2 * CCM: Counter with CBC-MAC
4 * (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/internal/aead.h>
14 #include <crypto/internal/skcipher.h>
15 #include <crypto/scatterwalk.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/slab.h>
24 struct ccm_instance_ctx
{
25 struct crypto_skcipher_spawn ctr
;
26 struct crypto_spawn cipher
;
29 struct crypto_ccm_ctx
{
30 struct crypto_cipher
*cipher
;
31 struct crypto_ablkcipher
*ctr
;
34 struct crypto_rfc4309_ctx
{
35 struct crypto_aead
*child
;
39 struct crypto_ccm_req_priv_ctx
{
45 struct scatterlist src
[2];
46 struct scatterlist dst
[2];
47 struct ablkcipher_request abreq
;
50 static inline struct crypto_ccm_req_priv_ctx
*crypto_ccm_reqctx(
51 struct aead_request
*req
)
53 unsigned long align
= crypto_aead_alignmask(crypto_aead_reqtfm(req
));
55 return (void *)PTR_ALIGN((u8
*)aead_request_ctx(req
), align
+ 1);
58 static int set_msg_len(u8
*block
, unsigned int msglen
, int csize
)
62 memset(block
, 0, csize
);
67 else if (msglen
> (1 << (8 * csize
)))
70 data
= cpu_to_be32(msglen
);
71 memcpy(block
- csize
, (u8
*)&data
+ 4 - csize
, csize
);
76 static int crypto_ccm_setkey(struct crypto_aead
*aead
, const u8
*key
,
79 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
80 struct crypto_ablkcipher
*ctr
= ctx
->ctr
;
81 struct crypto_cipher
*tfm
= ctx
->cipher
;
84 crypto_ablkcipher_clear_flags(ctr
, CRYPTO_TFM_REQ_MASK
);
85 crypto_ablkcipher_set_flags(ctr
, crypto_aead_get_flags(aead
) &
87 err
= crypto_ablkcipher_setkey(ctr
, key
, keylen
);
88 crypto_aead_set_flags(aead
, crypto_ablkcipher_get_flags(ctr
) &
93 crypto_cipher_clear_flags(tfm
, CRYPTO_TFM_REQ_MASK
);
94 crypto_cipher_set_flags(tfm
, crypto_aead_get_flags(aead
) &
96 err
= crypto_cipher_setkey(tfm
, key
, keylen
);
97 crypto_aead_set_flags(aead
, crypto_cipher_get_flags(tfm
) &
104 static int crypto_ccm_setauthsize(struct crypto_aead
*tfm
,
105 unsigned int authsize
)
123 static int format_input(u8
*info
, struct aead_request
*req
,
124 unsigned int cryptlen
)
126 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
127 unsigned int lp
= req
->iv
[0];
128 unsigned int l
= lp
+ 1;
131 m
= crypto_aead_authsize(aead
);
133 memcpy(info
, req
->iv
, 16);
135 /* format control info per RFC 3610 and
136 * NIST Special Publication 800-38C
138 *info
|= (8 * ((m
- 2) / 2));
142 return set_msg_len(info
+ 16 - l
, cryptlen
, l
);
145 static int format_adata(u8
*adata
, unsigned int a
)
149 /* add control info for associated data
150 * RFC 3610 and NIST Special Publication 800-38C
153 *(__be16
*)adata
= cpu_to_be16(a
);
156 *(__be16
*)adata
= cpu_to_be16(0xfffe);
157 *(__be32
*)&adata
[2] = cpu_to_be32(a
);
164 static void compute_mac(struct crypto_cipher
*tfm
, u8
*data
, int n
,
165 struct crypto_ccm_req_priv_ctx
*pctx
)
167 unsigned int bs
= 16;
168 u8
*odata
= pctx
->odata
;
169 u8
*idata
= pctx
->idata
;
174 /* first time in here, block may be partially filled. */
175 getlen
= bs
- pctx
->ilen
;
176 if (datalen
>= getlen
) {
177 memcpy(idata
+ pctx
->ilen
, data
, getlen
);
178 crypto_xor(odata
, idata
, bs
);
179 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
185 /* now encrypt rest of data */
186 while (datalen
>= bs
) {
187 crypto_xor(odata
, data
, bs
);
188 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
194 /* check and see if there's leftover data that wasn't
195 * enough to fill a block.
198 memcpy(idata
+ pctx
->ilen
, data
, datalen
);
199 pctx
->ilen
+= datalen
;
203 static void get_data_to_compute(struct crypto_cipher
*tfm
,
204 struct crypto_ccm_req_priv_ctx
*pctx
,
205 struct scatterlist
*sg
, unsigned int len
)
207 struct scatter_walk walk
;
211 scatterwalk_start(&walk
, sg
);
214 n
= scatterwalk_clamp(&walk
, len
);
216 scatterwalk_start(&walk
, sg_next(walk
.sg
));
217 n
= scatterwalk_clamp(&walk
, len
);
219 data_src
= scatterwalk_map(&walk
);
221 compute_mac(tfm
, data_src
, n
, pctx
);
224 scatterwalk_unmap(data_src
);
225 scatterwalk_advance(&walk
, n
);
226 scatterwalk_done(&walk
, 0, len
);
228 crypto_yield(pctx
->flags
);
231 /* any leftover needs padding and then encrypted */
234 u8
*odata
= pctx
->odata
;
235 u8
*idata
= pctx
->idata
;
237 padlen
= 16 - pctx
->ilen
;
238 memset(idata
+ pctx
->ilen
, 0, padlen
);
239 crypto_xor(odata
, idata
, 16);
240 crypto_cipher_encrypt_one(tfm
, odata
, odata
);
245 static int crypto_ccm_auth(struct aead_request
*req
, struct scatterlist
*plain
,
246 unsigned int cryptlen
)
248 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
249 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
250 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
251 struct crypto_cipher
*cipher
= ctx
->cipher
;
252 unsigned int assoclen
= req
->assoclen
;
253 u8
*odata
= pctx
->odata
;
254 u8
*idata
= pctx
->idata
;
257 /* format control data for input */
258 err
= format_input(odata
, req
, cryptlen
);
262 /* encrypt first block to use as start in computing mac */
263 crypto_cipher_encrypt_one(cipher
, odata
, odata
);
265 /* format associated data and compute into mac */
267 pctx
->ilen
= format_adata(idata
, assoclen
);
268 get_data_to_compute(cipher
, pctx
, req
->assoc
, req
->assoclen
);
273 /* compute plaintext into mac */
275 get_data_to_compute(cipher
, pctx
, plain
, cryptlen
);
281 static void crypto_ccm_encrypt_done(struct crypto_async_request
*areq
, int err
)
283 struct aead_request
*req
= areq
->data
;
284 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
285 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
286 u8
*odata
= pctx
->odata
;
289 scatterwalk_map_and_copy(odata
, req
->dst
, req
->cryptlen
,
290 crypto_aead_authsize(aead
), 1);
291 aead_request_complete(req
, err
);
294 static inline int crypto_ccm_check_iv(const u8
*iv
)
296 /* 2 <= L <= 8, so 1 <= L' <= 7. */
297 if (1 > iv
[0] || iv
[0] > 7)
303 static int crypto_ccm_encrypt(struct aead_request
*req
)
305 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
306 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
307 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
308 struct ablkcipher_request
*abreq
= &pctx
->abreq
;
309 struct scatterlist
*dst
;
310 unsigned int cryptlen
= req
->cryptlen
;
311 u8
*odata
= pctx
->odata
;
315 err
= crypto_ccm_check_iv(iv
);
319 pctx
->flags
= aead_request_flags(req
);
321 err
= crypto_ccm_auth(req
, req
->src
, cryptlen
);
325 /* Note: rfc 3610 and NIST 800-38C require counter of
326 * zero to encrypt auth tag.
328 memset(iv
+ 15 - iv
[0], 0, iv
[0] + 1);
330 sg_init_table(pctx
->src
, 2);
331 sg_set_buf(pctx
->src
, odata
, 16);
332 scatterwalk_sg_chain(pctx
->src
, 2, req
->src
);
335 if (req
->src
!= req
->dst
) {
336 sg_init_table(pctx
->dst
, 2);
337 sg_set_buf(pctx
->dst
, odata
, 16);
338 scatterwalk_sg_chain(pctx
->dst
, 2, req
->dst
);
342 ablkcipher_request_set_tfm(abreq
, ctx
->ctr
);
343 ablkcipher_request_set_callback(abreq
, pctx
->flags
,
344 crypto_ccm_encrypt_done
, req
);
345 ablkcipher_request_set_crypt(abreq
, pctx
->src
, dst
, cryptlen
+ 16, iv
);
346 err
= crypto_ablkcipher_encrypt(abreq
);
350 /* copy authtag to end of dst */
351 scatterwalk_map_and_copy(odata
, req
->dst
, cryptlen
,
352 crypto_aead_authsize(aead
), 1);
356 static void crypto_ccm_decrypt_done(struct crypto_async_request
*areq
,
359 struct aead_request
*req
= areq
->data
;
360 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
361 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
362 unsigned int authsize
= crypto_aead_authsize(aead
);
363 unsigned int cryptlen
= req
->cryptlen
- authsize
;
366 err
= crypto_ccm_auth(req
, req
->dst
, cryptlen
);
367 if (!err
&& memcmp(pctx
->auth_tag
, pctx
->odata
, authsize
))
370 aead_request_complete(req
, err
);
373 static int crypto_ccm_decrypt(struct aead_request
*req
)
375 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
376 struct crypto_ccm_ctx
*ctx
= crypto_aead_ctx(aead
);
377 struct crypto_ccm_req_priv_ctx
*pctx
= crypto_ccm_reqctx(req
);
378 struct ablkcipher_request
*abreq
= &pctx
->abreq
;
379 struct scatterlist
*dst
;
380 unsigned int authsize
= crypto_aead_authsize(aead
);
381 unsigned int cryptlen
= req
->cryptlen
;
382 u8
*authtag
= pctx
->auth_tag
;
383 u8
*odata
= pctx
->odata
;
387 if (cryptlen
< authsize
)
389 cryptlen
-= authsize
;
391 err
= crypto_ccm_check_iv(iv
);
395 pctx
->flags
= aead_request_flags(req
);
397 scatterwalk_map_and_copy(authtag
, req
->src
, cryptlen
, authsize
, 0);
399 memset(iv
+ 15 - iv
[0], 0, iv
[0] + 1);
401 sg_init_table(pctx
->src
, 2);
402 sg_set_buf(pctx
->src
, authtag
, 16);
403 scatterwalk_sg_chain(pctx
->src
, 2, req
->src
);
406 if (req
->src
!= req
->dst
) {
407 sg_init_table(pctx
->dst
, 2);
408 sg_set_buf(pctx
->dst
, authtag
, 16);
409 scatterwalk_sg_chain(pctx
->dst
, 2, req
->dst
);
413 ablkcipher_request_set_tfm(abreq
, ctx
->ctr
);
414 ablkcipher_request_set_callback(abreq
, pctx
->flags
,
415 crypto_ccm_decrypt_done
, req
);
416 ablkcipher_request_set_crypt(abreq
, pctx
->src
, dst
, cryptlen
+ 16, iv
);
417 err
= crypto_ablkcipher_decrypt(abreq
);
421 err
= crypto_ccm_auth(req
, req
->dst
, cryptlen
);
426 if (memcmp(authtag
, odata
, authsize
))
432 static int crypto_ccm_init_tfm(struct crypto_tfm
*tfm
)
434 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
435 struct ccm_instance_ctx
*ictx
= crypto_instance_ctx(inst
);
436 struct crypto_ccm_ctx
*ctx
= crypto_tfm_ctx(tfm
);
437 struct crypto_cipher
*cipher
;
438 struct crypto_ablkcipher
*ctr
;
442 cipher
= crypto_spawn_cipher(&ictx
->cipher
);
444 return PTR_ERR(cipher
);
446 ctr
= crypto_spawn_skcipher(&ictx
->ctr
);
449 goto err_free_cipher
;
451 ctx
->cipher
= cipher
;
454 align
= crypto_tfm_alg_alignmask(tfm
);
455 align
&= ~(crypto_tfm_ctx_alignment() - 1);
456 tfm
->crt_aead
.reqsize
= align
+
457 sizeof(struct crypto_ccm_req_priv_ctx
) +
458 crypto_ablkcipher_reqsize(ctr
);
463 crypto_free_cipher(cipher
);
467 static void crypto_ccm_exit_tfm(struct crypto_tfm
*tfm
)
469 struct crypto_ccm_ctx
*ctx
= crypto_tfm_ctx(tfm
);
471 crypto_free_cipher(ctx
->cipher
);
472 crypto_free_ablkcipher(ctx
->ctr
);
475 static struct crypto_instance
*crypto_ccm_alloc_common(struct rtattr
**tb
,
476 const char *full_name
,
477 const char *ctr_name
,
478 const char *cipher_name
)
480 struct crypto_attr_type
*algt
;
481 struct crypto_instance
*inst
;
482 struct crypto_alg
*ctr
;
483 struct crypto_alg
*cipher
;
484 struct ccm_instance_ctx
*ictx
;
487 algt
= crypto_get_attr_type(tb
);
489 return ERR_CAST(algt
);
491 if ((algt
->type
^ CRYPTO_ALG_TYPE_AEAD
) & algt
->mask
)
492 return ERR_PTR(-EINVAL
);
494 cipher
= crypto_alg_mod_lookup(cipher_name
, CRYPTO_ALG_TYPE_CIPHER
,
495 CRYPTO_ALG_TYPE_MASK
);
497 return ERR_CAST(cipher
);
500 if (cipher
->cra_blocksize
!= 16)
503 inst
= kzalloc(sizeof(*inst
) + sizeof(*ictx
), GFP_KERNEL
);
508 ictx
= crypto_instance_ctx(inst
);
510 err
= crypto_init_spawn(&ictx
->cipher
, cipher
, inst
,
511 CRYPTO_ALG_TYPE_MASK
);
515 crypto_set_skcipher_spawn(&ictx
->ctr
, inst
);
516 err
= crypto_grab_skcipher(&ictx
->ctr
, ctr_name
, 0,
517 crypto_requires_sync(algt
->type
,
520 goto err_drop_cipher
;
522 ctr
= crypto_skcipher_spawn_alg(&ictx
->ctr
);
524 /* Not a stream cipher? */
526 if (ctr
->cra_blocksize
!= 1)
529 /* We want the real thing! */
530 if (ctr
->cra_ablkcipher
.ivsize
!= 16)
534 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
535 "ccm_base(%s,%s)", ctr
->cra_driver_name
,
536 cipher
->cra_driver_name
) >= CRYPTO_MAX_ALG_NAME
)
539 memcpy(inst
->alg
.cra_name
, full_name
, CRYPTO_MAX_ALG_NAME
);
541 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
;
542 inst
->alg
.cra_flags
|= ctr
->cra_flags
& CRYPTO_ALG_ASYNC
;
543 inst
->alg
.cra_priority
= cipher
->cra_priority
+ ctr
->cra_priority
;
544 inst
->alg
.cra_blocksize
= 1;
545 inst
->alg
.cra_alignmask
= cipher
->cra_alignmask
| ctr
->cra_alignmask
|
546 (__alignof__(u32
) - 1);
547 inst
->alg
.cra_type
= &crypto_aead_type
;
548 inst
->alg
.cra_aead
.ivsize
= 16;
549 inst
->alg
.cra_aead
.maxauthsize
= 16;
550 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_ccm_ctx
);
551 inst
->alg
.cra_init
= crypto_ccm_init_tfm
;
552 inst
->alg
.cra_exit
= crypto_ccm_exit_tfm
;
553 inst
->alg
.cra_aead
.setkey
= crypto_ccm_setkey
;
554 inst
->alg
.cra_aead
.setauthsize
= crypto_ccm_setauthsize
;
555 inst
->alg
.cra_aead
.encrypt
= crypto_ccm_encrypt
;
556 inst
->alg
.cra_aead
.decrypt
= crypto_ccm_decrypt
;
559 crypto_mod_put(cipher
);
563 crypto_drop_skcipher(&ictx
->ctr
);
565 crypto_drop_spawn(&ictx
->cipher
);
573 static struct crypto_instance
*crypto_ccm_alloc(struct rtattr
**tb
)
575 const char *cipher_name
;
576 char ctr_name
[CRYPTO_MAX_ALG_NAME
];
577 char full_name
[CRYPTO_MAX_ALG_NAME
];
579 cipher_name
= crypto_attr_alg_name(tb
[1]);
580 if (IS_ERR(cipher_name
))
581 return ERR_CAST(cipher_name
);
583 if (snprintf(ctr_name
, CRYPTO_MAX_ALG_NAME
, "ctr(%s)",
584 cipher_name
) >= CRYPTO_MAX_ALG_NAME
)
585 return ERR_PTR(-ENAMETOOLONG
);
587 if (snprintf(full_name
, CRYPTO_MAX_ALG_NAME
, "ccm(%s)", cipher_name
) >=
589 return ERR_PTR(-ENAMETOOLONG
);
591 return crypto_ccm_alloc_common(tb
, full_name
, ctr_name
, cipher_name
);
594 static void crypto_ccm_free(struct crypto_instance
*inst
)
596 struct ccm_instance_ctx
*ctx
= crypto_instance_ctx(inst
);
598 crypto_drop_spawn(&ctx
->cipher
);
599 crypto_drop_skcipher(&ctx
->ctr
);
603 static struct crypto_template crypto_ccm_tmpl
= {
605 .alloc
= crypto_ccm_alloc
,
606 .free
= crypto_ccm_free
,
607 .module
= THIS_MODULE
,
610 static struct crypto_instance
*crypto_ccm_base_alloc(struct rtattr
**tb
)
612 const char *ctr_name
;
613 const char *cipher_name
;
614 char full_name
[CRYPTO_MAX_ALG_NAME
];
616 ctr_name
= crypto_attr_alg_name(tb
[1]);
617 if (IS_ERR(ctr_name
))
618 return ERR_CAST(ctr_name
);
620 cipher_name
= crypto_attr_alg_name(tb
[2]);
621 if (IS_ERR(cipher_name
))
622 return ERR_CAST(cipher_name
);
624 if (snprintf(full_name
, CRYPTO_MAX_ALG_NAME
, "ccm_base(%s,%s)",
625 ctr_name
, cipher_name
) >= CRYPTO_MAX_ALG_NAME
)
626 return ERR_PTR(-ENAMETOOLONG
);
628 return crypto_ccm_alloc_common(tb
, full_name
, ctr_name
, cipher_name
);
631 static struct crypto_template crypto_ccm_base_tmpl
= {
633 .alloc
= crypto_ccm_base_alloc
,
634 .free
= crypto_ccm_free
,
635 .module
= THIS_MODULE
,
638 static int crypto_rfc4309_setkey(struct crypto_aead
*parent
, const u8
*key
,
641 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(parent
);
642 struct crypto_aead
*child
= ctx
->child
;
649 memcpy(ctx
->nonce
, key
+ keylen
, 3);
651 crypto_aead_clear_flags(child
, CRYPTO_TFM_REQ_MASK
);
652 crypto_aead_set_flags(child
, crypto_aead_get_flags(parent
) &
653 CRYPTO_TFM_REQ_MASK
);
654 err
= crypto_aead_setkey(child
, key
, keylen
);
655 crypto_aead_set_flags(parent
, crypto_aead_get_flags(child
) &
656 CRYPTO_TFM_RES_MASK
);
661 static int crypto_rfc4309_setauthsize(struct crypto_aead
*parent
,
662 unsigned int authsize
)
664 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(parent
);
675 return crypto_aead_setauthsize(ctx
->child
, authsize
);
678 static struct aead_request
*crypto_rfc4309_crypt(struct aead_request
*req
)
680 struct aead_request
*subreq
= aead_request_ctx(req
);
681 struct crypto_aead
*aead
= crypto_aead_reqtfm(req
);
682 struct crypto_rfc4309_ctx
*ctx
= crypto_aead_ctx(aead
);
683 struct crypto_aead
*child
= ctx
->child
;
684 u8
*iv
= PTR_ALIGN((u8
*)(subreq
+ 1) + crypto_aead_reqsize(child
),
685 crypto_aead_alignmask(child
) + 1);
690 memcpy(iv
+ 1, ctx
->nonce
, 3);
691 memcpy(iv
+ 4, req
->iv
, 8);
693 aead_request_set_tfm(subreq
, child
);
694 aead_request_set_callback(subreq
, req
->base
.flags
, req
->base
.complete
,
696 aead_request_set_crypt(subreq
, req
->src
, req
->dst
, req
->cryptlen
, iv
);
697 aead_request_set_assoc(subreq
, req
->assoc
, req
->assoclen
);
702 static int crypto_rfc4309_encrypt(struct aead_request
*req
)
704 req
= crypto_rfc4309_crypt(req
);
706 return crypto_aead_encrypt(req
);
709 static int crypto_rfc4309_decrypt(struct aead_request
*req
)
711 req
= crypto_rfc4309_crypt(req
);
713 return crypto_aead_decrypt(req
);
716 static int crypto_rfc4309_init_tfm(struct crypto_tfm
*tfm
)
718 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
719 struct crypto_aead_spawn
*spawn
= crypto_instance_ctx(inst
);
720 struct crypto_rfc4309_ctx
*ctx
= crypto_tfm_ctx(tfm
);
721 struct crypto_aead
*aead
;
724 aead
= crypto_spawn_aead(spawn
);
726 return PTR_ERR(aead
);
730 align
= crypto_aead_alignmask(aead
);
731 align
&= ~(crypto_tfm_ctx_alignment() - 1);
732 tfm
->crt_aead
.reqsize
= sizeof(struct aead_request
) +
733 ALIGN(crypto_aead_reqsize(aead
),
734 crypto_tfm_ctx_alignment()) +
740 static void crypto_rfc4309_exit_tfm(struct crypto_tfm
*tfm
)
742 struct crypto_rfc4309_ctx
*ctx
= crypto_tfm_ctx(tfm
);
744 crypto_free_aead(ctx
->child
);
747 static struct crypto_instance
*crypto_rfc4309_alloc(struct rtattr
**tb
)
749 struct crypto_attr_type
*algt
;
750 struct crypto_instance
*inst
;
751 struct crypto_aead_spawn
*spawn
;
752 struct crypto_alg
*alg
;
753 const char *ccm_name
;
756 algt
= crypto_get_attr_type(tb
);
758 return ERR_CAST(algt
);
760 if ((algt
->type
^ CRYPTO_ALG_TYPE_AEAD
) & algt
->mask
)
761 return ERR_PTR(-EINVAL
);
763 ccm_name
= crypto_attr_alg_name(tb
[1]);
764 if (IS_ERR(ccm_name
))
765 return ERR_CAST(ccm_name
);
767 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
769 return ERR_PTR(-ENOMEM
);
771 spawn
= crypto_instance_ctx(inst
);
772 crypto_set_aead_spawn(spawn
, inst
);
773 err
= crypto_grab_aead(spawn
, ccm_name
, 0,
774 crypto_requires_sync(algt
->type
, algt
->mask
));
778 alg
= crypto_aead_spawn_alg(spawn
);
782 /* We only support 16-byte blocks. */
783 if (alg
->cra_aead
.ivsize
!= 16)
786 /* Not a stream cipher? */
787 if (alg
->cra_blocksize
!= 1)
791 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
792 "rfc4309(%s)", alg
->cra_name
) >= CRYPTO_MAX_ALG_NAME
||
793 snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
794 "rfc4309(%s)", alg
->cra_driver_name
) >=
798 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
;
799 inst
->alg
.cra_flags
|= alg
->cra_flags
& CRYPTO_ALG_ASYNC
;
800 inst
->alg
.cra_priority
= alg
->cra_priority
;
801 inst
->alg
.cra_blocksize
= 1;
802 inst
->alg
.cra_alignmask
= alg
->cra_alignmask
;
803 inst
->alg
.cra_type
= &crypto_nivaead_type
;
805 inst
->alg
.cra_aead
.ivsize
= 8;
806 inst
->alg
.cra_aead
.maxauthsize
= 16;
808 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_rfc4309_ctx
);
810 inst
->alg
.cra_init
= crypto_rfc4309_init_tfm
;
811 inst
->alg
.cra_exit
= crypto_rfc4309_exit_tfm
;
813 inst
->alg
.cra_aead
.setkey
= crypto_rfc4309_setkey
;
814 inst
->alg
.cra_aead
.setauthsize
= crypto_rfc4309_setauthsize
;
815 inst
->alg
.cra_aead
.encrypt
= crypto_rfc4309_encrypt
;
816 inst
->alg
.cra_aead
.decrypt
= crypto_rfc4309_decrypt
;
818 inst
->alg
.cra_aead
.geniv
= "seqiv";
824 crypto_drop_aead(spawn
);
831 static void crypto_rfc4309_free(struct crypto_instance
*inst
)
833 crypto_drop_spawn(crypto_instance_ctx(inst
));
837 static struct crypto_template crypto_rfc4309_tmpl
= {
839 .alloc
= crypto_rfc4309_alloc
,
840 .free
= crypto_rfc4309_free
,
841 .module
= THIS_MODULE
,
844 static int __init
crypto_ccm_module_init(void)
848 err
= crypto_register_template(&crypto_ccm_base_tmpl
);
852 err
= crypto_register_template(&crypto_ccm_tmpl
);
856 err
= crypto_register_template(&crypto_rfc4309_tmpl
);
864 crypto_unregister_template(&crypto_ccm_tmpl
);
866 crypto_unregister_template(&crypto_ccm_base_tmpl
);
870 static void __exit
crypto_ccm_module_exit(void)
872 crypto_unregister_template(&crypto_rfc4309_tmpl
);
873 crypto_unregister_template(&crypto_ccm_tmpl
);
874 crypto_unregister_template(&crypto_ccm_base_tmpl
);
877 module_init(crypto_ccm_module_init
);
878 module_exit(crypto_ccm_module_exit
);
880 MODULE_LICENSE("GPL");
881 MODULE_DESCRIPTION("Counter with CBC MAC");
882 MODULE_ALIAS_CRYPTO("ccm_base");
883 MODULE_ALIAS_CRYPTO("rfc4309");
884 MODULE_ALIAS_CRYPTO("ccm");