1 /* 2 * GCM: Galois/Counter Mode. 3 * 4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published 8 * by the Free Software Foundation. 9 */ 10 11 #include <crypto/gf128mul.h> 12 #include <crypto/internal/aead.h> 13 #include <crypto/internal/skcipher.h> 14 #include <crypto/internal/hash.h> 15 #include <crypto/scatterwalk.h> 16 #include <crypto/hash.h> 17 #include "internal.h" 18 #include <linux/completion.h> 19 #include <linux/err.h> 20 #include <linux/init.h> 21 #include <linux/kernel.h> 22 #include <linux/module.h> 23 #include <linux/slab.h> 24 25 struct gcm_instance_ctx { 26 struct crypto_skcipher_spawn ctr; 27 struct crypto_ahash_spawn ghash; 28 }; 29 30 struct crypto_gcm_ctx { 31 struct crypto_ablkcipher *ctr; 32 struct crypto_ahash *ghash; 33 }; 34 35 struct crypto_rfc4106_ctx { 36 struct crypto_aead *child; 37 u8 nonce[4]; 38 }; 39 40 struct crypto_rfc4543_ctx { 41 struct crypto_aead *child; 42 u8 nonce[4]; 43 }; 44 45 struct crypto_rfc4543_req_ctx { 46 u8 auth_tag[16]; 47 struct scatterlist cipher[1]; 48 struct scatterlist payload[2]; 49 struct scatterlist assoc[2]; 50 struct aead_request subreq; 51 }; 52 53 struct crypto_gcm_ghash_ctx { 54 unsigned int cryptlen; 55 struct scatterlist *src; 56 void (*complete)(struct aead_request *req, int err); 57 }; 58 59 struct crypto_gcm_req_priv_ctx { 60 u8 auth_tag[16]; 61 u8 iauth_tag[16]; 62 struct scatterlist src[2]; 63 struct scatterlist dst[2]; 64 struct crypto_gcm_ghash_ctx ghash_ctx; 65 union { 66 struct ahash_request ahreq; 67 struct ablkcipher_request abreq; 68 } u; 69 }; 70 71 struct crypto_gcm_setkey_result { 72 int err; 73 struct completion completion; 74 }; 75 76 static void *gcm_zeroes; 77 78 static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 79 struct aead_request *req) 80 { 81 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 82 83 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 84 } 85 86 static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err) 87 { 88 struct crypto_gcm_setkey_result *result = req->data; 89 90 if (err == -EINPROGRESS) 91 return; 92 93 result->err = err; 94 complete(&result->completion); 95 } 96 97 static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, 98 unsigned int keylen) 99 { 100 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 101 struct crypto_ahash *ghash = ctx->ghash; 102 struct crypto_ablkcipher *ctr = ctx->ctr; 103 struct { 104 be128 hash; 105 u8 iv[8]; 106 107 struct crypto_gcm_setkey_result result; 108 109 struct scatterlist sg[1]; 110 struct ablkcipher_request req; 111 } *data; 112 int err; 113 114 crypto_ablkcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); 115 crypto_ablkcipher_set_flags(ctr, crypto_aead_get_flags(aead) & 116 CRYPTO_TFM_REQ_MASK); 117 118 err = crypto_ablkcipher_setkey(ctr, key, keylen); 119 if (err) 120 return err; 121 122 crypto_aead_set_flags(aead, crypto_ablkcipher_get_flags(ctr) & 123 CRYPTO_TFM_RES_MASK); 124 125 data = kzalloc(sizeof(*data) + crypto_ablkcipher_reqsize(ctr), 126 GFP_KERNEL); 127 if (!data) 128 return -ENOMEM; 129 130 init_completion(&data->result.completion); 131 sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 132 ablkcipher_request_set_tfm(&data->req, ctr); 133 ablkcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 134 CRYPTO_TFM_REQ_MAY_BACKLOG, 135 crypto_gcm_setkey_done, 136 &data->result); 137 ablkcipher_request_set_crypt(&data->req, data->sg, data->sg, 138 sizeof(data->hash), data->iv); 139 140 err = crypto_ablkcipher_encrypt(&data->req); 141 if (err == -EINPROGRESS || err == -EBUSY) { 142 err = wait_for_completion_interruptible( 143 &data->result.completion); 144 if (!err) 145 err = data->result.err; 146 } 147 148 if (err) 149 goto out; 150 151 crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 152 crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 153 CRYPTO_TFM_REQ_MASK); 154 err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 155 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) & 156 CRYPTO_TFM_RES_MASK); 157 158 out: 159 kfree(data); 160 return err; 161 } 162 163 static int crypto_gcm_setauthsize(struct crypto_aead *tfm, 164 unsigned int authsize) 165 { 166 switch (authsize) { 167 case 4: 168 case 8: 169 case 12: 170 case 13: 171 case 14: 172 case 15: 173 case 16: 174 break; 175 default: 176 return -EINVAL; 177 } 178 179 return 0; 180 } 181 182 static void crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req, 183 struct aead_request *req, 184 unsigned int cryptlen) 185 { 186 struct crypto_aead *aead = crypto_aead_reqtfm(req); 187 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 188 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 189 struct scatterlist *dst; 190 __be32 counter = cpu_to_be32(1); 191 192 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag)); 193 memcpy(req->iv + 12, &counter, 4); 194 195 sg_init_table(pctx->src, 2); 196 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag)); 197 scatterwalk_sg_chain(pctx->src, 2, req->src); 198 199 dst = pctx->src; 200 if (req->src != req->dst) { 201 sg_init_table(pctx->dst, 2); 202 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag)); 203 scatterwalk_sg_chain(pctx->dst, 2, req->dst); 204 dst = pctx->dst; 205 } 206 207 ablkcipher_request_set_tfm(ablk_req, ctx->ctr); 208 ablkcipher_request_set_crypt(ablk_req, pctx->src, dst, 209 cryptlen + sizeof(pctx->auth_tag), 210 req->iv); 211 } 212 213 static inline unsigned int gcm_remain(unsigned int len) 214 { 215 len &= 0xfU; 216 return len ? 16 - len : 0; 217 } 218 219 static void gcm_hash_len_done(struct crypto_async_request *areq, int err); 220 static void gcm_hash_final_done(struct crypto_async_request *areq, int err); 221 222 static int gcm_hash_update(struct aead_request *req, 223 struct crypto_gcm_req_priv_ctx *pctx, 224 crypto_completion_t complete, 225 struct scatterlist *src, 226 unsigned int len) 227 { 228 struct ahash_request *ahreq = &pctx->u.ahreq; 229 230 ahash_request_set_callback(ahreq, aead_request_flags(req), 231 complete, req); 232 ahash_request_set_crypt(ahreq, src, NULL, len); 233 234 return crypto_ahash_update(ahreq); 235 } 236 237 static int gcm_hash_remain(struct aead_request *req, 238 struct crypto_gcm_req_priv_ctx *pctx, 239 unsigned int remain, 240 crypto_completion_t complete) 241 { 242 struct ahash_request *ahreq = &pctx->u.ahreq; 243 244 ahash_request_set_callback(ahreq, aead_request_flags(req), 245 complete, req); 246 sg_init_one(pctx->src, gcm_zeroes, remain); 247 ahash_request_set_crypt(ahreq, pctx->src, NULL, remain); 248 249 return crypto_ahash_update(ahreq); 250 } 251 252 static int gcm_hash_len(struct aead_request *req, 253 struct crypto_gcm_req_priv_ctx *pctx) 254 { 255 struct ahash_request *ahreq = &pctx->u.ahreq; 256 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 257 u128 lengths; 258 259 lengths.a = cpu_to_be64(req->assoclen * 8); 260 lengths.b = cpu_to_be64(gctx->cryptlen * 8); 261 memcpy(pctx->iauth_tag, &lengths, 16); 262 sg_init_one(pctx->src, pctx->iauth_tag, 16); 263 ahash_request_set_callback(ahreq, aead_request_flags(req), 264 gcm_hash_len_done, req); 265 ahash_request_set_crypt(ahreq, pctx->src, 266 NULL, sizeof(lengths)); 267 268 return crypto_ahash_update(ahreq); 269 } 270 271 static int gcm_hash_final(struct aead_request *req, 272 struct crypto_gcm_req_priv_ctx *pctx) 273 { 274 struct ahash_request *ahreq = &pctx->u.ahreq; 275 276 ahash_request_set_callback(ahreq, aead_request_flags(req), 277 gcm_hash_final_done, req); 278 ahash_request_set_crypt(ahreq, NULL, pctx->iauth_tag, 0); 279 280 return crypto_ahash_final(ahreq); 281 } 282 283 static void __gcm_hash_final_done(struct aead_request *req, int err) 284 { 285 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 286 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 287 288 if (!err) 289 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 290 291 gctx->complete(req, err); 292 } 293 294 static void gcm_hash_final_done(struct crypto_async_request *areq, int err) 295 { 296 struct aead_request *req = areq->data; 297 298 __gcm_hash_final_done(req, err); 299 } 300 301 static void __gcm_hash_len_done(struct aead_request *req, int err) 302 { 303 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 304 305 if (!err) { 306 err = gcm_hash_final(req, pctx); 307 if (err == -EINPROGRESS || err == -EBUSY) 308 return; 309 } 310 311 __gcm_hash_final_done(req, err); 312 } 313 314 static void gcm_hash_len_done(struct crypto_async_request *areq, int err) 315 { 316 struct aead_request *req = areq->data; 317 318 __gcm_hash_len_done(req, err); 319 } 320 321 static void __gcm_hash_crypt_remain_done(struct aead_request *req, int err) 322 { 323 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 324 325 if (!err) { 326 err = gcm_hash_len(req, pctx); 327 if (err == -EINPROGRESS || err == -EBUSY) 328 return; 329 } 330 331 __gcm_hash_len_done(req, err); 332 } 333 334 static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq, 335 int err) 336 { 337 struct aead_request *req = areq->data; 338 339 __gcm_hash_crypt_remain_done(req, err); 340 } 341 342 static void __gcm_hash_crypt_done(struct aead_request *req, int err) 343 { 344 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 345 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 346 unsigned int remain; 347 348 if (!err) { 349 remain = gcm_remain(gctx->cryptlen); 350 BUG_ON(!remain); 351 err = gcm_hash_remain(req, pctx, remain, 352 gcm_hash_crypt_remain_done); 353 if (err == -EINPROGRESS || err == -EBUSY) 354 return; 355 } 356 357 __gcm_hash_crypt_remain_done(req, err); 358 } 359 360 static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err) 361 { 362 struct aead_request *req = areq->data; 363 364 __gcm_hash_crypt_done(req, err); 365 } 366 367 static void __gcm_hash_assoc_remain_done(struct aead_request *req, int err) 368 { 369 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 370 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 371 crypto_completion_t complete; 372 unsigned int remain = 0; 373 374 if (!err && gctx->cryptlen) { 375 remain = gcm_remain(gctx->cryptlen); 376 complete = remain ? gcm_hash_crypt_done : 377 gcm_hash_crypt_remain_done; 378 err = gcm_hash_update(req, pctx, complete, 379 gctx->src, gctx->cryptlen); 380 if (err == -EINPROGRESS || err == -EBUSY) 381 return; 382 } 383 384 if (remain) 385 __gcm_hash_crypt_done(req, err); 386 else 387 __gcm_hash_crypt_remain_done(req, err); 388 } 389 390 static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq, 391 int err) 392 { 393 struct aead_request *req = areq->data; 394 395 __gcm_hash_assoc_remain_done(req, err); 396 } 397 398 static void __gcm_hash_assoc_done(struct aead_request *req, int err) 399 { 400 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 401 unsigned int remain; 402 403 if (!err) { 404 remain = gcm_remain(req->assoclen); 405 BUG_ON(!remain); 406 err = gcm_hash_remain(req, pctx, remain, 407 gcm_hash_assoc_remain_done); 408 if (err == -EINPROGRESS || err == -EBUSY) 409 return; 410 } 411 412 __gcm_hash_assoc_remain_done(req, err); 413 } 414 415 static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err) 416 { 417 struct aead_request *req = areq->data; 418 419 __gcm_hash_assoc_done(req, err); 420 } 421 422 static void __gcm_hash_init_done(struct aead_request *req, int err) 423 { 424 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 425 crypto_completion_t complete; 426 unsigned int remain = 0; 427 428 if (!err && req->assoclen) { 429 remain = gcm_remain(req->assoclen); 430 complete = remain ? gcm_hash_assoc_done : 431 gcm_hash_assoc_remain_done; 432 err = gcm_hash_update(req, pctx, complete, 433 req->assoc, req->assoclen); 434 if (err == -EINPROGRESS || err == -EBUSY) 435 return; 436 } 437 438 if (remain) 439 __gcm_hash_assoc_done(req, err); 440 else 441 __gcm_hash_assoc_remain_done(req, err); 442 } 443 444 static void gcm_hash_init_done(struct crypto_async_request *areq, int err) 445 { 446 struct aead_request *req = areq->data; 447 448 __gcm_hash_init_done(req, err); 449 } 450 451 static int gcm_hash(struct aead_request *req, 452 struct crypto_gcm_req_priv_ctx *pctx) 453 { 454 struct ahash_request *ahreq = &pctx->u.ahreq; 455 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 456 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 457 unsigned int remain; 458 crypto_completion_t complete; 459 int err; 460 461 ahash_request_set_tfm(ahreq, ctx->ghash); 462 463 ahash_request_set_callback(ahreq, aead_request_flags(req), 464 gcm_hash_init_done, req); 465 err = crypto_ahash_init(ahreq); 466 if (err) 467 return err; 468 remain = gcm_remain(req->assoclen); 469 complete = remain ? gcm_hash_assoc_done : gcm_hash_assoc_remain_done; 470 err = gcm_hash_update(req, pctx, complete, req->assoc, req->assoclen); 471 if (err) 472 return err; 473 if (remain) { 474 err = gcm_hash_remain(req, pctx, remain, 475 gcm_hash_assoc_remain_done); 476 if (err) 477 return err; 478 } 479 remain = gcm_remain(gctx->cryptlen); 480 complete = remain ? gcm_hash_crypt_done : gcm_hash_crypt_remain_done; 481 err = gcm_hash_update(req, pctx, complete, gctx->src, gctx->cryptlen); 482 if (err) 483 return err; 484 if (remain) { 485 err = gcm_hash_remain(req, pctx, remain, 486 gcm_hash_crypt_remain_done); 487 if (err) 488 return err; 489 } 490 err = gcm_hash_len(req, pctx); 491 if (err) 492 return err; 493 err = gcm_hash_final(req, pctx); 494 if (err) 495 return err; 496 497 return 0; 498 } 499 500 static void gcm_enc_copy_hash(struct aead_request *req, 501 struct crypto_gcm_req_priv_ctx *pctx) 502 { 503 struct crypto_aead *aead = crypto_aead_reqtfm(req); 504 u8 *auth_tag = pctx->auth_tag; 505 506 scatterwalk_map_and_copy(auth_tag, req->dst, req->cryptlen, 507 crypto_aead_authsize(aead), 1); 508 } 509 510 static void gcm_enc_hash_done(struct aead_request *req, int err) 511 { 512 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 513 514 if (!err) 515 gcm_enc_copy_hash(req, pctx); 516 517 aead_request_complete(req, err); 518 } 519 520 static void gcm_encrypt_done(struct crypto_async_request *areq, int err) 521 { 522 struct aead_request *req = areq->data; 523 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 524 525 if (!err) { 526 err = gcm_hash(req, pctx); 527 if (err == -EINPROGRESS || err == -EBUSY) 528 return; 529 else if (!err) { 530 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 531 gcm_enc_copy_hash(req, pctx); 532 } 533 } 534 535 aead_request_complete(req, err); 536 } 537 538 static int crypto_gcm_encrypt(struct aead_request *req) 539 { 540 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 541 struct ablkcipher_request *abreq = &pctx->u.abreq; 542 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 543 int err; 544 545 crypto_gcm_init_crypt(abreq, req, req->cryptlen); 546 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 547 gcm_encrypt_done, req); 548 549 gctx->src = req->dst; 550 gctx->cryptlen = req->cryptlen; 551 gctx->complete = gcm_enc_hash_done; 552 553 err = crypto_ablkcipher_encrypt(abreq); 554 if (err) 555 return err; 556 557 err = gcm_hash(req, pctx); 558 if (err) 559 return err; 560 561 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 562 gcm_enc_copy_hash(req, pctx); 563 564 return 0; 565 } 566 567 static int crypto_gcm_verify(struct aead_request *req, 568 struct crypto_gcm_req_priv_ctx *pctx) 569 { 570 struct crypto_aead *aead = crypto_aead_reqtfm(req); 571 u8 *auth_tag = pctx->auth_tag; 572 u8 *iauth_tag = pctx->iauth_tag; 573 unsigned int authsize = crypto_aead_authsize(aead); 574 unsigned int cryptlen = req->cryptlen - authsize; 575 576 crypto_xor(auth_tag, iauth_tag, 16); 577 scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0); 578 return memcmp(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0; 579 } 580 581 static void gcm_decrypt_done(struct crypto_async_request *areq, int err) 582 { 583 struct aead_request *req = areq->data; 584 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 585 586 if (!err) 587 err = crypto_gcm_verify(req, pctx); 588 589 aead_request_complete(req, err); 590 } 591 592 static void gcm_dec_hash_done(struct aead_request *req, int err) 593 { 594 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 595 struct ablkcipher_request *abreq = &pctx->u.abreq; 596 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 597 598 if (!err) { 599 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 600 gcm_decrypt_done, req); 601 crypto_gcm_init_crypt(abreq, req, gctx->cryptlen); 602 err = crypto_ablkcipher_decrypt(abreq); 603 if (err == -EINPROGRESS || err == -EBUSY) 604 return; 605 else if (!err) 606 err = crypto_gcm_verify(req, pctx); 607 } 608 609 aead_request_complete(req, err); 610 } 611 612 static int crypto_gcm_decrypt(struct aead_request *req) 613 { 614 struct crypto_aead *aead = crypto_aead_reqtfm(req); 615 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 616 struct ablkcipher_request *abreq = &pctx->u.abreq; 617 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 618 unsigned int authsize = crypto_aead_authsize(aead); 619 unsigned int cryptlen = req->cryptlen; 620 int err; 621 622 if (cryptlen < authsize) 623 return -EINVAL; 624 cryptlen -= authsize; 625 626 gctx->src = req->src; 627 gctx->cryptlen = cryptlen; 628 gctx->complete = gcm_dec_hash_done; 629 630 err = gcm_hash(req, pctx); 631 if (err) 632 return err; 633 634 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 635 gcm_decrypt_done, req); 636 crypto_gcm_init_crypt(abreq, req, cryptlen); 637 err = crypto_ablkcipher_decrypt(abreq); 638 if (err) 639 return err; 640 641 return crypto_gcm_verify(req, pctx); 642 } 643 644 static int crypto_gcm_init_tfm(struct crypto_tfm *tfm) 645 { 646 struct crypto_instance *inst = (void *)tfm->__crt_alg; 647 struct gcm_instance_ctx *ictx = crypto_instance_ctx(inst); 648 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm); 649 struct crypto_ablkcipher *ctr; 650 struct crypto_ahash *ghash; 651 unsigned long align; 652 int err; 653 654 ghash = crypto_spawn_ahash(&ictx->ghash); 655 if (IS_ERR(ghash)) 656 return PTR_ERR(ghash); 657 658 ctr = crypto_spawn_skcipher(&ictx->ctr); 659 err = PTR_ERR(ctr); 660 if (IS_ERR(ctr)) 661 goto err_free_hash; 662 663 ctx->ctr = ctr; 664 ctx->ghash = ghash; 665 666 align = crypto_tfm_alg_alignmask(tfm); 667 align &= ~(crypto_tfm_ctx_alignment() - 1); 668 tfm->crt_aead.reqsize = align + 669 offsetof(struct crypto_gcm_req_priv_ctx, u) + 670 max(sizeof(struct ablkcipher_request) + 671 crypto_ablkcipher_reqsize(ctr), 672 sizeof(struct ahash_request) + 673 crypto_ahash_reqsize(ghash)); 674 675 return 0; 676 677 err_free_hash: 678 crypto_free_ahash(ghash); 679 return err; 680 } 681 682 static void crypto_gcm_exit_tfm(struct crypto_tfm *tfm) 683 { 684 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm); 685 686 crypto_free_ahash(ctx->ghash); 687 crypto_free_ablkcipher(ctx->ctr); 688 } 689 690 static struct crypto_instance *crypto_gcm_alloc_common(struct rtattr **tb, 691 const char *full_name, 692 const char *ctr_name, 693 const char *ghash_name) 694 { 695 struct crypto_attr_type *algt; 696 struct crypto_instance *inst; 697 struct crypto_alg *ctr; 698 struct crypto_alg *ghash_alg; 699 struct ahash_alg *ghash_ahash_alg; 700 struct gcm_instance_ctx *ctx; 701 int err; 702 703 algt = crypto_get_attr_type(tb); 704 if (IS_ERR(algt)) 705 return ERR_CAST(algt); 706 707 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 708 return ERR_PTR(-EINVAL); 709 710 ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, 711 CRYPTO_ALG_TYPE_HASH, 712 CRYPTO_ALG_TYPE_AHASH_MASK); 713 if (IS_ERR(ghash_alg)) 714 return ERR_CAST(ghash_alg); 715 716 err = -ENOMEM; 717 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 718 if (!inst) 719 goto out_put_ghash; 720 721 ctx = crypto_instance_ctx(inst); 722 ghash_ahash_alg = container_of(ghash_alg, struct ahash_alg, halg.base); 723 err = crypto_init_ahash_spawn(&ctx->ghash, &ghash_ahash_alg->halg, 724 inst); 725 if (err) 726 goto err_free_inst; 727 728 crypto_set_skcipher_spawn(&ctx->ctr, inst); 729 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0, 730 crypto_requires_sync(algt->type, 731 algt->mask)); 732 if (err) 733 goto err_drop_ghash; 734 735 ctr = crypto_skcipher_spawn_alg(&ctx->ctr); 736 737 /* We only support 16-byte blocks. */ 738 if (ctr->cra_ablkcipher.ivsize != 16) 739 goto out_put_ctr; 740 741 /* Not a stream cipher? */ 742 err = -EINVAL; 743 if (ctr->cra_blocksize != 1) 744 goto out_put_ctr; 745 746 err = -ENAMETOOLONG; 747 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 748 "gcm_base(%s,%s)", ctr->cra_driver_name, 749 ghash_alg->cra_driver_name) >= 750 CRYPTO_MAX_ALG_NAME) 751 goto out_put_ctr; 752 753 memcpy(inst->alg.cra_name, full_name, CRYPTO_MAX_ALG_NAME); 754 755 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 756 inst->alg.cra_flags |= ctr->cra_flags & CRYPTO_ALG_ASYNC; 757 inst->alg.cra_priority = ctr->cra_priority; 758 inst->alg.cra_blocksize = 1; 759 inst->alg.cra_alignmask = ctr->cra_alignmask | (__alignof__(u64) - 1); 760 inst->alg.cra_type = &crypto_aead_type; 761 inst->alg.cra_aead.ivsize = 16; 762 inst->alg.cra_aead.maxauthsize = 16; 763 inst->alg.cra_ctxsize = sizeof(struct crypto_gcm_ctx); 764 inst->alg.cra_init = crypto_gcm_init_tfm; 765 inst->alg.cra_exit = crypto_gcm_exit_tfm; 766 inst->alg.cra_aead.setkey = crypto_gcm_setkey; 767 inst->alg.cra_aead.setauthsize = crypto_gcm_setauthsize; 768 inst->alg.cra_aead.encrypt = crypto_gcm_encrypt; 769 inst->alg.cra_aead.decrypt = crypto_gcm_decrypt; 770 771 out: 772 crypto_mod_put(ghash_alg); 773 return inst; 774 775 out_put_ctr: 776 crypto_drop_skcipher(&ctx->ctr); 777 err_drop_ghash: 778 crypto_drop_ahash(&ctx->ghash); 779 err_free_inst: 780 kfree(inst); 781 out_put_ghash: 782 inst = ERR_PTR(err); 783 goto out; 784 } 785 786 static struct crypto_instance *crypto_gcm_alloc(struct rtattr **tb) 787 { 788 const char *cipher_name; 789 char ctr_name[CRYPTO_MAX_ALG_NAME]; 790 char full_name[CRYPTO_MAX_ALG_NAME]; 791 792 cipher_name = crypto_attr_alg_name(tb[1]); 793 if (IS_ERR(cipher_name)) 794 return ERR_CAST(cipher_name); 795 796 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >= 797 CRYPTO_MAX_ALG_NAME) 798 return ERR_PTR(-ENAMETOOLONG); 799 800 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >= 801 CRYPTO_MAX_ALG_NAME) 802 return ERR_PTR(-ENAMETOOLONG); 803 804 return crypto_gcm_alloc_common(tb, full_name, ctr_name, "ghash"); 805 } 806 807 static void crypto_gcm_free(struct crypto_instance *inst) 808 { 809 struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst); 810 811 crypto_drop_skcipher(&ctx->ctr); 812 crypto_drop_ahash(&ctx->ghash); 813 kfree(inst); 814 } 815 816 static struct crypto_template crypto_gcm_tmpl = { 817 .name = "gcm", 818 .alloc = crypto_gcm_alloc, 819 .free = crypto_gcm_free, 820 .module = THIS_MODULE, 821 }; 822 823 static struct crypto_instance *crypto_gcm_base_alloc(struct rtattr **tb) 824 { 825 const char *ctr_name; 826 const char *ghash_name; 827 char full_name[CRYPTO_MAX_ALG_NAME]; 828 829 ctr_name = crypto_attr_alg_name(tb[1]); 830 if (IS_ERR(ctr_name)) 831 return ERR_CAST(ctr_name); 832 833 ghash_name = crypto_attr_alg_name(tb[2]); 834 if (IS_ERR(ghash_name)) 835 return ERR_CAST(ghash_name); 836 837 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)", 838 ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME) 839 return ERR_PTR(-ENAMETOOLONG); 840 841 return crypto_gcm_alloc_common(tb, full_name, ctr_name, ghash_name); 842 } 843 844 static struct crypto_template crypto_gcm_base_tmpl = { 845 .name = "gcm_base", 846 .alloc = crypto_gcm_base_alloc, 847 .free = crypto_gcm_free, 848 .module = THIS_MODULE, 849 }; 850 851 static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, 852 unsigned int keylen) 853 { 854 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 855 struct crypto_aead *child = ctx->child; 856 int err; 857 858 if (keylen < 4) 859 return -EINVAL; 860 861 keylen -= 4; 862 memcpy(ctx->nonce, key + keylen, 4); 863 864 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 865 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 866 CRYPTO_TFM_REQ_MASK); 867 err = crypto_aead_setkey(child, key, keylen); 868 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 869 CRYPTO_TFM_RES_MASK); 870 871 return err; 872 } 873 874 static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, 875 unsigned int authsize) 876 { 877 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 878 879 switch (authsize) { 880 case 8: 881 case 12: 882 case 16: 883 break; 884 default: 885 return -EINVAL; 886 } 887 888 return crypto_aead_setauthsize(ctx->child, authsize); 889 } 890 891 static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) 892 { 893 struct aead_request *subreq = aead_request_ctx(req); 894 struct crypto_aead *aead = crypto_aead_reqtfm(req); 895 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead); 896 struct crypto_aead *child = ctx->child; 897 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child), 898 crypto_aead_alignmask(child) + 1); 899 900 memcpy(iv, ctx->nonce, 4); 901 memcpy(iv + 4, req->iv, 8); 902 903 aead_request_set_tfm(subreq, child); 904 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 905 req->base.data); 906 aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, iv); 907 aead_request_set_assoc(subreq, req->assoc, req->assoclen); 908 909 return subreq; 910 } 911 912 static int crypto_rfc4106_encrypt(struct aead_request *req) 913 { 914 req = crypto_rfc4106_crypt(req); 915 916 return crypto_aead_encrypt(req); 917 } 918 919 static int crypto_rfc4106_decrypt(struct aead_request *req) 920 { 921 req = crypto_rfc4106_crypt(req); 922 923 return crypto_aead_decrypt(req); 924 } 925 926 static int crypto_rfc4106_init_tfm(struct crypto_tfm *tfm) 927 { 928 struct crypto_instance *inst = (void *)tfm->__crt_alg; 929 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst); 930 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm); 931 struct crypto_aead *aead; 932 unsigned long align; 933 934 aead = crypto_spawn_aead(spawn); 935 if (IS_ERR(aead)) 936 return PTR_ERR(aead); 937 938 ctx->child = aead; 939 940 align = crypto_aead_alignmask(aead); 941 align &= ~(crypto_tfm_ctx_alignment() - 1); 942 tfm->crt_aead.reqsize = sizeof(struct aead_request) + 943 ALIGN(crypto_aead_reqsize(aead), 944 crypto_tfm_ctx_alignment()) + 945 align + 16; 946 947 return 0; 948 } 949 950 static void crypto_rfc4106_exit_tfm(struct crypto_tfm *tfm) 951 { 952 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm); 953 954 crypto_free_aead(ctx->child); 955 } 956 957 static struct crypto_instance *crypto_rfc4106_alloc(struct rtattr **tb) 958 { 959 struct crypto_attr_type *algt; 960 struct crypto_instance *inst; 961 struct crypto_aead_spawn *spawn; 962 struct crypto_alg *alg; 963 const char *ccm_name; 964 int err; 965 966 algt = crypto_get_attr_type(tb); 967 if (IS_ERR(algt)) 968 return ERR_CAST(algt); 969 970 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 971 return ERR_PTR(-EINVAL); 972 973 ccm_name = crypto_attr_alg_name(tb[1]); 974 if (IS_ERR(ccm_name)) 975 return ERR_CAST(ccm_name); 976 977 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 978 if (!inst) 979 return ERR_PTR(-ENOMEM); 980 981 spawn = crypto_instance_ctx(inst); 982 crypto_set_aead_spawn(spawn, inst); 983 err = crypto_grab_aead(spawn, ccm_name, 0, 984 crypto_requires_sync(algt->type, algt->mask)); 985 if (err) 986 goto out_free_inst; 987 988 alg = crypto_aead_spawn_alg(spawn); 989 990 err = -EINVAL; 991 992 /* We only support 16-byte blocks. */ 993 if (alg->cra_aead.ivsize != 16) 994 goto out_drop_alg; 995 996 /* Not a stream cipher? */ 997 if (alg->cra_blocksize != 1) 998 goto out_drop_alg; 999 1000 err = -ENAMETOOLONG; 1001 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, 1002 "rfc4106(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME || 1003 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1004 "rfc4106(%s)", alg->cra_driver_name) >= 1005 CRYPTO_MAX_ALG_NAME) 1006 goto out_drop_alg; 1007 1008 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 1009 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; 1010 inst->alg.cra_priority = alg->cra_priority; 1011 inst->alg.cra_blocksize = 1; 1012 inst->alg.cra_alignmask = alg->cra_alignmask; 1013 inst->alg.cra_type = &crypto_nivaead_type; 1014 1015 inst->alg.cra_aead.ivsize = 8; 1016 inst->alg.cra_aead.maxauthsize = 16; 1017 1018 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx); 1019 1020 inst->alg.cra_init = crypto_rfc4106_init_tfm; 1021 inst->alg.cra_exit = crypto_rfc4106_exit_tfm; 1022 1023 inst->alg.cra_aead.setkey = crypto_rfc4106_setkey; 1024 inst->alg.cra_aead.setauthsize = crypto_rfc4106_setauthsize; 1025 inst->alg.cra_aead.encrypt = crypto_rfc4106_encrypt; 1026 inst->alg.cra_aead.decrypt = crypto_rfc4106_decrypt; 1027 1028 inst->alg.cra_aead.geniv = "seqiv"; 1029 1030 out: 1031 return inst; 1032 1033 out_drop_alg: 1034 crypto_drop_aead(spawn); 1035 out_free_inst: 1036 kfree(inst); 1037 inst = ERR_PTR(err); 1038 goto out; 1039 } 1040 1041 static void crypto_rfc4106_free(struct crypto_instance *inst) 1042 { 1043 crypto_drop_spawn(crypto_instance_ctx(inst)); 1044 kfree(inst); 1045 } 1046 1047 static struct crypto_template crypto_rfc4106_tmpl = { 1048 .name = "rfc4106", 1049 .alloc = crypto_rfc4106_alloc, 1050 .free = crypto_rfc4106_free, 1051 .module = THIS_MODULE, 1052 }; 1053 1054 static inline struct crypto_rfc4543_req_ctx *crypto_rfc4543_reqctx( 1055 struct aead_request *req) 1056 { 1057 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 1058 1059 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 1060 } 1061 1062 static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, 1063 unsigned int keylen) 1064 { 1065 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1066 struct crypto_aead *child = ctx->child; 1067 int err; 1068 1069 if (keylen < 4) 1070 return -EINVAL; 1071 1072 keylen -= 4; 1073 memcpy(ctx->nonce, key + keylen, 4); 1074 1075 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 1076 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 1077 CRYPTO_TFM_REQ_MASK); 1078 err = crypto_aead_setkey(child, key, keylen); 1079 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 1080 CRYPTO_TFM_RES_MASK); 1081 1082 return err; 1083 } 1084 1085 static int crypto_rfc4543_setauthsize(struct crypto_aead *parent, 1086 unsigned int authsize) 1087 { 1088 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1089 1090 if (authsize != 16) 1091 return -EINVAL; 1092 1093 return crypto_aead_setauthsize(ctx->child, authsize); 1094 } 1095 1096 static struct aead_request *crypto_rfc4543_crypt(struct aead_request *req, 1097 int enc) 1098 { 1099 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1100 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1101 struct crypto_rfc4543_req_ctx *rctx = crypto_rfc4543_reqctx(req); 1102 struct aead_request *subreq = &rctx->subreq; 1103 struct scatterlist *dst = req->dst; 1104 struct scatterlist *cipher = rctx->cipher; 1105 struct scatterlist *payload = rctx->payload; 1106 struct scatterlist *assoc = rctx->assoc; 1107 unsigned int authsize = crypto_aead_authsize(aead); 1108 unsigned int assoclen = req->assoclen; 1109 struct page *dstp; 1110 u8 *vdst; 1111 u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child), 1112 crypto_aead_alignmask(ctx->child) + 1); 1113 1114 memcpy(iv, ctx->nonce, 4); 1115 memcpy(iv + 4, req->iv, 8); 1116 1117 /* construct cipher/plaintext */ 1118 if (enc) 1119 memset(rctx->auth_tag, 0, authsize); 1120 else 1121 scatterwalk_map_and_copy(rctx->auth_tag, dst, 1122 req->cryptlen - authsize, 1123 authsize, 0); 1124 1125 sg_init_one(cipher, rctx->auth_tag, authsize); 1126 1127 /* construct the aad */ 1128 dstp = sg_page(dst); 1129 vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; 1130 1131 sg_init_table(payload, 2); 1132 sg_set_buf(payload, req->iv, 8); 1133 scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2); 1134 assoclen += 8 + req->cryptlen - (enc ? 0 : authsize); 1135 1136 sg_init_table(assoc, 2); 1137 sg_set_page(assoc, sg_page(req->assoc), req->assoc->length, 1138 req->assoc->offset); 1139 scatterwalk_crypto_chain(assoc, payload, 0, 2); 1140 1141 aead_request_set_tfm(subreq, ctx->child); 1142 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 1143 req->base.data); 1144 aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); 1145 aead_request_set_assoc(subreq, assoc, assoclen); 1146 1147 return subreq; 1148 } 1149 1150 static int crypto_rfc4543_encrypt(struct aead_request *req) 1151 { 1152 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1153 struct crypto_rfc4543_req_ctx *rctx = crypto_rfc4543_reqctx(req); 1154 struct aead_request *subreq; 1155 int err; 1156 1157 subreq = crypto_rfc4543_crypt(req, 1); 1158 err = crypto_aead_encrypt(subreq); 1159 if (err) 1160 return err; 1161 1162 scatterwalk_map_and_copy(rctx->auth_tag, req->dst, req->cryptlen, 1163 crypto_aead_authsize(aead), 1); 1164 1165 return 0; 1166 } 1167 1168 static int crypto_rfc4543_decrypt(struct aead_request *req) 1169 { 1170 req = crypto_rfc4543_crypt(req, 0); 1171 1172 return crypto_aead_decrypt(req); 1173 } 1174 1175 static int crypto_rfc4543_init_tfm(struct crypto_tfm *tfm) 1176 { 1177 struct crypto_instance *inst = (void *)tfm->__crt_alg; 1178 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst); 1179 struct crypto_rfc4543_ctx *ctx = crypto_tfm_ctx(tfm); 1180 struct crypto_aead *aead; 1181 unsigned long align; 1182 1183 aead = crypto_spawn_aead(spawn); 1184 if (IS_ERR(aead)) 1185 return PTR_ERR(aead); 1186 1187 ctx->child = aead; 1188 1189 align = crypto_aead_alignmask(aead); 1190 align &= ~(crypto_tfm_ctx_alignment() - 1); 1191 tfm->crt_aead.reqsize = sizeof(struct crypto_rfc4543_req_ctx) + 1192 ALIGN(crypto_aead_reqsize(aead), 1193 crypto_tfm_ctx_alignment()) + 1194 align + 16; 1195 1196 return 0; 1197 } 1198 1199 static void crypto_rfc4543_exit_tfm(struct crypto_tfm *tfm) 1200 { 1201 struct crypto_rfc4543_ctx *ctx = crypto_tfm_ctx(tfm); 1202 1203 crypto_free_aead(ctx->child); 1204 } 1205 1206 static struct crypto_instance *crypto_rfc4543_alloc(struct rtattr **tb) 1207 { 1208 struct crypto_attr_type *algt; 1209 struct crypto_instance *inst; 1210 struct crypto_aead_spawn *spawn; 1211 struct crypto_alg *alg; 1212 const char *ccm_name; 1213 int err; 1214 1215 algt = crypto_get_attr_type(tb); 1216 if (IS_ERR(algt)) 1217 return ERR_CAST(algt); 1218 1219 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 1220 return ERR_PTR(-EINVAL); 1221 1222 ccm_name = crypto_attr_alg_name(tb[1]); 1223 if (IS_ERR(ccm_name)) 1224 return ERR_CAST(ccm_name); 1225 1226 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 1227 if (!inst) 1228 return ERR_PTR(-ENOMEM); 1229 1230 spawn = crypto_instance_ctx(inst); 1231 crypto_set_aead_spawn(spawn, inst); 1232 err = crypto_grab_aead(spawn, ccm_name, 0, 1233 crypto_requires_sync(algt->type, algt->mask)); 1234 if (err) 1235 goto out_free_inst; 1236 1237 alg = crypto_aead_spawn_alg(spawn); 1238 1239 err = -EINVAL; 1240 1241 /* We only support 16-byte blocks. */ 1242 if (alg->cra_aead.ivsize != 16) 1243 goto out_drop_alg; 1244 1245 /* Not a stream cipher? */ 1246 if (alg->cra_blocksize != 1) 1247 goto out_drop_alg; 1248 1249 err = -ENAMETOOLONG; 1250 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, 1251 "rfc4543(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME || 1252 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1253 "rfc4543(%s)", alg->cra_driver_name) >= 1254 CRYPTO_MAX_ALG_NAME) 1255 goto out_drop_alg; 1256 1257 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 1258 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; 1259 inst->alg.cra_priority = alg->cra_priority; 1260 inst->alg.cra_blocksize = 1; 1261 inst->alg.cra_alignmask = alg->cra_alignmask; 1262 inst->alg.cra_type = &crypto_nivaead_type; 1263 1264 inst->alg.cra_aead.ivsize = 8; 1265 inst->alg.cra_aead.maxauthsize = 16; 1266 1267 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx); 1268 1269 inst->alg.cra_init = crypto_rfc4543_init_tfm; 1270 inst->alg.cra_exit = crypto_rfc4543_exit_tfm; 1271 1272 inst->alg.cra_aead.setkey = crypto_rfc4543_setkey; 1273 inst->alg.cra_aead.setauthsize = crypto_rfc4543_setauthsize; 1274 inst->alg.cra_aead.encrypt = crypto_rfc4543_encrypt; 1275 inst->alg.cra_aead.decrypt = crypto_rfc4543_decrypt; 1276 1277 inst->alg.cra_aead.geniv = "seqiv"; 1278 1279 out: 1280 return inst; 1281 1282 out_drop_alg: 1283 crypto_drop_aead(spawn); 1284 out_free_inst: 1285 kfree(inst); 1286 inst = ERR_PTR(err); 1287 goto out; 1288 } 1289 1290 static void crypto_rfc4543_free(struct crypto_instance *inst) 1291 { 1292 crypto_drop_spawn(crypto_instance_ctx(inst)); 1293 kfree(inst); 1294 } 1295 1296 static struct crypto_template crypto_rfc4543_tmpl = { 1297 .name = "rfc4543", 1298 .alloc = crypto_rfc4543_alloc, 1299 .free = crypto_rfc4543_free, 1300 .module = THIS_MODULE, 1301 }; 1302 1303 static int __init crypto_gcm_module_init(void) 1304 { 1305 int err; 1306 1307 gcm_zeroes = kzalloc(16, GFP_KERNEL); 1308 if (!gcm_zeroes) 1309 return -ENOMEM; 1310 1311 err = crypto_register_template(&crypto_gcm_base_tmpl); 1312 if (err) 1313 goto out; 1314 1315 err = crypto_register_template(&crypto_gcm_tmpl); 1316 if (err) 1317 goto out_undo_base; 1318 1319 err = crypto_register_template(&crypto_rfc4106_tmpl); 1320 if (err) 1321 goto out_undo_gcm; 1322 1323 err = crypto_register_template(&crypto_rfc4543_tmpl); 1324 if (err) 1325 goto out_undo_rfc4106; 1326 1327 return 0; 1328 1329 out_undo_rfc4106: 1330 crypto_unregister_template(&crypto_rfc4106_tmpl); 1331 out_undo_gcm: 1332 crypto_unregister_template(&crypto_gcm_tmpl); 1333 out_undo_base: 1334 crypto_unregister_template(&crypto_gcm_base_tmpl); 1335 out: 1336 kfree(gcm_zeroes); 1337 return err; 1338 } 1339 1340 static void __exit crypto_gcm_module_exit(void) 1341 { 1342 kfree(gcm_zeroes); 1343 crypto_unregister_template(&crypto_rfc4543_tmpl); 1344 crypto_unregister_template(&crypto_rfc4106_tmpl); 1345 crypto_unregister_template(&crypto_gcm_tmpl); 1346 crypto_unregister_template(&crypto_gcm_base_tmpl); 1347 } 1348 1349 module_init(crypto_gcm_module_init); 1350 module_exit(crypto_gcm_module_exit); 1351 1352 MODULE_LICENSE("GPL"); 1353 MODULE_DESCRIPTION("Galois/Counter Mode"); 1354 MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>"); 1355 MODULE_ALIAS("gcm_base"); 1356 MODULE_ALIAS("rfc4106"); 1357 MODULE_ALIAS("rfc4543"); 1358