask = alg->cra_alignmask;
333	inst->alg.cra_type = &crypto_aead_type;
334
335	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
336	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
337	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;
338
339	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
340	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
341	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
342	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;
343
344	out:
345	return inst;
346
347	err_drop_alg:
348	crypto_drop_aead(spawn);
349	err_free_inst:
350	kfree(inst);
351	inst = ERR_PTR(err);
352	goto out;
353	}
354	EXPORT_SYMBOL_GPL(aead_geniv_alloc);
355
356	void aead_geniv_free(struct crypto_instance *inst)
357	{
358	crypto_drop_aead(crypto_instance_ctx(inst));
359	kfree(inst);
360	}
361	EXPORT_SYMBOL_GPL(aead_geniv_free);
362
363	int aead_geniv_init(struct crypto_tfm *tfm)
364	{
365	struct crypto_instance inst = (void )tfm->__crt_alg;
366	struct crypto_aead *aead;
367
368	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
369	if (IS_ERR(aead))
370	return PTR_ERR(aead);
371
372	tfm->crt_aead.base = aead;
373	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);
374
375	return 0;
376	}
377	EXPORT_SYMBOL_GPL(aead_geniv_init);
378
379	void aead_geniv_exit(struct crypto_tfm *tfm)
380	{
381	crypto_free_aead(tfm->crt_aead.base);
382	}
383	EXPORT_SYMBOL_GPL(aead_geniv_exit);
384
d29ce988 HX	385	static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
	386	{
	387	struct rtattr *tb[3];
	388	struct {
	389	struct rtattr attr;
	390	struct crypto_attr_type data;
	391	} ptype;
	392	struct {
	393	struct rtattr attr;
	394	struct crypto_attr_alg data;
	395	} palg;
	396	struct crypto_template *tmpl;
	397	struct crypto_instance *inst;
	398	struct crypto_alg *larval;
	399	const char *geniv;
	400	int err;
	401
	402	larval = crypto_larval_lookup(alg->cra_driver_name,
	403	CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV,
	404	CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	405	err = PTR_ERR(larval);
	406	if (IS_ERR(larval))
	407	goto out;
	408
	409	err = -EAGAIN;
	410	if (!crypto_is_larval(larval))
	411	goto drop_larval;
	412
	413	ptype.attr.rta_len = sizeof(ptype);
	414	ptype.attr.rta_type = CRYPTOA_TYPE;
	415	ptype.data.type = type \| CRYPTO_ALG_GENIV;
	416	/* GENIV tells the template that we're making a default geniv. */
	417	ptype.data.mask = mask \| CRYPTO_ALG_GENIV;
	418	tb[0] = &ptype.attr;
	419
	420	palg.attr.rta_len = sizeof(palg);
	421	palg.attr.rta_type = CRYPTOA_ALG;
	422	/* Must use the exact name to locate ourselves. */
	423	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	424	tb[1] = &palg.attr;
	425
	426	tb[2] = NULL;
	427
	428	geniv = alg->cra_aead.geniv;
	429
	430	tmpl = crypto_lookup_template(geniv);
	431	err = -ENOENT;
	432	if (!tmpl)
	433	goto kill_larval;
	434
	435	inst = tmpl->alloc(tb);
	436	err = PTR_ERR(inst);
	437	if (IS_ERR(inst))
	438	goto put_tmpl;
	439
	440	if ((err = crypto_register_instance(tmpl, inst))) {
	441	tmpl->free(inst);
	442	goto put_tmpl;
	443	}
	444
	445	/* Redo the lookup to use the instance we just registered. */
	446	err = -EAGAIN;
	447
	448	put_tmpl:
449	crypto_tmpl_put(tmpl);
450	kill_larval:
451	crypto_larval_kill(larval);
452	drop_larval:
453	crypto_mod_put(larval);
454	out:
455	crypto_mod_put(alg);
456	return err;
457	}
458
459	static struct crypto_alg crypto_lookup_aead(const char name, u32 type,
460	u32 mask)
461	{
462	struct crypto_alg *alg;
463
464	alg = crypto_alg_mod_lookup(name, type, mask);
465	if (IS_ERR(alg))
466	return alg;
467
468	if (alg->cra_type == &crypto_aead_type)
469	return alg;
470
471	if (!alg->cra_aead.ivsize)
472	return alg;
473
5852ae42 HX	474	crypto_mod_put(alg);
	475	alg = crypto_alg_mod_lookup(name, type \| CRYPTO_ALG_TESTED,
	476	mask & ~CRYPTO_ALG_TESTED);
	477	if (IS_ERR(alg))
	478	return alg;
	479
	480	if (alg->cra_type == &crypto_aead_type) {
	481	if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
	482	crypto_mod_put(alg);
	483	alg = ERR_PTR(-ENOENT);
	484	}
	485	return alg;
	486	}
	487
	488	BUG_ON(!alg->cra_aead.ivsize);
	489
d29ce988 HX	490	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
	491	}
	492
	493	int crypto_grab_aead(struct crypto_aead_spawn spawn, const char name,
	494	u32 type, u32 mask)
	495	{
	496	struct crypto_alg *alg;
	497	int err;
	498
	499	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	500	type \|= CRYPTO_ALG_TYPE_AEAD;
	501	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	502	mask \|= CRYPTO_ALG_TYPE_MASK;
	503
	504	alg = crypto_lookup_aead(name, type, mask);
	505	if (IS_ERR(alg))
	506	return PTR_ERR(alg);
	507
	508	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	509	crypto_mod_put(alg);
	510	return err;
	511	}
	512	EXPORT_SYMBOL_GPL(crypto_grab_aead);
	513
	514	struct crypto_aead crypto_alloc_aead(const char alg_name, u32 type, u32 mask)
	515	{
	516	struct crypto_tfm *tfm;
	517	int err;
	518
	519	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	520	type \|= CRYPTO_ALG_TYPE_AEAD;
	521	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	522	mask \|= CRYPTO_ALG_TYPE_MASK;
	523
	524	for (;;) {
	525	struct crypto_alg *alg;
	526
	527	alg = crypto_lookup_aead(alg_name, type, mask);
	528	if (IS_ERR(alg)) {
	529	err = PTR_ERR(alg);
	530	goto err;
	531	}
	532
	533	tfm = __crypto_alloc_tfm(alg, type, mask);
	534	if (!IS_ERR(tfm))
	535	return __crypto_aead_cast(tfm);
	536
	537	crypto_mod_put(alg);
	538	err = PTR_ERR(tfm);
	539
	540	err:
	541	if (err != -EAGAIN)
	542	break;
	543	if (signal_pending(current)) {
	544	err = -EINTR;
	545	break;
	546	}
	547	}
	548
	549	return ERR_PTR(err);
	550	}
	551	EXPORT_SYMBOL_GPL(crypto_alloc_aead);
	552
1ae97820 HX	553	MODULE_LICENSE("GPL");
1ae97820 HX	554	MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");