include/crypto/aead.h

   1 /*
   2  * AEAD: Authenticated Encryption with Associated Data
   3  *
   4  * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the Free
   8  * Software Foundation; either version 2 of the License, or (at your option)
   9  * any later version.
  10  *
  11  */
  12
  13 #ifndef _CRYPTO_AEAD_H
  14 #define _CRYPTO_AEAD_H
  15
  16 #include <linux/crypto.h>
  17 #include <linux/kernel.h>
  18 #include <linux/slab.h>
  19
  20 /**
  21  * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API
  22  *
  23  * The AEAD cipher API is used with the ciphers of type CRYPTO_ALG_TYPE_AEAD
  24  * (listed as type "aead" in /proc/crypto)
  25  *
  26  * The most prominent examples for this type of encryption is GCM and CCM.
  27  * However, the kernel supports other types of AEAD ciphers which are defined
  28  * with the following cipher string:
  29  *
  30  *      authenc(keyed message digest, block cipher)
  31  *
  32  * For example: authenc(hmac(sha256), cbc(aes))
  33  *
  34  * The example code provided for the asynchronous block cipher operation
  35  * applies here as well. Naturally all *ablkcipher* symbols must be exchanged
  36  * the *aead* pendants discussed in the following. In addition, for the AEAD
  37  * operation, the aead_request_set_assoc function must be used to set the
  38  * pointer to the associated data memory location before performing the
  39  * encryption or decryption operation. In case of an encryption, the associated
  40  * data memory is filled during the encryption operation. For decryption, the
  41  * associated data memory must contain data that is used to verify the integrity
  42  * of the decrypted data. Another deviation from the asynchronous block cipher
  43  * operation is that the caller should explicitly check for -EBADMSG of the
  44  * crypto_aead_decrypt. That error indicates an authentication error, i.e.
  45  * a breach in the integrity of the message. In essence, that -EBADMSG error
  46  * code is the key bonus an AEAD cipher has over "standard" block chaining
  47  * modes.
  48  */
  49
  50 /**
  51  *      struct aead_request - AEAD request
  52  *      @base: Common attributes for async crypto requests
  53  *      @old: Boolean whether the old or new AEAD API is used
  54  *      @assoclen: Length in bytes of associated data for authentication
  55  *      @cryptlen: Length of data to be encrypted or decrypted
  56  *      @iv: Initialisation vector
  57  *      @assoc: Associated data
  58  *      @src: Source data
  59  *      @dst: Destination data
  60  *      @__ctx: Start of private context data
  61  */
  62 struct aead_request {
  63         struct crypto_async_request base;
  64
  65         bool old;
  66
  67         unsigned int assoclen;
  68         unsigned int cryptlen;
  69
  70         u8 *iv;
  71
  72         struct scatterlist *assoc;
  73         struct scatterlist *src;
  74         struct scatterlist *dst;
  75
  76         void *__ctx[] CRYPTO_MINALIGN_ATTR;
  77 };
  78
  79 /**
  80  *      struct aead_givcrypt_request - AEAD request with IV generation
  81  *      @seq: Sequence number for IV generation
  82  *      @giv: Space for generated IV
  83  *      @areq: The AEAD request itself
  84  */
  85 struct aead_givcrypt_request {
  86         u64 seq;
  87         u8 *giv;
  88
  89         struct aead_request areq;
  90 };
  91
  92 /**
  93  * struct aead_alg - AEAD cipher definition
  94  * @maxauthsize: Set the maximum authentication tag size supported by the
  95  *               transformation. A transformation may support smaller tag sizes.
  96  *               As the authentication tag is a message digest to ensure the
  97  *               integrity of the encrypted data, a consumer typically wants the
  98  *               largest authentication tag possible as defined by this
  99  *               variable.
 100  * @setauthsize: Set authentication size for the AEAD transformation. This
 101  *               function is used to specify the consumer requested size of the
 102  *               authentication tag to be either generated by the transformation
 103  *               during encryption or the size of the authentication tag to be
 104  *               supplied during the decryption operation. This function is also
 105  *               responsible for checking the authentication tag size for
 106  *               validity.
 107  * @setkey: see struct ablkcipher_alg
 108  * @encrypt: see struct ablkcipher_alg
 109  * @decrypt: see struct ablkcipher_alg
 110  * @geniv: see struct ablkcipher_alg
 111  * @ivsize: see struct ablkcipher_alg
 112  * @init: Initialize the cryptographic transformation object. This function
 113  *        is used to initialize the cryptographic transformation object.
 114  *        This function is called only once at the instantiation time, right
 115  *        after the transformation context was allocated. In case the
 116  *        cryptographic hardware has some special requirements which need to
 117  *        be handled by software, this function shall check for the precise
 118  *        requirement of the transformation and put any software fallbacks
 119  *        in place.
 120  * @exit: Deinitialize the cryptographic transformation object. This is a
 121  *        counterpart to @init, used to remove various changes set in
 122  *        @init.
 123  *
 124  * All fields except @ivsize is mandatory and must be filled.
 125  */
 126 struct aead_alg {
 127         int (*setkey)(struct crypto_aead *tfm, const u8 *key,
 128                       unsigned int keylen);
 129         int (*setauthsize)(struct crypto_aead *tfm, unsigned int authsize);
 130         int (*encrypt)(struct aead_request *req);
 131         int (*decrypt)(struct aead_request *req);
 132         int (*init)(struct crypto_aead *tfm);
 133         void (*exit)(struct crypto_aead *tfm);
 134
 135         const char *geniv;
 136
 137         unsigned int ivsize;
 138         unsigned int maxauthsize;
 139
 140         struct crypto_alg base;
 141 };
 142
 143 struct crypto_aead {
 144         int (*setkey)(struct crypto_aead *tfm, const u8 *key,
 145                       unsigned int keylen);
 146         int (*setauthsize)(struct crypto_aead *tfm, unsigned int authsize);
 147         int (*encrypt)(struct aead_request *req);
 148         int (*decrypt)(struct aead_request *req);
 149         int (*givencrypt)(struct aead_givcrypt_request *req);
 150         int (*givdecrypt)(struct aead_givcrypt_request *req);
 151
 152         struct crypto_aead *child;
 153
 154         unsigned int authsize;
 155         unsigned int reqsize;
 156
 157         struct crypto_tfm base;
 158 };
 159
 160 static inline struct crypto_aead *__crypto_aead_cast(struct crypto_tfm *tfm)
 161 {
 162         return container_of(tfm, struct crypto_aead, base);
 163 }
 164
 165 /**
 166  * crypto_alloc_aead() - allocate AEAD cipher handle
 167  * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
 168  *           AEAD cipher
 169  * @type: specifies the type of the cipher
 170  * @mask: specifies the mask for the cipher
 171  *
 172  * Allocate a cipher handle for an AEAD. The returned struct
 173  * crypto_aead is the cipher handle that is required for any subsequent
 174  * API invocation for that AEAD.
 175  *
 176  * Return: allocated cipher handle in case of success; IS_ERR() is true in case
 177  *         of an error, PTR_ERR() returns the error code.
 178  */
 179 struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask);
 180
 181 static inline struct crypto_tfm *crypto_aead_tfm(struct crypto_aead *tfm)
 182 {
 183         return &tfm->base;
 184 }
 185
 186 /**
 187  * crypto_free_aead() - zeroize and free aead handle
 188  * @tfm: cipher handle to be freed
 189  */
 190 static inline void crypto_free_aead(struct crypto_aead *tfm)
 191 {
 192         crypto_destroy_tfm(tfm, crypto_aead_tfm(tfm));
 193 }
 194
 195 static inline struct crypto_aead *crypto_aead_crt(struct crypto_aead *tfm)
 196 {
 197         return tfm;
 198 }
 199
 200 static inline struct old_aead_alg *crypto_old_aead_alg(struct crypto_aead *tfm)
 201 {
 202         return &crypto_aead_tfm(tfm)->__crt_alg->cra_aead;
 203 }
 204
 205 static inline struct aead_alg *crypto_aead_alg(struct crypto_aead *tfm)
 206 {
 207         return container_of(crypto_aead_tfm(tfm)->__crt_alg,
 208                             struct aead_alg, base);
 209 }
 210
 211 static inline unsigned int crypto_aead_alg_ivsize(struct aead_alg *alg)
 212 {
 213         return alg->base.cra_aead.encrypt ? alg->base.cra_aead.ivsize :
 214                                             alg->ivsize;
 215 }
 216
 217 /**
 218  * crypto_aead_ivsize() - obtain IV size
 219  * @tfm: cipher handle
 220  *
 221  * The size of the IV for the aead referenced by the cipher handle is
 222  * returned. This IV size may be zero if the cipher does not need an IV.
 223  *
 224  * Return: IV size in bytes
 225  */
 226 static inline unsigned int crypto_aead_ivsize(struct crypto_aead *tfm)
 227 {
 228         return crypto_aead_alg_ivsize(crypto_aead_alg(tfm));
 229 }
 230
 231 /**
 232  * crypto_aead_authsize() - obtain maximum authentication data size
 233  * @tfm: cipher handle
 234  *
 235  * The maximum size of the authentication data for the AEAD cipher referenced
 236  * by the AEAD cipher handle is returned. The authentication data size may be
 237  * zero if the cipher implements a hard-coded maximum.
 238  *
 239  * The authentication data may also be known as "tag value".
 240  *
 241  * Return: authentication data size / tag size in bytes
 242  */
 243 static inline unsigned int crypto_aead_authsize(struct crypto_aead *tfm)
 244 {
 245         return tfm->authsize;
 246 }
 247
 248 /**
 249  * crypto_aead_blocksize() - obtain block size of cipher
 250  * @tfm: cipher handle
 251  *
 252  * The block size for the AEAD referenced with the cipher handle is returned.
 253  * The caller may use that information to allocate appropriate memory for the
 254  * data returned by the encryption or decryption operation
 255  *
 256  * Return: block size of cipher
 257  */
 258 static inline unsigned int crypto_aead_blocksize(struct crypto_aead *tfm)
 259 {
 260         return crypto_tfm_alg_blocksize(crypto_aead_tfm(tfm));
 261 }
 262
 263 static inline unsigned int crypto_aead_alignmask(struct crypto_aead *tfm)
 264 {
 265         return crypto_tfm_alg_alignmask(crypto_aead_tfm(tfm));
 266 }
 267
 268 static inline u32 crypto_aead_get_flags(struct crypto_aead *tfm)
 269 {
 270         return crypto_tfm_get_flags(crypto_aead_tfm(tfm));
 271 }
 272
 273 static inline void crypto_aead_set_flags(struct crypto_aead *tfm, u32 flags)
 274 {
 275         crypto_tfm_set_flags(crypto_aead_tfm(tfm), flags);
 276 }
 277
 278 static inline void crypto_aead_clear_flags(struct crypto_aead *tfm, u32 flags)
 279 {
 280         crypto_tfm_clear_flags(crypto_aead_tfm(tfm), flags);
 281 }
 282
 283 /**
 284  * crypto_aead_setkey() - set key for cipher
 285  * @tfm: cipher handle
 286  * @key: buffer holding the key
 287  * @keylen: length of the key in bytes
 288  *
 289  * The caller provided key is set for the AEAD referenced by the cipher
 290  * handle.
 291  *
 292  * Note, the key length determines the cipher type. Many block ciphers implement
 293  * different cipher modes depending on the key size, such as AES-128 vs AES-192
 294  * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
 295  * is performed.
 296  *
 297  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
 298  */
 299 int crypto_aead_setkey(struct crypto_aead *tfm,
 300                        const u8 *key, unsigned int keylen);
 301
 302 /**
 303  * crypto_aead_setauthsize() - set authentication data size
 304  * @tfm: cipher handle
 305  * @authsize: size of the authentication data / tag in bytes
 306  *
 307  * Set the authentication data size / tag size. AEAD requires an authentication
 308  * tag (or MAC) in addition to the associated data.
 309  *
 310  * Return: 0 if the setting of the key was successful; < 0 if an error occurred
 311  */
 312 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize);
 313
 314 static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
 315 {
 316         return __crypto_aead_cast(req->base.tfm);
 317 }
 318
 319 /**
 320  * crypto_aead_encrypt() - encrypt plaintext
 321  * @req: reference to the aead_request handle that holds all information
 322  *       needed to perform the cipher operation
 323  *
 324  * Encrypt plaintext data using the aead_request handle. That data structure
 325  * and how it is filled with data is discussed with the aead_request_*
 326  * functions.
 327  *
 328  * IMPORTANT NOTE The encryption operation creates the authentication data /
 329  *                tag. That data is concatenated with the created ciphertext.
 330  *                The ciphertext memory size is therefore the given number of
 331  *                block cipher blocks + the size defined by the
 332  *                crypto_aead_setauthsize invocation. The caller must ensure
 333  *                that sufficient memory is available for the ciphertext and
 334  *                the authentication tag.
 335  *
 336  * Return: 0 if the cipher operation was successful; < 0 if an error occurred
 337  */
 338 static inline int crypto_aead_encrypt(struct aead_request *req)
 339 {
 340         return crypto_aead_reqtfm(req)->encrypt(req);
 341 }
 342
 343 /**
 344  * crypto_aead_decrypt() - decrypt ciphertext
 345  * @req: reference to the ablkcipher_request handle that holds all information
 346  *       needed to perform the cipher operation
 347  *
 348  * Decrypt ciphertext data using the aead_request handle. That data structure
 349  * and how it is filled with data is discussed with the aead_request_*
 350  * functions.
 351  *
 352  * IMPORTANT NOTE The caller must concatenate the ciphertext followed by the
 353  *                authentication data / tag. That authentication data / tag
 354  *                must have the size defined by the crypto_aead_setauthsize
 355  *                invocation.
 356  *
 357  *
 358  * Return: 0 if the cipher operation was successful; -EBADMSG: The AEAD
 359  *         cipher operation performs the authentication of the data during the
 360  *         decryption operation. Therefore, the function returns this error if
 361  *         the authentication of the ciphertext was unsuccessful (i.e. the
 362  *         integrity of the ciphertext or the associated data was violated);
 363  *         < 0 if an error occurred.
 364  */
 365 static inline int crypto_aead_decrypt(struct aead_request *req)
 366 {
 367         if (req->cryptlen < crypto_aead_authsize(crypto_aead_reqtfm(req)))
 368                 return -EINVAL;
 369
 370         return crypto_aead_reqtfm(req)->decrypt(req);
 371 }
 372
 373 /**
 374  * DOC: Asynchronous AEAD Request Handle
 375  *
 376  * The aead_request data structure contains all pointers to data required for
 377  * the AEAD cipher operation. This includes the cipher handle (which can be
 378  * used by multiple aead_request instances), pointer to plaintext and
 379  * ciphertext, asynchronous callback function, etc. It acts as a handle to the
 380  * aead_request_* API calls in a similar way as AEAD handle to the
 381  * crypto_aead_* API calls.
 382  */
 383
 384 /**
 385  * crypto_aead_reqsize() - obtain size of the request data structure
 386  * @tfm: cipher handle
 387  *
 388  * Return: number of bytes
 389  */
 390 unsigned int crypto_aead_reqsize(struct crypto_aead *tfm);
 391
 392 /**
 393  * aead_request_set_tfm() - update cipher handle reference in request
 394  * @req: request handle to be modified
 395  * @tfm: cipher handle that shall be added to the request handle
 396  *
 397  * Allow the caller to replace the existing aead handle in the request
 398  * data structure with a different one.
 399  */
 400 static inline void aead_request_set_tfm(struct aead_request *req,
 401                                         struct crypto_aead *tfm)
 402 {
 403         req->base.tfm = crypto_aead_tfm(tfm->child);
 404 }
 405
 406 /**
 407  * aead_request_alloc() - allocate request data structure
 408  * @tfm: cipher handle to be registered with the request
 409  * @gfp: memory allocation flag that is handed to kmalloc by the API call.
 410  *
 411  * Allocate the request data structure that must be used with the AEAD
 412  * encrypt and decrypt API calls. During the allocation, the provided aead
 413  * handle is registered in the request data structure.
 414  *
 415  * Return: allocated request handle in case of success; IS_ERR() is true in case
 416  *         of an error, PTR_ERR() returns the error code.
 417  */
 418 static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
 419                                                       gfp_t gfp)
 420 {
 421         struct aead_request *req;
 422
 423         req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);
 424
 425         if (likely(req))
 426                 aead_request_set_tfm(req, tfm);
 427
 428         return req;
 429 }
 430
 431 /**
 432  * aead_request_free() - zeroize and free request data structure
 433  * @req: request data structure cipher handle to be freed
 434  */
 435 static inline void aead_request_free(struct aead_request *req)
 436 {
 437         kzfree(req);
 438 }
 439
 440 /**
 441  * aead_request_set_callback() - set asynchronous callback function
 442  * @req: request handle
 443  * @flags: specify zero or an ORing of the flags
 444  *         CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
 445  *         increase the wait queue beyond the initial maximum size;
 446  *         CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
 447  * @compl: callback function pointer to be registered with the request handle
 448  * @data: The data pointer refers to memory that is not used by the kernel
 449  *        crypto API, but provided to the callback function for it to use. Here,
 450  *        the caller can provide a reference to memory the callback function can
 451  *        operate on. As the callback function is invoked asynchronously to the
 452  *        related functionality, it may need to access data structures of the
 453  *        related functionality which can be referenced using this pointer. The
 454  *        callback function can access the memory via the "data" field in the
 455  *        crypto_async_request data structure provided to the callback function.
 456  *
 457  * Setting the callback function that is triggered once the cipher operation
 458  * completes
 459  *
 460  * The callback function is registered with the aead_request handle and
 461  * must comply with the following template
 462  *
 463  *      void callback_function(struct crypto_async_request *req, int error)
 464  */
 465 static inline void aead_request_set_callback(struct aead_request *req,
 466                                              u32 flags,
 467                                              crypto_completion_t compl,
 468                                              void *data)
 469 {
 470         req->base.complete = compl;
 471         req->base.data = data;
 472         req->base.flags = flags;
 473 }
 474
 475 /**
 476  * aead_request_set_crypt - set data buffers
 477  * @req: request handle
 478  * @src: source scatter / gather list
 479  * @dst: destination scatter / gather list
 480  * @cryptlen: number of bytes to process from @src
 481  * @iv: IV for the cipher operation which must comply with the IV size defined
 482  *      by crypto_aead_ivsize()
 483  *
 484  * Setting the source data and destination data scatter / gather lists which
 485  * hold the associated data concatenated with the plaintext or ciphertext. See
 486  * below for the authentication tag.
 487  *
 488  * For encryption, the source is treated as the plaintext and the
 489  * destination is the ciphertext. For a decryption operation, the use is
 490  * reversed - the source is the ciphertext and the destination is the plaintext.
 491  *
 492  * For both src/dst the layout is associated data, plain/cipher text,
 493  * authentication tag.
 494  *
 495  * The content of the AD in the destination buffer after processing
 496  * will either be untouched, or it will contain a copy of the AD
 497  * from the source buffer.  In order to ensure that it always has
 498  * a copy of the AD, the user must copy the AD over either before
 499  * or after processing.  Of course this is not relevant if the user
 500  * is doing in-place processing where src == dst.
 501  *
 502  * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption,
 503  *                the caller must concatenate the ciphertext followed by the
 504  *                authentication tag and provide the entire data stream to the
 505  *                decryption operation (i.e. the data length used for the
 506  *                initialization of the scatterlist and the data length for the
 507  *                decryption operation is identical). For encryption, however,
 508  *                the authentication tag is created while encrypting the data.
 509  *                The destination buffer must hold sufficient space for the
 510  *                ciphertext and the authentication tag while the encryption
 511  *                invocation must only point to the plaintext data size. The
 512  *                following code snippet illustrates the memory usage
 513  *                buffer = kmalloc(ptbuflen + (enc ? authsize : 0));
 514  *                sg_init_one(&sg, buffer, ptbuflen + (enc ? authsize : 0));
 515  *                aead_request_set_crypt(req, &sg, &sg, ptbuflen, iv);
 516  */
 517 static inline void aead_request_set_crypt(struct aead_request *req,
 518                                           struct scatterlist *src,
 519                                           struct scatterlist *dst,
 520                                           unsigned int cryptlen, u8 *iv)
 521 {
 522         req->src = src;
 523         req->dst = dst;
 524         req->cryptlen = cryptlen;
 525         req->iv = iv;
 526 }
 527
 528 /**
 529  * aead_request_set_assoc() - set the associated data scatter / gather list
 530  * @req: request handle
 531  * @assoc: associated data scatter / gather list
 532  * @assoclen: number of bytes to process from @assoc
 533  *
 534  * Obsolete, do not use.
 535  */
 536 static inline void aead_request_set_assoc(struct aead_request *req,
 537                                           struct scatterlist *assoc,
 538                                           unsigned int assoclen)
 539 {
 540         req->assoc = assoc;
 541         req->assoclen = assoclen;
 542         req->old = true;
 543 }
 544
 545 /**
 546  * aead_request_set_ad - set associated data information
 547  * @req: request handle
 548  * @assoclen: number of bytes in associated data
 549  *
 550  * Setting the AD information.  This function sets the length of
 551  * the associated data.
 552  */
 553 static inline void aead_request_set_ad(struct aead_request *req,
 554                                        unsigned int assoclen)
 555 {
 556         req->assoclen = assoclen;
 557         req->old = false;
 558 }
 559
 560 static inline struct crypto_aead *aead_givcrypt_reqtfm(
 561         struct aead_givcrypt_request *req)
 562 {
 563         return crypto_aead_reqtfm(&req->areq);
 564 }
 565
 566 static inline int crypto_aead_givencrypt(struct aead_givcrypt_request *req)
 567 {
 568         return aead_givcrypt_reqtfm(req)->givencrypt(req);
 569 };
 570
 571 static inline int crypto_aead_givdecrypt(struct aead_givcrypt_request *req)
 572 {
 573         return aead_givcrypt_reqtfm(req)->givdecrypt(req);
 574 };
 575
 576 static inline void aead_givcrypt_set_tfm(struct aead_givcrypt_request *req,
 577                                          struct crypto_aead *tfm)
 578 {
 579         req->areq.base.tfm = crypto_aead_tfm(tfm);
 580 }
 581
 582 static inline struct aead_givcrypt_request *aead_givcrypt_alloc(
 583         struct crypto_aead *tfm, gfp_t gfp)
 584 {
 585         struct aead_givcrypt_request *req;
 586
 587         req = kmalloc(sizeof(struct aead_givcrypt_request) +
 588                       crypto_aead_reqsize(tfm), gfp);
 589
 590         if (likely(req))
 591                 aead_givcrypt_set_tfm(req, tfm);
 592
 593         return req;
 594 }
 595
 596 static inline void aead_givcrypt_free(struct aead_givcrypt_request *req)
 597 {
 598         kfree(req);
 599 }
 600
 601 static inline void aead_givcrypt_set_callback(
 602         struct aead_givcrypt_request *req, u32 flags,
 603         crypto_completion_t compl, void *data)
 604 {
 605         aead_request_set_callback(&req->areq, flags, compl, data);
 606 }
 607
 608 static inline void aead_givcrypt_set_crypt(struct aead_givcrypt_request *req,
 609                                            struct scatterlist *src,
 610                                            struct scatterlist *dst,
 611                                            unsigned int nbytes, void *iv)
 612 {
 613         aead_request_set_crypt(&req->areq, src, dst, nbytes, iv);
 614 }
 615
 616 static inline void aead_givcrypt_set_assoc(struct aead_givcrypt_request *req,
 617                                            struct scatterlist *assoc,
 618                                            unsigned int assoclen)
 619 {
 620         aead_request_set_assoc(&req->areq, assoc, assoclen);
 621 }
 622
 623 static inline void aead_givcrypt_set_giv(struct aead_givcrypt_request *req,
 624                                          u8 *giv, u64 seq)
 625 {
 626         req->giv = giv;
 627         req->seq = seq;
 628 }
 629
 630 #endif  /* _CRYPTO_AEAD_H */