1 /* 2 * GCM: Galois/Counter Mode. 3 * 4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published 8 * by the Free Software Foundation. 9 */ 10 11 #include <crypto/gf128mul.h> 12 #include <crypto/internal/aead.h> 13 #include <crypto/internal/skcipher.h> 14 #include <crypto/internal/hash.h> 15 #include <crypto/null.h> 16 #include <crypto/scatterwalk.h> 17 #include <crypto/hash.h> 18 #include "internal.h" 19 #include <linux/completion.h> 20 #include <linux/err.h> 21 #include <linux/init.h> 22 #include <linux/kernel.h> 23 #include <linux/module.h> 24 #include <linux/slab.h> 25 26 struct gcm_instance_ctx { 27 struct crypto_skcipher_spawn ctr; 28 struct crypto_ahash_spawn ghash; 29 }; 30 31 struct crypto_gcm_ctx { 32 struct crypto_skcipher *ctr; 33 struct crypto_ahash *ghash; 34 }; 35 36 struct crypto_rfc4106_ctx { 37 struct crypto_aead *child; 38 u8 nonce[4]; 39 }; 40 41 struct crypto_rfc4106_req_ctx { 42 struct scatterlist src[3]; 43 struct scatterlist dst[3]; 44 struct aead_request subreq; 45 }; 46 47 struct crypto_rfc4543_instance_ctx { 48 struct crypto_aead_spawn aead; 49 }; 50 51 struct crypto_rfc4543_ctx { 52 struct crypto_aead *child; 53 struct crypto_skcipher *null; 54 u8 nonce[4]; 55 }; 56 57 struct crypto_rfc4543_req_ctx { 58 struct aead_request subreq; 59 }; 60 61 struct crypto_gcm_ghash_ctx { 62 unsigned int cryptlen; 63 struct scatterlist *src; 64 int (*complete)(struct aead_request *req, u32 flags); 65 }; 66 67 struct crypto_gcm_req_priv_ctx { 68 u8 iv[16]; 69 u8 auth_tag[16]; 70 u8 iauth_tag[16]; 71 struct scatterlist src[3]; 72 struct scatterlist dst[3]; 73 struct scatterlist sg; 74 struct crypto_gcm_ghash_ctx ghash_ctx; 75 union { 76 struct ahash_request ahreq; 77 struct skcipher_request skreq; 78 } u; 79 }; 80 81 struct crypto_gcm_setkey_result { 82 int err; 83 struct completion completion; 84 }; 85 86 static struct { 87 u8 buf[16]; 88 struct scatterlist sg; 89 } *gcm_zeroes; 90 91 static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc); 92 93 static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 94 struct aead_request *req) 95 { 96 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 97 98 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 99 } 100 101 static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err) 102 { 103 struct crypto_gcm_setkey_result *result = req->data; 104 105 if (err == -EINPROGRESS) 106 return; 107 108 result->err = err; 109 complete(&result->completion); 110 } 111 112 static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, 113 unsigned int keylen) 114 { 115 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 116 struct crypto_ahash *ghash = ctx->ghash; 117 struct crypto_skcipher *ctr = ctx->ctr; 118 struct { 119 be128 hash; 120 u8 iv[16]; 121 122 struct crypto_gcm_setkey_result result; 123 124 struct scatterlist sg[1]; 125 struct skcipher_request req; 126 } *data; 127 int err; 128 129 crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); 130 crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) & 131 CRYPTO_TFM_REQ_MASK); 132 err = crypto_skcipher_setkey(ctr, key, keylen); 133 crypto_aead_set_flags(aead, crypto_skcipher_get_flags(ctr) & 134 CRYPTO_TFM_RES_MASK); 135 if (err) 136 return err; 137 138 data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr), 139 GFP_KERNEL); 140 if (!data) 141 return -ENOMEM; 142 143 init_completion(&data->result.completion); 144 sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 145 skcipher_request_set_tfm(&data->req, ctr); 146 skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 147 CRYPTO_TFM_REQ_MAY_BACKLOG, 148 crypto_gcm_setkey_done, 149 &data->result); 150 skcipher_request_set_crypt(&data->req, data->sg, data->sg, 151 sizeof(data->hash), data->iv); 152 153 err = crypto_skcipher_encrypt(&data->req); 154 if (err == -EINPROGRESS || err == -EBUSY) { 155 wait_for_completion(&data->result.completion); 156 err = data->result.err; 157 } 158 159 if (err) 160 goto out; 161 162 crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 163 crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 164 CRYPTO_TFM_REQ_MASK); 165 err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 166 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) & 167 CRYPTO_TFM_RES_MASK); 168 169 out: 170 kzfree(data); 171 return err; 172 } 173 174 static int crypto_gcm_setauthsize(struct crypto_aead *tfm, 175 unsigned int authsize) 176 { 177 switch (authsize) { 178 case 4: 179 case 8: 180 case 12: 181 case 13: 182 case 14: 183 case 15: 184 case 16: 185 break; 186 default: 187 return -EINVAL; 188 } 189 190 return 0; 191 } 192 193 static void crypto_gcm_init_common(struct aead_request *req) 194 { 195 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 196 __be32 counter = cpu_to_be32(1); 197 struct scatterlist *sg; 198 199 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag)); 200 memcpy(pctx->iv, req->iv, 12); 201 memcpy(pctx->iv + 12, &counter, 4); 202 203 sg_init_table(pctx->src, 3); 204 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag)); 205 sg = scatterwalk_ffwd(pctx->src + 1, req->src, req->assoclen); 206 if (sg != pctx->src + 1) 207 sg_chain(pctx->src, 2, sg); 208 209 if (req->src != req->dst) { 210 sg_init_table(pctx->dst, 3); 211 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag)); 212 sg = scatterwalk_ffwd(pctx->dst + 1, req->dst, req->assoclen); 213 if (sg != pctx->dst + 1) 214 sg_chain(pctx->dst, 2, sg); 215 } 216 } 217 218 static void crypto_gcm_init_crypt(struct aead_request *req, 219 unsigned int cryptlen) 220 { 221 struct crypto_aead *aead = crypto_aead_reqtfm(req); 222 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 223 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 224 struct skcipher_request *skreq = &pctx->u.skreq; 225 struct scatterlist *dst; 226 227 dst = req->src == req->dst ? pctx->src : pctx->dst; 228 229 skcipher_request_set_tfm(skreq, ctx->ctr); 230 skcipher_request_set_crypt(skreq, pctx->src, dst, 231 cryptlen + sizeof(pctx->auth_tag), 232 pctx->iv); 233 } 234 235 static inline unsigned int gcm_remain(unsigned int len) 236 { 237 len &= 0xfU; 238 return len ? 16 - len : 0; 239 } 240 241 static void gcm_hash_len_done(struct crypto_async_request *areq, int err); 242 243 static int gcm_hash_update(struct aead_request *req, 244 crypto_completion_t compl, 245 struct scatterlist *src, 246 unsigned int len, u32 flags) 247 { 248 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 249 struct ahash_request *ahreq = &pctx->u.ahreq; 250 251 ahash_request_set_callback(ahreq, flags, compl, req); 252 ahash_request_set_crypt(ahreq, src, NULL, len); 253 254 return crypto_ahash_update(ahreq); 255 } 256 257 static int gcm_hash_remain(struct aead_request *req, 258 unsigned int remain, 259 crypto_completion_t compl, u32 flags) 260 { 261 return gcm_hash_update(req, compl, &gcm_zeroes->sg, remain, flags); 262 } 263 264 static int gcm_hash_len(struct aead_request *req, u32 flags) 265 { 266 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 267 struct ahash_request *ahreq = &pctx->u.ahreq; 268 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 269 u128 lengths; 270 271 lengths.a = cpu_to_be64(req->assoclen * 8); 272 lengths.b = cpu_to_be64(gctx->cryptlen * 8); 273 memcpy(pctx->iauth_tag, &lengths, 16); 274 sg_init_one(&pctx->sg, pctx->iauth_tag, 16); 275 ahash_request_set_callback(ahreq, flags, gcm_hash_len_done, req); 276 ahash_request_set_crypt(ahreq, &pctx->sg, 277 pctx->iauth_tag, sizeof(lengths)); 278 279 return crypto_ahash_finup(ahreq); 280 } 281 282 static int gcm_hash_len_continue(struct aead_request *req, u32 flags) 283 { 284 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 285 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 286 287 return gctx->complete(req, flags); 288 } 289 290 static void gcm_hash_len_done(struct crypto_async_request *areq, int err) 291 { 292 struct aead_request *req = areq->data; 293 294 if (err) 295 goto out; 296 297 err = gcm_hash_len_continue(req, 0); 298 if (err == -EINPROGRESS) 299 return; 300 301 out: 302 aead_request_complete(req, err); 303 } 304 305 static int gcm_hash_crypt_remain_continue(struct aead_request *req, u32 flags) 306 { 307 return gcm_hash_len(req, flags) ?: 308 gcm_hash_len_continue(req, flags); 309 } 310 311 static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq, 312 int err) 313 { 314 struct aead_request *req = areq->data; 315 316 if (err) 317 goto out; 318 319 err = gcm_hash_crypt_remain_continue(req, 0); 320 if (err == -EINPROGRESS) 321 return; 322 323 out: 324 aead_request_complete(req, err); 325 } 326 327 static int gcm_hash_crypt_continue(struct aead_request *req, u32 flags) 328 { 329 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 330 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 331 unsigned int remain; 332 333 remain = gcm_remain(gctx->cryptlen); 334 if (remain) 335 return gcm_hash_remain(req, remain, 336 gcm_hash_crypt_remain_done, flags) ?: 337 gcm_hash_crypt_remain_continue(req, flags); 338 339 return gcm_hash_crypt_remain_continue(req, flags); 340 } 341 342 static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err) 343 { 344 struct aead_request *req = areq->data; 345 346 if (err) 347 goto out; 348 349 err = gcm_hash_crypt_continue(req, 0); 350 if (err == -EINPROGRESS) 351 return; 352 353 out: 354 aead_request_complete(req, err); 355 } 356 357 static int gcm_hash_assoc_remain_continue(struct aead_request *req, u32 flags) 358 { 359 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 360 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 361 362 if (gctx->cryptlen) 363 return gcm_hash_update(req, gcm_hash_crypt_done, 364 gctx->src, gctx->cryptlen, flags) ?: 365 gcm_hash_crypt_continue(req, flags); 366 367 return gcm_hash_crypt_remain_continue(req, flags); 368 } 369 370 static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq, 371 int err) 372 { 373 struct aead_request *req = areq->data; 374 375 if (err) 376 goto out; 377 378 err = gcm_hash_assoc_remain_continue(req, 0); 379 if (err == -EINPROGRESS) 380 return; 381 382 out: 383 aead_request_complete(req, err); 384 } 385 386 static int gcm_hash_assoc_continue(struct aead_request *req, u32 flags) 387 { 388 unsigned int remain; 389 390 remain = gcm_remain(req->assoclen); 391 if (remain) 392 return gcm_hash_remain(req, remain, 393 gcm_hash_assoc_remain_done, flags) ?: 394 gcm_hash_assoc_remain_continue(req, flags); 395 396 return gcm_hash_assoc_remain_continue(req, flags); 397 } 398 399 static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err) 400 { 401 struct aead_request *req = areq->data; 402 403 if (err) 404 goto out; 405 406 err = gcm_hash_assoc_continue(req, 0); 407 if (err == -EINPROGRESS) 408 return; 409 410 out: 411 aead_request_complete(req, err); 412 } 413 414 static int gcm_hash_init_continue(struct aead_request *req, u32 flags) 415 { 416 if (req->assoclen) 417 return gcm_hash_update(req, gcm_hash_assoc_done, 418 req->src, req->assoclen, flags) ?: 419 gcm_hash_assoc_continue(req, flags); 420 421 return gcm_hash_assoc_remain_continue(req, flags); 422 } 423 424 static void gcm_hash_init_done(struct crypto_async_request *areq, int err) 425 { 426 struct aead_request *req = areq->data; 427 428 if (err) 429 goto out; 430 431 err = gcm_hash_init_continue(req, 0); 432 if (err == -EINPROGRESS) 433 return; 434 435 out: 436 aead_request_complete(req, err); 437 } 438 439 static int gcm_hash(struct aead_request *req, u32 flags) 440 { 441 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 442 struct ahash_request *ahreq = &pctx->u.ahreq; 443 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 444 445 ahash_request_set_tfm(ahreq, ctx->ghash); 446 447 ahash_request_set_callback(ahreq, flags, gcm_hash_init_done, req); 448 return crypto_ahash_init(ahreq) ?: 449 gcm_hash_init_continue(req, flags); 450 } 451 452 static int gcm_enc_copy_hash(struct aead_request *req, u32 flags) 453 { 454 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 455 struct crypto_aead *aead = crypto_aead_reqtfm(req); 456 u8 *auth_tag = pctx->auth_tag; 457 458 crypto_xor(auth_tag, pctx->iauth_tag, 16); 459 scatterwalk_map_and_copy(auth_tag, req->dst, 460 req->assoclen + req->cryptlen, 461 crypto_aead_authsize(aead), 1); 462 return 0; 463 } 464 465 static int gcm_encrypt_continue(struct aead_request *req, u32 flags) 466 { 467 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 468 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 469 470 gctx->src = sg_next(req->src == req->dst ? pctx->src : pctx->dst); 471 gctx->cryptlen = req->cryptlen; 472 gctx->complete = gcm_enc_copy_hash; 473 474 return gcm_hash(req, flags); 475 } 476 477 static void gcm_encrypt_done(struct crypto_async_request *areq, int err) 478 { 479 struct aead_request *req = areq->data; 480 481 if (err) 482 goto out; 483 484 err = gcm_encrypt_continue(req, 0); 485 if (err == -EINPROGRESS) 486 return; 487 488 out: 489 aead_request_complete(req, err); 490 } 491 492 static int crypto_gcm_encrypt(struct aead_request *req) 493 { 494 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 495 struct skcipher_request *skreq = &pctx->u.skreq; 496 u32 flags = aead_request_flags(req); 497 498 crypto_gcm_init_common(req); 499 crypto_gcm_init_crypt(req, req->cryptlen); 500 skcipher_request_set_callback(skreq, flags, gcm_encrypt_done, req); 501 502 return crypto_skcipher_encrypt(skreq) ?: 503 gcm_encrypt_continue(req, flags); 504 } 505 506 static int crypto_gcm_verify(struct aead_request *req) 507 { 508 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 509 struct crypto_aead *aead = crypto_aead_reqtfm(req); 510 u8 *auth_tag = pctx->auth_tag; 511 u8 *iauth_tag = pctx->iauth_tag; 512 unsigned int authsize = crypto_aead_authsize(aead); 513 unsigned int cryptlen = req->cryptlen - authsize; 514 515 crypto_xor(auth_tag, iauth_tag, 16); 516 scatterwalk_map_and_copy(iauth_tag, req->src, 517 req->assoclen + cryptlen, authsize, 0); 518 return crypto_memneq(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0; 519 } 520 521 static void gcm_decrypt_done(struct crypto_async_request *areq, int err) 522 { 523 struct aead_request *req = areq->data; 524 525 if (!err) 526 err = crypto_gcm_verify(req); 527 528 aead_request_complete(req, err); 529 } 530 531 static int gcm_dec_hash_continue(struct aead_request *req, u32 flags) 532 { 533 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 534 struct skcipher_request *skreq = &pctx->u.skreq; 535 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 536 537 crypto_gcm_init_crypt(req, gctx->cryptlen); 538 skcipher_request_set_callback(skreq, flags, gcm_decrypt_done, req); 539 return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req); 540 } 541 542 static int crypto_gcm_decrypt(struct aead_request *req) 543 { 544 struct crypto_aead *aead = crypto_aead_reqtfm(req); 545 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 546 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 547 unsigned int authsize = crypto_aead_authsize(aead); 548 unsigned int cryptlen = req->cryptlen; 549 u32 flags = aead_request_flags(req); 550 551 cryptlen -= authsize; 552 553 crypto_gcm_init_common(req); 554 555 gctx->src = sg_next(pctx->src); 556 gctx->cryptlen = cryptlen; 557 gctx->complete = gcm_dec_hash_continue; 558 559 return gcm_hash(req, flags); 560 } 561 562 static int crypto_gcm_init_tfm(struct crypto_aead *tfm) 563 { 564 struct aead_instance *inst = aead_alg_instance(tfm); 565 struct gcm_instance_ctx *ictx = aead_instance_ctx(inst); 566 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 567 struct crypto_skcipher *ctr; 568 struct crypto_ahash *ghash; 569 unsigned long align; 570 int err; 571 572 ghash = crypto_spawn_ahash(&ictx->ghash); 573 if (IS_ERR(ghash)) 574 return PTR_ERR(ghash); 575 576 ctr = crypto_spawn_skcipher(&ictx->ctr); 577 err = PTR_ERR(ctr); 578 if (IS_ERR(ctr)) 579 goto err_free_hash; 580 581 ctx->ctr = ctr; 582 ctx->ghash = ghash; 583 584 align = crypto_aead_alignmask(tfm); 585 align &= ~(crypto_tfm_ctx_alignment() - 1); 586 crypto_aead_set_reqsize(tfm, 587 align + offsetof(struct crypto_gcm_req_priv_ctx, u) + 588 max(sizeof(struct skcipher_request) + 589 crypto_skcipher_reqsize(ctr), 590 sizeof(struct ahash_request) + 591 crypto_ahash_reqsize(ghash))); 592 593 return 0; 594 595 err_free_hash: 596 crypto_free_ahash(ghash); 597 return err; 598 } 599 600 static void crypto_gcm_exit_tfm(struct crypto_aead *tfm) 601 { 602 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 603 604 crypto_free_ahash(ctx->ghash); 605 crypto_free_skcipher(ctx->ctr); 606 } 607 608 static void crypto_gcm_free(struct aead_instance *inst) 609 { 610 struct gcm_instance_ctx *ctx = aead_instance_ctx(inst); 611 612 crypto_drop_skcipher(&ctx->ctr); 613 crypto_drop_ahash(&ctx->ghash); 614 kfree(inst); 615 } 616 617 static int crypto_gcm_create_common(struct crypto_template *tmpl, 618 struct rtattr **tb, 619 const char *full_name, 620 const char *ctr_name, 621 const char *ghash_name) 622 { 623 struct crypto_attr_type *algt; 624 struct aead_instance *inst; 625 struct skcipher_alg *ctr; 626 struct crypto_alg *ghash_alg; 627 struct hash_alg_common *ghash; 628 struct gcm_instance_ctx *ctx; 629 int err; 630 631 algt = crypto_get_attr_type(tb); 632 if (IS_ERR(algt)) 633 return PTR_ERR(algt); 634 635 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 636 return -EINVAL; 637 638 ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, 639 CRYPTO_ALG_TYPE_HASH, 640 CRYPTO_ALG_TYPE_AHASH_MASK | 641 crypto_requires_sync(algt->type, 642 algt->mask)); 643 if (IS_ERR(ghash_alg)) 644 return PTR_ERR(ghash_alg); 645 646 ghash = __crypto_hash_alg_common(ghash_alg); 647 648 err = -ENOMEM; 649 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 650 if (!inst) 651 goto out_put_ghash; 652 653 ctx = aead_instance_ctx(inst); 654 err = crypto_init_ahash_spawn(&ctx->ghash, ghash, 655 aead_crypto_instance(inst)); 656 if (err) 657 goto err_free_inst; 658 659 err = -EINVAL; 660 if (ghash->digestsize != 16) 661 goto err_drop_ghash; 662 663 crypto_set_skcipher_spawn(&ctx->ctr, aead_crypto_instance(inst)); 664 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0, 665 crypto_requires_sync(algt->type, 666 algt->mask)); 667 if (err) 668 goto err_drop_ghash; 669 670 ctr = crypto_spawn_skcipher_alg(&ctx->ctr); 671 672 /* We only support 16-byte blocks. */ 673 err = -EINVAL; 674 if (crypto_skcipher_alg_ivsize(ctr) != 16) 675 goto out_put_ctr; 676 677 /* Not a stream cipher? */ 678 if (ctr->base.cra_blocksize != 1) 679 goto out_put_ctr; 680 681 err = -ENAMETOOLONG; 682 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 683 "gcm_base(%s,%s)", ctr->base.cra_driver_name, 684 ghash_alg->cra_driver_name) >= 685 CRYPTO_MAX_ALG_NAME) 686 goto out_put_ctr; 687 688 memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME); 689 690 inst->alg.base.cra_flags = (ghash->base.cra_flags | 691 ctr->base.cra_flags) & CRYPTO_ALG_ASYNC; 692 inst->alg.base.cra_priority = (ghash->base.cra_priority + 693 ctr->base.cra_priority) / 2; 694 inst->alg.base.cra_blocksize = 1; 695 inst->alg.base.cra_alignmask = ghash->base.cra_alignmask | 696 ctr->base.cra_alignmask; 697 inst->alg.base.cra_ctxsize = sizeof(struct crypto_gcm_ctx); 698 inst->alg.ivsize = 12; 699 inst->alg.chunksize = crypto_skcipher_alg_chunksize(ctr); 700 inst->alg.maxauthsize = 16; 701 inst->alg.init = crypto_gcm_init_tfm; 702 inst->alg.exit = crypto_gcm_exit_tfm; 703 inst->alg.setkey = crypto_gcm_setkey; 704 inst->alg.setauthsize = crypto_gcm_setauthsize; 705 inst->alg.encrypt = crypto_gcm_encrypt; 706 inst->alg.decrypt = crypto_gcm_decrypt; 707 708 inst->free = crypto_gcm_free; 709 710 err = aead_register_instance(tmpl, inst); 711 if (err) 712 goto out_put_ctr; 713 714 out_put_ghash: 715 crypto_mod_put(ghash_alg); 716 return err; 717 718 out_put_ctr: 719 crypto_drop_skcipher(&ctx->ctr); 720 err_drop_ghash: 721 crypto_drop_ahash(&ctx->ghash); 722 err_free_inst: 723 kfree(inst); 724 goto out_put_ghash; 725 } 726 727 static int crypto_gcm_create(struct crypto_template *tmpl, struct rtattr **tb) 728 { 729 const char *cipher_name; 730 char ctr_name[CRYPTO_MAX_ALG_NAME]; 731 char full_name[CRYPTO_MAX_ALG_NAME]; 732 733 cipher_name = crypto_attr_alg_name(tb[1]); 734 if (IS_ERR(cipher_name)) 735 return PTR_ERR(cipher_name); 736 737 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >= 738 CRYPTO_MAX_ALG_NAME) 739 return -ENAMETOOLONG; 740 741 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >= 742 CRYPTO_MAX_ALG_NAME) 743 return -ENAMETOOLONG; 744 745 return crypto_gcm_create_common(tmpl, tb, full_name, 746 ctr_name, "ghash"); 747 } 748 749 static struct crypto_template crypto_gcm_tmpl = { 750 .name = "gcm", 751 .create = crypto_gcm_create, 752 .module = THIS_MODULE, 753 }; 754 755 static int crypto_gcm_base_create(struct crypto_template *tmpl, 756 struct rtattr **tb) 757 { 758 const char *ctr_name; 759 const char *ghash_name; 760 char full_name[CRYPTO_MAX_ALG_NAME]; 761 762 ctr_name = crypto_attr_alg_name(tb[1]); 763 if (IS_ERR(ctr_name)) 764 return PTR_ERR(ctr_name); 765 766 ghash_name = crypto_attr_alg_name(tb[2]); 767 if (IS_ERR(ghash_name)) 768 return PTR_ERR(ghash_name); 769 770 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)", 771 ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME) 772 return -ENAMETOOLONG; 773 774 return crypto_gcm_create_common(tmpl, tb, full_name, 775 ctr_name, ghash_name); 776 } 777 778 static struct crypto_template crypto_gcm_base_tmpl = { 779 .name = "gcm_base", 780 .create = crypto_gcm_base_create, 781 .module = THIS_MODULE, 782 }; 783 784 static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, 785 unsigned int keylen) 786 { 787 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 788 struct crypto_aead *child = ctx->child; 789 int err; 790 791 if (keylen < 4) 792 return -EINVAL; 793 794 keylen -= 4; 795 memcpy(ctx->nonce, key + keylen, 4); 796 797 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 798 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 799 CRYPTO_TFM_REQ_MASK); 800 err = crypto_aead_setkey(child, key, keylen); 801 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 802 CRYPTO_TFM_RES_MASK); 803 804 return err; 805 } 806 807 static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, 808 unsigned int authsize) 809 { 810 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 811 812 switch (authsize) { 813 case 8: 814 case 12: 815 case 16: 816 break; 817 default: 818 return -EINVAL; 819 } 820 821 return crypto_aead_setauthsize(ctx->child, authsize); 822 } 823 824 static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) 825 { 826 struct crypto_rfc4106_req_ctx *rctx = aead_request_ctx(req); 827 struct crypto_aead *aead = crypto_aead_reqtfm(req); 828 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead); 829 struct aead_request *subreq = &rctx->subreq; 830 struct crypto_aead *child = ctx->child; 831 struct scatterlist *sg; 832 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child), 833 crypto_aead_alignmask(child) + 1); 834 835 scatterwalk_map_and_copy(iv + 12, req->src, 0, req->assoclen - 8, 0); 836 837 memcpy(iv, ctx->nonce, 4); 838 memcpy(iv + 4, req->iv, 8); 839 840 sg_init_table(rctx->src, 3); 841 sg_set_buf(rctx->src, iv + 12, req->assoclen - 8); 842 sg = scatterwalk_ffwd(rctx->src + 1, req->src, req->assoclen); 843 if (sg != rctx->src + 1) 844 sg_chain(rctx->src, 2, sg); 845 846 if (req->src != req->dst) { 847 sg_init_table(rctx->dst, 3); 848 sg_set_buf(rctx->dst, iv + 12, req->assoclen - 8); 849 sg = scatterwalk_ffwd(rctx->dst + 1, req->dst, req->assoclen); 850 if (sg != rctx->dst + 1) 851 sg_chain(rctx->dst, 2, sg); 852 } 853 854 aead_request_set_tfm(subreq, child); 855 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 856 req->base.data); 857 aead_request_set_crypt(subreq, rctx->src, 858 req->src == req->dst ? rctx->src : rctx->dst, 859 req->cryptlen, iv); 860 aead_request_set_ad(subreq, req->assoclen - 8); 861 862 return subreq; 863 } 864 865 static int crypto_rfc4106_encrypt(struct aead_request *req) 866 { 867 if (req->assoclen != 16 && req->assoclen != 20) 868 return -EINVAL; 869 870 req = crypto_rfc4106_crypt(req); 871 872 return crypto_aead_encrypt(req); 873 } 874 875 static int crypto_rfc4106_decrypt(struct aead_request *req) 876 { 877 if (req->assoclen != 16 && req->assoclen != 20) 878 return -EINVAL; 879 880 req = crypto_rfc4106_crypt(req); 881 882 return crypto_aead_decrypt(req); 883 } 884 885 static int crypto_rfc4106_init_tfm(struct crypto_aead *tfm) 886 { 887 struct aead_instance *inst = aead_alg_instance(tfm); 888 struct crypto_aead_spawn *spawn = aead_instance_ctx(inst); 889 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 890 struct crypto_aead *aead; 891 unsigned long align; 892 893 aead = crypto_spawn_aead(spawn); 894 if (IS_ERR(aead)) 895 return PTR_ERR(aead); 896 897 ctx->child = aead; 898 899 align = crypto_aead_alignmask(aead); 900 align &= ~(crypto_tfm_ctx_alignment() - 1); 901 crypto_aead_set_reqsize( 902 tfm, 903 sizeof(struct crypto_rfc4106_req_ctx) + 904 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 905 align + 24); 906 907 return 0; 908 } 909 910 static void crypto_rfc4106_exit_tfm(struct crypto_aead *tfm) 911 { 912 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 913 914 crypto_free_aead(ctx->child); 915 } 916 917 static void crypto_rfc4106_free(struct aead_instance *inst) 918 { 919 crypto_drop_aead(aead_instance_ctx(inst)); 920 kfree(inst); 921 } 922 923 static int crypto_rfc4106_create(struct crypto_template *tmpl, 924 struct rtattr **tb) 925 { 926 struct crypto_attr_type *algt; 927 struct aead_instance *inst; 928 struct crypto_aead_spawn *spawn; 929 struct aead_alg *alg; 930 const char *ccm_name; 931 int err; 932 933 algt = crypto_get_attr_type(tb); 934 if (IS_ERR(algt)) 935 return PTR_ERR(algt); 936 937 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 938 return -EINVAL; 939 940 ccm_name = crypto_attr_alg_name(tb[1]); 941 if (IS_ERR(ccm_name)) 942 return PTR_ERR(ccm_name); 943 944 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 945 if (!inst) 946 return -ENOMEM; 947 948 spawn = aead_instance_ctx(inst); 949 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 950 err = crypto_grab_aead(spawn, ccm_name, 0, 951 crypto_requires_sync(algt->type, algt->mask)); 952 if (err) 953 goto out_free_inst; 954 955 alg = crypto_spawn_aead_alg(spawn); 956 957 err = -EINVAL; 958 959 /* Underlying IV size must be 12. */ 960 if (crypto_aead_alg_ivsize(alg) != 12) 961 goto out_drop_alg; 962 963 /* Not a stream cipher? */ 964 if (alg->base.cra_blocksize != 1) 965 goto out_drop_alg; 966 967 err = -ENAMETOOLONG; 968 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 969 "rfc4106(%s)", alg->base.cra_name) >= 970 CRYPTO_MAX_ALG_NAME || 971 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 972 "rfc4106(%s)", alg->base.cra_driver_name) >= 973 CRYPTO_MAX_ALG_NAME) 974 goto out_drop_alg; 975 976 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 977 inst->alg.base.cra_priority = alg->base.cra_priority; 978 inst->alg.base.cra_blocksize = 1; 979 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 980 981 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx); 982 983 inst->alg.ivsize = 8; 984 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 985 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 986 987 inst->alg.init = crypto_rfc4106_init_tfm; 988 inst->alg.exit = crypto_rfc4106_exit_tfm; 989 990 inst->alg.setkey = crypto_rfc4106_setkey; 991 inst->alg.setauthsize = crypto_rfc4106_setauthsize; 992 inst->alg.encrypt = crypto_rfc4106_encrypt; 993 inst->alg.decrypt = crypto_rfc4106_decrypt; 994 995 inst->free = crypto_rfc4106_free; 996 997 err = aead_register_instance(tmpl, inst); 998 if (err) 999 goto out_drop_alg; 1000 1001 out: 1002 return err; 1003 1004 out_drop_alg: 1005 crypto_drop_aead(spawn); 1006 out_free_inst: 1007 kfree(inst); 1008 goto out; 1009 } 1010 1011 static struct crypto_template crypto_rfc4106_tmpl = { 1012 .name = "rfc4106", 1013 .create = crypto_rfc4106_create, 1014 .module = THIS_MODULE, 1015 }; 1016 1017 static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, 1018 unsigned int keylen) 1019 { 1020 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1021 struct crypto_aead *child = ctx->child; 1022 int err; 1023 1024 if (keylen < 4) 1025 return -EINVAL; 1026 1027 keylen -= 4; 1028 memcpy(ctx->nonce, key + keylen, 4); 1029 1030 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 1031 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 1032 CRYPTO_TFM_REQ_MASK); 1033 err = crypto_aead_setkey(child, key, keylen); 1034 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 1035 CRYPTO_TFM_RES_MASK); 1036 1037 return err; 1038 } 1039 1040 static int crypto_rfc4543_setauthsize(struct crypto_aead *parent, 1041 unsigned int authsize) 1042 { 1043 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1044 1045 if (authsize != 16) 1046 return -EINVAL; 1047 1048 return crypto_aead_setauthsize(ctx->child, authsize); 1049 } 1050 1051 static int crypto_rfc4543_crypt(struct aead_request *req, bool enc) 1052 { 1053 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1054 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1055 struct crypto_rfc4543_req_ctx *rctx = aead_request_ctx(req); 1056 struct aead_request *subreq = &rctx->subreq; 1057 unsigned int authsize = crypto_aead_authsize(aead); 1058 u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child), 1059 crypto_aead_alignmask(ctx->child) + 1); 1060 int err; 1061 1062 if (req->src != req->dst) { 1063 err = crypto_rfc4543_copy_src_to_dst(req, enc); 1064 if (err) 1065 return err; 1066 } 1067 1068 memcpy(iv, ctx->nonce, 4); 1069 memcpy(iv + 4, req->iv, 8); 1070 1071 aead_request_set_tfm(subreq, ctx->child); 1072 aead_request_set_callback(subreq, req->base.flags, 1073 req->base.complete, req->base.data); 1074 aead_request_set_crypt(subreq, req->src, req->dst, 1075 enc ? 0 : authsize, iv); 1076 aead_request_set_ad(subreq, req->assoclen + req->cryptlen - 1077 subreq->cryptlen); 1078 1079 return enc ? crypto_aead_encrypt(subreq) : crypto_aead_decrypt(subreq); 1080 } 1081 1082 static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc) 1083 { 1084 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1085 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1086 unsigned int authsize = crypto_aead_authsize(aead); 1087 unsigned int nbytes = req->assoclen + req->cryptlen - 1088 (enc ? 0 : authsize); 1089 SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null); 1090 1091 skcipher_request_set_tfm(nreq, ctx->null); 1092 skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL); 1093 skcipher_request_set_crypt(nreq, req->src, req->dst, nbytes, NULL); 1094 1095 return crypto_skcipher_encrypt(nreq); 1096 } 1097 1098 static int crypto_rfc4543_encrypt(struct aead_request *req) 1099 { 1100 return crypto_rfc4543_crypt(req, true); 1101 } 1102 1103 static int crypto_rfc4543_decrypt(struct aead_request *req) 1104 { 1105 return crypto_rfc4543_crypt(req, false); 1106 } 1107 1108 static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm) 1109 { 1110 struct aead_instance *inst = aead_alg_instance(tfm); 1111 struct crypto_rfc4543_instance_ctx *ictx = aead_instance_ctx(inst); 1112 struct crypto_aead_spawn *spawn = &ictx->aead; 1113 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1114 struct crypto_aead *aead; 1115 struct crypto_skcipher *null; 1116 unsigned long align; 1117 int err = 0; 1118 1119 aead = crypto_spawn_aead(spawn); 1120 if (IS_ERR(aead)) 1121 return PTR_ERR(aead); 1122 1123 null = crypto_get_default_null_skcipher2(); 1124 err = PTR_ERR(null); 1125 if (IS_ERR(null)) 1126 goto err_free_aead; 1127 1128 ctx->child = aead; 1129 ctx->null = null; 1130 1131 align = crypto_aead_alignmask(aead); 1132 align &= ~(crypto_tfm_ctx_alignment() - 1); 1133 crypto_aead_set_reqsize( 1134 tfm, 1135 sizeof(struct crypto_rfc4543_req_ctx) + 1136 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 1137 align + 12); 1138 1139 return 0; 1140 1141 err_free_aead: 1142 crypto_free_aead(aead); 1143 return err; 1144 } 1145 1146 static void crypto_rfc4543_exit_tfm(struct crypto_aead *tfm) 1147 { 1148 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1149 1150 crypto_free_aead(ctx->child); 1151 crypto_put_default_null_skcipher2(); 1152 } 1153 1154 static void crypto_rfc4543_free(struct aead_instance *inst) 1155 { 1156 struct crypto_rfc4543_instance_ctx *ctx = aead_instance_ctx(inst); 1157 1158 crypto_drop_aead(&ctx->aead); 1159 1160 kfree(inst); 1161 } 1162 1163 static int crypto_rfc4543_create(struct crypto_template *tmpl, 1164 struct rtattr **tb) 1165 { 1166 struct crypto_attr_type *algt; 1167 struct aead_instance *inst; 1168 struct crypto_aead_spawn *spawn; 1169 struct aead_alg *alg; 1170 struct crypto_rfc4543_instance_ctx *ctx; 1171 const char *ccm_name; 1172 int err; 1173 1174 algt = crypto_get_attr_type(tb); 1175 if (IS_ERR(algt)) 1176 return PTR_ERR(algt); 1177 1178 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 1179 return -EINVAL; 1180 1181 ccm_name = crypto_attr_alg_name(tb[1]); 1182 if (IS_ERR(ccm_name)) 1183 return PTR_ERR(ccm_name); 1184 1185 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 1186 if (!inst) 1187 return -ENOMEM; 1188 1189 ctx = aead_instance_ctx(inst); 1190 spawn = &ctx->aead; 1191 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 1192 err = crypto_grab_aead(spawn, ccm_name, 0, 1193 crypto_requires_sync(algt->type, algt->mask)); 1194 if (err) 1195 goto out_free_inst; 1196 1197 alg = crypto_spawn_aead_alg(spawn); 1198 1199 err = -EINVAL; 1200 1201 /* Underlying IV size must be 12. */ 1202 if (crypto_aead_alg_ivsize(alg) != 12) 1203 goto out_drop_alg; 1204 1205 /* Not a stream cipher? */ 1206 if (alg->base.cra_blocksize != 1) 1207 goto out_drop_alg; 1208 1209 err = -ENAMETOOLONG; 1210 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 1211 "rfc4543(%s)", alg->base.cra_name) >= 1212 CRYPTO_MAX_ALG_NAME || 1213 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1214 "rfc4543(%s)", alg->base.cra_driver_name) >= 1215 CRYPTO_MAX_ALG_NAME) 1216 goto out_drop_alg; 1217 1218 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 1219 inst->alg.base.cra_priority = alg->base.cra_priority; 1220 inst->alg.base.cra_blocksize = 1; 1221 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 1222 1223 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx); 1224 1225 inst->alg.ivsize = 8; 1226 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 1227 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 1228 1229 inst->alg.init = crypto_rfc4543_init_tfm; 1230 inst->alg.exit = crypto_rfc4543_exit_tfm; 1231 1232 inst->alg.setkey = crypto_rfc4543_setkey; 1233 inst->alg.setauthsize = crypto_rfc4543_setauthsize; 1234 inst->alg.encrypt = crypto_rfc4543_encrypt; 1235 inst->alg.decrypt = crypto_rfc4543_decrypt; 1236 1237 inst->free = crypto_rfc4543_free, 1238 1239 err = aead_register_instance(tmpl, inst); 1240 if (err) 1241 goto out_drop_alg; 1242 1243 out: 1244 return err; 1245 1246 out_drop_alg: 1247 crypto_drop_aead(spawn); 1248 out_free_inst: 1249 kfree(inst); 1250 goto out; 1251 } 1252 1253 static struct crypto_template crypto_rfc4543_tmpl = { 1254 .name = "rfc4543", 1255 .create = crypto_rfc4543_create, 1256 .module = THIS_MODULE, 1257 }; 1258 1259 static int __init crypto_gcm_module_init(void) 1260 { 1261 int err; 1262 1263 gcm_zeroes = kzalloc(sizeof(*gcm_zeroes), GFP_KERNEL); 1264 if (!gcm_zeroes) 1265 return -ENOMEM; 1266 1267 sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf)); 1268 1269 err = crypto_register_template(&crypto_gcm_base_tmpl); 1270 if (err) 1271 goto out; 1272 1273 err = crypto_register_template(&crypto_gcm_tmpl); 1274 if (err) 1275 goto out_undo_base; 1276 1277 err = crypto_register_template(&crypto_rfc4106_tmpl); 1278 if (err) 1279 goto out_undo_gcm; 1280 1281 err = crypto_register_template(&crypto_rfc4543_tmpl); 1282 if (err) 1283 goto out_undo_rfc4106; 1284 1285 return 0; 1286 1287 out_undo_rfc4106: 1288 crypto_unregister_template(&crypto_rfc4106_tmpl); 1289 out_undo_gcm: 1290 crypto_unregister_template(&crypto_gcm_tmpl); 1291 out_undo_base: 1292 crypto_unregister_template(&crypto_gcm_base_tmpl); 1293 out: 1294 kfree(gcm_zeroes); 1295 return err; 1296 } 1297 1298 static void __exit crypto_gcm_module_exit(void) 1299 { 1300 kfree(gcm_zeroes); 1301 crypto_unregister_template(&crypto_rfc4543_tmpl); 1302 crypto_unregister_template(&crypto_rfc4106_tmpl); 1303 crypto_unregister_template(&crypto_gcm_tmpl); 1304 crypto_unregister_template(&crypto_gcm_base_tmpl); 1305 } 1306 1307 module_init(crypto_gcm_module_init); 1308 module_exit(crypto_gcm_module_exit); 1309 1310 MODULE_LICENSE("GPL"); 1311 MODULE_DESCRIPTION("Galois/Counter Mode"); 1312 MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>"); 1313 MODULE_ALIAS_CRYPTO("gcm_base"); 1314 MODULE_ALIAS_CRYPTO("rfc4106"); 1315 MODULE_ALIAS_CRYPTO("rfc4543"); 1316 MODULE_ALIAS_CRYPTO("gcm"); 1317