[mirror_ubuntu-bionic-kernel.git] / include / crypto / aead.h

/*
 * AEAD: Authenticated Encryption with Associated Data
 * 
 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option) 
 * any later version.
 *
 */

#ifndef _CRYPTO_AEAD_H
#define _CRYPTO_AEAD_H

#include <linux/crypto.h>
#include <linux/kernel.h>
#include <linux/slab.h>

/**
 * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API
 *
 * The AEAD cipher API is used with the ciphers of type CRYPTO_ALG_TYPE_AEAD
 * (listed as type "aead" in /proc/crypto)
 *
 * The most prominent examples for this type of encryption is GCM and CCM.
 * However, the kernel supports other types of AEAD ciphers which are defined
 * with the following cipher string:
 *
 *	authenc(keyed message digest, block cipher)
 *
 * For example: authenc(hmac(sha256), cbc(aes))
 *
 * The example code provided for the asynchronous block cipher operation
 * applies here as well. Naturally all *ablkcipher* symbols must be exchanged
 * the *aead* pendants discussed in the following. In addtion, for the AEAD
 * operation, the aead_request_set_assoc function must be used to set the
 * pointer to the associated data memory location before performing the
 * encryption or decryption operation. In case of an encryption, the associated
 * data memory is filled during the encryption operation. For decryption, the
 * associated data memory must contain data that is used to verify the integrity
 * of the decrypted data. Another deviation from the asynchronous block cipher
 * operation is that the caller should explicitly check for -EBADMSG of the
 * crypto_aead_decrypt. That error indicates an authentication error, i.e.
 * a breach in the integrity of the message. In essence, that -EBADMSG error
 * code is the key bonus an AEAD cipher has over "standard" block chaining
 * modes.
 */

/**
 *	struct aead_request - AEAD request
 *	@base: Common attributes for async crypto requests
 *	@assoclen: Length in bytes of associated data for authentication
 *	@cryptlen: Length of data to be encrypted or decrypted
 *	@iv: Initialisation vector
 *	@assoc: Associated data
 *	@src: Source data
 *	@dst: Destination data
 *	@__ctx: Start of private context data
 */
struct aead_request {
	struct crypto_async_request base;

	unsigned int assoclen;
	unsigned int cryptlen;

	u8 *iv;

	struct scatterlist *assoc;
	struct scatterlist *src;
	struct scatterlist *dst;

	void *__ctx[] CRYPTO_MINALIGN_ATTR;
};

/**
 *	struct aead_givcrypt_request - AEAD request with IV generation
 *	@seq: Sequence number for IV generation
 *	@giv: Space for generated IV
 *	@areq: The AEAD request itself
 */
struct aead_givcrypt_request {
	u64 seq;
	u8 *giv;

	struct aead_request areq;
};

struct crypto_aead {
	int (*encrypt)(struct aead_request *req);
	int (*decrypt)(struct aead_request *req);
	int (*givencrypt)(struct aead_givcrypt_request *req);
	int (*givdecrypt)(struct aead_givcrypt_request *req);

	struct crypto_aead *child;

	unsigned int ivsize;
	unsigned int authsize;
	unsigned int reqsize;

	struct crypto_tfm base;
};

static inline struct crypto_aead *__crypto_aead_cast(struct crypto_tfm *tfm)
{
	return container_of(tfm, struct crypto_aead, base);
}

/**
 * crypto_alloc_aead() - allocate AEAD cipher handle
 * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
 *	     AEAD cipher
 * @type: specifies the type of the cipher
 * @mask: specifies the mask for the cipher
 *
 * Allocate a cipher handle for an AEAD. The returned struct
 * crypto_aead is the cipher handle that is required for any subsequent
 * API invocation for that AEAD.
 *
 * Return: allocated cipher handle in case of success; IS_ERR() is true in case
 *	   of an error, PTR_ERR() returns the error code.
 */
struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask);

static inline struct crypto_tfm *crypto_aead_tfm(struct crypto_aead *tfm)
{
	return &tfm->base;
}

/**
 * crypto_free_aead() - zeroize and free aead handle
 * @tfm: cipher handle to be freed
 */
static inline void crypto_free_aead(struct crypto_aead *tfm)
{
	crypto_destroy_tfm(tfm, crypto_aead_tfm(tfm));
}

static inline struct crypto_aead *crypto_aead_crt(struct crypto_aead *tfm)
{
	return tfm;
}

/**
 * crypto_aead_ivsize() - obtain IV size
 * @tfm: cipher handle
 *
 * The size of the IV for the aead referenced by the cipher handle is
 * returned. This IV size may be zero if the cipher does not need an IV.
 *
 * Return: IV size in bytes
 */
static inline unsigned int crypto_aead_ivsize(struct crypto_aead *tfm)
{
	return tfm->ivsize;
}

/**
 * crypto_aead_authsize() - obtain maximum authentication data size
 * @tfm: cipher handle
 *
 * The maximum size of the authentication data for the AEAD cipher referenced
 * by the AEAD cipher handle is returned. The authentication data size may be
 * zero if the cipher implements a hard-coded maximum.
 *
 * The authentication data may also be known as "tag value".
 *
 * Return: authentication data size / tag size in bytes
 */
static inline unsigned int crypto_aead_authsize(struct crypto_aead *tfm)
{
	return tfm->authsize;
}

/**
 * crypto_aead_blocksize() - obtain block size of cipher
 * @tfm: cipher handle
 *
 * The block size for the AEAD referenced with the cipher handle is returned.
 * The caller may use that information to allocate appropriate memory for the
 * data returned by the encryption or decryption operation
 *
 * Return: block size of cipher
 */
static inline unsigned int crypto_aead_blocksize(struct crypto_aead *tfm)
{
	return crypto_tfm_alg_blocksize(crypto_aead_tfm(tfm));
}

static inline unsigned int crypto_aead_alignmask(struct crypto_aead *tfm)
{
	return crypto_tfm_alg_alignmask(crypto_aead_tfm(tfm));
}

static inline u32 crypto_aead_get_flags(struct crypto_aead *tfm)
{
	return crypto_tfm_get_flags(crypto_aead_tfm(tfm));
}

static inline void crypto_aead_set_flags(struct crypto_aead *tfm, u32 flags)
{
	crypto_tfm_set_flags(crypto_aead_tfm(tfm), flags);
}

static inline void crypto_aead_clear_flags(struct crypto_aead *tfm, u32 flags)
{
	crypto_tfm_clear_flags(crypto_aead_tfm(tfm), flags);
}

/**
 * crypto_aead_setkey() - set key for cipher
 * @tfm: cipher handle
 * @key: buffer holding the key
 * @keylen: length of the key in bytes
 *
 * The caller provided key is set for the AEAD referenced by the cipher
 * handle.
 *
 * Note, the key length determines the cipher type. Many block ciphers implement
 * different cipher modes depending on the key size, such as AES-128 vs AES-192
 * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
 * is performed.
 *
 * Return: 0 if the setting of the key was successful; < 0 if an error occurred
 */
int crypto_aead_setkey(struct crypto_aead *tfm,
		       const u8 *key, unsigned int keylen);

/**
 * crypto_aead_setauthsize() - set authentication data size
 * @tfm: cipher handle
 * @authsize: size of the authentication data / tag in bytes
 *
 * Set the authentication data size / tag size. AEAD requires an authentication
 * tag (or MAC) in addition to the associated data.
 *
 * Return: 0 if the setting of the key was successful; < 0 if an error occurred
 */
int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize);

static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
{
	return __crypto_aead_cast(req->base.tfm);
}

/**
 * crypto_aead_encrypt() - encrypt plaintext
 * @req: reference to the aead_request handle that holds all information
 *	 needed to perform the cipher operation
 *
 * Encrypt plaintext data using the aead_request handle. That data structure
 * and how it is filled with data is discussed with the aead_request_*
 * functions.
 *
 * IMPORTANT NOTE The encryption operation creates the authentication data /
 *		  tag. That data is concatenated with the created ciphertext.
 *		  The ciphertext memory size is therefore the given number of
 *		  block cipher blocks + the size defined by the
 *		  crypto_aead_setauthsize invocation. The caller must ensure
 *		  that sufficient memory is available for the ciphertext and
 *		  the authentication tag.
 *
 * Return: 0 if the cipher operation was successful; < 0 if an error occurred
 */
static inline int crypto_aead_encrypt(struct aead_request *req)
{
	return crypto_aead_reqtfm(req)->encrypt(req);
}

/**
 * crypto_aead_decrypt() - decrypt ciphertext
 * @req: reference to the ablkcipher_request handle that holds all information
 *	 needed to perform the cipher operation
 *
 * Decrypt ciphertext data using the aead_request handle. That data structure
 * and how it is filled with data is discussed with the aead_request_*
 * functions.
 *
 * IMPORTANT NOTE The caller must concatenate the ciphertext followed by the
 *		  authentication data / tag. That authentication data / tag
 *		  must have the size defined by the crypto_aead_setauthsize
 *		  invocation.
 *
 *
 * Return: 0 if the cipher operation was successful; -EBADMSG: The AEAD
 *	   cipher operation performs the authentication of the data during the
 *	   decryption operation. Therefore, the function returns this error if
 *	   the authentication of the ciphertext was unsuccessful (i.e. the
 *	   integrity of the ciphertext or the associated data was violated);
 *	   < 0 if an error occurred.
 */
static inline int crypto_aead_decrypt(struct aead_request *req)
{
	if (req->cryptlen < crypto_aead_authsize(crypto_aead_reqtfm(req)))
		return -EINVAL;

	return crypto_aead_reqtfm(req)->decrypt(req);
}

/**
 * DOC: Asynchronous AEAD Request Handle
 *
 * The aead_request data structure contains all pointers to data required for
 * the AEAD cipher operation. This includes the cipher handle (which can be
 * used by multiple aead_request instances), pointer to plaintext and
 * ciphertext, asynchronous callback function, etc. It acts as a handle to the
 * aead_request_* API calls in a similar way as AEAD handle to the
 * crypto_aead_* API calls.
 */

/**
 * crypto_aead_reqsize() - obtain size of the request data structure
 * @tfm: cipher handle
 *
 * Return: number of bytes
 */
static inline unsigned int crypto_aead_reqsize(struct crypto_aead *tfm)
{
	return tfm->reqsize;
}

/**
 * aead_request_set_tfm() - update cipher handle reference in request
 * @req: request handle to be modified
 * @tfm: cipher handle that shall be added to the request handle
 *
 * Allow the caller to replace the existing aead handle in the request
 * data structure with a different one.
 */
static inline void aead_request_set_tfm(struct aead_request *req,
					struct crypto_aead *tfm)
{
	req->base.tfm = crypto_aead_tfm(tfm->child);
}

/**
 * aead_request_alloc() - allocate request data structure
 * @tfm: cipher handle to be registered with the request
 * @gfp: memory allocation flag that is handed to kmalloc by the API call.
 *
 * Allocate the request data structure that must be used with the AEAD
 * encrypt and decrypt API calls. During the allocation, the provided aead
 * handle is registered in the request data structure.
 *
 * Return: allocated request handle in case of success; IS_ERR() is true in case
 *	   of an error, PTR_ERR() returns the error code.
 */
static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
						      gfp_t gfp)
{
	struct aead_request *req;

	req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);

	if (likely(req))
		aead_request_set_tfm(req, tfm);

	return req;
}

/**
 * aead_request_free() - zeroize and free request data structure
 * @req: request data structure cipher handle to be freed
 */
static inline void aead_request_free(struct aead_request *req)
{
	kzfree(req);
}

/**
 * aead_request_set_callback() - set asynchronous callback function
 * @req: request handle
 * @flags: specify zero or an ORing of the flags
 *	   CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
 *	   increase the wait queue beyond the initial maximum size;
 *	   CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
 * @compl: callback function pointer to be registered with the request handle
 * @data: The data pointer refers to memory that is not used by the kernel
 *	  crypto API, but provided to the callback function for it to use. Here,
 *	  the caller can provide a reference to memory the callback function can
 *	  operate on. As the callback function is invoked asynchronously to the
 *	  related functionality, it may need to access data structures of the
 *	  related functionality which can be referenced using this pointer. The
 *	  callback function can access the memory via the "data" field in the
 *	  crypto_async_request data structure provided to the callback function.
 *
 * Setting the callback function that is triggered once the cipher operation
 * completes
 *
 * The callback function is registered with the aead_request handle and
 * must comply with the following template
 *
 *	void callback_function(struct crypto_async_request *req, int error)
 */
static inline void aead_request_set_callback(struct aead_request *req,
					     u32 flags,
					     crypto_completion_t compl,
					     void *data)
{
	req->base.complete = compl;
	req->base.data = data;
	req->base.flags = flags;
}

/**
 * aead_request_set_crypt - set data buffers
 * @req: request handle
 * @src: source scatter / gather list
 * @dst: destination scatter / gather list
 * @cryptlen: number of bytes to process from @src
 * @iv: IV for the cipher operation which must comply with the IV size defined
 *      by crypto_aead_ivsize()
 *
 * Setting the source data and destination data scatter / gather lists.
 *
 * For encryption, the source is treated as the plaintext and the
 * destination is the ciphertext. For a decryption operation, the use is
 * reversed - the source is the ciphertext and the destination is the plaintext.
 *
 * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption,
 *		  the caller must concatenate the ciphertext followed by the
 *		  authentication tag and provide the entire data stream to the
 *		  decryption operation (i.e. the data length used for the
 *		  initialization of the scatterlist and the data length for the
 *		  decryption operation is identical). For encryption, however,
 *		  the authentication tag is created while encrypting the data.
 *		  The destination buffer must hold sufficient space for the
 *		  ciphertext and the authentication tag while the encryption
 *		  invocation must only point to the plaintext data size. The
 *		  following code snippet illustrates the memory usage
 *		  buffer = kmalloc(ptbuflen + (enc ? authsize : 0));
 *		  sg_init_one(&sg, buffer, ptbuflen + (enc ? authsize : 0));
 *		  aead_request_set_crypt(req, &sg, &sg, ptbuflen, iv);
 */
static inline void aead_request_set_crypt(struct aead_request *req,
					  struct scatterlist *src,
					  struct scatterlist *dst,
					  unsigned int cryptlen, u8 *iv)
{
	req->src = src;
	req->dst = dst;
	req->cryptlen = cryptlen;
	req->iv = iv;
}

/**
 * aead_request_set_assoc() - set the associated data scatter / gather list
 * @req: request handle
 * @assoc: associated data scatter / gather list
 * @assoclen: number of bytes to process from @assoc
 *
 * For encryption, the memory is filled with the associated data. For
 * decryption, the memory must point to the associated data.
 */
static inline void aead_request_set_assoc(struct aead_request *req,
					  struct scatterlist *assoc,
					  unsigned int assoclen)
{
	req->assoc = assoc;
	req->assoclen = assoclen;
}

static inline struct crypto_aead *aead_givcrypt_reqtfm(
	struct aead_givcrypt_request *req)
{
	return crypto_aead_reqtfm(&req->areq);
}

static inline int crypto_aead_givencrypt(struct aead_givcrypt_request *req)
{
	return aead_givcrypt_reqtfm(req)->givencrypt(req);
};

static inline int crypto_aead_givdecrypt(struct aead_givcrypt_request *req)
{
	return aead_givcrypt_reqtfm(req)->givdecrypt(req);
};

static inline void aead_givcrypt_set_tfm(struct aead_givcrypt_request *req,
					 struct crypto_aead *tfm)
{
	req->areq.base.tfm = crypto_aead_tfm(tfm);
}

static inline struct aead_givcrypt_request *aead_givcrypt_alloc(
	struct crypto_aead *tfm, gfp_t gfp)
{
	struct aead_givcrypt_request *req;

	req = kmalloc(sizeof(struct aead_givcrypt_request) +
		      crypto_aead_reqsize(tfm), gfp);

	if (likely(req))
		aead_givcrypt_set_tfm(req, tfm);

	return req;
}

static inline void aead_givcrypt_free(struct aead_givcrypt_request *req)
{
	kfree(req);
}

static inline void aead_givcrypt_set_callback(
	struct aead_givcrypt_request *req, u32 flags,
	crypto_completion_t compl, void *data)
{
	aead_request_set_callback(&req->areq, flags, compl, data);
}

static inline void aead_givcrypt_set_crypt(struct aead_givcrypt_request *req,
					   struct scatterlist *src,
					   struct scatterlist *dst,
					   unsigned int nbytes, void *iv)
{
	aead_request_set_crypt(&req->areq, src, dst, nbytes, iv);
}

static inline void aead_givcrypt_set_assoc(struct aead_givcrypt_request *req,
					   struct scatterlist *assoc,
					   unsigned int assoclen)
{
	aead_request_set_assoc(&req->areq, assoc, assoclen);
}

static inline void aead_givcrypt_set_giv(struct aead_givcrypt_request *req,
					 u8 *giv, u64 seq)
{
	req->giv = giv;
	req->seq = seq;
}

#endif	/* _CRYPTO_AEAD_H */
Commit	Line	Data
743edf57 HX	1	/*
	2	* AEAD: Authenticated Encryption with Associated Data
	3	*
	4	* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the Free
	8	* Software Foundation; either version 2 of the License, or (at your option)
	9	* any later version.
	10	*
	11	*/
	12
	13	#ifndef _CRYPTO_AEAD_H
	14	#define _CRYPTO_AEAD_H
	15
	16	#include <linux/crypto.h>
	17	#include <linux/kernel.h>
3a282bd2	18	#include <linux/slab.h>
743edf57	19
5d1d65f8 HX	20	/**
	21	* DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API
	22	*
	23	* The AEAD cipher API is used with the ciphers of type CRYPTO_ALG_TYPE_AEAD
	24	* (listed as type "aead" in /proc/crypto)
	25	*
	26	* The most prominent examples for this type of encryption is GCM and CCM.
	27	* However, the kernel supports other types of AEAD ciphers which are defined
	28	* with the following cipher string:
	29	*
	30	* authenc(keyed message digest, block cipher)
	31	*
	32	* For example: authenc(hmac(sha256), cbc(aes))
	33	*
	34	* The example code provided for the asynchronous block cipher operation
	35	* applies here as well. Naturally all ablkcipher symbols must be exchanged
	36	* the aead pendants discussed in the following. In addtion, for the AEAD
	37	* operation, the aead_request_set_assoc function must be used to set the
	38	* pointer to the associated data memory location before performing the
	39	* encryption or decryption operation. In case of an encryption, the associated
	40	* data memory is filled during the encryption operation. For decryption, the
	41	* associated data memory must contain data that is used to verify the integrity
	42	* of the decrypted data. Another deviation from the asynchronous block cipher
	43	* operation is that the caller should explicitly check for -EBADMSG of the
	44	* crypto_aead_decrypt. That error indicates an authentication error, i.e.
	45	* a breach in the integrity of the message. In essence, that -EBADMSG error
	46	* code is the key bonus an AEAD cipher has over "standard" block chaining
	47	* modes.
	48	*/
	49
	50	/**
	51	* struct aead_request - AEAD request
	52	* @base: Common attributes for async crypto requests
	53	* @assoclen: Length in bytes of associated data for authentication
	54	* @cryptlen: Length of data to be encrypted or decrypted
	55	* @iv: Initialisation vector
	56	* @assoc: Associated data
	57	* @src: Source data
	58	* @dst: Destination data
	59	* @__ctx: Start of private context data
	60	*/
	61	struct aead_request {
	62	struct crypto_async_request base;
	63
	64	unsigned int assoclen;
	65	unsigned int cryptlen;
	66
	67	u8 *iv;
	68
	69	struct scatterlist *assoc;
	70	struct scatterlist *src;
	71	struct scatterlist *dst;
	72
	73	void *__ctx[] CRYPTO_MINALIGN_ATTR;
	74	};
	75
743edf57 HX	76	/**
	77	* struct aead_givcrypt_request - AEAD request with IV generation
	78	* @seq: Sequence number for IV generation
	79	* @giv: Space for generated IV
	80	* @areq: The AEAD request itself
	81	*/
	82	struct aead_givcrypt_request {
	83	u64 seq;
	84	u8 *giv;
	85
	86	struct aead_request areq;
	87	};
	88
5d1d65f8 HX	89	struct crypto_aead {
	90	int (encrypt)(struct aead_request req);
	91	int (decrypt)(struct aead_request req);
	92	int (givencrypt)(struct aead_givcrypt_request req);
	93	int (givdecrypt)(struct aead_givcrypt_request req);
	94
	95	struct crypto_aead *child;
	96
	97	unsigned int ivsize;
	98	unsigned int authsize;
	99	unsigned int reqsize;
	100
	101	struct crypto_tfm base;
	102	};
	103
	104	static inline struct crypto_aead __crypto_aead_cast(struct crypto_tfm tfm)
	105	{
	106	return container_of(tfm, struct crypto_aead, base);
	107	}
	108
	109	/**
	110	* crypto_alloc_aead() - allocate AEAD cipher handle
	111	* @alg_name: is the cra_name / name or cra_driver_name / driver name of the
	112	* AEAD cipher
	113	* @type: specifies the type of the cipher
	114	* @mask: specifies the mask for the cipher
	115	*
	116	* Allocate a cipher handle for an AEAD. The returned struct
	117	* crypto_aead is the cipher handle that is required for any subsequent
	118	* API invocation for that AEAD.
	119	*
	120	* Return: allocated cipher handle in case of success; IS_ERR() is true in case
	121	* of an error, PTR_ERR() returns the error code.
	122	*/
	123	struct crypto_aead crypto_alloc_aead(const char alg_name, u32 type, u32 mask);
	124
	125	static inline struct crypto_tfm crypto_aead_tfm(struct crypto_aead tfm)
	126	{
	127	return &tfm->base;
	128	}
	129
	130	/**
	131	* crypto_free_aead() - zeroize and free aead handle
	132	* @tfm: cipher handle to be freed
	133	*/
	134	static inline void crypto_free_aead(struct crypto_aead *tfm)
	135	{
	136	crypto_destroy_tfm(tfm, crypto_aead_tfm(tfm));
	137	}
	138
	139	static inline struct crypto_aead crypto_aead_crt(struct crypto_aead tfm)
	140	{
	141	return tfm;
	142	}
	143
	144	/**
	145	* crypto_aead_ivsize() - obtain IV size
	146	* @tfm: cipher handle
	147	*
	148	* The size of the IV for the aead referenced by the cipher handle is
	149	* returned. This IV size may be zero if the cipher does not need an IV.
	150	*
	151	* Return: IV size in bytes
	152	*/
153	static inline unsigned int crypto_aead_ivsize(struct crypto_aead *tfm)
154	{
155	return tfm->ivsize;
156	}
157
158	/**
159	* crypto_aead_authsize() - obtain maximum authentication data size
160	* @tfm: cipher handle
161	*
162	* The maximum size of the authentication data for the AEAD cipher referenced
163	* by the AEAD cipher handle is returned. The authentication data size may be
164	* zero if the cipher implements a hard-coded maximum.
165	*
166	* The authentication data may also be known as "tag value".
167	*
168	* Return: authentication data size / tag size in bytes
169	*/
170	static inline unsigned int crypto_aead_authsize(struct crypto_aead *tfm)
171	{
172	return tfm->authsize;
173	}
174
175	/**
176	* crypto_aead_blocksize() - obtain block size of cipher
177	* @tfm: cipher handle
178	*
179	* The block size for the AEAD referenced with the cipher handle is returned.
180	* The caller may use that information to allocate appropriate memory for the
181	* data returned by the encryption or decryption operation
182	*
183	* Return: block size of cipher
184	*/
185	static inline unsigned int crypto_aead_blocksize(struct crypto_aead *tfm)
186	{
187	return crypto_tfm_alg_blocksize(crypto_aead_tfm(tfm));
188	}
189
190	static inline unsigned int crypto_aead_alignmask(struct crypto_aead *tfm)
191	{
192	return crypto_tfm_alg_alignmask(crypto_aead_tfm(tfm));
193	}
194
195	static inline u32 crypto_aead_get_flags(struct crypto_aead *tfm)
196	{
197	return crypto_tfm_get_flags(crypto_aead_tfm(tfm));
198	}
199
200	static inline void crypto_aead_set_flags(struct crypto_aead *tfm, u32 flags)
201	{
202	crypto_tfm_set_flags(crypto_aead_tfm(tfm), flags);
203	}
204
205	static inline void crypto_aead_clear_flags(struct crypto_aead *tfm, u32 flags)
206	{
207	crypto_tfm_clear_flags(crypto_aead_tfm(tfm), flags);
208	}
209
210	/**
211	* crypto_aead_setkey() - set key for cipher
212	* @tfm: cipher handle
213	* @key: buffer holding the key
214	* @keylen: length of the key in bytes
215	*
216	* The caller provided key is set for the AEAD referenced by the cipher
217	* handle.
218	*
219	* Note, the key length determines the cipher type. Many block ciphers implement
220	* different cipher modes depending on the key size, such as AES-128 vs AES-192
221	* vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
222	* is performed.
223	*
224	* Return: 0 if the setting of the key was successful; < 0 if an error occurred
225	*/
226	int crypto_aead_setkey(struct crypto_aead *tfm,
227	const u8 *key, unsigned int keylen);
228
229	/**
230	* crypto_aead_setauthsize() - set authentication data size
231	* @tfm: cipher handle
232	* @authsize: size of the authentication data / tag in bytes
233	*
234	* Set the authentication data size / tag size. AEAD requires an authentication
235	* tag (or MAC) in addition to the associated data.
236	*
237	* Return: 0 if the setting of the key was successful; < 0 if an error occurred
238	*/
239	int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize);
240
241	static inline struct crypto_aead crypto_aead_reqtfm(struct aead_request req)
242	{
243	return __crypto_aead_cast(req->base.tfm);
244	}
245
246	/**
247	* crypto_aead_encrypt() - encrypt plaintext
248	* @req: reference to the aead_request handle that holds all information
249	* needed to perform the cipher operation
250	*
251	* Encrypt plaintext data using the aead_request handle. That data structure
252	* and how it is filled with data is discussed with the aead_request_*
253	* functions.
254	*
255	* IMPORTANT NOTE The encryption operation creates the authentication data /
256	* tag. That data is concatenated with the created ciphertext.
257	* The ciphertext memory size is therefore the given number of
258	* block cipher blocks + the size defined by the
259	* crypto_aead_setauthsize invocation. The caller must ensure
260	* that sufficient memory is available for the ciphertext and
261	* the authentication tag.
262	*
263	* Return: 0 if the cipher operation was successful; < 0 if an error occurred
264	*/
265	static inline int crypto_aead_encrypt(struct aead_request *req)
266	{
267	return crypto_aead_reqtfm(req)->encrypt(req);
268	}
269
270	/**
271	* crypto_aead_decrypt() - decrypt ciphertext
272	* @req: reference to the ablkcipher_request handle that holds all information
273	* needed to perform the cipher operation
274	*
275	* Decrypt ciphertext data using the aead_request handle. That data structure
276	* and how it is filled with data is discussed with the aead_request_*
277	* functions.
278	*
279	* IMPORTANT NOTE The caller must concatenate the ciphertext followed by the
280	* authentication data / tag. That authentication data / tag
281	* must have the size defined by the crypto_aead_setauthsize
282	* invocation.
283	*
284	*
285	* Return: 0 if the cipher operation was successful; -EBADMSG: The AEAD
286	* cipher operation performs the authentication of the data during the
287	* decryption operation. Therefore, the function returns this error if
288	* the authentication of the ciphertext was unsuccessful (i.e. the
289	* integrity of the ciphertext or the associated data was violated);
290	* < 0 if an error occurred.
291	*/
292	static inline int crypto_aead_decrypt(struct aead_request *req)
293	{
294	if (req->cryptlen < crypto_aead_authsize(crypto_aead_reqtfm(req)))
295	return -EINVAL;
296
297	return crypto_aead_reqtfm(req)->decrypt(req);
298	}
299
300	/**
301	* DOC: Asynchronous AEAD Request Handle
302	*
303	* The aead_request data structure contains all pointers to data required for
304	* the AEAD cipher operation. This includes the cipher handle (which can be
305	* used by multiple aead_request instances), pointer to plaintext and
306	* ciphertext, asynchronous callback function, etc. It acts as a handle to the
307	* aead_request_* API calls in a similar way as AEAD handle to the
308	* crypto_aead_* API calls.
309	*/
310
311	/**
312	* crypto_aead_reqsize() - obtain size of the request data structure
313	* @tfm: cipher handle
314	*
315	* Return: number of bytes
316	*/
317	static inline unsigned int crypto_aead_reqsize(struct crypto_aead *tfm)
318	{
319	return tfm->reqsize;
320	}
321
322	/**
323	* aead_request_set_tfm() - update cipher handle reference in request
324	* @req: request handle to be modified
325	* @tfm: cipher handle that shall be added to the request handle
326	*
327	* Allow the caller to replace the existing aead handle in the request
328	* data structure with a different one.
329	*/
330	static inline void aead_request_set_tfm(struct aead_request *req,
331	struct crypto_aead *tfm)
332	{
333	req->base.tfm = crypto_aead_tfm(tfm->child);
334	}
335
336	/**
337	* aead_request_alloc() - allocate request data structure
338	* @tfm: cipher handle to be registered with the request
339	* @gfp: memory allocation flag that is handed to kmalloc by the API call.
340	*
341	* Allocate the request data structure that must be used with the AEAD
342	* encrypt and decrypt API calls. During the allocation, the provided aead
343	* handle is registered in the request data structure.
344	*
345	* Return: allocated request handle in case of success; IS_ERR() is true in case
346	* of an error, PTR_ERR() returns the error code.
347	*/
348	static inline struct aead_request aead_request_alloc(struct crypto_aead tfm,
349	gfp_t gfp)
350	{
351	struct aead_request *req;
352
353	req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);
354
355	if (likely(req))
356	aead_request_set_tfm(req, tfm);
357
358	return req;
359	}
360
361	/**
362	* aead_request_free() - zeroize and free request data structure
363	* @req: request data structure cipher handle to be freed
364	*/
365	static inline void aead_request_free(struct aead_request *req)
366	{
367	kzfree(req);
368	}
369
370	/**
371	* aead_request_set_callback() - set asynchronous callback function
372	* @req: request handle
373	* @flags: specify zero or an ORing of the flags
374	* CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
375	* increase the wait queue beyond the initial maximum size;
376	* CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
377	* @compl: callback function pointer to be registered with the request handle
378	* @data: The data pointer refers to memory that is not used by the kernel
379	* crypto API, but provided to the callback function for it to use. Here,
380	* the caller can provide a reference to memory the callback function can
381	* operate on. As the callback function is invoked asynchronously to the
382	* related functionality, it may need to access data structures of the
383	* related functionality which can be referenced using this pointer. The
384	* callback function can access the memory via the "data" field in the
385	* crypto_async_request data structure provided to the callback function.
386	*
387	* Setting the callback function that is triggered once the cipher operation
388	* completes
389	*
390	* The callback function is registered with the aead_request handle and
391	* must comply with the following template
392	*
393	* void callback_function(struct crypto_async_request *req, int error)
394	*/
395	static inline void aead_request_set_callback(struct aead_request *req,
396	u32 flags,
397	crypto_completion_t compl,
398	void *data)
399	{
400	req->base.complete = compl;
401	req->base.data = data;
402	req->base.flags = flags;
403	}
404
405	/**
406	* aead_request_set_crypt - set data buffers
407	* @req: request handle
408	* @src: source scatter / gather list
409	* @dst: destination scatter / gather list
410	* @cryptlen: number of bytes to process from @src
411	* @iv: IV for the cipher operation which must comply with the IV size defined
412	* by crypto_aead_ivsize()
413	*
414	* Setting the source data and destination data scatter / gather lists.
415	*
416	* For encryption, the source is treated as the plaintext and the
417	* destination is the ciphertext. For a decryption operation, the use is
418	* reversed - the source is the ciphertext and the destination is the plaintext.
419	*
420	* IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption,
421	* the caller must concatenate the ciphertext followed by the
422	* authentication tag and provide the entire data stream to the
423	* decryption operation (i.e. the data length used for the
424	* initialization of the scatterlist and the data length for the
425	* decryption operation is identical). For encryption, however,
426	* the authentication tag is created while encrypting the data.
427	* The destination buffer must hold sufficient space for the
428	* ciphertext and the authentication tag while the encryption
429	* invocation must only point to the plaintext data size. The
430	* following code snippet illustrates the memory usage
431	* buffer = kmalloc(ptbuflen + (enc ? authsize : 0));
432	* sg_init_one(&sg, buffer, ptbuflen + (enc ? authsize : 0));
433	* aead_request_set_crypt(req, &sg, &sg, ptbuflen, iv);
434	*/
435	static inline void aead_request_set_crypt(struct aead_request *req,
436	struct scatterlist *src,
437	struct scatterlist *dst,
438	unsigned int cryptlen, u8 *iv)
439	{
440	req->src = src;
441	req->dst = dst;
442	req->cryptlen = cryptlen;
443	req->iv = iv;
444	}
445
446	/**
447	* aead_request_set_assoc() - set the associated data scatter / gather list
448	* @req: request handle
449	* @assoc: associated data scatter / gather list
450	* @assoclen: number of bytes to process from @assoc
451	*
452	* For encryption, the memory is filled with the associated data. For
453	* decryption, the memory must point to the associated data.
454	*/
455	static inline void aead_request_set_assoc(struct aead_request *req,
456	struct scatterlist *assoc,
457	unsigned int assoclen)
458	{
459	req->assoc = assoc;
460	req->assoclen = assoclen;
461	}
462
743edf57 HX	463	static inline struct crypto_aead *aead_givcrypt_reqtfm(
	464	struct aead_givcrypt_request *req)
	465	{
	466	return crypto_aead_reqtfm(&req->areq);
	467	}
	468
3a282bd2 HX	469	static inline int crypto_aead_givencrypt(struct aead_givcrypt_request *req)
3a282bd2 HX	470	{
5d1d65f8	471	return aead_givcrypt_reqtfm(req)->givencrypt(req);
3a282bd2 HX	472	};
	473
	474	static inline int crypto_aead_givdecrypt(struct aead_givcrypt_request *req)
	475	{
5d1d65f8	476	return aead_givcrypt_reqtfm(req)->givdecrypt(req);
3a282bd2 HX	477	};
	478
	479	static inline void aead_givcrypt_set_tfm(struct aead_givcrypt_request *req,
	480	struct crypto_aead *tfm)
	481	{
	482	req->areq.base.tfm = crypto_aead_tfm(tfm);
	483	}
	484
	485	static inline struct aead_givcrypt_request *aead_givcrypt_alloc(
	486	struct crypto_aead *tfm, gfp_t gfp)
	487	{
	488	struct aead_givcrypt_request *req;
	489
	490	req = kmalloc(sizeof(struct aead_givcrypt_request) +
	491	crypto_aead_reqsize(tfm), gfp);
	492
	493	if (likely(req))
	494	aead_givcrypt_set_tfm(req, tfm);
	495
	496	return req;
	497	}
	498
	499	static inline void aead_givcrypt_free(struct aead_givcrypt_request *req)
	500	{
	501	kfree(req);
	502	}
	503
	504	static inline void aead_givcrypt_set_callback(
	505	struct aead_givcrypt_request *req, u32 flags,
3e3dc25f	506	crypto_completion_t compl, void *data)
3a282bd2	507	{
3e3dc25f	508	aead_request_set_callback(&req->areq, flags, compl, data);
3a282bd2 HX	509	}
	510
	511	static inline void aead_givcrypt_set_crypt(struct aead_givcrypt_request *req,
	512	struct scatterlist *src,
	513	struct scatterlist *dst,
	514	unsigned int nbytes, void *iv)
	515	{
	516	aead_request_set_crypt(&req->areq, src, dst, nbytes, iv);
	517	}
	518
	519	static inline void aead_givcrypt_set_assoc(struct aead_givcrypt_request *req,
	520	struct scatterlist *assoc,
	521	unsigned int assoclen)
	522	{
	523	aead_request_set_assoc(&req->areq, assoc, assoclen);
	524	}
	525
	526	static inline void aead_givcrypt_set_giv(struct aead_givcrypt_request *req,
	527	u8 *giv, u64 seq)
	528	{
	529	req->giv = giv;
	530	req->seq = seq;
	531	}
	532
743edf57	533	#endif /* _CRYPTO_AEAD_H */