2 * AEAD: Authenticated Encryption with Associated Data
4 * This file provides API support for AEAD algorithms.
6 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
15 #include <crypto/internal/aead.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/slab.h>
21 #include <linux/seq_file.h>
25 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
28 struct aead_alg *aead = crypto_aead_alg(tfm);
29 unsigned long alignmask = crypto_aead_alignmask(tfm);
31 u8 *buffer, *alignbuffer;
34 absize = keylen + alignmask;
35 buffer = kmalloc(absize, GFP_ATOMIC);
39 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
40 memcpy(alignbuffer, key, keylen);
41 ret = aead->setkey(tfm, alignbuffer, keylen);
42 memset(alignbuffer, 0, keylen);
47 static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
49 struct aead_alg *aead = crypto_aead_alg(tfm);
50 unsigned long alignmask = crypto_aead_alignmask(tfm);
52 if ((unsigned long)key & alignmask)
53 return setkey_unaligned(tfm, key, keylen);
55 return aead->setkey(tfm, key, keylen);
58 int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
60 struct aead_tfm *crt = crypto_aead_crt(tfm);
63 if (authsize > crypto_aead_alg(tfm)->maxauthsize)
66 if (crypto_aead_alg(tfm)->setauthsize) {
67 err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
72 crypto_aead_crt(crt->base)->authsize = authsize;
73 crt->authsize = authsize;
76 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
78 static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
81 return alg->cra_ctxsize;
84 static int no_givcrypt(struct aead_givcrypt_request *req)
89 static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
91 struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
92 struct aead_tfm *crt = &tfm->crt_aead;
94 if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
97 crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
99 crt->encrypt = alg->encrypt;
100 crt->decrypt = alg->decrypt;
101 crt->givencrypt = alg->givencrypt ?: no_givcrypt;
102 crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
103 crt->base = __crypto_aead_cast(tfm);
104 crt->ivsize = alg->ivsize;
105 crt->authsize = alg->maxauthsize;
110 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
111 __attribute__ ((unused));
112 static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
114 struct aead_alg *aead = &alg->cra_aead;
116 seq_printf(m, "type : aead\n");
117 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
118 seq_printf(m, "ivsize : %u\n", aead->ivsize);
119 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
120 seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>");
123 const struct crypto_type crypto_aead_type = {
124 .ctxsize = crypto_aead_ctxsize,
125 .init = crypto_init_aead_ops,
126 #ifdef CONFIG_PROC_FS
127 .show = crypto_aead_show,
130 EXPORT_SYMBOL_GPL(crypto_aead_type);
132 static int aead_null_givencrypt(struct aead_givcrypt_request *req)
134 return crypto_aead_encrypt(&req->areq);
137 static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
139 return crypto_aead_decrypt(&req->areq);
142 static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
144 struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
145 struct aead_tfm *crt = &tfm->crt_aead;
147 if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
150 crt->setkey = setkey;
151 crt->encrypt = alg->encrypt;
152 crt->decrypt = alg->decrypt;
154 crt->givencrypt = aead_null_givencrypt;
155 crt->givdecrypt = aead_null_givdecrypt;
157 crt->base = __crypto_aead_cast(tfm);
158 crt->ivsize = alg->ivsize;
159 crt->authsize = alg->maxauthsize;
164 static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
165 __attribute__ ((unused));
166 static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
168 struct aead_alg *aead = &alg->cra_aead;
170 seq_printf(m, "type : nivaead\n");
171 seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
172 seq_printf(m, "ivsize : %u\n", aead->ivsize);
173 seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
174 seq_printf(m, "geniv : %s\n", aead->geniv);
177 const struct crypto_type crypto_nivaead_type = {
178 .ctxsize = crypto_aead_ctxsize,
179 .init = crypto_init_nivaead_ops,
180 #ifdef CONFIG_PROC_FS
181 .show = crypto_nivaead_show,
184 EXPORT_SYMBOL_GPL(crypto_nivaead_type);
186 static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
187 const char *name, u32 type, u32 mask)
189 struct crypto_alg *alg;
192 type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
193 type |= CRYPTO_ALG_TYPE_AEAD;
194 mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV;
196 alg = crypto_alg_mod_lookup(name, type, mask);
200 err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
205 struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl,
206 struct rtattr **tb, u32 type,
210 struct crypto_aead_spawn *spawn;
211 struct crypto_attr_type *algt;
212 struct crypto_instance *inst;
213 struct crypto_alg *alg;
216 algt = crypto_get_attr_type(tb);
221 if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) &
223 return ERR_PTR(-EINVAL);
225 name = crypto_attr_alg_name(tb[1]);
230 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
232 return ERR_PTR(-ENOMEM);
234 spawn = crypto_instance_ctx(inst);
236 /* Ignore async algorithms if necessary. */
237 mask |= crypto_requires_sync(algt->type, algt->mask);
239 crypto_set_aead_spawn(spawn, inst);
240 err = crypto_grab_nivaead(spawn, name, type, mask);
244 alg = crypto_aead_spawn_alg(spawn);
247 if (!alg->cra_aead.ivsize)
251 * This is only true if we're constructing an algorithm with its
252 * default IV generator. For the default generator we elide the
253 * template name and double-check the IV generator.
255 if (algt->mask & CRYPTO_ALG_GENIV) {
256 if (strcmp(tmpl->name, alg->cra_aead.geniv))
259 memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
260 memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
261 CRYPTO_MAX_ALG_NAME);
264 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
265 "%s(%s)", tmpl->name, alg->cra_name) >=
268 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
269 "%s(%s)", tmpl->name, alg->cra_driver_name) >=
274 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV;
275 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
276 inst->alg.cra_priority = alg->cra_priority;
277 inst->alg.cra_blocksize = alg->cra_blocksize;
278 inst->alg.cra_alignmask = alg->cra_alignmask;
279 inst->alg.cra_type = &crypto_aead_type;
281 inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
282 inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
283 inst->alg.cra_aead.geniv = alg->cra_aead.geniv;
285 inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
286 inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
287 inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
288 inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;
294 crypto_drop_aead(spawn);
300 EXPORT_SYMBOL_GPL(aead_geniv_alloc);
302 void aead_geniv_free(struct crypto_instance *inst)
304 crypto_drop_aead(crypto_instance_ctx(inst));
307 EXPORT_SYMBOL_GPL(aead_geniv_free);
309 int aead_geniv_init(struct crypto_tfm *tfm)
311 struct crypto_instance *inst = (void *)tfm->__crt_alg;
312 struct crypto_aead *aead;
314 aead = crypto_spawn_aead(crypto_instance_ctx(inst));
316 return PTR_ERR(aead);
318 tfm->crt_aead.base = aead;
319 tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);
323 EXPORT_SYMBOL_GPL(aead_geniv_init);
325 void aead_geniv_exit(struct crypto_tfm *tfm)
327 crypto_free_aead(tfm->crt_aead.base);
329 EXPORT_SYMBOL_GPL(aead_geniv_exit);
331 MODULE_LICENSE("GPL");
332 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");