2 * AEAD: Authenticated Encryption with Associated Data
4 * This file provides API support for AEAD algorithms.
6 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the Free
10 * Software Foundation; either version 2 of the License, or (at your option)
15 #include <crypto/internal/aead.h>
16 #include <linux/err.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/module.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/sched.h>
22 #include <linux/slab.h>
23 #include <linux/seq_file.h>
24 #include <linux/cryptouser.h>
25 #include <net/netlink.h>
29 static int setkey_unaligned(struct crypto_aead
*tfm
, const u8
*key
,
32 struct aead_alg
*aead
= crypto_aead_alg(tfm
);
33 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
35 u8
*buffer
, *alignbuffer
;
38 absize
= keylen
+ alignmask
;
39 buffer
= kmalloc(absize
, GFP_ATOMIC
);
43 alignbuffer
= (u8
*)ALIGN((unsigned long)buffer
, alignmask
+ 1);
44 memcpy(alignbuffer
, key
, keylen
);
45 ret
= aead
->setkey(tfm
, alignbuffer
, keylen
);
46 memset(alignbuffer
, 0, keylen
);
51 static int setkey(struct crypto_aead
*tfm
, const u8
*key
, unsigned int keylen
)
53 struct aead_alg
*aead
= crypto_aead_alg(tfm
);
54 unsigned long alignmask
= crypto_aead_alignmask(tfm
);
56 if ((unsigned long)key
& alignmask
)
57 return setkey_unaligned(tfm
, key
, keylen
);
59 return aead
->setkey(tfm
, key
, keylen
);
62 int crypto_aead_setauthsize(struct crypto_aead
*tfm
, unsigned int authsize
)
64 struct aead_tfm
*crt
= crypto_aead_crt(tfm
);
67 if (authsize
> crypto_aead_alg(tfm
)->maxauthsize
)
70 if (crypto_aead_alg(tfm
)->setauthsize
) {
71 err
= crypto_aead_alg(tfm
)->setauthsize(crt
->base
, authsize
);
76 crypto_aead_crt(crt
->base
)->authsize
= authsize
;
77 crt
->authsize
= authsize
;
80 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize
);
82 static unsigned int crypto_aead_ctxsize(struct crypto_alg
*alg
, u32 type
,
85 return alg
->cra_ctxsize
;
88 static int no_givcrypt(struct aead_givcrypt_request
*req
)
93 static int crypto_init_aead_ops(struct crypto_tfm
*tfm
, u32 type
, u32 mask
)
95 struct aead_alg
*alg
= &tfm
->__crt_alg
->cra_aead
;
96 struct aead_tfm
*crt
= &tfm
->crt_aead
;
98 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
101 crt
->setkey
= tfm
->__crt_alg
->cra_flags
& CRYPTO_ALG_GENIV
?
102 alg
->setkey
: setkey
;
103 crt
->encrypt
= alg
->encrypt
;
104 crt
->decrypt
= alg
->decrypt
;
105 crt
->givencrypt
= alg
->givencrypt
?: no_givcrypt
;
106 crt
->givdecrypt
= alg
->givdecrypt
?: no_givcrypt
;
107 crt
->base
= __crypto_aead_cast(tfm
);
108 crt
->ivsize
= alg
->ivsize
;
109 crt
->authsize
= alg
->maxauthsize
;
115 static int crypto_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
117 struct crypto_report_aead raead
;
118 struct aead_alg
*aead
= &alg
->cra_aead
;
120 strncpy(raead
.type
, "aead", sizeof(raead
.type
));
121 strncpy(raead
.geniv
, aead
->geniv
?: "<built-in>", sizeof(raead
.geniv
));
123 raead
.blocksize
= alg
->cra_blocksize
;
124 raead
.maxauthsize
= aead
->maxauthsize
;
125 raead
.ivsize
= aead
->ivsize
;
127 if (nla_put(skb
, CRYPTOCFGA_REPORT_AEAD
,
128 sizeof(struct crypto_report_aead
), &raead
))
129 goto nla_put_failure
;
136 static int crypto_aead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
142 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
143 __attribute__ ((unused
));
144 static void crypto_aead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
146 struct aead_alg
*aead
= &alg
->cra_aead
;
148 seq_printf(m
, "type : aead\n");
149 seq_printf(m
, "async : %s\n", alg
->cra_flags
& CRYPTO_ALG_ASYNC
?
151 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
152 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
153 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
154 seq_printf(m
, "geniv : %s\n", aead
->geniv
?: "<built-in>");
157 const struct crypto_type crypto_aead_type
= {
158 .ctxsize
= crypto_aead_ctxsize
,
159 .init
= crypto_init_aead_ops
,
160 #ifdef CONFIG_PROC_FS
161 .show
= crypto_aead_show
,
163 .report
= crypto_aead_report
,
165 EXPORT_SYMBOL_GPL(crypto_aead_type
);
167 static int aead_null_givencrypt(struct aead_givcrypt_request
*req
)
169 return crypto_aead_encrypt(&req
->areq
);
172 static int aead_null_givdecrypt(struct aead_givcrypt_request
*req
)
174 return crypto_aead_decrypt(&req
->areq
);
177 static int crypto_init_nivaead_ops(struct crypto_tfm
*tfm
, u32 type
, u32 mask
)
179 struct aead_alg
*alg
= &tfm
->__crt_alg
->cra_aead
;
180 struct aead_tfm
*crt
= &tfm
->crt_aead
;
182 if (max(alg
->maxauthsize
, alg
->ivsize
) > PAGE_SIZE
/ 8)
185 crt
->setkey
= setkey
;
186 crt
->encrypt
= alg
->encrypt
;
187 crt
->decrypt
= alg
->decrypt
;
189 crt
->givencrypt
= aead_null_givencrypt
;
190 crt
->givdecrypt
= aead_null_givdecrypt
;
192 crt
->base
= __crypto_aead_cast(tfm
);
193 crt
->ivsize
= alg
->ivsize
;
194 crt
->authsize
= alg
->maxauthsize
;
200 static int crypto_nivaead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
202 struct crypto_report_aead raead
;
203 struct aead_alg
*aead
= &alg
->cra_aead
;
205 strncpy(raead
.type
, "nivaead", sizeof(raead
.type
));
206 strncpy(raead
.geniv
, aead
->geniv
, sizeof(raead
.geniv
));
208 raead
.blocksize
= alg
->cra_blocksize
;
209 raead
.maxauthsize
= aead
->maxauthsize
;
210 raead
.ivsize
= aead
->ivsize
;
212 if (nla_put(skb
, CRYPTOCFGA_REPORT_AEAD
,
213 sizeof(struct crypto_report_aead
), &raead
))
214 goto nla_put_failure
;
221 static int crypto_nivaead_report(struct sk_buff
*skb
, struct crypto_alg
*alg
)
228 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
229 __attribute__ ((unused
));
230 static void crypto_nivaead_show(struct seq_file
*m
, struct crypto_alg
*alg
)
232 struct aead_alg
*aead
= &alg
->cra_aead
;
234 seq_printf(m
, "type : nivaead\n");
235 seq_printf(m
, "async : %s\n", alg
->cra_flags
& CRYPTO_ALG_ASYNC
?
237 seq_printf(m
, "blocksize : %u\n", alg
->cra_blocksize
);
238 seq_printf(m
, "ivsize : %u\n", aead
->ivsize
);
239 seq_printf(m
, "maxauthsize : %u\n", aead
->maxauthsize
);
240 seq_printf(m
, "geniv : %s\n", aead
->geniv
);
243 const struct crypto_type crypto_nivaead_type
= {
244 .ctxsize
= crypto_aead_ctxsize
,
245 .init
= crypto_init_nivaead_ops
,
246 #ifdef CONFIG_PROC_FS
247 .show
= crypto_nivaead_show
,
249 .report
= crypto_nivaead_report
,
251 EXPORT_SYMBOL_GPL(crypto_nivaead_type
);
253 static int crypto_grab_nivaead(struct crypto_aead_spawn
*spawn
,
254 const char *name
, u32 type
, u32 mask
)
256 struct crypto_alg
*alg
;
259 type
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
260 type
|= CRYPTO_ALG_TYPE_AEAD
;
261 mask
|= CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
;
263 alg
= crypto_alg_mod_lookup(name
, type
, mask
);
267 err
= crypto_init_spawn(&spawn
->base
, alg
, spawn
->base
.inst
, mask
);
272 struct crypto_instance
*aead_geniv_alloc(struct crypto_template
*tmpl
,
273 struct rtattr
**tb
, u32 type
,
277 struct crypto_aead_spawn
*spawn
;
278 struct crypto_attr_type
*algt
;
279 struct crypto_instance
*inst
;
280 struct crypto_alg
*alg
;
283 algt
= crypto_get_attr_type(tb
);
285 return ERR_CAST(algt
);
287 if ((algt
->type
^ (CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
)) &
289 return ERR_PTR(-EINVAL
);
291 name
= crypto_attr_alg_name(tb
[1]);
293 return ERR_CAST(name
);
295 inst
= kzalloc(sizeof(*inst
) + sizeof(*spawn
), GFP_KERNEL
);
297 return ERR_PTR(-ENOMEM
);
299 spawn
= crypto_instance_ctx(inst
);
301 /* Ignore async algorithms if necessary. */
302 mask
|= crypto_requires_sync(algt
->type
, algt
->mask
);
304 crypto_set_aead_spawn(spawn
, inst
);
305 err
= crypto_grab_nivaead(spawn
, name
, type
, mask
);
309 alg
= crypto_aead_spawn_alg(spawn
);
312 if (!alg
->cra_aead
.ivsize
)
316 * This is only true if we're constructing an algorithm with its
317 * default IV generator. For the default generator we elide the
318 * template name and double-check the IV generator.
320 if (algt
->mask
& CRYPTO_ALG_GENIV
) {
321 if (strcmp(tmpl
->name
, alg
->cra_aead
.geniv
))
324 memcpy(inst
->alg
.cra_name
, alg
->cra_name
, CRYPTO_MAX_ALG_NAME
);
325 memcpy(inst
->alg
.cra_driver_name
, alg
->cra_driver_name
,
326 CRYPTO_MAX_ALG_NAME
);
329 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
330 "%s(%s)", tmpl
->name
, alg
->cra_name
) >=
333 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
334 "%s(%s)", tmpl
->name
, alg
->cra_driver_name
) >=
339 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
;
340 inst
->alg
.cra_flags
|= alg
->cra_flags
& CRYPTO_ALG_ASYNC
;
341 inst
->alg
.cra_priority
= alg
->cra_priority
;
342 inst
->alg
.cra_blocksize
= alg
->cra_blocksize
;
343 inst
->alg
.cra_alignmask
= alg
->cra_alignmask
;
344 inst
->alg
.cra_type
= &crypto_aead_type
;
346 inst
->alg
.cra_aead
.ivsize
= alg
->cra_aead
.ivsize
;
347 inst
->alg
.cra_aead
.maxauthsize
= alg
->cra_aead
.maxauthsize
;
348 inst
->alg
.cra_aead
.geniv
= alg
->cra_aead
.geniv
;
350 inst
->alg
.cra_aead
.setkey
= alg
->cra_aead
.setkey
;
351 inst
->alg
.cra_aead
.setauthsize
= alg
->cra_aead
.setauthsize
;
352 inst
->alg
.cra_aead
.encrypt
= alg
->cra_aead
.encrypt
;
353 inst
->alg
.cra_aead
.decrypt
= alg
->cra_aead
.decrypt
;
359 crypto_drop_aead(spawn
);
365 EXPORT_SYMBOL_GPL(aead_geniv_alloc
);
367 void aead_geniv_free(struct crypto_instance
*inst
)
369 crypto_drop_aead(crypto_instance_ctx(inst
));
372 EXPORT_SYMBOL_GPL(aead_geniv_free
);
374 int aead_geniv_init(struct crypto_tfm
*tfm
)
376 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
377 struct crypto_aead
*aead
;
379 aead
= crypto_spawn_aead(crypto_instance_ctx(inst
));
381 return PTR_ERR(aead
);
383 tfm
->crt_aead
.base
= aead
;
384 tfm
->crt_aead
.reqsize
+= crypto_aead_reqsize(aead
);
388 EXPORT_SYMBOL_GPL(aead_geniv_init
);
390 void aead_geniv_exit(struct crypto_tfm
*tfm
)
392 crypto_free_aead(tfm
->crt_aead
.base
);
394 EXPORT_SYMBOL_GPL(aead_geniv_exit
);
396 static int crypto_nivaead_default(struct crypto_alg
*alg
, u32 type
, u32 mask
)
398 struct rtattr
*tb
[3];
401 struct crypto_attr_type data
;
405 struct crypto_attr_alg data
;
407 struct crypto_template
*tmpl
;
408 struct crypto_instance
*inst
;
409 struct crypto_alg
*larval
;
413 larval
= crypto_larval_lookup(alg
->cra_driver_name
,
414 CRYPTO_ALG_TYPE_AEAD
| CRYPTO_ALG_GENIV
,
415 CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
416 err
= PTR_ERR(larval
);
421 if (!crypto_is_larval(larval
))
424 ptype
.attr
.rta_len
= sizeof(ptype
);
425 ptype
.attr
.rta_type
= CRYPTOA_TYPE
;
426 ptype
.data
.type
= type
| CRYPTO_ALG_GENIV
;
427 /* GENIV tells the template that we're making a default geniv. */
428 ptype
.data
.mask
= mask
| CRYPTO_ALG_GENIV
;
431 palg
.attr
.rta_len
= sizeof(palg
);
432 palg
.attr
.rta_type
= CRYPTOA_ALG
;
433 /* Must use the exact name to locate ourselves. */
434 memcpy(palg
.data
.name
, alg
->cra_driver_name
, CRYPTO_MAX_ALG_NAME
);
439 geniv
= alg
->cra_aead
.geniv
;
441 tmpl
= crypto_lookup_template(geniv
);
446 inst
= tmpl
->alloc(tb
);
451 err
= crypto_register_instance(tmpl
, inst
);
457 /* Redo the lookup to use the instance we just registered. */
461 crypto_tmpl_put(tmpl
);
463 crypto_larval_kill(larval
);
465 crypto_mod_put(larval
);
471 struct crypto_alg
*crypto_lookup_aead(const char *name
, u32 type
, u32 mask
)
473 struct crypto_alg
*alg
;
475 alg
= crypto_alg_mod_lookup(name
, type
, mask
);
479 if (alg
->cra_type
== &crypto_aead_type
)
482 if (!alg
->cra_aead
.ivsize
)
486 alg
= crypto_alg_mod_lookup(name
, type
| CRYPTO_ALG_TESTED
,
487 mask
& ~CRYPTO_ALG_TESTED
);
491 if (alg
->cra_type
== &crypto_aead_type
) {
492 if ((alg
->cra_flags
^ type
^ ~mask
) & CRYPTO_ALG_TESTED
) {
494 alg
= ERR_PTR(-ENOENT
);
499 BUG_ON(!alg
->cra_aead
.ivsize
);
501 return ERR_PTR(crypto_nivaead_default(alg
, type
, mask
));
503 EXPORT_SYMBOL_GPL(crypto_lookup_aead
);
505 int crypto_grab_aead(struct crypto_aead_spawn
*spawn
, const char *name
,
508 struct crypto_alg
*alg
;
511 type
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
512 type
|= CRYPTO_ALG_TYPE_AEAD
;
513 mask
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
514 mask
|= CRYPTO_ALG_TYPE_MASK
;
516 alg
= crypto_lookup_aead(name
, type
, mask
);
520 err
= crypto_init_spawn(&spawn
->base
, alg
, spawn
->base
.inst
, mask
);
524 EXPORT_SYMBOL_GPL(crypto_grab_aead
);
526 struct crypto_aead
*crypto_alloc_aead(const char *alg_name
, u32 type
, u32 mask
)
528 struct crypto_tfm
*tfm
;
531 type
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
532 type
|= CRYPTO_ALG_TYPE_AEAD
;
533 mask
&= ~(CRYPTO_ALG_TYPE_MASK
| CRYPTO_ALG_GENIV
);
534 mask
|= CRYPTO_ALG_TYPE_MASK
;
537 struct crypto_alg
*alg
;
539 alg
= crypto_lookup_aead(alg_name
, type
, mask
);
545 tfm
= __crypto_alloc_tfm(alg
, type
, mask
);
547 return __crypto_aead_cast(tfm
);
555 if (signal_pending(current
)) {
563 EXPORT_SYMBOL_GPL(crypto_alloc_aead
);
565 MODULE_LICENSE("GPL");
566 MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");