2 * CCM: Counter with CBC-MAC
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/internal/aead.h>
14 #include <crypto/internal/skcipher.h>
15 #include <crypto/scatterwalk.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/slab.h>
24 struct ccm_instance_ctx
{
25 struct crypto_skcipher_spawn ctr
;
26 struct crypto_spawn cipher
;
29 struct crypto_ccm_ctx
{
30 struct crypto_cipher
*cipher
;
31 struct crypto_skcipher
*ctr
;
34 struct crypto_rfc4309_ctx
{
35 struct crypto_aead
*child
;
39 struct crypto_rfc4309_req_ctx
{
40 struct scatterlist src
[3];
41 struct scatterlist dst
[3];
42 struct aead_request subreq
;
45 struct crypto_ccm_req_priv_ctx
{
51 struct scatterlist src
[3];
52 struct scatterlist dst
[3];
53 struct skcipher_request skreq
;
56 static inline struct crypto_ccm_req_priv_ctx
*crypto_ccm_reqctx(
57 struct aead_request
*req
)
59 unsigned long align
= crypto_aead_alignmask(crypto_aead_reqtfm(req
));
61 return (void *)PTR_ALIGN((u8
*)aead_request_ctx(req
), align
+ 1);
64 static int set_msg_len(u8
*block
, unsigned int msglen
, int csize
)
68 memset(block
, 0, csize
);
73 else if (msglen
> (1 << (8 * csize
)))
76 data
= cpu_to_be32(msglen
);
77 memcpy(block
- csize
, (u8
*)&data
+ 4 - csize
, csize
);
82 static int crypto_ccm_setkey(struct crypto_aead
*aead
, const u8
*key
,
85 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
86 struct crypto_skcipher
*ctr
= ctx
->ctr
;
87 struct crypto_cipher
*tfm
= ctx
->cipher
;
90 crypto_skcipher_clear_flags(ctr
, CRYPTO_TFM_REQ_MASK
);
91 crypto_skcipher_set_flags(ctr
, crypto_aead_get_flags(aead
) &
93 err
= crypto_skcipher_setkey(ctr
, key
, keylen
);
94 crypto_aead_set_flags(aead
, crypto_skcipher_get_flags(ctr
) &
99 crypto_cipher_clear_flags(tfm
, CRYPTO_TFM_REQ_MASK
);
100 crypto_cipher_set_flags(tfm
, crypto_aead_get_flags(aead
) &
101 CRYPTO_TFM_REQ_MASK
);
102 err
= crypto_cipher_setkey(tfm
, key
, keylen
);
103 crypto_aead_set_flags(aead
, crypto_cipher_get_flags(tfm
) &
104 CRYPTO_TFM_RES_MASK
);
110 static int crypto_ccm_setauthsize(struct crypto_aead
*tfm
,
111 unsigned int authsize
)
129 static int format_input(u8
*info
, struct aead_request
*req
,
130 unsigned int cryptlen
)
132 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
133 unsigned int lp
= req
->iv
[0];
134 unsigned int l
= lp
+ 1;
137 m
= crypto_aead_authsize(aead
);
139 memcpy(info
, req
->iv
, 16);
141 /* format control info per RFC 3610 and
142 * NIST Special Publication 800-38C
144 *info
|= (8 * ((m
- 2) / 2));
148 return set_msg_len(info
+ 16 - l
, cryptlen
, l
);
151 static int format_adata(u8
*adata
, unsigned int a
)
155 /* add control info for associated data
156 * RFC 3610 and NIST Special Publication 800-38C
159 *(__be16
*)adata
= cpu_to_be16(a
);
162 *(__be16
*)adata
= cpu_to_be16(0xfffe);
163 *(__be32
*)&adata
[2] = cpu_to_be32(a
);
170 static void compute_mac(struct crypto_cipher
*tfm
, u8
*data
, int n
,
171 struct crypto_ccm_req_priv_ctx
*pctx
)
173 unsigned int bs
= 16;
174 u8
*odata
= pctx
->odata
;
175 u8
*idata
= pctx
->idata
;
180 /* first time in here, block may be partially filled. */
181 getlen
= bs
- pctx
->ilen
;
182 if (datalen
>= getlen
) {
183 memcpy(idata
+ pctx
->ilen
, data
, getlen
);
184 crypto_xor(odata
, idata
, bs
);
185 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
191 /* now encrypt rest of data */
192 while (datalen
>= bs
) {
193 crypto_xor(odata
, data
, bs
);
194 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
200 /* check and see if there's leftover data that wasn't
201 * enough to fill a block.
204 memcpy(idata
+ pctx
->ilen
, data
, datalen
);
205 pctx
->ilen
+= datalen
;
209 static void get_data_to_compute(struct crypto_cipher
*tfm
,
210 struct crypto_ccm_req_priv_ctx
*pctx
,
211 struct scatterlist
*sg
, unsigned int len
)
213 struct scatter_walk walk
;
217 scatterwalk_start(&walk
, sg
);
220 n
= scatterwalk_clamp(&walk
, len
);
222 scatterwalk_start(&walk
, sg_next(walk
.sg
));
223 n
= scatterwalk_clamp(&walk
, len
);
225 data_src
= scatterwalk_map(&walk
);
227 compute_mac(tfm
, data_src
, n
, pctx
);
230 scatterwalk_unmap(data_src
);
231 scatterwalk_advance(&walk
, n
);
232 scatterwalk_done(&walk
, 0, len
);
234 crypto_yield(pctx
->flags
);
237 /* any leftover needs padding and then encrypted */
240 u8
*odata
= pctx
->odata
;
241 u8
*idata
= pctx
->idata
;
243 padlen
= 16 - pctx
->ilen
;
244 memset(idata
+ pctx
->ilen
, 0, padlen
);
245 crypto_xor(odata
, idata
, 16);
246 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
251 static int crypto_ccm_auth(struct aead_request
*req
, struct scatterlist
*plain
,
252 unsigned int cryptlen
)
254 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
255 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
256 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
257 struct crypto_cipher
*cipher
= ctx
->cipher
;
258 unsigned int assoclen
= req
->assoclen
;
259 u8
*odata
= pctx
->odata
;
260 u8
*idata
= pctx
->idata
;
263 /* format control data for input */
264 err
= format_input(odata
, req
, cryptlen
);
268 /* encrypt first block to use as start in computing mac */
269 crypto_cipher_encrypt_one(cipher
, odata
, odata
);
271 /* format associated data and compute into mac */
273 pctx
->ilen
= format_adata(idata
, assoclen
);
274 get_data_to_compute(cipher
, pctx
, req
->src
, req
->assoclen
);
279 /* compute plaintext into mac */
281 get_data_to_compute(cipher
, pctx
, plain
, cryptlen
);
287 static void crypto_ccm_encrypt_done(struct crypto_async_request
*areq
, int err
)
289 struct aead_request
*req
= areq
->data
;
290 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
291 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
292 u8
*odata
= pctx
->odata
;
295 scatterwalk_map_and_copy(odata
, req
->dst
,
296 req
->assoclen
+ req
->cryptlen
,
297 crypto_aead_authsize(aead
), 1);
298 aead_request_complete(req
, err
);
301 static inline int crypto_ccm_check_iv(const u8
*iv
)
303 /* 2 <= L <= 8, so 1 <= L' <= 7. */
304 if (1 > iv
[0] || iv
[0] > 7)
310 static int crypto_ccm_init_crypt(struct aead_request
*req
, u8
*tag
)
312 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
313 struct scatterlist
*sg
;
317 err
= crypto_ccm_check_iv(iv
);
321 pctx
->flags
= aead_request_flags(req
);
323 /* Note: rfc 3610 and NIST 800-38C require counter of
324 * zero to encrypt auth tag.
326 memset(iv
+ 15 - iv
[0], 0, iv
[0] + 1);
328 sg_init_table(pctx
->src
, 3);
329 sg_set_buf(pctx
->src
, tag
, 16);
330 sg
= scatterwalk_ffwd(pctx
->src
+ 1, req
->src
, req
->assoclen
);
331 if (sg
!= pctx
->src
+ 1)
332 sg_chain(pctx
->src
, 2, sg
);
334 if (req
->src
!= req
->dst
) {
335 sg_init_table(pctx
->dst
, 3);
336 sg_set_buf(pctx
->dst
, tag
, 16);
337 sg
= scatterwalk_ffwd(pctx
->dst
+ 1, req
->dst
, req
->assoclen
);
338 if (sg
!= pctx
->dst
+ 1)
339 sg_chain(pctx
->dst
, 2, sg
);
345 static int crypto_ccm_encrypt(struct aead_request
*req
)
347 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
348 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
349 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
350 struct skcipher_request
*skreq
= &pctx
->skreq
;
351 struct scatterlist
*dst
;
352 unsigned int cryptlen
= req
->cryptlen
;
353 u8
*odata
= pctx
->odata
;
357 err
= crypto_ccm_init_crypt(req
, odata
);
361 err
= crypto_ccm_auth(req
, sg_next(pctx
->src
), cryptlen
);
366 if (req
->src
!= req
->dst
)
369 skcipher_request_set_tfm(skreq
, ctx
->ctr
);
370 skcipher_request_set_callback(skreq
, pctx
->flags
,
371 crypto_ccm_encrypt_done
, req
);
372 skcipher_request_set_crypt(skreq
, pctx
->src
, dst
, cryptlen
+ 16, iv
);
373 err
= crypto_skcipher_encrypt(skreq
);
377 /* copy authtag to end of dst */
378 scatterwalk_map_and_copy(odata
, sg_next(dst
), cryptlen
,
379 crypto_aead_authsize(aead
), 1);
383 static void crypto_ccm_decrypt_done(struct crypto_async_request
*areq
,
386 struct aead_request
*req
= areq
->data
;
387 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
388 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
389 unsigned int authsize
= crypto_aead_authsize(aead
);
390 unsigned int cryptlen
= req
->cryptlen
- authsize
;
391 struct scatterlist
*dst
;
395 dst
= sg_next(req
->src
== req
->dst
? pctx
->src
: pctx
->dst
);
398 err
= crypto_ccm_auth(req
, dst
, cryptlen
);
399 if (!err
&& crypto_memneq(pctx
->auth_tag
, pctx
->odata
, authsize
))
402 aead_request_complete(req
, err
);
405 static int crypto_ccm_decrypt(struct aead_request
*req
)
407 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
408 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
409 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
410 struct skcipher_request
*skreq
= &pctx
->skreq
;
411 struct scatterlist
*dst
;
412 unsigned int authsize
= crypto_aead_authsize(aead
);
413 unsigned int cryptlen
= req
->cryptlen
;
414 u8
*authtag
= pctx
->auth_tag
;
415 u8
*odata
= pctx
->odata
;
419 cryptlen
-= authsize
;
421 err
= crypto_ccm_init_crypt(req
, authtag
);
425 scatterwalk_map_and_copy(authtag
, sg_next(pctx
->src
), cryptlen
,
429 if (req
->src
!= req
->dst
)
432 skcipher_request_set_tfm(skreq
, ctx
->ctr
);
433 skcipher_request_set_callback(skreq
, pctx
->flags
,
434 crypto_ccm_decrypt_done
, req
);
435 skcipher_request_set_crypt(skreq
, pctx
->src
, dst
, cryptlen
+ 16, iv
);
436 err
= crypto_skcipher_decrypt(skreq
);
440 err
= crypto_ccm_auth(req
, sg_next(dst
), cryptlen
);
445 if (crypto_memneq(authtag
, odata
, authsize
))
451 static int crypto_ccm_init_tfm(struct crypto_aead
*tfm
)
453 struct aead_instance
*inst
= aead_alg_instance(tfm
);
454 struct ccm_instance_ctx
*ictx
= aead_instance_ctx(inst
);
455 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(tfm
);
456 struct crypto_cipher
*cipher
;
457 struct crypto_skcipher
*ctr
;
461 cipher
= crypto_spawn_cipher(&ictx
->cipher
);
463 return PTR_ERR(cipher
);
465 ctr
= crypto_spawn_skcipher(&ictx
->ctr
);
468 goto err_free_cipher
;
470 ctx
->cipher
= cipher
;
473 align
= crypto_aead_alignmask(tfm
);
474 align
&= ~(crypto_tfm_ctx_alignment() - 1);
475 crypto_aead_set_reqsize(
477 align
+ sizeof(struct crypto_ccm_req_priv_ctx
) +
478 crypto_skcipher_reqsize(ctr
));
483 crypto_free_cipher(cipher
);
487 static void crypto_ccm_exit_tfm(struct crypto_aead
*tfm
)
489 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(tfm
);
491 crypto_free_cipher(ctx
->cipher
);
492 crypto_free_skcipher(ctx
->ctr
);
495 static void crypto_ccm_free(struct aead_instance
*inst
)
497 struct ccm_instance_ctx
*ctx
= aead_instance_ctx(inst
);
499 crypto_drop_spawn(&ctx
->cipher
);
500 crypto_drop_skcipher(&ctx
->ctr
);
504 static int crypto_ccm_create_common(struct crypto_template
*tmpl
,
506 const char *full_name
,
507 const char *ctr_name
,
508 const char *cipher_name
)
510 struct crypto_attr_type
*algt
;
511 struct aead_instance
*inst
;
512 struct skcipher_alg
*ctr
;
513 struct crypto_alg
*cipher
;
514 struct ccm_instance_ctx
*ictx
;
517 algt
= crypto_get_attr_type(tb
);
519 return PTR_ERR(algt
);
521 if ((algt
->type
^ CRYPTO_ALG_TYPE_AEAD
) & algt
->mask
)
524 cipher
= crypto_alg_mod_lookup(cipher_name
, CRYPTO_ALG_TYPE_CIPHER
,
525 CRYPTO_ALG_TYPE_MASK
);
527 return PTR_ERR(cipher
);
530 if (cipher
->cra_blocksize
!= 16)
533 inst
= kzalloc(sizeof(*inst
) + sizeof(*ictx
), GFP_KERNEL
);
538 ictx
= aead_instance_ctx(inst
);
540 err
= crypto_init_spawn(&ictx
->cipher
, cipher
,
541 aead_crypto_instance(inst
),
542 CRYPTO_ALG_TYPE_MASK
);
546 crypto_set_skcipher_spawn(&ictx
->ctr
, aead_crypto_instance(inst
));
547 err
= crypto_grab_skcipher(&ictx
->ctr
, ctr_name
, 0,
548 crypto_requires_sync(algt
->type
,
551 goto err_drop_cipher
;
553 ctr
= crypto_spawn_skcipher_alg(&ictx
->ctr
);
555 /* Not a stream cipher? */
557 if (ctr
->base
.cra_blocksize
!= 1)
560 /* We want the real thing! */
561 if (crypto_skcipher_alg_ivsize(ctr
) != 16)
565 if (snprintf(inst
->alg
.base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
566 "ccm_base(%s,%s)", ctr
->base
.cra_driver_name
,
567 cipher
->cra_driver_name
) >= CRYPTO_MAX_ALG_NAME
)
570 memcpy(inst
->alg
.base
.cra_name
, full_name
, CRYPTO_MAX_ALG_NAME
);
572 inst
->alg
.base
.cra_flags
= ctr
->base
.cra_flags
& CRYPTO_ALG_ASYNC
;
573 inst
->alg
.base
.cra_priority
= (cipher
->cra_priority
+
574 ctr
->base
.cra_priority
) / 2;
575 inst
->alg
.base
.cra_blocksize
= 1;
576 inst
->alg
.base
.cra_alignmask
= cipher
->cra_alignmask
|
577 ctr
->base
.cra_alignmask
|
578 (__alignof__(u32
) - 1);
579 inst
->alg
.ivsize
= 16;
580 inst
->alg
.chunksize
= crypto_skcipher_alg_chunksize(ctr
);
581 inst
->alg
.maxauthsize
= 16;
582 inst
->alg
.base
.cra_ctxsize
= sizeof(struct crypto_ccm_ctx
);
583 inst
->alg
.init
= crypto_ccm_init_tfm
;
584 inst
->alg
.exit
= crypto_ccm_exit_tfm
;
585 inst
->alg
.setkey
= crypto_ccm_setkey
;
586 inst
->alg
.setauthsize
= crypto_ccm_setauthsize
;
587 inst
->alg
.encrypt
= crypto_ccm_encrypt
;
588 inst
->alg
.decrypt
= crypto_ccm_decrypt
;
590 inst
->free
= crypto_ccm_free
;
592 err
= aead_register_instance(tmpl
, inst
);
597 crypto_mod_put(cipher
);
601 crypto_drop_skcipher(&ictx
->ctr
);
603 crypto_drop_spawn(&ictx
->cipher
);
609 static int crypto_ccm_create(struct crypto_template
*tmpl
, struct rtattr
**tb
)
611 const char *cipher_name
;
612 char ctr_name
[CRYPTO_MAX_ALG_NAME
];
613 char full_name
[CRYPTO_MAX_ALG_NAME
];
615 cipher_name
= crypto_attr_alg_name(tb
[1]);
616 if (IS_ERR(cipher_name
))
617 return PTR_ERR(cipher_name
);
619 if (snprintf(ctr_name
, CRYPTO_MAX_ALG_NAME
, "ctr(%s)",
620 cipher_name
) >= CRYPTO_MAX_ALG_NAME
)
621 return -ENAMETOOLONG
;
623 if (snprintf(full_name
, CRYPTO_MAX_ALG_NAME
, "ccm(%s)", cipher_name
) >=
625 return -ENAMETOOLONG
;
627 return crypto_ccm_create_common(tmpl
, tb
, full_name
, ctr_name
,
631 static struct crypto_template crypto_ccm_tmpl
= {
633 .create
= crypto_ccm_create
,
634 .module
= THIS_MODULE
,
637 static int crypto_ccm_base_create(struct crypto_template
*tmpl
,
640 const char *ctr_name
;
641 const char *cipher_name
;
642 char full_name
[CRYPTO_MAX_ALG_NAME
];
644 ctr_name
= crypto_attr_alg_name(tb
[1]);
645 if (IS_ERR(ctr_name
))
646 return PTR_ERR(ctr_name
);
648 cipher_name
= crypto_attr_alg_name(tb
[2]);
649 if (IS_ERR(cipher_name
))
650 return PTR_ERR(cipher_name
);
652 if (snprintf(full_name
, CRYPTO_MAX_ALG_NAME
, "ccm_base(%s,%s)",
653 ctr_name
, cipher_name
) >= CRYPTO_MAX_ALG_NAME
)
654 return -ENAMETOOLONG
;
656 return crypto_ccm_create_common(tmpl
, tb
, full_name
, ctr_name
,
660 static struct crypto_template crypto_ccm_base_tmpl
= {
662 .create
= crypto_ccm_base_create
,
663 .module
= THIS_MODULE
,
666 static int crypto_rfc4309_setkey(struct crypto_aead
*parent
, const u8
*key
,
669 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(parent
);
670 struct crypto_aead
*child
= ctx
->child
;
677 memcpy(ctx
->nonce
, key
+ keylen
, 3);
679 crypto_aead_clear_flags(child
, CRYPTO_TFM_REQ_MASK
);
680 crypto_aead_set_flags(child
, crypto_aead_get_flags(parent
) &
681 CRYPTO_TFM_REQ_MASK
);
682 err
= crypto_aead_setkey(child
, key
, keylen
);
683 crypto_aead_set_flags(parent
, crypto_aead_get_flags(child
) &
684 CRYPTO_TFM_RES_MASK
);
689 static int crypto_rfc4309_setauthsize(struct crypto_aead
*parent
,
690 unsigned int authsize
)
692 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(parent
);
703 return crypto_aead_setauthsize(ctx
->child
, authsize
);
706 static struct aead_request
*crypto_rfc4309_crypt(struct aead_request
*req
)
708 struct crypto_rfc4309_req_ctx
*rctx
= aead_request_ctx(req
);
709 struct aead_request
*subreq
= &rctx
->subreq
;
710 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
711 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(aead
);
712 struct crypto_aead
*child
= ctx
->child
;
713 struct scatterlist
*sg
;
714 u8
*iv
= PTR_ALIGN((u8
*)(subreq
+ 1) + crypto_aead_reqsize(child
),
715 crypto_aead_alignmask(child
) + 1);
720 memcpy(iv
+ 1, ctx
->nonce
, 3);
721 memcpy(iv
+ 4, req
->iv
, 8);
723 scatterwalk_map_and_copy(iv
+ 16, req
->src
, 0, req
->assoclen
- 8, 0);
725 sg_init_table(rctx
->src
, 3);
726 sg_set_buf(rctx
->src
, iv
+ 16, req
->assoclen
- 8);
727 sg
= scatterwalk_ffwd(rctx
->src
+ 1, req
->src
, req
->assoclen
);
728 if (sg
!= rctx
->src
+ 1)
729 sg_chain(rctx
->src
, 2, sg
);
731 if (req
->src
!= req
->dst
) {
732 sg_init_table(rctx
->dst
, 3);
733 sg_set_buf(rctx
->dst
, iv
+ 16, req
->assoclen
- 8);
734 sg
= scatterwalk_ffwd(rctx
->dst
+ 1, req
->dst
, req
->assoclen
);
735 if (sg
!= rctx
->dst
+ 1)
736 sg_chain(rctx
->dst
, 2, sg
);
739 aead_request_set_tfm(subreq
, child
);
740 aead_request_set_callback(subreq
, req
->base
.flags
, req
->base
.complete
,
742 aead_request_set_crypt(subreq
, rctx
->src
,
743 req
->src
== req
->dst
? rctx
->src
: rctx
->dst
,
745 aead_request_set_ad(subreq
, req
->assoclen
- 8);
750 static int crypto_rfc4309_encrypt(struct aead_request
*req
)
752 if (req
->assoclen
!= 16 && req
->assoclen
!= 20)
755 req
= crypto_rfc4309_crypt(req
);
757 return crypto_aead_encrypt(req
);
760 static int crypto_rfc4309_decrypt(struct aead_request
*req
)
762 if (req
->assoclen
!= 16 && req
->assoclen
!= 20)
765 req
= crypto_rfc4309_crypt(req
);
767 return crypto_aead_decrypt(req
);
770 static int crypto_rfc4309_init_tfm(struct crypto_aead
*tfm
)
772 struct aead_instance
*inst
= aead_alg_instance(tfm
);
773 struct crypto_aead_spawn
*spawn
= aead_instance_ctx(inst
);
774 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(tfm
);
775 struct crypto_aead
*aead
;
778 aead
= crypto_spawn_aead(spawn
);
780 return PTR_ERR(aead
);
784 align
= crypto_aead_alignmask(aead
);
785 align
&= ~(crypto_tfm_ctx_alignment() - 1);
786 crypto_aead_set_reqsize(
788 sizeof(struct crypto_rfc4309_req_ctx
) +
789 ALIGN(crypto_aead_reqsize(aead
), crypto_tfm_ctx_alignment()) +
795 static void crypto_rfc4309_exit_tfm(struct crypto_aead
*tfm
)
797 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(tfm
);
799 crypto_free_aead(ctx
->child
);
802 static void crypto_rfc4309_free(struct aead_instance
*inst
)
804 crypto_drop_aead(aead_instance_ctx(inst
));
808 static int crypto_rfc4309_create(struct crypto_template
*tmpl
,
811 struct crypto_attr_type
*algt
;
812 struct aead_instance
*inst
;
813 struct crypto_aead_spawn
*spawn
;
814 struct aead_alg
*alg
;
815 const char *ccm_name
;
818 algt
= crypto_get_attr_type(tb
);
820 return PTR_ERR(algt
);
822 if ((algt
->type
^ CRYPTO_ALG_TYPE_AEAD
) & algt
->mask
)
825 ccm_name
= crypto_attr_alg_name(tb
[1]);
826 if (IS_ERR(ccm_name
))
827 return PTR_ERR(ccm_name
);
829 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
833 spawn
= aead_instance_ctx(inst
);
834 crypto_set_aead_spawn(spawn
, aead_crypto_instance(inst
));
835 err
= crypto_grab_aead(spawn
, ccm_name
, 0,
836 crypto_requires_sync(algt
->type
, algt
->mask
));
840 alg
= crypto_spawn_aead_alg(spawn
);
844 /* We only support 16-byte blocks. */
845 if (crypto_aead_alg_ivsize(alg
) != 16)
848 /* Not a stream cipher? */
849 if (alg
->base
.cra_blocksize
!= 1)
853 if (snprintf(inst
->alg
.base
.cra_name
, CRYPTO_MAX_ALG_NAME
,
854 "rfc4309(%s)", alg
->base
.cra_name
) >=
855 CRYPTO_MAX_ALG_NAME
||
856 snprintf(inst
->alg
.base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
857 "rfc4309(%s)", alg
->base
.cra_driver_name
) >=
861 inst
->alg
.base
.cra_flags
= alg
->base
.cra_flags
& CRYPTO_ALG_ASYNC
;
862 inst
->alg
.base
.cra_priority
= alg
->base
.cra_priority
;
863 inst
->alg
.base
.cra_blocksize
= 1;
864 inst
->alg
.base
.cra_alignmask
= alg
->base
.cra_alignmask
;
866 inst
->alg
.ivsize
= 8;
867 inst
->alg
.chunksize
= crypto_aead_alg_chunksize(alg
);
868 inst
->alg
.maxauthsize
= 16;
870 inst
->alg
.base
.cra_ctxsize
= sizeof(struct crypto_rfc4309_ctx
);
872 inst
->alg
.init
= crypto_rfc4309_init_tfm
;
873 inst
->alg
.exit
= crypto_rfc4309_exit_tfm
;
875 inst
->alg
.setkey
= crypto_rfc4309_setkey
;
876 inst
->alg
.setauthsize
= crypto_rfc4309_setauthsize
;
877 inst
->alg
.encrypt
= crypto_rfc4309_encrypt
;
878 inst
->alg
.decrypt
= crypto_rfc4309_decrypt
;
880 inst
->free
= crypto_rfc4309_free
;
882 err
= aead_register_instance(tmpl
, inst
);
890 crypto_drop_aead(spawn
);
896 static struct crypto_template crypto_rfc4309_tmpl
= {
898 .create
= crypto_rfc4309_create
,
899 .module
= THIS_MODULE
,
902 static int __init
crypto_ccm_module_init(void)
906 err
= crypto_register_template(&crypto_ccm_base_tmpl
);
910 err
= crypto_register_template(&crypto_ccm_tmpl
);
914 err
= crypto_register_template(&crypto_rfc4309_tmpl
);
922 crypto_unregister_template(&crypto_ccm_tmpl
);
924 crypto_unregister_template(&crypto_ccm_base_tmpl
);
928 static void __exit
crypto_ccm_module_exit(void)
930 crypto_unregister_template(&crypto_rfc4309_tmpl
);
931 crypto_unregister_template(&crypto_ccm_tmpl
);
932 crypto_unregister_template(&crypto_ccm_base_tmpl
);
935 module_init(crypto_ccm_module_init
);
936 module_exit(crypto_ccm_module_exit
);
938 MODULE_LICENSE("GPL");
939 MODULE_DESCRIPTION("Counter with CBC MAC");
940 MODULE_ALIAS_CRYPTO("ccm_base");
941 MODULE_ALIAS_CRYPTO("rfc4309");
942 MODULE_ALIAS_CRYPTO("ccm");