2 * Authenc: Simple AEAD wrapper for IPsec
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/algapi.h>
14 #include <linux/err.h>
15 #include <linux/init.h>
16 #include <linux/kernel.h>
17 #include <linux/module.h>
18 #include <linux/slab.h>
19 #include <linux/spinlock.h>
21 #include "scatterwalk.h"
23 struct authenc_instance_ctx
{
24 struct crypto_spawn auth
;
25 struct crypto_spawn enc
;
27 unsigned int enckeylen
;
30 struct crypto_authenc_ctx
{
32 struct crypto_hash
*auth
;
33 struct crypto_ablkcipher
*enc
;
36 static int crypto_authenc_setkey(struct crypto_aead
*authenc
, const u8
*key
,
39 struct authenc_instance_ctx
*ictx
=
40 crypto_instance_ctx(crypto_aead_alg_instance(authenc
));
41 unsigned int enckeylen
= ictx
->enckeylen
;
42 unsigned int authkeylen
;
43 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
44 struct crypto_hash
*auth
= ctx
->auth
;
45 struct crypto_ablkcipher
*enc
= ctx
->enc
;
48 if (keylen
< enckeylen
) {
49 crypto_aead_set_flags(authenc
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
52 authkeylen
= keylen
- enckeylen
;
54 crypto_hash_clear_flags(auth
, CRYPTO_TFM_REQ_MASK
);
55 crypto_hash_set_flags(auth
, crypto_aead_get_flags(authenc
) &
57 err
= crypto_hash_setkey(auth
, key
, authkeylen
);
58 crypto_aead_set_flags(authenc
, crypto_hash_get_flags(auth
) &
64 crypto_ablkcipher_clear_flags(enc
, CRYPTO_TFM_REQ_MASK
);
65 crypto_ablkcipher_set_flags(enc
, crypto_aead_get_flags(authenc
) &
67 err
= crypto_ablkcipher_setkey(enc
, key
+ authkeylen
, enckeylen
);
68 crypto_aead_set_flags(authenc
, crypto_ablkcipher_get_flags(enc
) &
75 static int crypto_authenc_hash(struct aead_request
*req
)
77 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
78 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
79 struct crypto_hash
*auth
= ctx
->auth
;
80 struct hash_desc desc
= {
83 u8
*hash
= aead_request_ctx(req
);
84 struct scatterlist
*dst
= req
->dst
;
85 unsigned int cryptlen
= req
->cryptlen
;
88 hash
= (u8
*)ALIGN((unsigned long)hash
+ crypto_hash_alignmask(auth
),
89 crypto_hash_alignmask(auth
) + 1);
91 spin_lock_bh(&ctx
->auth_lock
);
92 err
= crypto_hash_init(&desc
);
96 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
100 err
= crypto_hash_update(&desc
, dst
, cryptlen
);
104 err
= crypto_hash_final(&desc
, hash
);
106 spin_unlock_bh(&ctx
->auth_lock
);
111 scatterwalk_map_and_copy(hash
, dst
, cryptlen
,
112 crypto_aead_authsize(authenc
), 1);
116 static void crypto_authenc_encrypt_done(struct crypto_async_request
*req
,
120 err
= crypto_authenc_hash(req
->data
);
122 aead_request_complete(req
->data
, err
);
125 static int crypto_authenc_encrypt(struct aead_request
*req
)
127 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
128 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
129 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
132 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
133 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
134 crypto_authenc_encrypt_done
, req
);
135 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, req
->cryptlen
,
138 err
= crypto_ablkcipher_encrypt(abreq
);
142 return crypto_authenc_hash(req
);
145 static int crypto_authenc_verify(struct aead_request
*req
)
147 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
148 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
149 struct crypto_hash
*auth
= ctx
->auth
;
150 struct hash_desc desc
= {
152 .flags
= aead_request_flags(req
),
154 u8
*ohash
= aead_request_ctx(req
);
156 struct scatterlist
*src
= req
->src
;
157 unsigned int cryptlen
= req
->cryptlen
;
158 unsigned int authsize
;
161 ohash
= (u8
*)ALIGN((unsigned long)ohash
+ crypto_hash_alignmask(auth
),
162 crypto_hash_alignmask(auth
) + 1);
163 ihash
= ohash
+ crypto_hash_digestsize(auth
);
165 spin_lock_bh(&ctx
->auth_lock
);
166 err
= crypto_hash_init(&desc
);
170 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
174 err
= crypto_hash_update(&desc
, src
, cryptlen
);
178 err
= crypto_hash_final(&desc
, ohash
);
180 spin_unlock_bh(&ctx
->auth_lock
);
185 authsize
= crypto_aead_authsize(authenc
);
186 scatterwalk_map_and_copy(ihash
, src
, cryptlen
, authsize
, 0);
187 return memcmp(ihash
, ohash
, authsize
) ? -EINVAL
: 0;
190 static void crypto_authenc_decrypt_done(struct crypto_async_request
*req
,
193 aead_request_complete(req
->data
, err
);
196 static int crypto_authenc_decrypt(struct aead_request
*req
)
198 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
199 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
200 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
203 err
= crypto_authenc_verify(req
);
207 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
208 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
209 crypto_authenc_decrypt_done
, req
);
210 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, req
->cryptlen
,
213 return crypto_ablkcipher_decrypt(abreq
);
216 static int crypto_authenc_init_tfm(struct crypto_tfm
*tfm
)
218 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
219 struct authenc_instance_ctx
*ictx
= crypto_instance_ctx(inst
);
220 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
221 struct crypto_hash
*auth
;
222 struct crypto_ablkcipher
*enc
;
225 auth
= crypto_spawn_hash(&ictx
->auth
);
227 return PTR_ERR(auth
);
229 enc
= crypto_spawn_ablkcipher(&ictx
->enc
);
236 tfm
->crt_aead
.reqsize
= max_t(unsigned int,
237 (crypto_hash_alignmask(auth
) &
238 ~(crypto_tfm_ctx_alignment() - 1)) +
239 crypto_hash_digestsize(auth
) * 2,
240 sizeof(struct ablkcipher_request
) +
241 crypto_ablkcipher_reqsize(enc
));
243 spin_lock_init(&ctx
->auth_lock
);
248 crypto_free_hash(auth
);
252 static void crypto_authenc_exit_tfm(struct crypto_tfm
*tfm
)
254 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
256 crypto_free_hash(ctx
->auth
);
257 crypto_free_ablkcipher(ctx
->enc
);
260 static struct crypto_instance
*crypto_authenc_alloc(struct rtattr
**tb
)
262 struct crypto_instance
*inst
;
263 struct crypto_alg
*auth
;
264 struct crypto_alg
*enc
;
265 struct authenc_instance_ctx
*ctx
;
266 unsigned int enckeylen
;
269 err
= crypto_check_attr_type(tb
, CRYPTO_ALG_TYPE_AEAD
);
273 auth
= crypto_attr_alg(tb
[1], CRYPTO_ALG_TYPE_HASH
,
274 CRYPTO_ALG_TYPE_HASH_MASK
);
276 return ERR_PTR(PTR_ERR(auth
));
278 enc
= crypto_attr_alg(tb
[2], CRYPTO_ALG_TYPE_BLKCIPHER
,
279 CRYPTO_ALG_TYPE_BLKCIPHER_MASK
);
280 inst
= ERR_PTR(PTR_ERR(enc
));
284 err
= crypto_attr_u32(tb
[3], &enckeylen
);
288 inst
= kzalloc(sizeof(*inst
) + sizeof(*ctx
), GFP_KERNEL
);
294 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
295 "authenc(%s,%s,%u)", auth
->cra_name
,
296 enc
->cra_name
, enckeylen
) >= CRYPTO_MAX_ALG_NAME
)
299 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
300 "authenc(%s,%s,%u)", auth
->cra_driver_name
,
301 enc
->cra_driver_name
, enckeylen
) >=
305 ctx
= crypto_instance_ctx(inst
);
306 ctx
->enckeylen
= enckeylen
;
308 err
= crypto_init_spawn(&ctx
->auth
, auth
, inst
, CRYPTO_ALG_TYPE_MASK
);
312 err
= crypto_init_spawn(&ctx
->enc
, enc
, inst
, CRYPTO_ALG_TYPE_MASK
);
316 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_ASYNC
;
317 inst
->alg
.cra_priority
= enc
->cra_priority
* 10 + auth
->cra_priority
;
318 inst
->alg
.cra_blocksize
= enc
->cra_blocksize
;
319 inst
->alg
.cra_alignmask
= auth
->cra_alignmask
| enc
->cra_alignmask
;
320 inst
->alg
.cra_type
= &crypto_aead_type
;
322 inst
->alg
.cra_aead
.ivsize
= enc
->cra_blkcipher
.ivsize
;
323 inst
->alg
.cra_aead
.maxauthsize
= auth
->cra_type
== &crypto_hash_type
?
324 auth
->cra_hash
.digestsize
:
325 auth
->cra_digest
.dia_digestsize
;
327 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_authenc_ctx
);
329 inst
->alg
.cra_init
= crypto_authenc_init_tfm
;
330 inst
->alg
.cra_exit
= crypto_authenc_exit_tfm
;
332 inst
->alg
.cra_aead
.setkey
= crypto_authenc_setkey
;
333 inst
->alg
.cra_aead
.encrypt
= crypto_authenc_encrypt
;
334 inst
->alg
.cra_aead
.decrypt
= crypto_authenc_decrypt
;
339 crypto_mod_put(auth
);
343 crypto_drop_spawn(&ctx
->auth
);
351 static void crypto_authenc_free(struct crypto_instance
*inst
)
353 struct authenc_instance_ctx
*ctx
= crypto_instance_ctx(inst
);
355 crypto_drop_spawn(&ctx
->enc
);
356 crypto_drop_spawn(&ctx
->auth
);
360 static struct crypto_template crypto_authenc_tmpl
= {
362 .alloc
= crypto_authenc_alloc
,
363 .free
= crypto_authenc_free
,
364 .module
= THIS_MODULE
,
367 static int __init
crypto_authenc_module_init(void)
369 return crypto_register_template(&crypto_authenc_tmpl
);
372 static void __exit
crypto_authenc_module_exit(void)
374 crypto_unregister_template(&crypto_authenc_tmpl
);
377 module_init(crypto_authenc_module_init
);
378 module_exit(crypto_authenc_module_exit
);
380 MODULE_LICENSE("GPL");
381 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");