1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * ESSIV skcipher and aead template for block encryption 4 * 5 * This template encapsulates the ESSIV IV generation algorithm used by 6 * dm-crypt and fscrypt, which converts the initial vector for the skcipher 7 * used for block encryption, by encrypting it using the hash of the 8 * skcipher key as encryption key. Usually, the input IV is a 64-bit sector 9 * number in LE representation zero-padded to the size of the IV, but this 10 * is not assumed by this driver. 11 * 12 * The typical use of this template is to instantiate the skcipher 13 * 'essiv(cbc(aes),sha256)', which is the only instantiation used by 14 * fscrypt, and the most relevant one for dm-crypt. However, dm-crypt 15 * also permits ESSIV to be used in combination with the authenc template, 16 * e.g., 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)', in which case 17 * we need to instantiate an aead that accepts the same special key format 18 * as the authenc template, and deals with the way the encrypted IV is 19 * embedded into the AAD area of the aead request. This means the AEAD 20 * flavor produced by this template is tightly coupled to the way dm-crypt 21 * happens to use it. 22 * 23 * Copyright (c) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org> 24 * 25 * Heavily based on: 26 * adiantum length-preserving encryption mode 27 * 28 * Copyright 2018 Google LLC 29 */ 30 31 #include <crypto/authenc.h> 32 #include <crypto/internal/aead.h> 33 #include <crypto/internal/hash.h> 34 #include <crypto/internal/skcipher.h> 35 #include <crypto/scatterwalk.h> 36 #include <linux/module.h> 37 38 #include "internal.h" 39 40 struct essiv_instance_ctx { 41 union { 42 struct crypto_skcipher_spawn skcipher_spawn; 43 struct crypto_aead_spawn aead_spawn; 44 } u; 45 char essiv_cipher_name[CRYPTO_MAX_ALG_NAME]; 46 char shash_driver_name[CRYPTO_MAX_ALG_NAME]; 47 }; 48 49 struct essiv_tfm_ctx { 50 union { 51 struct crypto_skcipher *skcipher; 52 struct crypto_aead *aead; 53 } u; 54 struct crypto_cipher *essiv_cipher; 55 struct crypto_shash *hash; 56 int ivoffset; 57 }; 58 59 struct essiv_aead_request_ctx { 60 struct scatterlist sg[4]; 61 u8 *assoc; 62 struct aead_request aead_req; 63 }; 64 65 static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, 66 const u8 *key, unsigned int keylen) 67 { 68 struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); 69 SHASH_DESC_ON_STACK(desc, tctx->hash); 70 u8 salt[HASH_MAX_DIGESTSIZE]; 71 int err; 72 73 crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); 74 crypto_skcipher_set_flags(tctx->u.skcipher, 75 crypto_skcipher_get_flags(tfm) & 76 CRYPTO_TFM_REQ_MASK); 77 err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen); 78 if (err) 79 return err; 80 81 desc->tfm = tctx->hash; 82 err = crypto_shash_digest(desc, key, keylen, salt); 83 if (err) 84 return err; 85 86 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); 87 crypto_cipher_set_flags(tctx->essiv_cipher, 88 crypto_skcipher_get_flags(tfm) & 89 CRYPTO_TFM_REQ_MASK); 90 return crypto_cipher_setkey(tctx->essiv_cipher, salt, 91 crypto_shash_digestsize(tctx->hash)); 92 } 93 94 static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, 95 unsigned int keylen) 96 { 97 struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); 98 SHASH_DESC_ON_STACK(desc, tctx->hash); 99 struct crypto_authenc_keys keys; 100 u8 salt[HASH_MAX_DIGESTSIZE]; 101 int err; 102 103 crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK); 104 crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) & 105 CRYPTO_TFM_REQ_MASK); 106 err = crypto_aead_setkey(tctx->u.aead, key, keylen); 107 if (err) 108 return err; 109 110 if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) 111 return -EINVAL; 112 113 desc->tfm = tctx->hash; 114 err = crypto_shash_init(desc) ?: 115 crypto_shash_update(desc, keys.enckey, keys.enckeylen) ?: 116 crypto_shash_finup(desc, keys.authkey, keys.authkeylen, salt); 117 if (err) 118 return err; 119 120 crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK); 121 crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) & 122 CRYPTO_TFM_REQ_MASK); 123 return crypto_cipher_setkey(tctx->essiv_cipher, salt, 124 crypto_shash_digestsize(tctx->hash)); 125 } 126 127 static int essiv_aead_setauthsize(struct crypto_aead *tfm, 128 unsigned int authsize) 129 { 130 struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); 131 132 return crypto_aead_setauthsize(tctx->u.aead, authsize); 133 } 134 135 static void essiv_skcipher_done(struct crypto_async_request *areq, int err) 136 { 137 struct skcipher_request *req = areq->data; 138 139 skcipher_request_complete(req, err); 140 } 141 142 static int essiv_skcipher_crypt(struct skcipher_request *req, bool enc) 143 { 144 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 145 const struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); 146 struct skcipher_request *subreq = skcipher_request_ctx(req); 147 148 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); 149 150 skcipher_request_set_tfm(subreq, tctx->u.skcipher); 151 skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, 152 req->iv); 153 skcipher_request_set_callback(subreq, skcipher_request_flags(req), 154 essiv_skcipher_done, req); 155 156 return enc ? crypto_skcipher_encrypt(subreq) : 157 crypto_skcipher_decrypt(subreq); 158 } 159 160 static int essiv_skcipher_encrypt(struct skcipher_request *req) 161 { 162 return essiv_skcipher_crypt(req, true); 163 } 164 165 static int essiv_skcipher_decrypt(struct skcipher_request *req) 166 { 167 return essiv_skcipher_crypt(req, false); 168 } 169 170 static void essiv_aead_done(struct crypto_async_request *areq, int err) 171 { 172 struct aead_request *req = areq->data; 173 struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); 174 175 kfree(rctx->assoc); 176 aead_request_complete(req, err); 177 } 178 179 static int essiv_aead_crypt(struct aead_request *req, bool enc) 180 { 181 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 182 const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); 183 struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); 184 struct aead_request *subreq = &rctx->aead_req; 185 struct scatterlist *src = req->src; 186 int err; 187 188 crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); 189 190 /* 191 * dm-crypt embeds the sector number and the IV in the AAD region, so 192 * we have to copy the converted IV into the right scatterlist before 193 * we pass it on. 194 */ 195 rctx->assoc = NULL; 196 if (req->src == req->dst || !enc) { 197 scatterwalk_map_and_copy(req->iv, req->dst, 198 req->assoclen - crypto_aead_ivsize(tfm), 199 crypto_aead_ivsize(tfm), 1); 200 } else { 201 u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset; 202 int ivsize = crypto_aead_ivsize(tfm); 203 int ssize = req->assoclen - ivsize; 204 struct scatterlist *sg; 205 int nents; 206 207 if (ssize < 0) 208 return -EINVAL; 209 210 nents = sg_nents_for_len(req->src, ssize); 211 if (nents < 0) 212 return -EINVAL; 213 214 memcpy(iv, req->iv, ivsize); 215 sg_init_table(rctx->sg, 4); 216 217 if (unlikely(nents > 1)) { 218 /* 219 * This is a case that rarely occurs in practice, but 220 * for correctness, we have to deal with it nonetheless. 221 */ 222 rctx->assoc = kmalloc(ssize, GFP_ATOMIC); 223 if (!rctx->assoc) 224 return -ENOMEM; 225 226 scatterwalk_map_and_copy(rctx->assoc, req->src, 0, 227 ssize, 0); 228 sg_set_buf(rctx->sg, rctx->assoc, ssize); 229 } else { 230 sg_set_page(rctx->sg, sg_page(req->src), ssize, 231 req->src->offset); 232 } 233 234 sg_set_buf(rctx->sg + 1, iv, ivsize); 235 sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen); 236 if (sg != rctx->sg + 2) 237 sg_chain(rctx->sg, 3, sg); 238 239 src = rctx->sg; 240 } 241 242 aead_request_set_tfm(subreq, tctx->u.aead); 243 aead_request_set_ad(subreq, req->assoclen); 244 aead_request_set_callback(subreq, aead_request_flags(req), 245 essiv_aead_done, req); 246 aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv); 247 248 err = enc ? crypto_aead_encrypt(subreq) : 249 crypto_aead_decrypt(subreq); 250 251 if (rctx->assoc && err != -EINPROGRESS) 252 kfree(rctx->assoc); 253 return err; 254 } 255 256 static int essiv_aead_encrypt(struct aead_request *req) 257 { 258 return essiv_aead_crypt(req, true); 259 } 260 261 static int essiv_aead_decrypt(struct aead_request *req) 262 { 263 return essiv_aead_crypt(req, false); 264 } 265 266 static int essiv_init_tfm(struct essiv_instance_ctx *ictx, 267 struct essiv_tfm_ctx *tctx) 268 { 269 struct crypto_cipher *essiv_cipher; 270 struct crypto_shash *hash; 271 int err; 272 273 essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0); 274 if (IS_ERR(essiv_cipher)) 275 return PTR_ERR(essiv_cipher); 276 277 hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0); 278 if (IS_ERR(hash)) { 279 err = PTR_ERR(hash); 280 goto err_free_essiv_cipher; 281 } 282 283 tctx->essiv_cipher = essiv_cipher; 284 tctx->hash = hash; 285 286 return 0; 287 288 err_free_essiv_cipher: 289 crypto_free_cipher(essiv_cipher); 290 return err; 291 } 292 293 static int essiv_skcipher_init_tfm(struct crypto_skcipher *tfm) 294 { 295 struct skcipher_instance *inst = skcipher_alg_instance(tfm); 296 struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst); 297 struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); 298 struct crypto_skcipher *skcipher; 299 int err; 300 301 skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn); 302 if (IS_ERR(skcipher)) 303 return PTR_ERR(skcipher); 304 305 crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) + 306 crypto_skcipher_reqsize(skcipher)); 307 308 err = essiv_init_tfm(ictx, tctx); 309 if (err) { 310 crypto_free_skcipher(skcipher); 311 return err; 312 } 313 314 tctx->u.skcipher = skcipher; 315 return 0; 316 } 317 318 static int essiv_aead_init_tfm(struct crypto_aead *tfm) 319 { 320 struct aead_instance *inst = aead_alg_instance(tfm); 321 struct essiv_instance_ctx *ictx = aead_instance_ctx(inst); 322 struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); 323 struct crypto_aead *aead; 324 unsigned int subreq_size; 325 int err; 326 327 BUILD_BUG_ON(offsetofend(struct essiv_aead_request_ctx, aead_req) != 328 sizeof(struct essiv_aead_request_ctx)); 329 330 aead = crypto_spawn_aead(&ictx->u.aead_spawn); 331 if (IS_ERR(aead)) 332 return PTR_ERR(aead); 333 334 subreq_size = sizeof_field(struct essiv_aead_request_ctx, aead_req) + 335 crypto_aead_reqsize(aead); 336 337 tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) + 338 subreq_size; 339 crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead)); 340 341 err = essiv_init_tfm(ictx, tctx); 342 if (err) { 343 crypto_free_aead(aead); 344 return err; 345 } 346 347 tctx->u.aead = aead; 348 return 0; 349 } 350 351 static void essiv_skcipher_exit_tfm(struct crypto_skcipher *tfm) 352 { 353 struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); 354 355 crypto_free_skcipher(tctx->u.skcipher); 356 crypto_free_cipher(tctx->essiv_cipher); 357 crypto_free_shash(tctx->hash); 358 } 359 360 static void essiv_aead_exit_tfm(struct crypto_aead *tfm) 361 { 362 struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); 363 364 crypto_free_aead(tctx->u.aead); 365 crypto_free_cipher(tctx->essiv_cipher); 366 crypto_free_shash(tctx->hash); 367 } 368 369 static void essiv_skcipher_free_instance(struct skcipher_instance *inst) 370 { 371 struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst); 372 373 crypto_drop_skcipher(&ictx->u.skcipher_spawn); 374 kfree(inst); 375 } 376 377 static void essiv_aead_free_instance(struct aead_instance *inst) 378 { 379 struct essiv_instance_ctx *ictx = aead_instance_ctx(inst); 380 381 crypto_drop_aead(&ictx->u.aead_spawn); 382 kfree(inst); 383 } 384 385 static bool parse_cipher_name(char *essiv_cipher_name, const char *cra_name) 386 { 387 const char *p, *q; 388 int len; 389 390 /* find the last opening parens */ 391 p = strrchr(cra_name, '('); 392 if (!p++) 393 return false; 394 395 /* find the first closing parens in the tail of the string */ 396 q = strchr(p, ')'); 397 if (!q) 398 return false; 399 400 len = q - p; 401 if (len >= CRYPTO_MAX_ALG_NAME) 402 return false; 403 404 memcpy(essiv_cipher_name, p, len); 405 essiv_cipher_name[len] = '\0'; 406 return true; 407 } 408 409 static bool essiv_supported_algorithms(const char *essiv_cipher_name, 410 struct shash_alg *hash_alg, 411 int ivsize) 412 { 413 struct crypto_alg *alg; 414 bool ret = false; 415 416 alg = crypto_alg_mod_lookup(essiv_cipher_name, 417 CRYPTO_ALG_TYPE_CIPHER, 418 CRYPTO_ALG_TYPE_MASK); 419 if (IS_ERR(alg)) 420 return false; 421 422 if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || 423 hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) 424 goto out; 425 426 if (ivsize != alg->cra_blocksize) 427 goto out; 428 429 if (crypto_shash_alg_needs_key(hash_alg)) 430 goto out; 431 432 ret = true; 433 434 out: 435 crypto_mod_put(alg); 436 return ret; 437 } 438 439 static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb) 440 { 441 struct crypto_attr_type *algt; 442 const char *inner_cipher_name; 443 const char *shash_name; 444 struct skcipher_instance *skcipher_inst = NULL; 445 struct aead_instance *aead_inst = NULL; 446 struct crypto_instance *inst; 447 struct crypto_alg *base, *block_base; 448 struct essiv_instance_ctx *ictx; 449 struct skcipher_alg *skcipher_alg = NULL; 450 struct aead_alg *aead_alg = NULL; 451 struct crypto_alg *_hash_alg; 452 struct shash_alg *hash_alg; 453 int ivsize; 454 u32 type; 455 u32 mask; 456 int err; 457 458 algt = crypto_get_attr_type(tb); 459 if (IS_ERR(algt)) 460 return PTR_ERR(algt); 461 462 inner_cipher_name = crypto_attr_alg_name(tb[1]); 463 if (IS_ERR(inner_cipher_name)) 464 return PTR_ERR(inner_cipher_name); 465 466 shash_name = crypto_attr_alg_name(tb[2]); 467 if (IS_ERR(shash_name)) 468 return PTR_ERR(shash_name); 469 470 type = algt->type & algt->mask; 471 mask = crypto_requires_sync(algt->type, algt->mask); 472 473 switch (type) { 474 case CRYPTO_ALG_TYPE_SKCIPHER: 475 skcipher_inst = kzalloc(sizeof(*skcipher_inst) + 476 sizeof(*ictx), GFP_KERNEL); 477 if (!skcipher_inst) 478 return -ENOMEM; 479 inst = skcipher_crypto_instance(skcipher_inst); 480 base = &skcipher_inst->alg.base; 481 ictx = crypto_instance_ctx(inst); 482 483 /* Symmetric cipher, e.g., "cbc(aes)" */ 484 err = crypto_grab_skcipher(&ictx->u.skcipher_spawn, inst, 485 inner_cipher_name, 0, mask); 486 if (err) 487 goto out_free_inst; 488 skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn); 489 block_base = &skcipher_alg->base; 490 ivsize = crypto_skcipher_alg_ivsize(skcipher_alg); 491 break; 492 493 case CRYPTO_ALG_TYPE_AEAD: 494 aead_inst = kzalloc(sizeof(*aead_inst) + 495 sizeof(*ictx), GFP_KERNEL); 496 if (!aead_inst) 497 return -ENOMEM; 498 inst = aead_crypto_instance(aead_inst); 499 base = &aead_inst->alg.base; 500 ictx = crypto_instance_ctx(inst); 501 502 /* AEAD cipher, e.g., "authenc(hmac(sha256),cbc(aes))" */ 503 err = crypto_grab_aead(&ictx->u.aead_spawn, inst, 504 inner_cipher_name, 0, mask); 505 if (err) 506 goto out_free_inst; 507 aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn); 508 block_base = &aead_alg->base; 509 if (!strstarts(block_base->cra_name, "authenc(")) { 510 pr_warn("Only authenc() type AEADs are supported by ESSIV\n"); 511 err = -EINVAL; 512 goto out_drop_skcipher; 513 } 514 ivsize = aead_alg->ivsize; 515 break; 516 517 default: 518 return -EINVAL; 519 } 520 521 if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) { 522 pr_warn("Failed to parse ESSIV cipher name from skcipher cra_name\n"); 523 err = -EINVAL; 524 goto out_drop_skcipher; 525 } 526 527 /* Synchronous hash, e.g., "sha256" */ 528 _hash_alg = crypto_alg_mod_lookup(shash_name, 529 CRYPTO_ALG_TYPE_SHASH, 530 CRYPTO_ALG_TYPE_MASK); 531 if (IS_ERR(_hash_alg)) { 532 err = PTR_ERR(_hash_alg); 533 goto out_drop_skcipher; 534 } 535 hash_alg = __crypto_shash_alg(_hash_alg); 536 537 /* Check the set of algorithms */ 538 if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg, 539 ivsize)) { 540 pr_warn("Unsupported essiv instantiation: essiv(%s,%s)\n", 541 block_base->cra_name, hash_alg->base.cra_name); 542 err = -EINVAL; 543 goto out_free_hash; 544 } 545 546 /* record the driver name so we can instantiate this exact algo later */ 547 strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name, 548 CRYPTO_MAX_ALG_NAME); 549 550 /* Instance fields */ 551 552 err = -ENAMETOOLONG; 553 if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, 554 "essiv(%s,%s)", block_base->cra_name, 555 hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME) 556 goto out_free_hash; 557 if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, 558 "essiv(%s,%s)", block_base->cra_driver_name, 559 hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) 560 goto out_free_hash; 561 562 base->cra_flags = block_base->cra_flags & CRYPTO_ALG_ASYNC; 563 base->cra_blocksize = block_base->cra_blocksize; 564 base->cra_ctxsize = sizeof(struct essiv_tfm_ctx); 565 base->cra_alignmask = block_base->cra_alignmask; 566 base->cra_priority = block_base->cra_priority; 567 568 if (type == CRYPTO_ALG_TYPE_SKCIPHER) { 569 skcipher_inst->alg.setkey = essiv_skcipher_setkey; 570 skcipher_inst->alg.encrypt = essiv_skcipher_encrypt; 571 skcipher_inst->alg.decrypt = essiv_skcipher_decrypt; 572 skcipher_inst->alg.init = essiv_skcipher_init_tfm; 573 skcipher_inst->alg.exit = essiv_skcipher_exit_tfm; 574 575 skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg); 576 skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg); 577 skcipher_inst->alg.ivsize = ivsize; 578 skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg); 579 skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg); 580 581 skcipher_inst->free = essiv_skcipher_free_instance; 582 583 err = skcipher_register_instance(tmpl, skcipher_inst); 584 } else { 585 aead_inst->alg.setkey = essiv_aead_setkey; 586 aead_inst->alg.setauthsize = essiv_aead_setauthsize; 587 aead_inst->alg.encrypt = essiv_aead_encrypt; 588 aead_inst->alg.decrypt = essiv_aead_decrypt; 589 aead_inst->alg.init = essiv_aead_init_tfm; 590 aead_inst->alg.exit = essiv_aead_exit_tfm; 591 592 aead_inst->alg.ivsize = ivsize; 593 aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg); 594 aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg); 595 596 aead_inst->free = essiv_aead_free_instance; 597 598 err = aead_register_instance(tmpl, aead_inst); 599 } 600 601 if (err) 602 goto out_free_hash; 603 604 crypto_mod_put(_hash_alg); 605 return 0; 606 607 out_free_hash: 608 crypto_mod_put(_hash_alg); 609 out_drop_skcipher: 610 if (type == CRYPTO_ALG_TYPE_SKCIPHER) 611 crypto_drop_skcipher(&ictx->u.skcipher_spawn); 612 else 613 crypto_drop_aead(&ictx->u.aead_spawn); 614 out_free_inst: 615 kfree(skcipher_inst); 616 kfree(aead_inst); 617 return err; 618 } 619 620 /* essiv(cipher_name, shash_name) */ 621 static struct crypto_template essiv_tmpl = { 622 .name = "essiv", 623 .create = essiv_create, 624 .module = THIS_MODULE, 625 }; 626 627 static int __init essiv_module_init(void) 628 { 629 return crypto_register_template(&essiv_tmpl); 630 } 631 632 static void __exit essiv_module_exit(void) 633 { 634 crypto_unregister_template(&essiv_tmpl); 635 } 636 637 subsys_initcall(essiv_module_init); 638 module_exit(essiv_module_exit); 639 640 MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption"); 641 MODULE_LICENSE("GPL v2"); 642 MODULE_ALIAS_CRYPTO("essiv"); 643