2 * Authenc: Simple AEAD wrapper for IPsec
4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <crypto/aead.h>
14 #include <crypto/internal/skcipher.h>
15 #include <crypto/authenc.h>
16 #include <crypto/scatterwalk.h>
17 #include <linux/err.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/module.h>
21 #include <linux/rtnetlink.h>
22 #include <linux/slab.h>
23 #include <linux/spinlock.h>
25 struct authenc_instance_ctx
{
26 struct crypto_spawn auth
;
27 struct crypto_skcipher_spawn enc
;
30 struct crypto_authenc_ctx
{
32 struct crypto_hash
*auth
;
33 struct crypto_ablkcipher
*enc
;
36 static int crypto_authenc_setkey(struct crypto_aead
*authenc
, const u8
*key
,
39 unsigned int authkeylen
;
40 unsigned int enckeylen
;
41 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
42 struct crypto_hash
*auth
= ctx
->auth
;
43 struct crypto_ablkcipher
*enc
= ctx
->enc
;
44 struct rtattr
*rta
= (void *)key
;
45 struct crypto_authenc_key_param
*param
;
48 if (!RTA_OK(rta
, keylen
))
50 if (rta
->rta_type
!= CRYPTO_AUTHENC_KEYA_PARAM
)
52 if (RTA_PAYLOAD(rta
) < sizeof(*param
))
55 param
= RTA_DATA(rta
);
56 enckeylen
= be32_to_cpu(param
->enckeylen
);
58 key
+= RTA_ALIGN(rta
->rta_len
);
59 keylen
-= RTA_ALIGN(rta
->rta_len
);
61 if (keylen
< enckeylen
)
64 authkeylen
= keylen
- enckeylen
;
66 crypto_hash_clear_flags(auth
, CRYPTO_TFM_REQ_MASK
);
67 crypto_hash_set_flags(auth
, crypto_aead_get_flags(authenc
) &
69 err
= crypto_hash_setkey(auth
, key
, authkeylen
);
70 crypto_aead_set_flags(authenc
, crypto_hash_get_flags(auth
) &
76 crypto_ablkcipher_clear_flags(enc
, CRYPTO_TFM_REQ_MASK
);
77 crypto_ablkcipher_set_flags(enc
, crypto_aead_get_flags(authenc
) &
79 err
= crypto_ablkcipher_setkey(enc
, key
+ authkeylen
, enckeylen
);
80 crypto_aead_set_flags(authenc
, crypto_ablkcipher_get_flags(enc
) &
87 crypto_aead_set_flags(authenc
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
91 static void authenc_chain(struct scatterlist
*head
, struct scatterlist
*sg
,
95 head
->length
+= sg
->length
;
96 sg
= scatterwalk_sg_next(sg
);
100 scatterwalk_sg_chain(head
, 2, sg
);
105 static u8
*crypto_authenc_hash(struct aead_request
*req
, unsigned int flags
,
106 struct scatterlist
*cipher
,
107 unsigned int cryptlen
)
109 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
110 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
111 struct crypto_hash
*auth
= ctx
->auth
;
112 struct hash_desc desc
= {
114 .flags
= aead_request_flags(req
) & flags
,
116 u8
*hash
= aead_request_ctx(req
);
119 hash
= (u8
*)ALIGN((unsigned long)hash
+ crypto_hash_alignmask(auth
),
120 crypto_hash_alignmask(auth
) + 1);
122 spin_lock_bh(&ctx
->auth_lock
);
123 err
= crypto_hash_init(&desc
);
127 err
= crypto_hash_update(&desc
, req
->assoc
, req
->assoclen
);
131 err
= crypto_hash_update(&desc
, cipher
, cryptlen
);
135 err
= crypto_hash_final(&desc
, hash
);
137 spin_unlock_bh(&ctx
->auth_lock
);
145 static int crypto_authenc_genicv(struct aead_request
*req
, u8
*iv
,
148 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
149 struct scatterlist
*dst
= req
->dst
;
150 struct scatterlist cipher
[2];
152 unsigned int ivsize
= crypto_aead_ivsize(authenc
);
153 unsigned int cryptlen
;
158 vdst
= PageHighMem(dstp
) ? NULL
: page_address(dstp
) + dst
->offset
;
161 sg_init_table(cipher
, 2);
162 sg_set_buf(cipher
, iv
, ivsize
);
163 authenc_chain(cipher
, dst
, vdst
== iv
+ ivsize
);
167 cryptlen
= req
->cryptlen
+ ivsize
;
168 hash
= crypto_authenc_hash(req
, flags
, dst
, cryptlen
);
170 return PTR_ERR(hash
);
172 scatterwalk_map_and_copy(hash
, dst
, cryptlen
,
173 crypto_aead_authsize(authenc
), 1);
177 static void crypto_authenc_encrypt_done(struct crypto_async_request
*req
,
180 struct aead_request
*areq
= req
->data
;
183 struct crypto_aead
*authenc
= crypto_aead_reqtfm(areq
);
184 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
185 struct ablkcipher_request
*abreq
= aead_request_ctx(areq
);
186 u8
*iv
= (u8
*)(abreq
+ 1) +
187 crypto_ablkcipher_reqsize(ctx
->enc
);
189 err
= crypto_authenc_genicv(areq
, iv
, 0);
192 aead_request_complete(areq
, err
);
195 static int crypto_authenc_encrypt(struct aead_request
*req
)
197 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
198 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
199 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
200 struct crypto_ablkcipher
*enc
= ctx
->enc
;
201 struct scatterlist
*dst
= req
->dst
;
202 unsigned int cryptlen
= req
->cryptlen
;
203 u8
*iv
= (u8
*)(abreq
+ 1) + crypto_ablkcipher_reqsize(enc
);
206 ablkcipher_request_set_tfm(abreq
, enc
);
207 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
208 crypto_authenc_encrypt_done
, req
);
209 ablkcipher_request_set_crypt(abreq
, req
->src
, dst
, cryptlen
, req
->iv
);
211 memcpy(iv
, req
->iv
, crypto_aead_ivsize(authenc
));
213 err
= crypto_ablkcipher_encrypt(abreq
);
217 return crypto_authenc_genicv(req
, iv
, CRYPTO_TFM_REQ_MAY_SLEEP
);
220 static void crypto_authenc_givencrypt_done(struct crypto_async_request
*req
,
223 struct aead_request
*areq
= req
->data
;
226 struct skcipher_givcrypt_request
*greq
= aead_request_ctx(areq
);
228 err
= crypto_authenc_genicv(areq
, greq
->giv
, 0);
231 aead_request_complete(areq
, err
);
234 static int crypto_authenc_givencrypt(struct aead_givcrypt_request
*req
)
236 struct crypto_aead
*authenc
= aead_givcrypt_reqtfm(req
);
237 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
238 struct aead_request
*areq
= &req
->areq
;
239 struct skcipher_givcrypt_request
*greq
= aead_request_ctx(areq
);
243 skcipher_givcrypt_set_tfm(greq
, ctx
->enc
);
244 skcipher_givcrypt_set_callback(greq
, aead_request_flags(areq
),
245 crypto_authenc_givencrypt_done
, areq
);
246 skcipher_givcrypt_set_crypt(greq
, areq
->src
, areq
->dst
, areq
->cryptlen
,
248 skcipher_givcrypt_set_giv(greq
, iv
, req
->seq
);
250 err
= crypto_skcipher_givencrypt(greq
);
254 return crypto_authenc_genicv(areq
, iv
, CRYPTO_TFM_REQ_MAY_SLEEP
);
257 static int crypto_authenc_verify(struct aead_request
*req
,
258 struct scatterlist
*cipher
,
259 unsigned int cryptlen
)
261 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
264 unsigned int authsize
;
266 ohash
= crypto_authenc_hash(req
, CRYPTO_TFM_REQ_MAY_SLEEP
, cipher
,
269 return PTR_ERR(ohash
);
271 authsize
= crypto_aead_authsize(authenc
);
272 ihash
= ohash
+ authsize
;
273 scatterwalk_map_and_copy(ihash
, cipher
, cryptlen
, authsize
, 0);
274 return memcmp(ihash
, ohash
, authsize
) ? -EBADMSG
: 0;
277 static int crypto_authenc_iverify(struct aead_request
*req
, u8
*iv
,
278 unsigned int cryptlen
)
280 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
281 struct scatterlist
*src
= req
->src
;
282 struct scatterlist cipher
[2];
284 unsigned int ivsize
= crypto_aead_ivsize(authenc
);
288 vsrc
= PageHighMem(srcp
) ? NULL
: page_address(srcp
) + src
->offset
;
291 sg_init_table(cipher
, 2);
292 sg_set_buf(cipher
, iv
, ivsize
);
293 authenc_chain(cipher
, src
, vsrc
== iv
+ ivsize
);
297 return crypto_authenc_verify(req
, src
, cryptlen
+ ivsize
);
300 static int crypto_authenc_decrypt(struct aead_request
*req
)
302 struct crypto_aead
*authenc
= crypto_aead_reqtfm(req
);
303 struct crypto_authenc_ctx
*ctx
= crypto_aead_ctx(authenc
);
304 struct ablkcipher_request
*abreq
= aead_request_ctx(req
);
305 unsigned int cryptlen
= req
->cryptlen
;
306 unsigned int authsize
= crypto_aead_authsize(authenc
);
310 if (cryptlen
< authsize
)
312 cryptlen
-= authsize
;
314 err
= crypto_authenc_iverify(req
, iv
, cryptlen
);
318 ablkcipher_request_set_tfm(abreq
, ctx
->enc
);
319 ablkcipher_request_set_callback(abreq
, aead_request_flags(req
),
320 req
->base
.complete
, req
->base
.data
);
321 ablkcipher_request_set_crypt(abreq
, req
->src
, req
->dst
, cryptlen
, iv
);
323 return crypto_ablkcipher_decrypt(abreq
);
326 static int crypto_authenc_init_tfm(struct crypto_tfm
*tfm
)
328 struct crypto_instance
*inst
= (void *)tfm
->__crt_alg
;
329 struct authenc_instance_ctx
*ictx
= crypto_instance_ctx(inst
);
330 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
331 struct crypto_hash
*auth
;
332 struct crypto_ablkcipher
*enc
;
335 auth
= crypto_spawn_hash(&ictx
->auth
);
337 return PTR_ERR(auth
);
339 enc
= crypto_spawn_skcipher(&ictx
->enc
);
346 tfm
->crt_aead
.reqsize
= max_t(unsigned int,
347 (crypto_hash_alignmask(auth
) &
348 ~(crypto_tfm_ctx_alignment() - 1)) +
349 crypto_hash_digestsize(auth
) * 2,
350 sizeof(struct skcipher_givcrypt_request
) +
351 crypto_ablkcipher_reqsize(enc
) +
352 crypto_ablkcipher_ivsize(enc
));
354 spin_lock_init(&ctx
->auth_lock
);
359 crypto_free_hash(auth
);
363 static void crypto_authenc_exit_tfm(struct crypto_tfm
*tfm
)
365 struct crypto_authenc_ctx
*ctx
= crypto_tfm_ctx(tfm
);
367 crypto_free_hash(ctx
->auth
);
368 crypto_free_ablkcipher(ctx
->enc
);
371 static struct crypto_instance
*crypto_authenc_alloc(struct rtattr
**tb
)
373 struct crypto_attr_type
*algt
;
374 struct crypto_instance
*inst
;
375 struct crypto_alg
*auth
;
376 struct crypto_alg
*enc
;
377 struct authenc_instance_ctx
*ctx
;
378 const char *enc_name
;
381 algt
= crypto_get_attr_type(tb
);
386 if ((algt
->type
^ CRYPTO_ALG_TYPE_AEAD
) & algt
->mask
)
387 return ERR_PTR(-EINVAL
);
389 auth
= crypto_attr_alg(tb
[1], CRYPTO_ALG_TYPE_HASH
,
390 CRYPTO_ALG_TYPE_HASH_MASK
);
392 return ERR_PTR(PTR_ERR(auth
));
394 enc_name
= crypto_attr_alg_name(tb
[2]);
395 err
= PTR_ERR(enc_name
);
396 if (IS_ERR(enc_name
))
399 inst
= kzalloc(sizeof(*inst
) + sizeof(*ctx
), GFP_KERNEL
);
404 ctx
= crypto_instance_ctx(inst
);
406 err
= crypto_init_spawn(&ctx
->auth
, auth
, inst
, CRYPTO_ALG_TYPE_MASK
);
410 crypto_set_skcipher_spawn(&ctx
->enc
, inst
);
411 err
= crypto_grab_skcipher(&ctx
->enc
, enc_name
, 0,
412 crypto_requires_sync(algt
->type
,
417 enc
= crypto_skcipher_spawn_alg(&ctx
->enc
);
420 if (snprintf(inst
->alg
.cra_name
, CRYPTO_MAX_ALG_NAME
,
421 "authenc(%s,%s)", auth
->cra_name
, enc
->cra_name
) >=
425 if (snprintf(inst
->alg
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
,
426 "authenc(%s,%s)", auth
->cra_driver_name
,
427 enc
->cra_driver_name
) >= CRYPTO_MAX_ALG_NAME
)
430 inst
->alg
.cra_flags
= CRYPTO_ALG_TYPE_AEAD
;
431 inst
->alg
.cra_flags
|= enc
->cra_flags
& CRYPTO_ALG_ASYNC
;
432 inst
->alg
.cra_priority
= enc
->cra_priority
* 10 + auth
->cra_priority
;
433 inst
->alg
.cra_blocksize
= enc
->cra_blocksize
;
434 inst
->alg
.cra_alignmask
= auth
->cra_alignmask
| enc
->cra_alignmask
;
435 inst
->alg
.cra_type
= &crypto_aead_type
;
437 inst
->alg
.cra_aead
.ivsize
= enc
->cra_ablkcipher
.ivsize
;
438 inst
->alg
.cra_aead
.maxauthsize
= auth
->cra_type
== &crypto_hash_type
?
439 auth
->cra_hash
.digestsize
:
440 auth
->cra_digest
.dia_digestsize
;
442 inst
->alg
.cra_ctxsize
= sizeof(struct crypto_authenc_ctx
);
444 inst
->alg
.cra_init
= crypto_authenc_init_tfm
;
445 inst
->alg
.cra_exit
= crypto_authenc_exit_tfm
;
447 inst
->alg
.cra_aead
.setkey
= crypto_authenc_setkey
;
448 inst
->alg
.cra_aead
.encrypt
= crypto_authenc_encrypt
;
449 inst
->alg
.cra_aead
.decrypt
= crypto_authenc_decrypt
;
450 inst
->alg
.cra_aead
.givencrypt
= crypto_authenc_givencrypt
;
453 crypto_mod_put(auth
);
457 crypto_drop_skcipher(&ctx
->enc
);
459 crypto_drop_spawn(&ctx
->auth
);
467 static void crypto_authenc_free(struct crypto_instance
*inst
)
469 struct authenc_instance_ctx
*ctx
= crypto_instance_ctx(inst
);
471 crypto_drop_skcipher(&ctx
->enc
);
472 crypto_drop_spawn(&ctx
->auth
);
476 static struct crypto_template crypto_authenc_tmpl
= {
478 .alloc
= crypto_authenc_alloc
,
479 .free
= crypto_authenc_free
,
480 .module
= THIS_MODULE
,
483 static int __init
crypto_authenc_module_init(void)
485 return crypto_register_template(&crypto_authenc_tmpl
);
488 static void __exit
crypto_authenc_module_exit(void)
490 crypto_unregister_template(&crypto_authenc_tmpl
);
493 module_init(crypto_authenc_module_init
);
494 module_exit(crypto_authenc_module_exit
);
496 MODULE_LICENSE("GPL");
497 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");