2 * AEAD: Authenticated Encryption with Associated Data
4 * This file provides API support for AEAD algorithms.
6 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
15 #include <crypto/internal/aead.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/slab.h>
21 #include <linux/seq_file.h>
25 static int setkey_unaligned(struct crypto_aead
*tfm
, const u8
*key
,
28 struct aead_alg
*aead
= crypto_aead_alg(tfm
);
29 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
31 u8
*buffer
, *alignbuffer
;
34 absize
= keylen
+ alignmask
;
35 buffer
= kmalloc(absize
, GFP_ATOMIC
);
39 alignbuffer
= (u8
*)ALIGN((unsigned long)buffer
, alignmask
+ 1);
40 memcpy(alignbuffer
, key
, keylen
);
41 ret
= aead
->setkey(tfm
, alignbuffer
, keylen
);
42 memset(alignbuffer
, 0, keylen
);
47 static int setkey(struct crypto_aead
*tfm
, const u8
*key
, unsigned int keylen
)
49 struct aead_alg
*aead
= crypto_aead_alg(tfm
);
50 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
52 if ((unsigned long)key
& alignmask
)
53 return setkey_unaligned(tfm
, key
, keylen
);
55 return aead
->setkey(tfm
, key
, keylen
);
58 int crypto_aead_setauthsize(struct crypto_aead
*tfm
, unsigned int authsize
)
60 struct aead_tfm
*crt
= crypto_aead_crt(tfm
);
63 if (authsize
> crypto_aead_alg(tfm
)->maxauthsize
)
66 if (crypto_aead_alg(tfm
)->setauthsize
) {
67 err
= crypto_aead_alg(tfm
)->setauthsize(crt
->base
, authsize
);
72 crypto_aead_crt(crt
->base
)->authsize
= authsize
;
73 crt
->authsize
= authsize
;
76 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize
);
78 static unsigned int crypto_aead_ctxsize(struct crypto_alg
*alg
, u32 type
,
81 return alg
->cra_ctxsize
;
84 static int no_givcrypt(struct aead_givcrypt_request
*req
)
89 static int crypto_init_aead_ops(struct crypto_tfm
*tfm
, u32 type
, u32 mask
)
91 struct aead_alg
*alg
= &tfm
->__crt_alg
->cra_aead
;
92 struct aead_tfm
*crt
= &tfm
->crt_aead
;
94 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
97 crt
->setkey
= tfm
->__crt_alg
->cra_flags
& CRYPTO_ALG_GENIV
?
99 crt
->encrypt
= alg
->encrypt
;
100 crt
->decrypt
= alg
->decrypt
;
101 crt
->givencrypt
= alg
->givencrypt
?: no_givcrypt
;
102 crt
->givdecrypt
= alg
->givdecrypt
?: no_givcrypt
;
103 crt
->base
= __crypto_aead_cast(tfm
);
104 crt
->ivsize
= alg
->ivsize
;
105 crt
->authsize
= alg
->maxauthsize
;
110 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
111 __attribute__ ((unused
));
112 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
114 struct aead_alg
*aead
= &alg
->cra_aead
;
116 seq_printf(m
, "type : aead\n");
117 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
118 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
119 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
120 seq_printf(m
, "geniv : %s\n", aead
->geniv
?: "<built-in>");
123 const struct crypto_type crypto_aead_type
= {
124 .ctxsize
= crypto_aead_ctxsize
,
125 .init
= crypto_init_aead_ops
,
126 #ifdef CONFIG_PROC_FS
127 .show
= crypto_aead_show
,
130 EXPORT_SYMBOL_GPL(crypto_aead_type
);
132 static int aead_null_givencrypt(struct aead_givcrypt_request
*req
)
134 return crypto_aead_encrypt(&req
->areq
);
137 static int aead_null_givdecrypt(struct aead_givcrypt_request
*req
)
139 return crypto_aead_decrypt(&req
->areq
);
142 static int crypto_init_nivaead_ops(struct crypto_tfm
*tfm
, u32 type
, u32 mask
)
144 struct aead_alg
*alg
= &tfm
->__crt_alg
->cra_aead
;
145 struct aead_tfm
*crt
= &tfm
->crt_aead
;
147 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
150 crt
->setkey
= setkey
;
151 crt
->encrypt
= alg
->encrypt
;
152 crt
->decrypt
= alg
->decrypt
;
154 crt
->givencrypt
= aead_null_givencrypt
;
155 crt
->givdecrypt
= aead_null_givdecrypt
;
157 crt
->base
= __crypto_aead_cast(tfm
);
158 crt
->ivsize
= alg
->ivsize
;
159 crt
->authsize
= alg
->maxauthsize
;
164 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
165 __attribute__ ((unused
));
166 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
168 struct aead_alg
*aead
= &alg
->cra_aead
;
170 seq_printf(m
, "type : nivaead\n");
171 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
172 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
173 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
174 seq_printf(m
, "geniv : %s\n", aead
->geniv
);
177 const struct crypto_type crypto_nivaead_type
= {
178 .ctxsize
= crypto_aead_ctxsize
,
179 .init
= crypto_init_nivaead_ops
,
180 #ifdef CONFIG_PROC_FS
181 .show
= crypto_nivaead_show
,
184 EXPORT_SYMBOL_GPL(crypto_nivaead_type
);
186 static int crypto_grab_nivaead(struct crypto_aead_spawn
*spawn
,
187 const char *name
, u32 type
, u32 mask
)
189 struct crypto_alg
*alg
;
192 type
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
193 type
|= CRYPTO_ALG_TYPE_AEAD
;
194 mask
|= CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
;
196 alg
= crypto_alg_mod_lookup(name
, type
, mask
);
200 err
= crypto_init_spawn(&spawn
->base
, alg
, spawn
->base
.inst
, mask
);
205 struct crypto_instance
*aead_geniv_alloc(struct crypto_template
*tmpl
,
206 struct rtattr
**tb
, u32 type
,
210 struct crypto_aead_spawn
*spawn
;
211 struct crypto_attr_type
*algt
;
212 struct crypto_instance
*inst
;
213 struct crypto_alg
*alg
;
216 algt
= crypto_get_attr_type(tb
);
221 if ((algt
->type
^ (CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
)) &
223 return ERR_PTR(-EINVAL
);
225 name
= crypto_attr_alg_name(tb
[1]);
230 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
232 return ERR_PTR(-ENOMEM
);
234 spawn
= crypto_instance_ctx(inst
);
236 /* Ignore async algorithms if necessary. */
237 mask
|= crypto_requires_sync(algt
->type
, algt
->mask
);
239 crypto_set_aead_spawn(spawn
, inst
);
240 err
= crypto_grab_nivaead(spawn
, name
, type
, mask
);
244 alg
= crypto_aead_spawn_alg(spawn
);
247 if (!alg
->cra_aead
.ivsize
)
251 * This is only true if we're constructing an algorithm with its
252 * default IV generator. For the default generator we elide the
253 * template name and double-check the IV generator.
255 if (algt
->mask
& CRYPTO_ALG_GENIV
) {
256 if (strcmp(tmpl
->name
, alg
->cra_aead
.geniv
))
259 memcpy(inst
->alg
.cra_name
, alg
->cra_name
, CRYPTO_MAX_ALG_NAME
);
260 memcpy(inst
->alg
.cra_driver_name
, alg
->cra_driver_name
,
261 CRYPTO_MAX_ALG_NAME
);
264 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
265 "%s(%s)", tmpl
->name
, alg
->cra_name
) >=
268 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
269 "%s(%s)", tmpl
->name
, alg
->cra_driver_name
) >=
274 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
;
275 inst
->alg
.cra_flags
|= alg
->cra_flags
& CRYPTO_ALG_ASYNC
;
276 inst
->alg
.cra_priority
= alg
->cra_priority
;
277 inst
->alg
.cra_blocksize
= alg
->cra_blocksize
;
278 inst
->alg
.cra_alignmask
= alg
->cra_alignmask
;
279 inst
->alg
.cra_type
= &crypto_aead_type
;
281 inst
->alg
.cra_aead
.ivsize
= alg
->cra_aead
.ivsize
;
282 inst
->alg
.cra_aead
.maxauthsize
= alg
->cra_aead
.maxauthsize
;
283 inst
->alg
.cra_aead
.geniv
= alg
->cra_aead
.geniv
;
285 inst
->alg
.cra_aead
.setkey
= alg
->cra_aead
.setkey
;
286 inst
->alg
.cra_aead
.setauthsize
= alg
->cra_aead
.setauthsize
;
287 inst
->alg
.cra_aead
.encrypt
= alg
->cra_aead
.encrypt
;
288 inst
->alg
.cra_aead
.decrypt
= alg
->cra_aead
.decrypt
;
294 crypto_drop_aead(spawn
);
300 EXPORT_SYMBOL_GPL(aead_geniv_alloc
);
302 void aead_geniv_free(struct crypto_instance
*inst
)
304 crypto_drop_aead(crypto_instance_ctx(inst
));
307 EXPORT_SYMBOL_GPL(aead_geniv_free
);
309 int aead_geniv_init(struct crypto_tfm
*tfm
)
311 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
312 struct crypto_aead
*aead
;
314 aead
= crypto_spawn_aead(crypto_instance_ctx(inst
));
316 return PTR_ERR(aead
);
318 tfm
->crt_aead
.base
= aead
;
319 tfm
->crt_aead
.reqsize
+= crypto_aead_reqsize(aead
);
323 EXPORT_SYMBOL_GPL(aead_geniv_init
);
325 void aead_geniv_exit(struct crypto_tfm
*tfm
)
327 crypto_free_aead(tfm
->crt_aead
.base
);
329 EXPORT_SYMBOL_GPL(aead_geniv_exit
);
331 MODULE_LICENSE("GPL");
332 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");