1 /* 2 * Authenc: Simple AEAD wrapper for IPsec 3 * 4 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the Free 8 * Software Foundation; either version 2 of the License, or (at your option) 9 * any later version. 10 * 11 */ 12 13 #include <crypto/aead.h> 14 #include <crypto/internal/hash.h> 15 #include <crypto/internal/skcipher.h> 16 #include <crypto/authenc.h> 17 #include <crypto/scatterwalk.h> 18 #include <linux/err.h> 19 #include <linux/init.h> 20 #include <linux/kernel.h> 21 #include <linux/module.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/slab.h> 24 #include <linux/spinlock.h> 25 26 typedef u8 *(*authenc_ahash_t)(struct aead_request *req, unsigned int flags); 27 28 struct authenc_instance_ctx { 29 struct crypto_ahash_spawn auth; 30 struct crypto_skcipher_spawn enc; 31 }; 32 33 struct crypto_authenc_ctx { 34 unsigned int reqoff; 35 struct crypto_ahash *auth; 36 struct crypto_ablkcipher *enc; 37 }; 38 39 struct authenc_request_ctx { 40 unsigned int cryptlen; 41 struct scatterlist *sg; 42 struct scatterlist asg[2]; 43 struct scatterlist cipher[2]; 44 crypto_completion_t complete; 45 crypto_completion_t update_complete; 46 char tail[]; 47 }; 48 49 static void authenc_request_complete(struct aead_request *req, int err) 50 { 51 if (err != -EINPROGRESS) 52 aead_request_complete(req, err); 53 } 54 55 static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, 56 unsigned int keylen) 57 { 58 unsigned int authkeylen; 59 unsigned int enckeylen; 60 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 61 struct crypto_ahash *auth = ctx->auth; 62 struct crypto_ablkcipher *enc = ctx->enc; 63 struct rtattr *rta = (void *)key; 64 struct crypto_authenc_key_param *param; 65 int err = -EINVAL; 66 67 if (!RTA_OK(rta, keylen)) 68 goto badkey; 69 if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) 70 goto badkey; 71 if (RTA_PAYLOAD(rta) < sizeof(*param)) 72 goto badkey; 73 74 param = RTA_DATA(rta); 75 enckeylen = be32_to_cpu(param->enckeylen); 76 77 key += RTA_ALIGN(rta->rta_len); 78 keylen -= RTA_ALIGN(rta->rta_len); 79 80 if (keylen < enckeylen) 81 goto badkey; 82 83 authkeylen = keylen - enckeylen; 84 85 crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); 86 crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) & 87 CRYPTO_TFM_REQ_MASK); 88 err = crypto_ahash_setkey(auth, key, authkeylen); 89 crypto_aead_set_flags(authenc, crypto_ahash_get_flags(auth) & 90 CRYPTO_TFM_RES_MASK); 91 92 if (err) 93 goto out; 94 95 crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK); 96 crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc) & 97 CRYPTO_TFM_REQ_MASK); 98 err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen); 99 crypto_aead_set_flags(authenc, crypto_ablkcipher_get_flags(enc) & 100 CRYPTO_TFM_RES_MASK); 101 102 out: 103 return err; 104 105 badkey: 106 crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); 107 goto out; 108 } 109 110 static void authenc_chain(struct scatterlist *head, struct scatterlist *sg, 111 int chain) 112 { 113 if (chain) { 114 head->length += sg->length; 115 sg = scatterwalk_sg_next(sg); 116 } 117 118 if (sg) 119 scatterwalk_sg_chain(head, 2, sg); 120 else 121 sg_mark_end(head); 122 } 123 124 static void authenc_geniv_ahash_update_done(struct crypto_async_request *areq, 125 int err) 126 { 127 struct aead_request *req = areq->data; 128 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 129 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 130 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 131 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 132 133 if (err) 134 goto out; 135 136 ahash_request_set_crypt(ahreq, areq_ctx->sg, ahreq->result, 137 areq_ctx->cryptlen); 138 ahash_request_set_callback(ahreq, aead_request_flags(req) & 139 CRYPTO_TFM_REQ_MAY_SLEEP, 140 areq_ctx->complete, req); 141 142 err = crypto_ahash_finup(ahreq); 143 if (err) 144 goto out; 145 146 scatterwalk_map_and_copy(ahreq->result, areq_ctx->sg, 147 areq_ctx->cryptlen, 148 crypto_aead_authsize(authenc), 1); 149 150 out: 151 authenc_request_complete(req, err); 152 } 153 154 static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err) 155 { 156 struct aead_request *req = areq->data; 157 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 158 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 159 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 160 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 161 162 if (err) 163 goto out; 164 165 scatterwalk_map_and_copy(ahreq->result, areq_ctx->sg, 166 areq_ctx->cryptlen, 167 crypto_aead_authsize(authenc), 1); 168 169 out: 170 aead_request_complete(req, err); 171 } 172 173 static void authenc_verify_ahash_update_done(struct crypto_async_request *areq, 174 int err) 175 { 176 u8 *ihash; 177 unsigned int authsize; 178 struct ablkcipher_request *abreq; 179 struct aead_request *req = areq->data; 180 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 181 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 182 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 183 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 184 unsigned int cryptlen = req->cryptlen; 185 186 if (err) 187 goto out; 188 189 ahash_request_set_crypt(ahreq, areq_ctx->sg, ahreq->result, 190 areq_ctx->cryptlen); 191 ahash_request_set_callback(ahreq, aead_request_flags(req) & 192 CRYPTO_TFM_REQ_MAY_SLEEP, 193 areq_ctx->complete, req); 194 195 err = crypto_ahash_finup(ahreq); 196 if (err) 197 goto out; 198 199 authsize = crypto_aead_authsize(authenc); 200 cryptlen -= authsize; 201 ihash = ahreq->result + authsize; 202 scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, 203 authsize, 0); 204 205 err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; 206 if (err) 207 goto out; 208 209 abreq = aead_request_ctx(req); 210 ablkcipher_request_set_tfm(abreq, ctx->enc); 211 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 212 req->base.complete, req->base.data); 213 ablkcipher_request_set_crypt(abreq, req->src, req->dst, 214 cryptlen, req->iv); 215 216 err = crypto_ablkcipher_decrypt(abreq); 217 218 out: 219 authenc_request_complete(req, err); 220 } 221 222 static void authenc_verify_ahash_done(struct crypto_async_request *areq, 223 int err) 224 { 225 u8 *ihash; 226 unsigned int authsize; 227 struct ablkcipher_request *abreq; 228 struct aead_request *req = areq->data; 229 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 230 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 231 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 232 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 233 unsigned int cryptlen = req->cryptlen; 234 235 if (err) 236 goto out; 237 238 authsize = crypto_aead_authsize(authenc); 239 cryptlen -= authsize; 240 ihash = ahreq->result + authsize; 241 scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, 242 authsize, 0); 243 244 err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; 245 if (err) 246 goto out; 247 248 abreq = aead_request_ctx(req); 249 ablkcipher_request_set_tfm(abreq, ctx->enc); 250 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 251 req->base.complete, req->base.data); 252 ablkcipher_request_set_crypt(abreq, req->src, req->dst, 253 cryptlen, req->iv); 254 255 err = crypto_ablkcipher_decrypt(abreq); 256 257 out: 258 authenc_request_complete(req, err); 259 } 260 261 static u8 *crypto_authenc_ahash_fb(struct aead_request *req, unsigned int flags) 262 { 263 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 264 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 265 struct crypto_ahash *auth = ctx->auth; 266 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 267 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 268 u8 *hash = areq_ctx->tail; 269 int err; 270 271 hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth), 272 crypto_ahash_alignmask(auth) + 1); 273 274 ahash_request_set_tfm(ahreq, auth); 275 276 err = crypto_ahash_init(ahreq); 277 if (err) 278 return ERR_PTR(err); 279 280 ahash_request_set_crypt(ahreq, req->assoc, hash, req->assoclen); 281 ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, 282 areq_ctx->update_complete, req); 283 284 err = crypto_ahash_update(ahreq); 285 if (err) 286 return ERR_PTR(err); 287 288 ahash_request_set_crypt(ahreq, areq_ctx->sg, hash, 289 areq_ctx->cryptlen); 290 ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, 291 areq_ctx->complete, req); 292 293 err = crypto_ahash_finup(ahreq); 294 if (err) 295 return ERR_PTR(err); 296 297 return hash; 298 } 299 300 static u8 *crypto_authenc_ahash(struct aead_request *req, unsigned int flags) 301 { 302 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 303 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 304 struct crypto_ahash *auth = ctx->auth; 305 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 306 struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); 307 u8 *hash = areq_ctx->tail; 308 int err; 309 310 hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth), 311 crypto_ahash_alignmask(auth) + 1); 312 313 ahash_request_set_tfm(ahreq, auth); 314 ahash_request_set_crypt(ahreq, areq_ctx->sg, hash, 315 areq_ctx->cryptlen); 316 ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, 317 areq_ctx->complete, req); 318 319 err = crypto_ahash_digest(ahreq); 320 if (err) 321 return ERR_PTR(err); 322 323 return hash; 324 } 325 326 static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, 327 unsigned int flags) 328 { 329 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 330 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 331 struct scatterlist *dst = req->dst; 332 struct scatterlist *assoc = req->assoc; 333 struct scatterlist *cipher = areq_ctx->cipher; 334 struct scatterlist *asg = areq_ctx->asg; 335 unsigned int ivsize = crypto_aead_ivsize(authenc); 336 unsigned int cryptlen = req->cryptlen; 337 authenc_ahash_t authenc_ahash_fn = crypto_authenc_ahash_fb; 338 struct page *dstp; 339 u8 *vdst; 340 u8 *hash; 341 342 dstp = sg_page(dst); 343 vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; 344 345 if (ivsize) { 346 sg_init_table(cipher, 2); 347 sg_set_buf(cipher, iv, ivsize); 348 authenc_chain(cipher, dst, vdst == iv + ivsize); 349 dst = cipher; 350 cryptlen += ivsize; 351 } 352 353 if (sg_is_last(assoc)) { 354 authenc_ahash_fn = crypto_authenc_ahash; 355 sg_init_table(asg, 2); 356 sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset); 357 authenc_chain(asg, dst, 0); 358 dst = asg; 359 cryptlen += req->assoclen; 360 } 361 362 areq_ctx->cryptlen = cryptlen; 363 areq_ctx->sg = dst; 364 365 areq_ctx->complete = authenc_geniv_ahash_done; 366 areq_ctx->update_complete = authenc_geniv_ahash_update_done; 367 368 hash = authenc_ahash_fn(req, flags); 369 if (IS_ERR(hash)) 370 return PTR_ERR(hash); 371 372 scatterwalk_map_and_copy(hash, dst, cryptlen, 373 crypto_aead_authsize(authenc), 1); 374 return 0; 375 } 376 377 static void crypto_authenc_encrypt_done(struct crypto_async_request *req, 378 int err) 379 { 380 struct aead_request *areq = req->data; 381 382 if (!err) { 383 struct crypto_aead *authenc = crypto_aead_reqtfm(areq); 384 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 385 struct ablkcipher_request *abreq = aead_request_ctx(areq); 386 u8 *iv = (u8 *)(abreq + 1) + 387 crypto_ablkcipher_reqsize(ctx->enc); 388 389 err = crypto_authenc_genicv(areq, iv, 0); 390 } 391 392 authenc_request_complete(areq, err); 393 } 394 395 static int crypto_authenc_encrypt(struct aead_request *req) 396 { 397 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 398 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 399 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 400 struct crypto_ablkcipher *enc = ctx->enc; 401 struct scatterlist *dst = req->dst; 402 unsigned int cryptlen = req->cryptlen; 403 struct ablkcipher_request *abreq = (void *)(areq_ctx->tail 404 + ctx->reqoff); 405 u8 *iv = (u8 *)abreq - crypto_ablkcipher_ivsize(enc); 406 int err; 407 408 ablkcipher_request_set_tfm(abreq, enc); 409 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 410 crypto_authenc_encrypt_done, req); 411 ablkcipher_request_set_crypt(abreq, req->src, dst, cryptlen, req->iv); 412 413 memcpy(iv, req->iv, crypto_aead_ivsize(authenc)); 414 415 err = crypto_ablkcipher_encrypt(abreq); 416 if (err) 417 return err; 418 419 return crypto_authenc_genicv(req, iv, CRYPTO_TFM_REQ_MAY_SLEEP); 420 } 421 422 static void crypto_authenc_givencrypt_done(struct crypto_async_request *req, 423 int err) 424 { 425 struct aead_request *areq = req->data; 426 427 if (!err) { 428 struct skcipher_givcrypt_request *greq = aead_request_ctx(areq); 429 430 err = crypto_authenc_genicv(areq, greq->giv, 0); 431 } 432 433 authenc_request_complete(areq, err); 434 } 435 436 static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req) 437 { 438 struct crypto_aead *authenc = aead_givcrypt_reqtfm(req); 439 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 440 struct aead_request *areq = &req->areq; 441 struct skcipher_givcrypt_request *greq = aead_request_ctx(areq); 442 u8 *iv = req->giv; 443 int err; 444 445 skcipher_givcrypt_set_tfm(greq, ctx->enc); 446 skcipher_givcrypt_set_callback(greq, aead_request_flags(areq), 447 crypto_authenc_givencrypt_done, areq); 448 skcipher_givcrypt_set_crypt(greq, areq->src, areq->dst, areq->cryptlen, 449 areq->iv); 450 skcipher_givcrypt_set_giv(greq, iv, req->seq); 451 452 err = crypto_skcipher_givencrypt(greq); 453 if (err) 454 return err; 455 456 return crypto_authenc_genicv(areq, iv, CRYPTO_TFM_REQ_MAY_SLEEP); 457 } 458 459 static int crypto_authenc_verify(struct aead_request *req, 460 authenc_ahash_t authenc_ahash_fn) 461 { 462 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 463 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 464 u8 *ohash; 465 u8 *ihash; 466 unsigned int authsize; 467 468 areq_ctx->complete = authenc_verify_ahash_done; 469 areq_ctx->update_complete = authenc_verify_ahash_update_done; 470 471 ohash = authenc_ahash_fn(req, CRYPTO_TFM_REQ_MAY_SLEEP); 472 if (IS_ERR(ohash)) 473 return PTR_ERR(ohash); 474 475 authsize = crypto_aead_authsize(authenc); 476 ihash = ohash + authsize; 477 scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, 478 authsize, 0); 479 return memcmp(ihash, ohash, authsize) ? -EBADMSG : 0; 480 } 481 482 static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, 483 unsigned int cryptlen) 484 { 485 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 486 struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); 487 struct scatterlist *src = req->src; 488 struct scatterlist *assoc = req->assoc; 489 struct scatterlist *cipher = areq_ctx->cipher; 490 struct scatterlist *asg = areq_ctx->asg; 491 unsigned int ivsize = crypto_aead_ivsize(authenc); 492 authenc_ahash_t authenc_ahash_fn = crypto_authenc_ahash_fb; 493 struct page *srcp; 494 u8 *vsrc; 495 496 srcp = sg_page(src); 497 vsrc = PageHighMem(srcp) ? NULL : page_address(srcp) + src->offset; 498 499 if (ivsize) { 500 sg_init_table(cipher, 2); 501 sg_set_buf(cipher, iv, ivsize); 502 authenc_chain(cipher, src, vsrc == iv + ivsize); 503 src = cipher; 504 cryptlen += ivsize; 505 } 506 507 if (sg_is_last(assoc)) { 508 authenc_ahash_fn = crypto_authenc_ahash; 509 sg_init_table(asg, 2); 510 sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset); 511 authenc_chain(asg, src, 0); 512 src = asg; 513 cryptlen += req->assoclen; 514 } 515 516 areq_ctx->cryptlen = cryptlen; 517 areq_ctx->sg = src; 518 519 return crypto_authenc_verify(req, authenc_ahash_fn); 520 } 521 522 static int crypto_authenc_decrypt(struct aead_request *req) 523 { 524 struct crypto_aead *authenc = crypto_aead_reqtfm(req); 525 struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); 526 struct ablkcipher_request *abreq = aead_request_ctx(req); 527 unsigned int cryptlen = req->cryptlen; 528 unsigned int authsize = crypto_aead_authsize(authenc); 529 u8 *iv = req->iv; 530 int err; 531 532 if (cryptlen < authsize) 533 return -EINVAL; 534 cryptlen -= authsize; 535 536 err = crypto_authenc_iverify(req, iv, cryptlen); 537 if (err) 538 return err; 539 540 ablkcipher_request_set_tfm(abreq, ctx->enc); 541 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 542 req->base.complete, req->base.data); 543 ablkcipher_request_set_crypt(abreq, req->src, req->dst, cryptlen, iv); 544 545 return crypto_ablkcipher_decrypt(abreq); 546 } 547 548 static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) 549 { 550 struct crypto_instance *inst = crypto_tfm_alg_instance(tfm); 551 struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst); 552 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); 553 struct crypto_ahash *auth; 554 struct crypto_ablkcipher *enc; 555 int err; 556 557 auth = crypto_spawn_ahash(&ictx->auth); 558 if (IS_ERR(auth)) 559 return PTR_ERR(auth); 560 561 enc = crypto_spawn_skcipher(&ictx->enc); 562 err = PTR_ERR(enc); 563 if (IS_ERR(enc)) 564 goto err_free_ahash; 565 566 ctx->auth = auth; 567 ctx->enc = enc; 568 569 ctx->reqoff = ALIGN(2 * crypto_ahash_digestsize(auth) + 570 crypto_ahash_alignmask(auth), 571 crypto_ahash_alignmask(auth) + 1) + 572 crypto_ablkcipher_ivsize(enc); 573 574 tfm->crt_aead.reqsize = sizeof(struct authenc_request_ctx) + 575 ctx->reqoff + 576 max_t(unsigned int, 577 crypto_ahash_reqsize(auth) + 578 sizeof(struct ahash_request), 579 sizeof(struct skcipher_givcrypt_request) + 580 crypto_ablkcipher_reqsize(enc)); 581 582 return 0; 583 584 err_free_ahash: 585 crypto_free_ahash(auth); 586 return err; 587 } 588 589 static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm) 590 { 591 struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); 592 593 crypto_free_ahash(ctx->auth); 594 crypto_free_ablkcipher(ctx->enc); 595 } 596 597 static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) 598 { 599 struct crypto_attr_type *algt; 600 struct crypto_instance *inst; 601 struct hash_alg_common *auth; 602 struct crypto_alg *auth_base; 603 struct crypto_alg *enc; 604 struct authenc_instance_ctx *ctx; 605 const char *enc_name; 606 int err; 607 608 algt = crypto_get_attr_type(tb); 609 err = PTR_ERR(algt); 610 if (IS_ERR(algt)) 611 return ERR_PTR(err); 612 613 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 614 return ERR_PTR(-EINVAL); 615 616 auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, 617 CRYPTO_ALG_TYPE_AHASH_MASK); 618 if (IS_ERR(auth)) 619 return ERR_PTR(PTR_ERR(auth)); 620 621 auth_base = &auth->base; 622 623 enc_name = crypto_attr_alg_name(tb[2]); 624 err = PTR_ERR(enc_name); 625 if (IS_ERR(enc_name)) 626 goto out_put_auth; 627 628 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 629 err = -ENOMEM; 630 if (!inst) 631 goto out_put_auth; 632 633 ctx = crypto_instance_ctx(inst); 634 635 err = crypto_init_ahash_spawn(&ctx->auth, auth, inst); 636 if (err) 637 goto err_free_inst; 638 639 crypto_set_skcipher_spawn(&ctx->enc, inst); 640 err = crypto_grab_skcipher(&ctx->enc, enc_name, 0, 641 crypto_requires_sync(algt->type, 642 algt->mask)); 643 if (err) 644 goto err_drop_auth; 645 646 enc = crypto_skcipher_spawn_alg(&ctx->enc); 647 648 err = -ENAMETOOLONG; 649 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, 650 "authenc(%s,%s)", auth_base->cra_name, enc->cra_name) >= 651 CRYPTO_MAX_ALG_NAME) 652 goto err_drop_enc; 653 654 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 655 "authenc(%s,%s)", auth_base->cra_driver_name, 656 enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) 657 goto err_drop_enc; 658 659 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 660 inst->alg.cra_flags |= enc->cra_flags & CRYPTO_ALG_ASYNC; 661 inst->alg.cra_priority = enc->cra_priority * 662 10 + auth_base->cra_priority; 663 inst->alg.cra_blocksize = enc->cra_blocksize; 664 inst->alg.cra_alignmask = auth_base->cra_alignmask | enc->cra_alignmask; 665 inst->alg.cra_type = &crypto_aead_type; 666 667 inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize; 668 inst->alg.cra_aead.maxauthsize = auth->digestsize; 669 670 inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx); 671 672 inst->alg.cra_init = crypto_authenc_init_tfm; 673 inst->alg.cra_exit = crypto_authenc_exit_tfm; 674 675 inst->alg.cra_aead.setkey = crypto_authenc_setkey; 676 inst->alg.cra_aead.encrypt = crypto_authenc_encrypt; 677 inst->alg.cra_aead.decrypt = crypto_authenc_decrypt; 678 inst->alg.cra_aead.givencrypt = crypto_authenc_givencrypt; 679 680 out: 681 crypto_mod_put(auth_base); 682 return inst; 683 684 err_drop_enc: 685 crypto_drop_skcipher(&ctx->enc); 686 err_drop_auth: 687 crypto_drop_ahash(&ctx->auth); 688 err_free_inst: 689 kfree(inst); 690 out_put_auth: 691 inst = ERR_PTR(err); 692 goto out; 693 } 694 695 static void crypto_authenc_free(struct crypto_instance *inst) 696 { 697 struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst); 698 699 crypto_drop_skcipher(&ctx->enc); 700 crypto_drop_ahash(&ctx->auth); 701 kfree(inst); 702 } 703 704 static struct crypto_template crypto_authenc_tmpl = { 705 .name = "authenc", 706 .alloc = crypto_authenc_alloc, 707 .free = crypto_authenc_free, 708 .module = THIS_MODULE, 709 }; 710 711 static int __init crypto_authenc_module_init(void) 712 { 713 return crypto_register_template(&crypto_authenc_tmpl); 714 } 715 716 static void __exit crypto_authenc_module_exit(void) 717 { 718 crypto_unregister_template(&crypto_authenc_tmpl); 719 } 720 721 module_init(crypto_authenc_module_init); 722 module_exit(crypto_authenc_module_exit); 723 724 MODULE_LICENSE("GPL"); 725 MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec"); 726