2 * Authenc: Simple AEAD wrapper for IPsec
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/algapi.h>
14 #include <linux/err.h>
15 #include <linux/init.h>
16 #include <linux/kernel.h>
17 #include <linux/module.h>
18 #include <linux/slab.h>
19 #include <linux/spinlock.h>
21 #include "scatterwalk.h"
23 struct authenc_instance_ctx {
24 struct crypto_spawn auth;
25 struct crypto_spawn enc;
27 unsigned int enckeylen;
30 struct crypto_authenc_ctx {
32 struct crypto_hash *auth;
33 struct crypto_ablkcipher *enc;
36 static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
39 struct authenc_instance_ctx *ictx =
40 crypto_instance_ctx(crypto_aead_alg_instance(authenc));
41 unsigned int enckeylen = ictx->enckeylen;
42 unsigned int authkeylen;
43 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
44 struct crypto_hash *auth = ctx->auth;
45 struct crypto_ablkcipher *enc = ctx->enc;
48 if (keylen < enckeylen) {
49 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
52 authkeylen = keylen - enckeylen;
54 crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
55 crypto_hash_set_flags(auth, crypto_aead_get_flags(authenc) &
57 err = crypto_hash_setkey(auth, key, authkeylen);
58 crypto_aead_set_flags(authenc, crypto_hash_get_flags(auth) &
64 crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK);
65 crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc) &
67 err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen);
68 crypto_aead_set_flags(authenc, crypto_ablkcipher_get_flags(enc) &
75 static int crypto_authenc_hash(struct aead_request *req)
77 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
78 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
79 struct crypto_hash *auth = ctx->auth;
80 struct hash_desc desc = {
83 u8 *hash = aead_request_ctx(req);
84 struct scatterlist *dst = req->dst;
85 unsigned int cryptlen = req->cryptlen;
88 hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth),
89 crypto_hash_alignmask(auth) + 1);
91 spin_lock_bh(&ctx->auth_lock);
92 err = crypto_hash_init(&desc);
96 err = crypto_hash_update(&desc, req->assoc, req->assoclen);
100 err = crypto_hash_update(&desc, dst, cryptlen);
104 err = crypto_hash_final(&desc, hash);
106 spin_unlock_bh(&ctx->auth_lock);
111 scatterwalk_map_and_copy(hash, dst, cryptlen,
112 crypto_aead_authsize(authenc), 1);
116 static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
120 err = crypto_authenc_hash(req->data);
122 aead_request_complete(req->data, err);
125 static int crypto_authenc_encrypt(struct aead_request *req)
127 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
128 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
129 struct ablkcipher_request *abreq = aead_request_ctx(req);
132 ablkcipher_request_set_tfm(abreq, ctx->enc);
133 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
134 crypto_authenc_encrypt_done, req);
135 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
138 err = crypto_ablkcipher_encrypt(abreq);
142 return crypto_authenc_hash(req);
145 static int crypto_authenc_verify(struct aead_request *req)
147 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
148 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
149 struct crypto_hash *auth = ctx->auth;
150 struct hash_desc desc = {
152 .flags = aead_request_flags(req),
154 u8 *ohash = aead_request_ctx(req);
156 struct scatterlist *src = req->src;
157 unsigned int cryptlen = req->cryptlen;
158 unsigned int authsize;
161 ohash = (u8 *)ALIGN((unsigned long)ohash + crypto_hash_alignmask(auth),
162 crypto_hash_alignmask(auth) + 1);
163 ihash = ohash + crypto_hash_digestsize(auth);
165 spin_lock_bh(&ctx->auth_lock);
166 err = crypto_hash_init(&desc);
170 err = crypto_hash_update(&desc, req->assoc, req->assoclen);
174 err = crypto_hash_update(&desc, src, cryptlen);
178 err = crypto_hash_final(&desc, ohash);
180 spin_unlock_bh(&ctx->auth_lock);
185 authsize = crypto_aead_authsize(authenc);
186 scatterwalk_map_and_copy(ihash, src, cryptlen, authsize, 0);
187 return memcmp(ihash, ohash, authsize) ? -EINVAL : 0;
190 static void crypto_authenc_decrypt_done(struct crypto_async_request *req,
193 aead_request_complete(req->data, err);
196 static int crypto_authenc_decrypt(struct aead_request *req)
198 struct crypto_aead *authenc = crypto_aead_reqtfm(req);
199 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
200 struct ablkcipher_request *abreq = aead_request_ctx(req);
203 err = crypto_authenc_verify(req);
207 ablkcipher_request_set_tfm(abreq, ctx->enc);
208 ablkcipher_request_set_callback(abreq, aead_request_flags(req),
209 crypto_authenc_decrypt_done, req);
210 ablkcipher_request_set_crypt(abreq, req->src, req->dst, req->cryptlen,
213 return crypto_ablkcipher_decrypt(abreq);
216 static int crypto_authenc_init_tfm(struct crypto_tfm *tfm)
218 struct crypto_instance *inst = (void *)tfm->__crt_alg;
219 struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst);
220 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
221 struct crypto_hash *auth;
222 struct crypto_ablkcipher *enc;
225 auth = crypto_spawn_hash(&ictx->auth);
227 return PTR_ERR(auth);
229 enc = crypto_spawn_ablkcipher(&ictx->enc);
236 tfm->crt_aead.reqsize = max_t(unsigned int,
237 (crypto_hash_alignmask(auth) &
238 ~(crypto_tfm_ctx_alignment() - 1)) +
239 crypto_hash_digestsize(auth) * 2,
240 sizeof(struct ablkcipher_request) +
241 crypto_ablkcipher_reqsize(enc));
243 spin_lock_init(&ctx->auth_lock);
248 crypto_free_hash(auth);
252 static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm)
254 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm);
256 crypto_free_hash(ctx->auth);
257 crypto_free_ablkcipher(ctx->enc);
260 static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb)
262 struct crypto_instance *inst;
263 struct crypto_alg *auth;
264 struct crypto_alg *enc;
265 struct authenc_instance_ctx *ctx;
266 unsigned int enckeylen;
269 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD);
273 auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
274 CRYPTO_ALG_TYPE_HASH_MASK);
276 return ERR_PTR(PTR_ERR(auth));
278 enc = crypto_attr_alg(tb[2], CRYPTO_ALG_TYPE_BLKCIPHER,
279 CRYPTO_ALG_TYPE_BLKCIPHER_MASK);
280 inst = ERR_PTR(PTR_ERR(enc));
284 err = crypto_attr_u32(tb[3], &enckeylen);
288 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
294 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
295 "authenc(%s,%s,%u)", auth->cra_name,
296 enc->cra_name, enckeylen) >= CRYPTO_MAX_ALG_NAME)
299 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
300 "authenc(%s,%s,%u)", auth->cra_driver_name,
301 enc->cra_driver_name, enckeylen) >=
305 ctx = crypto_instance_ctx(inst);
306 ctx->enckeylen = enckeylen;
308 err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK);
312 err = crypto_init_spawn(&ctx->enc, enc, inst, CRYPTO_ALG_TYPE_MASK);
316 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC;
317 inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority;
318 inst->alg.cra_blocksize = enc->cra_blocksize;
319 inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask;
320 inst->alg.cra_type = &crypto_aead_type;
322 inst->alg.cra_aead.ivsize = enc->cra_blkcipher.ivsize;
323 inst->alg.cra_aead.maxauthsize = auth->cra_type == &crypto_hash_type ?
324 auth->cra_hash.digestsize :
325 auth->cra_digest.dia_digestsize;
327 inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
329 inst->alg.cra_init = crypto_authenc_init_tfm;
330 inst->alg.cra_exit = crypto_authenc_exit_tfm;
332 inst->alg.cra_aead.setkey = crypto_authenc_setkey;
333 inst->alg.cra_aead.encrypt = crypto_authenc_encrypt;
334 inst->alg.cra_aead.decrypt = crypto_authenc_decrypt;
339 crypto_mod_put(auth);
343 crypto_drop_spawn(&ctx->auth);
351 static void crypto_authenc_free(struct crypto_instance *inst)
353 struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst);
355 crypto_drop_spawn(&ctx->enc);
356 crypto_drop_spawn(&ctx->auth);
360 static struct crypto_template crypto_authenc_tmpl = {
362 .alloc = crypto_authenc_alloc,
363 .free = crypto_authenc_free,
364 .module = THIS_MODULE,
367 static int __init crypto_authenc_module_init(void)
369 return crypto_register_template(&crypto_authenc_tmpl);
372 static void __exit crypto_authenc_module_exit(void)
374 crypto_unregister_template(&crypto_authenc_tmpl);
377 module_init(crypto_authenc_module_init);
378 module_exit(crypto_authenc_module_exit);
380 MODULE_LICENSE("GPL");
381 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");