[linux-2.6-block.git] / crypto / aead.c

/*
 * AEAD: Authenticated Encryption with Associated Data
 *
 * This file provides API support for AEAD algorithms.
 *
 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */

#include <crypto/internal/aead.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/rtnetlink.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/seq_file.h>
#include <linux/cryptouser.h>
#include <net/netlink.h>

#include "internal.h"

static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
			    unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);
	int ret;
	u8 *buffer, *alignbuffer;
	unsigned long absize;

	absize = keylen + alignmask;
	buffer = kmalloc(absize, GFP_ATOMIC);
	if (!buffer)
		return -ENOMEM;

	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	memcpy(alignbuffer, key, keylen);
	ret = aead->setkey(tfm, alignbuffer, keylen);
	memset(alignbuffer, 0, keylen);
	kfree(buffer);
	return ret;
}

static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);

	if ((unsigned long)key & alignmask)
		return setkey_unaligned(tfm, key, keylen);

	return aead->setkey(tfm, key, keylen);
}

int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
{
	struct aead_tfm *crt = crypto_aead_crt(tfm);
	int err;

	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
		return -EINVAL;

	if (crypto_aead_alg(tfm)->setauthsize) {
		err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
		if (err)
			return err;
	}

	crypto_aead_crt(crt->base)->authsize = authsize;
	crt->authsize = authsize;
	return 0;
}
EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);

static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
					u32 mask)
{
	return alg->cra_ctxsize;
}

static int no_givcrypt(struct aead_givcrypt_request *req)
{
	return -ENOSYS;
}

static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
		      alg->setkey : setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

#ifdef CONFIG_NET
static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	struct crypto_report_aead raead;
	struct aead_alg *aead = &alg->cra_aead;

	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
		 aead->geniv ?: "<built-in>");

	raead.blocksize = alg->cra_blocksize;
	raead.maxauthsize = aead->maxauthsize;
	raead.ivsize = aead->ivsize;

	if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,
		    sizeof(struct crypto_report_aead), &raead))
		goto nla_put_failure;
	return 0;

nla_put_failure:
	return -EMSGSIZE;
}
#else
static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	return -ENOSYS;
}
#endif

static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : aead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv ?: "<built-in>");
}

const struct crypto_type crypto_aead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_aead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_aead_show,
#endif
	.report = crypto_aead_report,
};
EXPORT_SYMBOL_GPL(crypto_aead_type);

static int aead_null_givencrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_encrypt(&req->areq);
}

static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_decrypt(&req->areq);
}

static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	if (!alg->ivsize) {
		crt->givencrypt = aead_null_givencrypt;
		crt->givdecrypt = aead_null_givdecrypt;
	}
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

#ifdef CONFIG_NET
static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	struct crypto_report_aead raead;
	struct aead_alg *aead = &alg->cra_aead;

	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);

	raead.blocksize = alg->cra_blocksize;
	raead.maxauthsize = aead->maxauthsize;
	raead.ivsize = aead->ivsize;

	if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,
		    sizeof(struct crypto_report_aead), &raead))
		goto nla_put_failure;
	return 0;

nla_put_failure:
	return -EMSGSIZE;
}
#else
static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg)
{
	return -ENOSYS;
}
#endif


static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : nivaead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv);
}

const struct crypto_type crypto_nivaead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_nivaead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_nivaead_show,
#endif
	.report = crypto_nivaead_report,
};
EXPORT_SYMBOL_GPL(crypto_nivaead_type);

static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
			       const char *name, u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}

struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl,
					 struct rtattr **tb, u32 type,
					 u32 mask)
{
	const char *name;
	struct crypto_aead_spawn *spawn;
	struct crypto_attr_type *algt;
	struct crypto_instance *inst;
	struct crypto_alg *alg;
	int err;

	algt = crypto_get_attr_type(tb);
	err = PTR_ERR(algt);
	if (IS_ERR(algt))
		return ERR_PTR(err);

	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) &
	    algt->mask)
		return ERR_PTR(-EINVAL);

	name = crypto_attr_alg_name(tb[1]);
	err = PTR_ERR(name);
	if (IS_ERR(name))
		return ERR_PTR(err);

	inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
	if (!inst)
		return ERR_PTR(-ENOMEM);

	spawn = crypto_instance_ctx(inst);

	/* Ignore async algorithms if necessary. */
	mask |= crypto_requires_sync(algt->type, algt->mask);

	crypto_set_aead_spawn(spawn, inst);
	err = crypto_grab_nivaead(spawn, name, type, mask);
	if (err)
		goto err_free_inst;

	alg = crypto_aead_spawn_alg(spawn);

	err = -EINVAL;
	if (!alg->cra_aead.ivsize)
		goto err_drop_alg;

	/*
	 * This is only true if we're constructing an algorithm with its
	 * default IV generator.  For the default generator we elide the
	 * template name and double-check the IV generator.
	 */
	if (algt->mask & CRYPTO_ALG_GENIV) {
		if (strcmp(tmpl->name, alg->cra_aead.geniv))
			goto err_drop_alg;

		memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
		memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
		       CRYPTO_MAX_ALG_NAME);
	} else {
		err = -ENAMETOOLONG;
		if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
		if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_driver_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
	}

	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV;
	inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
	inst->alg.cra_priority = alg->cra_priority;
	inst->alg.cra_blocksize = alg->cra_blocksize;
	inst->alg.cra_alignmask = alg->cra_alignmask;
	inst->alg.cra_type = &crypto_aead_type;

	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;

	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;

out:
	return inst;

err_drop_alg:
	crypto_drop_aead(spawn);
err_free_inst:
	kfree(inst);
	inst = ERR_PTR(err);
	goto out;
}
EXPORT_SYMBOL_GPL(aead_geniv_alloc);

void aead_geniv_free(struct crypto_instance *inst)
{
	crypto_drop_aead(crypto_instance_ctx(inst));
	kfree(inst);
}
EXPORT_SYMBOL_GPL(aead_geniv_free);

int aead_geniv_init(struct crypto_tfm *tfm)
{
	struct crypto_instance *inst = (void *)tfm->__crt_alg;
	struct crypto_aead *aead;

	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
	if (IS_ERR(aead))
		return PTR_ERR(aead);

	tfm->crt_aead.base = aead;
	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);

	return 0;
}
EXPORT_SYMBOL_GPL(aead_geniv_init);

void aead_geniv_exit(struct crypto_tfm *tfm)
{
	crypto_free_aead(tfm->crt_aead.base);
}
EXPORT_SYMBOL_GPL(aead_geniv_exit);

static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
{
	struct rtattr *tb[3];
	struct {
		struct rtattr attr;
		struct crypto_attr_type data;
	} ptype;
	struct {
		struct rtattr attr;
		struct crypto_attr_alg data;
	} palg;
	struct crypto_template *tmpl;
	struct crypto_instance *inst;
	struct crypto_alg *larval;
	const char *geniv;
	int err;

	larval = crypto_larval_lookup(alg->cra_driver_name,
				      CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV,
				      CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	err = PTR_ERR(larval);
	if (IS_ERR(larval))
		goto out;

	err = -EAGAIN;
	if (!crypto_is_larval(larval))
		goto drop_larval;

	ptype.attr.rta_len = sizeof(ptype);
	ptype.attr.rta_type = CRYPTOA_TYPE;
	ptype.data.type = type | CRYPTO_ALG_GENIV;
	/* GENIV tells the template that we're making a default geniv. */
	ptype.data.mask = mask | CRYPTO_ALG_GENIV;
	tb[0] = &ptype.attr;

	palg.attr.rta_len = sizeof(palg);
	palg.attr.rta_type = CRYPTOA_ALG;
	/* Must use the exact name to locate ourselves. */
	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	tb[1] = &palg.attr;

	tb[2] = NULL;

	geniv = alg->cra_aead.geniv;

	tmpl = crypto_lookup_template(geniv);
	err = -ENOENT;
	if (!tmpl)
		goto kill_larval;

	inst = tmpl->alloc(tb);
	err = PTR_ERR(inst);
	if (IS_ERR(inst))
		goto put_tmpl;

	if ((err = crypto_register_instance(tmpl, inst))) {
		tmpl->free(inst);
		goto put_tmpl;
	}

	/* Redo the lookup to use the instance we just registered. */
	err = -EAGAIN;

put_tmpl:
	crypto_tmpl_put(tmpl);
kill_larval:
	crypto_larval_kill(larval);
drop_larval:
	crypto_mod_put(larval);
out:
	crypto_mod_put(alg);
	return err;
}

struct crypto_alg *crypto_lookup_aead(const char *name, u32 type, u32 mask)
{
	struct crypto_alg *alg;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type)
		return alg;

	if (!alg->cra_aead.ivsize)
		return alg;

	crypto_mod_put(alg);
	alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED,
				    mask & ~CRYPTO_ALG_TESTED);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type) {
		if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
			crypto_mod_put(alg);
			alg = ERR_PTR(-ENOENT);
		}
		return alg;
	}

	BUG_ON(!alg->cra_aead.ivsize);

	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
}
EXPORT_SYMBOL_GPL(crypto_lookup_aead);

int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name,
		     u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	alg = crypto_lookup_aead(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}
EXPORT_SYMBOL_GPL(crypto_grab_aead);

struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
{
	struct crypto_tfm *tfm;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	for (;;) {
		struct crypto_alg *alg;

		alg = crypto_lookup_aead(alg_name, type, mask);
		if (IS_ERR(alg)) {
			err = PTR_ERR(alg);
			goto err;
		}

		tfm = __crypto_alloc_tfm(alg, type, mask);
		if (!IS_ERR(tfm))
			return __crypto_aead_cast(tfm);

		crypto_mod_put(alg);
		err = PTR_ERR(tfm);

err:
		if (err != -EAGAIN)
			break;
		if (signal_pending(current)) {
			err = -EINTR;
			break;
		}
	}

	return ERR_PTR(err);
}
EXPORT_SYMBOL_GPL(crypto_alloc_aead);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
Commit	Line	Data
1ae97820 HX	1	/*
1ae97820 HX	2	* AEAD: Authenticated Encryption with Associated Data
3922538f	3	*
1ae97820 HX	4	* This file provides API support for AEAD algorithms.
	5	*
	6	* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
	7	*
	8	* This program is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the Free
3922538f	10	* Software Foundation; either version 2 of the License, or (at your option)
1ae97820 HX	11	* any later version.
	12	*
	13	*/
	14
5b6d2d7f HX	15	#include <crypto/internal/aead.h>
5b6d2d7f HX	16	#include <linux/err.h>
1ae97820 HX	17	#include <linux/init.h>
	18	#include <linux/kernel.h>
	19	#include <linux/module.h>
d29ce988	20	#include <linux/rtnetlink.h>
d43c36dc	21	#include <linux/sched.h>
1ae97820 HX	22	#include <linux/slab.h>
1ae97820 HX	23	#include <linux/seq_file.h>
6ad414fe SK	24	#include <linux/cryptouser.h>
6ad414fe SK	25	#include <net/netlink.h>
1ae97820	26
5b6d2d7f HX	27	#include "internal.h"
5b6d2d7f HX	28
1ae97820 HX	29	static int setkey_unaligned(struct crypto_aead tfm, const u8 key,
	30	unsigned int keylen)
	31	{
	32	struct aead_alg *aead = crypto_aead_alg(tfm);
	33	unsigned long alignmask = crypto_aead_alignmask(tfm);
	34	int ret;
	35	u8 buffer, alignbuffer;
	36	unsigned long absize;
	37
	38	absize = keylen + alignmask;
	39	buffer = kmalloc(absize, GFP_ATOMIC);
	40	if (!buffer)
	41	return -ENOMEM;
	42
	43	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	44	memcpy(alignbuffer, key, keylen);
	45	ret = aead->setkey(tfm, alignbuffer, keylen);
	46	memset(alignbuffer, 0, keylen);
	47	kfree(buffer);
	48	return ret;
	49	}
	50
	51	static int setkey(struct crypto_aead tfm, const u8 key, unsigned int keylen)
	52	{
	53	struct aead_alg *aead = crypto_aead_alg(tfm);
	54	unsigned long alignmask = crypto_aead_alignmask(tfm);
	55
	56	if ((unsigned long)key & alignmask)
	57	return setkey_unaligned(tfm, key, keylen);
	58
	59	return aead->setkey(tfm, key, keylen);
	60	}
	61
7ba683a6 HX	62	int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
7ba683a6 HX	63	{
5b6d2d7f	64	struct aead_tfm *crt = crypto_aead_crt(tfm);
7ba683a6 HX	65	int err;
	66
	67	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
	68	return -EINVAL;
	69
	70	if (crypto_aead_alg(tfm)->setauthsize) {
5b6d2d7f	71	err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
7ba683a6 HX	72	if (err)
	73	return err;
	74	}
	75
5b6d2d7f HX	76	crypto_aead_crt(crt->base)->authsize = authsize;
5b6d2d7f HX	77	crt->authsize = authsize;
7ba683a6 HX	78	return 0;
	79	}
	80	EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
	81
1ae97820 HX	82	static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
	83	u32 mask)
	84	{
	85	return alg->cra_ctxsize;
	86	}
	87
aedb30dc	88	static int no_givcrypt(struct aead_givcrypt_request *req)
743edf57 HX	89	{
	90	return -ENOSYS;
	91	}
	92
1ae97820 HX	93	static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	94	{
	95	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	96	struct aead_tfm *crt = &tfm->crt_aead;
	97
7ba683a6	98	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
1ae97820 HX	99	return -EINVAL;
1ae97820 HX	100
5b6d2d7f HX	101	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
5b6d2d7f HX	102	alg->setkey : setkey;
1ae97820 HX	103	crt->encrypt = alg->encrypt;
1ae97820 HX	104	crt->decrypt = alg->decrypt;
aedb30dc HX	105	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
aedb30dc HX	106	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
5b6d2d7f	107	crt->base = __crypto_aead_cast(tfm);
1ae97820	108	crt->ivsize = alg->ivsize;
7ba683a6	109	crt->authsize = alg->maxauthsize;
1ae97820 HX	110
	111	return 0;
	112	}
	113
3acc8473	114	#ifdef CONFIG_NET
6ad414fe SK	115	static int crypto_aead_report(struct sk_buff skb, struct crypto_alg alg)
	116	{
	117	struct crypto_report_aead raead;
	118	struct aead_alg *aead = &alg->cra_aead;
	119
	120	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
	121	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
	122	aead->geniv ?: "<built-in>");
	123
	124	raead.blocksize = alg->cra_blocksize;
	125	raead.maxauthsize = aead->maxauthsize;
	126	raead.ivsize = aead->ivsize;
	127
6662df33 DM	128	if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,
	129	sizeof(struct crypto_report_aead), &raead))
	130	goto nla_put_failure;
6ad414fe SK	131	return 0;
	132
	133	nla_put_failure:
	134	return -EMSGSIZE;
	135	}
3acc8473 HX	136	#else
	137	static int crypto_aead_report(struct sk_buff skb, struct crypto_alg alg)
	138	{
	139	return -ENOSYS;
	140	}
	141	#endif
6ad414fe	142
1ae97820 HX	143	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	144	__attribute__ ((unused));
	145	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	146	{
	147	struct aead_alg *aead = &alg->cra_aead;
	148
	149	seq_printf(m, "type : aead\n");
189ed66e HX	150	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	151	"yes" : "no");
1ae97820 HX	152	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
1ae97820 HX	153	seq_printf(m, "ivsize : %u\n", aead->ivsize);
7ba683a6	154	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
5b6d2d7f	155	seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>");
1ae97820 HX	156	}
	157
	158	const struct crypto_type crypto_aead_type = {
	159	.ctxsize = crypto_aead_ctxsize,
	160	.init = crypto_init_aead_ops,
	161	#ifdef CONFIG_PROC_FS
	162	.show = crypto_aead_show,
	163	#endif
6ad414fe	164	.report = crypto_aead_report,
1ae97820 HX	165	};
	166	EXPORT_SYMBOL_GPL(crypto_aead_type);
	167
5b6d2d7f HX	168	static int aead_null_givencrypt(struct aead_givcrypt_request *req)
	169	{
	170	return crypto_aead_encrypt(&req->areq);
	171	}
	172
	173	static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
	174	{
	175	return crypto_aead_decrypt(&req->areq);
	176	}
	177
	178	static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	179	{
	180	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	181	struct aead_tfm *crt = &tfm->crt_aead;
	182
	183	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
	184	return -EINVAL;
	185
	186	crt->setkey = setkey;
	187	crt->encrypt = alg->encrypt;
	188	crt->decrypt = alg->decrypt;
	189	if (!alg->ivsize) {
	190	crt->givencrypt = aead_null_givencrypt;
	191	crt->givdecrypt = aead_null_givdecrypt;
	192	}
	193	crt->base = __crypto_aead_cast(tfm);
	194	crt->ivsize = alg->ivsize;
	195	crt->authsize = alg->maxauthsize;
	196
	197	return 0;
	198	}
	199
3acc8473	200	#ifdef CONFIG_NET
b735d0a9 SK	201	static int crypto_nivaead_report(struct sk_buff skb, struct crypto_alg alg)
	202	{
	203	struct crypto_report_aead raead;
	204	struct aead_alg *aead = &alg->cra_aead;
	205
	206	snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
	207	snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);
	208
	209	raead.blocksize = alg->cra_blocksize;
	210	raead.maxauthsize = aead->maxauthsize;
	211	raead.ivsize = aead->ivsize;
	212
6662df33 DM	213	if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,
	214	sizeof(struct crypto_report_aead), &raead))
	215	goto nla_put_failure;
b735d0a9 SK	216	return 0;
	217
	218	nla_put_failure:
	219	return -EMSGSIZE;
	220	}
3acc8473 HX	221	#else
	222	static int crypto_nivaead_report(struct sk_buff skb, struct crypto_alg alg)
	223	{
	224	return -ENOSYS;
	225	}
	226	#endif
b735d0a9 SK	227
b735d0a9 SK	228
5b6d2d7f HX	229	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	230	__attribute__ ((unused));
	231	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	232	{
	233	struct aead_alg *aead = &alg->cra_aead;
	234
	235	seq_printf(m, "type : nivaead\n");
189ed66e HX	236	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	237	"yes" : "no");
5b6d2d7f HX	238	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
	239	seq_printf(m, "ivsize : %u\n", aead->ivsize);
	240	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
	241	seq_printf(m, "geniv : %s\n", aead->geniv);
	242	}
	243
	244	const struct crypto_type crypto_nivaead_type = {
	245	.ctxsize = crypto_aead_ctxsize,
	246	.init = crypto_init_nivaead_ops,
	247	#ifdef CONFIG_PROC_FS
	248	.show = crypto_nivaead_show,
	249	#endif
b735d0a9	250	.report = crypto_nivaead_report,
5b6d2d7f HX	251	};
	252	EXPORT_SYMBOL_GPL(crypto_nivaead_type);
	253
	254	static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
	255	const char *name, u32 type, u32 mask)
	256	{
	257	struct crypto_alg *alg;
	258	int err;
	259
	260	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	261	type \|= CRYPTO_ALG_TYPE_AEAD;
	262	mask \|= CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV;
	263
	264	alg = crypto_alg_mod_lookup(name, type, mask);
	265	if (IS_ERR(alg))
	266	return PTR_ERR(alg);
	267
	268	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	269	crypto_mod_put(alg);
	270	return err;
	271	}
	272
	273	struct crypto_instance aead_geniv_alloc(struct crypto_template tmpl,
	274	struct rtattr **tb, u32 type,
	275	u32 mask)
	276	{
	277	const char *name;
	278	struct crypto_aead_spawn *spawn;
	279	struct crypto_attr_type *algt;
	280	struct crypto_instance *inst;
	281	struct crypto_alg *alg;
	282	int err;
	283
	284	algt = crypto_get_attr_type(tb);
	285	err = PTR_ERR(algt);
	286	if (IS_ERR(algt))
	287	return ERR_PTR(err);
	288
	289	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV)) &
	290	algt->mask)
	291	return ERR_PTR(-EINVAL);
	292
	293	name = crypto_attr_alg_name(tb[1]);
	294	err = PTR_ERR(name);
	295	if (IS_ERR(name))
	296	return ERR_PTR(err);
	297
	298	inst = kzalloc(sizeof(inst) + sizeof(spawn), GFP_KERNEL);
	299	if (!inst)
	300	return ERR_PTR(-ENOMEM);
	301
	302	spawn = crypto_instance_ctx(inst);
	303
	304	/* Ignore async algorithms if necessary. */
	305	mask \|= crypto_requires_sync(algt->type, algt->mask);
	306
	307	crypto_set_aead_spawn(spawn, inst);
	308	err = crypto_grab_nivaead(spawn, name, type, mask);
	309	if (err)
	310	goto err_free_inst;
	311
	312	alg = crypto_aead_spawn_alg(spawn);
	313
	314	err = -EINVAL;
315	if (!alg->cra_aead.ivsize)
316	goto err_drop_alg;
317
318	/*
319	* This is only true if we're constructing an algorithm with its
320	* default IV generator. For the default generator we elide the
321	* template name and double-check the IV generator.
322	*/
323	if (algt->mask & CRYPTO_ALG_GENIV) {
324	if (strcmp(tmpl->name, alg->cra_aead.geniv))
325	goto err_drop_alg;
326
327	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
328	memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
329	CRYPTO_MAX_ALG_NAME);
330	} else {
331	err = -ENAMETOOLONG;
332	if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
333	"%s(%s)", tmpl->name, alg->cra_name) >=
334	CRYPTO_MAX_ALG_NAME)
335	goto err_drop_alg;
336	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
337	"%s(%s)", tmpl->name, alg->cra_driver_name) >=
338	CRYPTO_MAX_ALG_NAME)
339	goto err_drop_alg;
340	}
341
342	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV;
343	inst->alg.cra_flags \|= alg->cra_flags & CRYPTO_ALG_ASYNC;
344	inst->alg.cra_priority = alg->cra_priority;
345	inst->alg.cra_blocksize = alg->cra_blocksize;
346	inst->alg.cra_alignmask = alg->cra_alignmask;
347	inst->alg.cra_type = &crypto_aead_type;
348
349	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
350	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
351	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;
352
353	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
354	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
355	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
356	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;
357
358	out:
359	return inst;
360
361	err_drop_alg:
362	crypto_drop_aead(spawn);
363	err_free_inst:
364	kfree(inst);
365	inst = ERR_PTR(err);
366	goto out;
367	}
368	EXPORT_SYMBOL_GPL(aead_geniv_alloc);
369
370	void aead_geniv_free(struct crypto_instance *inst)
371	{
372	crypto_drop_aead(crypto_instance_ctx(inst));
373	kfree(inst);
374	}
375	EXPORT_SYMBOL_GPL(aead_geniv_free);
376
377	int aead_geniv_init(struct crypto_tfm *tfm)
378	{
379	struct crypto_instance inst = (void )tfm->__crt_alg;
380	struct crypto_aead *aead;
381
382	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
383	if (IS_ERR(aead))
384	return PTR_ERR(aead);
385
386	tfm->crt_aead.base = aead;
387	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);
388
389	return 0;
390	}
391	EXPORT_SYMBOL_GPL(aead_geniv_init);
392
393	void aead_geniv_exit(struct crypto_tfm *tfm)
394	{
395	crypto_free_aead(tfm->crt_aead.base);
396	}
397	EXPORT_SYMBOL_GPL(aead_geniv_exit);
398
d29ce988 HX	399	static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
	400	{
	401	struct rtattr *tb[3];
	402	struct {
	403	struct rtattr attr;
	404	struct crypto_attr_type data;
	405	} ptype;
	406	struct {
	407	struct rtattr attr;
	408	struct crypto_attr_alg data;
	409	} palg;
	410	struct crypto_template *tmpl;
	411	struct crypto_instance *inst;
	412	struct crypto_alg *larval;
	413	const char *geniv;
	414	int err;
	415
	416	larval = crypto_larval_lookup(alg->cra_driver_name,
	417	CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV,
	418	CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	419	err = PTR_ERR(larval);
	420	if (IS_ERR(larval))
	421	goto out;
	422
	423	err = -EAGAIN;
	424	if (!crypto_is_larval(larval))
	425	goto drop_larval;
	426
	427	ptype.attr.rta_len = sizeof(ptype);
	428	ptype.attr.rta_type = CRYPTOA_TYPE;
	429	ptype.data.type = type \| CRYPTO_ALG_GENIV;
	430	/* GENIV tells the template that we're making a default geniv. */
	431	ptype.data.mask = mask \| CRYPTO_ALG_GENIV;
	432	tb[0] = &ptype.attr;
	433
	434	palg.attr.rta_len = sizeof(palg);
	435	palg.attr.rta_type = CRYPTOA_ALG;
	436	/* Must use the exact name to locate ourselves. */
	437	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	438	tb[1] = &palg.attr;
	439
	440	tb[2] = NULL;
	441
	442	geniv = alg->cra_aead.geniv;
	443
	444	tmpl = crypto_lookup_template(geniv);
	445	err = -ENOENT;
	446	if (!tmpl)
	447	goto kill_larval;
	448
	449	inst = tmpl->alloc(tb);
	450	err = PTR_ERR(inst);
	451	if (IS_ERR(inst))
	452	goto put_tmpl;
	453
	454	if ((err = crypto_register_instance(tmpl, inst))) {
	455	tmpl->free(inst);
	456	goto put_tmpl;
	457	}
	458
	459	/* Redo the lookup to use the instance we just registered. */
	460	err = -EAGAIN;
	461
	462	put_tmpl:
463	crypto_tmpl_put(tmpl);
464	kill_larval:
465	crypto_larval_kill(larval);
466	drop_larval:
467	crypto_mod_put(larval);
468	out:
469	crypto_mod_put(alg);
470	return err;
471	}
472
1e122994	473	struct crypto_alg crypto_lookup_aead(const char name, u32 type, u32 mask)
d29ce988 HX	474	{
	475	struct crypto_alg *alg;
	476
	477	alg = crypto_alg_mod_lookup(name, type, mask);
	478	if (IS_ERR(alg))
	479	return alg;
	480
	481	if (alg->cra_type == &crypto_aead_type)
	482	return alg;
	483
	484	if (!alg->cra_aead.ivsize)
	485	return alg;
	486
5852ae42 HX	487	crypto_mod_put(alg);
	488	alg = crypto_alg_mod_lookup(name, type \| CRYPTO_ALG_TESTED,
	489	mask & ~CRYPTO_ALG_TESTED);
	490	if (IS_ERR(alg))
	491	return alg;
	492
	493	if (alg->cra_type == &crypto_aead_type) {
	494	if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
	495	crypto_mod_put(alg);
	496	alg = ERR_PTR(-ENOENT);
	497	}
	498	return alg;
	499	}
	500
	501	BUG_ON(!alg->cra_aead.ivsize);
	502
d29ce988 HX	503	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
d29ce988 HX	504	}
1e122994	505	EXPORT_SYMBOL_GPL(crypto_lookup_aead);
d29ce988 HX	506
	507	int crypto_grab_aead(struct crypto_aead_spawn spawn, const char name,
	508	u32 type, u32 mask)
	509	{
	510	struct crypto_alg *alg;
	511	int err;
	512
	513	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	514	type \|= CRYPTO_ALG_TYPE_AEAD;
	515	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	516	mask \|= CRYPTO_ALG_TYPE_MASK;
	517
	518	alg = crypto_lookup_aead(name, type, mask);
	519	if (IS_ERR(alg))
	520	return PTR_ERR(alg);
	521
	522	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	523	crypto_mod_put(alg);
	524	return err;
	525	}
	526	EXPORT_SYMBOL_GPL(crypto_grab_aead);
	527
	528	struct crypto_aead crypto_alloc_aead(const char alg_name, u32 type, u32 mask)
	529	{
	530	struct crypto_tfm *tfm;
	531	int err;
	532
	533	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	534	type \|= CRYPTO_ALG_TYPE_AEAD;
	535	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	536	mask \|= CRYPTO_ALG_TYPE_MASK;
	537
	538	for (;;) {
	539	struct crypto_alg *alg;
	540
	541	alg = crypto_lookup_aead(alg_name, type, mask);
	542	if (IS_ERR(alg)) {
	543	err = PTR_ERR(alg);
	544	goto err;
	545	}
	546
	547	tfm = __crypto_alloc_tfm(alg, type, mask);
	548	if (!IS_ERR(tfm))
	549	return __crypto_aead_cast(tfm);
	550
	551	crypto_mod_put(alg);
	552	err = PTR_ERR(tfm);
	553
	554	err:
	555	if (err != -EAGAIN)
	556	break;
	557	if (signal_pending(current)) {
	558	err = -EINTR;
	559	break;
	560	}
	561	}
	562
	563	return ERR_PTR(err);
	564	}
	565	EXPORT_SYMBOL_GPL(crypto_alloc_aead);
	566
1ae97820 HX	567	MODULE_LICENSE("GPL");
1ae97820 HX	568	MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");