1 /* 2 * GCM: Galois/Counter Mode. 3 * 4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published 8 * by the Free Software Foundation. 9 */ 10 11 #include <crypto/gf128mul.h> 12 #include <crypto/internal/aead.h> 13 #include <crypto/internal/skcipher.h> 14 #include <crypto/internal/hash.h> 15 #include <crypto/scatterwalk.h> 16 #include <crypto/hash.h> 17 #include "internal.h" 18 #include <linux/completion.h> 19 #include <linux/err.h> 20 #include <linux/init.h> 21 #include <linux/kernel.h> 22 #include <linux/module.h> 23 #include <linux/slab.h> 24 25 struct gcm_instance_ctx { 26 struct crypto_skcipher_spawn ctr; 27 struct crypto_ahash_spawn ghash; 28 }; 29 30 struct crypto_gcm_ctx { 31 struct crypto_ablkcipher *ctr; 32 struct crypto_ahash *ghash; 33 }; 34 35 struct crypto_rfc4106_ctx { 36 struct crypto_aead *child; 37 u8 nonce[4]; 38 }; 39 40 struct crypto_rfc4543_ctx { 41 struct crypto_aead *child; 42 u8 nonce[4]; 43 }; 44 45 struct crypto_rfc4543_req_ctx { 46 u8 auth_tag[16]; 47 u8 assocbuf[32]; 48 struct scatterlist cipher[1]; 49 struct scatterlist payload[2]; 50 struct scatterlist assoc[2]; 51 struct aead_request subreq; 52 }; 53 54 struct crypto_gcm_ghash_ctx { 55 unsigned int cryptlen; 56 struct scatterlist *src; 57 void (*complete)(struct aead_request *req, int err); 58 }; 59 60 struct crypto_gcm_req_priv_ctx { 61 u8 auth_tag[16]; 62 u8 iauth_tag[16]; 63 struct scatterlist src[2]; 64 struct scatterlist dst[2]; 65 struct crypto_gcm_ghash_ctx ghash_ctx; 66 union { 67 struct ahash_request ahreq; 68 struct ablkcipher_request abreq; 69 } u; 70 }; 71 72 struct crypto_gcm_setkey_result { 73 int err; 74 struct completion completion; 75 }; 76 77 static void *gcm_zeroes; 78 79 static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 80 struct aead_request *req) 81 { 82 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 83 84 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 85 } 86 87 static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err) 88 { 89 struct crypto_gcm_setkey_result *result = req->data; 90 91 if (err == -EINPROGRESS) 92 return; 93 94 result->err = err; 95 complete(&result->completion); 96 } 97 98 static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, 99 unsigned int keylen) 100 { 101 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 102 struct crypto_ahash *ghash = ctx->ghash; 103 struct crypto_ablkcipher *ctr = ctx->ctr; 104 struct { 105 be128 hash; 106 u8 iv[8]; 107 108 struct crypto_gcm_setkey_result result; 109 110 struct scatterlist sg[1]; 111 struct ablkcipher_request req; 112 } *data; 113 int err; 114 115 crypto_ablkcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); 116 crypto_ablkcipher_set_flags(ctr, crypto_aead_get_flags(aead) & 117 CRYPTO_TFM_REQ_MASK); 118 119 err = crypto_ablkcipher_setkey(ctr, key, keylen); 120 if (err) 121 return err; 122 123 crypto_aead_set_flags(aead, crypto_ablkcipher_get_flags(ctr) & 124 CRYPTO_TFM_RES_MASK); 125 126 data = kzalloc(sizeof(*data) + crypto_ablkcipher_reqsize(ctr), 127 GFP_KERNEL); 128 if (!data) 129 return -ENOMEM; 130 131 init_completion(&data->result.completion); 132 sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 133 ablkcipher_request_set_tfm(&data->req, ctr); 134 ablkcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 135 CRYPTO_TFM_REQ_MAY_BACKLOG, 136 crypto_gcm_setkey_done, 137 &data->result); 138 ablkcipher_request_set_crypt(&data->req, data->sg, data->sg, 139 sizeof(data->hash), data->iv); 140 141 err = crypto_ablkcipher_encrypt(&data->req); 142 if (err == -EINPROGRESS || err == -EBUSY) { 143 err = wait_for_completion_interruptible( 144 &data->result.completion); 145 if (!err) 146 err = data->result.err; 147 } 148 149 if (err) 150 goto out; 151 152 crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 153 crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 154 CRYPTO_TFM_REQ_MASK); 155 err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 156 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) & 157 CRYPTO_TFM_RES_MASK); 158 159 out: 160 kfree(data); 161 return err; 162 } 163 164 static int crypto_gcm_setauthsize(struct crypto_aead *tfm, 165 unsigned int authsize) 166 { 167 switch (authsize) { 168 case 4: 169 case 8: 170 case 12: 171 case 13: 172 case 14: 173 case 15: 174 case 16: 175 break; 176 default: 177 return -EINVAL; 178 } 179 180 return 0; 181 } 182 183 static void crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req, 184 struct aead_request *req, 185 unsigned int cryptlen) 186 { 187 struct crypto_aead *aead = crypto_aead_reqtfm(req); 188 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 189 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 190 struct scatterlist *dst; 191 __be32 counter = cpu_to_be32(1); 192 193 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag)); 194 memcpy(req->iv + 12, &counter, 4); 195 196 sg_init_table(pctx->src, 2); 197 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag)); 198 scatterwalk_sg_chain(pctx->src, 2, req->src); 199 200 dst = pctx->src; 201 if (req->src != req->dst) { 202 sg_init_table(pctx->dst, 2); 203 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag)); 204 scatterwalk_sg_chain(pctx->dst, 2, req->dst); 205 dst = pctx->dst; 206 } 207 208 ablkcipher_request_set_tfm(ablk_req, ctx->ctr); 209 ablkcipher_request_set_crypt(ablk_req, pctx->src, dst, 210 cryptlen + sizeof(pctx->auth_tag), 211 req->iv); 212 } 213 214 static inline unsigned int gcm_remain(unsigned int len) 215 { 216 len &= 0xfU; 217 return len ? 16 - len : 0; 218 } 219 220 static void gcm_hash_len_done(struct crypto_async_request *areq, int err); 221 static void gcm_hash_final_done(struct crypto_async_request *areq, int err); 222 223 static int gcm_hash_update(struct aead_request *req, 224 struct crypto_gcm_req_priv_ctx *pctx, 225 crypto_completion_t complete, 226 struct scatterlist *src, 227 unsigned int len) 228 { 229 struct ahash_request *ahreq = &pctx->u.ahreq; 230 231 ahash_request_set_callback(ahreq, aead_request_flags(req), 232 complete, req); 233 ahash_request_set_crypt(ahreq, src, NULL, len); 234 235 return crypto_ahash_update(ahreq); 236 } 237 238 static int gcm_hash_remain(struct aead_request *req, 239 struct crypto_gcm_req_priv_ctx *pctx, 240 unsigned int remain, 241 crypto_completion_t complete) 242 { 243 struct ahash_request *ahreq = &pctx->u.ahreq; 244 245 ahash_request_set_callback(ahreq, aead_request_flags(req), 246 complete, req); 247 sg_init_one(pctx->src, gcm_zeroes, remain); 248 ahash_request_set_crypt(ahreq, pctx->src, NULL, remain); 249 250 return crypto_ahash_update(ahreq); 251 } 252 253 static int gcm_hash_len(struct aead_request *req, 254 struct crypto_gcm_req_priv_ctx *pctx) 255 { 256 struct ahash_request *ahreq = &pctx->u.ahreq; 257 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 258 u128 lengths; 259 260 lengths.a = cpu_to_be64(req->assoclen * 8); 261 lengths.b = cpu_to_be64(gctx->cryptlen * 8); 262 memcpy(pctx->iauth_tag, &lengths, 16); 263 sg_init_one(pctx->src, pctx->iauth_tag, 16); 264 ahash_request_set_callback(ahreq, aead_request_flags(req), 265 gcm_hash_len_done, req); 266 ahash_request_set_crypt(ahreq, pctx->src, 267 NULL, sizeof(lengths)); 268 269 return crypto_ahash_update(ahreq); 270 } 271 272 static int gcm_hash_final(struct aead_request *req, 273 struct crypto_gcm_req_priv_ctx *pctx) 274 { 275 struct ahash_request *ahreq = &pctx->u.ahreq; 276 277 ahash_request_set_callback(ahreq, aead_request_flags(req), 278 gcm_hash_final_done, req); 279 ahash_request_set_crypt(ahreq, NULL, pctx->iauth_tag, 0); 280 281 return crypto_ahash_final(ahreq); 282 } 283 284 static void __gcm_hash_final_done(struct aead_request *req, int err) 285 { 286 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 287 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 288 289 if (!err) 290 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 291 292 gctx->complete(req, err); 293 } 294 295 static void gcm_hash_final_done(struct crypto_async_request *areq, int err) 296 { 297 struct aead_request *req = areq->data; 298 299 __gcm_hash_final_done(req, err); 300 } 301 302 static void __gcm_hash_len_done(struct aead_request *req, int err) 303 { 304 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 305 306 if (!err) { 307 err = gcm_hash_final(req, pctx); 308 if (err == -EINPROGRESS || err == -EBUSY) 309 return; 310 } 311 312 __gcm_hash_final_done(req, err); 313 } 314 315 static void gcm_hash_len_done(struct crypto_async_request *areq, int err) 316 { 317 struct aead_request *req = areq->data; 318 319 __gcm_hash_len_done(req, err); 320 } 321 322 static void __gcm_hash_crypt_remain_done(struct aead_request *req, int err) 323 { 324 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 325 326 if (!err) { 327 err = gcm_hash_len(req, pctx); 328 if (err == -EINPROGRESS || err == -EBUSY) 329 return; 330 } 331 332 __gcm_hash_len_done(req, err); 333 } 334 335 static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq, 336 int err) 337 { 338 struct aead_request *req = areq->data; 339 340 __gcm_hash_crypt_remain_done(req, err); 341 } 342 343 static void __gcm_hash_crypt_done(struct aead_request *req, int err) 344 { 345 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 346 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 347 unsigned int remain; 348 349 if (!err) { 350 remain = gcm_remain(gctx->cryptlen); 351 BUG_ON(!remain); 352 err = gcm_hash_remain(req, pctx, remain, 353 gcm_hash_crypt_remain_done); 354 if (err == -EINPROGRESS || err == -EBUSY) 355 return; 356 } 357 358 __gcm_hash_crypt_remain_done(req, err); 359 } 360 361 static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err) 362 { 363 struct aead_request *req = areq->data; 364 365 __gcm_hash_crypt_done(req, err); 366 } 367 368 static void __gcm_hash_assoc_remain_done(struct aead_request *req, int err) 369 { 370 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 371 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 372 crypto_completion_t complete; 373 unsigned int remain = 0; 374 375 if (!err && gctx->cryptlen) { 376 remain = gcm_remain(gctx->cryptlen); 377 complete = remain ? gcm_hash_crypt_done : 378 gcm_hash_crypt_remain_done; 379 err = gcm_hash_update(req, pctx, complete, 380 gctx->src, gctx->cryptlen); 381 if (err == -EINPROGRESS || err == -EBUSY) 382 return; 383 } 384 385 if (remain) 386 __gcm_hash_crypt_done(req, err); 387 else 388 __gcm_hash_crypt_remain_done(req, err); 389 } 390 391 static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq, 392 int err) 393 { 394 struct aead_request *req = areq->data; 395 396 __gcm_hash_assoc_remain_done(req, err); 397 } 398 399 static void __gcm_hash_assoc_done(struct aead_request *req, int err) 400 { 401 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 402 unsigned int remain; 403 404 if (!err) { 405 remain = gcm_remain(req->assoclen); 406 BUG_ON(!remain); 407 err = gcm_hash_remain(req, pctx, remain, 408 gcm_hash_assoc_remain_done); 409 if (err == -EINPROGRESS || err == -EBUSY) 410 return; 411 } 412 413 __gcm_hash_assoc_remain_done(req, err); 414 } 415 416 static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err) 417 { 418 struct aead_request *req = areq->data; 419 420 __gcm_hash_assoc_done(req, err); 421 } 422 423 static void __gcm_hash_init_done(struct aead_request *req, int err) 424 { 425 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 426 crypto_completion_t complete; 427 unsigned int remain = 0; 428 429 if (!err && req->assoclen) { 430 remain = gcm_remain(req->assoclen); 431 complete = remain ? gcm_hash_assoc_done : 432 gcm_hash_assoc_remain_done; 433 err = gcm_hash_update(req, pctx, complete, 434 req->assoc, req->assoclen); 435 if (err == -EINPROGRESS || err == -EBUSY) 436 return; 437 } 438 439 if (remain) 440 __gcm_hash_assoc_done(req, err); 441 else 442 __gcm_hash_assoc_remain_done(req, err); 443 } 444 445 static void gcm_hash_init_done(struct crypto_async_request *areq, int err) 446 { 447 struct aead_request *req = areq->data; 448 449 __gcm_hash_init_done(req, err); 450 } 451 452 static int gcm_hash(struct aead_request *req, 453 struct crypto_gcm_req_priv_ctx *pctx) 454 { 455 struct ahash_request *ahreq = &pctx->u.ahreq; 456 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 457 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 458 unsigned int remain; 459 crypto_completion_t complete; 460 int err; 461 462 ahash_request_set_tfm(ahreq, ctx->ghash); 463 464 ahash_request_set_callback(ahreq, aead_request_flags(req), 465 gcm_hash_init_done, req); 466 err = crypto_ahash_init(ahreq); 467 if (err) 468 return err; 469 remain = gcm_remain(req->assoclen); 470 complete = remain ? gcm_hash_assoc_done : gcm_hash_assoc_remain_done; 471 err = gcm_hash_update(req, pctx, complete, req->assoc, req->assoclen); 472 if (err) 473 return err; 474 if (remain) { 475 err = gcm_hash_remain(req, pctx, remain, 476 gcm_hash_assoc_remain_done); 477 if (err) 478 return err; 479 } 480 remain = gcm_remain(gctx->cryptlen); 481 complete = remain ? gcm_hash_crypt_done : gcm_hash_crypt_remain_done; 482 err = gcm_hash_update(req, pctx, complete, gctx->src, gctx->cryptlen); 483 if (err) 484 return err; 485 if (remain) { 486 err = gcm_hash_remain(req, pctx, remain, 487 gcm_hash_crypt_remain_done); 488 if (err) 489 return err; 490 } 491 err = gcm_hash_len(req, pctx); 492 if (err) 493 return err; 494 err = gcm_hash_final(req, pctx); 495 if (err) 496 return err; 497 498 return 0; 499 } 500 501 static void gcm_enc_copy_hash(struct aead_request *req, 502 struct crypto_gcm_req_priv_ctx *pctx) 503 { 504 struct crypto_aead *aead = crypto_aead_reqtfm(req); 505 u8 *auth_tag = pctx->auth_tag; 506 507 scatterwalk_map_and_copy(auth_tag, req->dst, req->cryptlen, 508 crypto_aead_authsize(aead), 1); 509 } 510 511 static void gcm_enc_hash_done(struct aead_request *req, int err) 512 { 513 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 514 515 if (!err) 516 gcm_enc_copy_hash(req, pctx); 517 518 aead_request_complete(req, err); 519 } 520 521 static void gcm_encrypt_done(struct crypto_async_request *areq, int err) 522 { 523 struct aead_request *req = areq->data; 524 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 525 526 if (!err) { 527 err = gcm_hash(req, pctx); 528 if (err == -EINPROGRESS || err == -EBUSY) 529 return; 530 else if (!err) { 531 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 532 gcm_enc_copy_hash(req, pctx); 533 } 534 } 535 536 aead_request_complete(req, err); 537 } 538 539 static int crypto_gcm_encrypt(struct aead_request *req) 540 { 541 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 542 struct ablkcipher_request *abreq = &pctx->u.abreq; 543 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 544 int err; 545 546 crypto_gcm_init_crypt(abreq, req, req->cryptlen); 547 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 548 gcm_encrypt_done, req); 549 550 gctx->src = req->dst; 551 gctx->cryptlen = req->cryptlen; 552 gctx->complete = gcm_enc_hash_done; 553 554 err = crypto_ablkcipher_encrypt(abreq); 555 if (err) 556 return err; 557 558 err = gcm_hash(req, pctx); 559 if (err) 560 return err; 561 562 crypto_xor(pctx->auth_tag, pctx->iauth_tag, 16); 563 gcm_enc_copy_hash(req, pctx); 564 565 return 0; 566 } 567 568 static int crypto_gcm_verify(struct aead_request *req, 569 struct crypto_gcm_req_priv_ctx *pctx) 570 { 571 struct crypto_aead *aead = crypto_aead_reqtfm(req); 572 u8 *auth_tag = pctx->auth_tag; 573 u8 *iauth_tag = pctx->iauth_tag; 574 unsigned int authsize = crypto_aead_authsize(aead); 575 unsigned int cryptlen = req->cryptlen - authsize; 576 577 crypto_xor(auth_tag, iauth_tag, 16); 578 scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0); 579 return memcmp(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0; 580 } 581 582 static void gcm_decrypt_done(struct crypto_async_request *areq, int err) 583 { 584 struct aead_request *req = areq->data; 585 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 586 587 if (!err) 588 err = crypto_gcm_verify(req, pctx); 589 590 aead_request_complete(req, err); 591 } 592 593 static void gcm_dec_hash_done(struct aead_request *req, int err) 594 { 595 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 596 struct ablkcipher_request *abreq = &pctx->u.abreq; 597 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 598 599 if (!err) { 600 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 601 gcm_decrypt_done, req); 602 crypto_gcm_init_crypt(abreq, req, gctx->cryptlen); 603 err = crypto_ablkcipher_decrypt(abreq); 604 if (err == -EINPROGRESS || err == -EBUSY) 605 return; 606 else if (!err) 607 err = crypto_gcm_verify(req, pctx); 608 } 609 610 aead_request_complete(req, err); 611 } 612 613 static int crypto_gcm_decrypt(struct aead_request *req) 614 { 615 struct crypto_aead *aead = crypto_aead_reqtfm(req); 616 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 617 struct ablkcipher_request *abreq = &pctx->u.abreq; 618 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 619 unsigned int authsize = crypto_aead_authsize(aead); 620 unsigned int cryptlen = req->cryptlen; 621 int err; 622 623 if (cryptlen < authsize) 624 return -EINVAL; 625 cryptlen -= authsize; 626 627 gctx->src = req->src; 628 gctx->cryptlen = cryptlen; 629 gctx->complete = gcm_dec_hash_done; 630 631 err = gcm_hash(req, pctx); 632 if (err) 633 return err; 634 635 ablkcipher_request_set_callback(abreq, aead_request_flags(req), 636 gcm_decrypt_done, req); 637 crypto_gcm_init_crypt(abreq, req, cryptlen); 638 err = crypto_ablkcipher_decrypt(abreq); 639 if (err) 640 return err; 641 642 return crypto_gcm_verify(req, pctx); 643 } 644 645 static int crypto_gcm_init_tfm(struct crypto_tfm *tfm) 646 { 647 struct crypto_instance *inst = (void *)tfm->__crt_alg; 648 struct gcm_instance_ctx *ictx = crypto_instance_ctx(inst); 649 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm); 650 struct crypto_ablkcipher *ctr; 651 struct crypto_ahash *ghash; 652 unsigned long align; 653 int err; 654 655 ghash = crypto_spawn_ahash(&ictx->ghash); 656 if (IS_ERR(ghash)) 657 return PTR_ERR(ghash); 658 659 ctr = crypto_spawn_skcipher(&ictx->ctr); 660 err = PTR_ERR(ctr); 661 if (IS_ERR(ctr)) 662 goto err_free_hash; 663 664 ctx->ctr = ctr; 665 ctx->ghash = ghash; 666 667 align = crypto_tfm_alg_alignmask(tfm); 668 align &= ~(crypto_tfm_ctx_alignment() - 1); 669 tfm->crt_aead.reqsize = align + 670 offsetof(struct crypto_gcm_req_priv_ctx, u) + 671 max(sizeof(struct ablkcipher_request) + 672 crypto_ablkcipher_reqsize(ctr), 673 sizeof(struct ahash_request) + 674 crypto_ahash_reqsize(ghash)); 675 676 return 0; 677 678 err_free_hash: 679 crypto_free_ahash(ghash); 680 return err; 681 } 682 683 static void crypto_gcm_exit_tfm(struct crypto_tfm *tfm) 684 { 685 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm); 686 687 crypto_free_ahash(ctx->ghash); 688 crypto_free_ablkcipher(ctx->ctr); 689 } 690 691 static struct crypto_instance *crypto_gcm_alloc_common(struct rtattr **tb, 692 const char *full_name, 693 const char *ctr_name, 694 const char *ghash_name) 695 { 696 struct crypto_attr_type *algt; 697 struct crypto_instance *inst; 698 struct crypto_alg *ctr; 699 struct crypto_alg *ghash_alg; 700 struct ahash_alg *ghash_ahash_alg; 701 struct gcm_instance_ctx *ctx; 702 int err; 703 704 algt = crypto_get_attr_type(tb); 705 if (IS_ERR(algt)) 706 return ERR_CAST(algt); 707 708 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 709 return ERR_PTR(-EINVAL); 710 711 ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, 712 CRYPTO_ALG_TYPE_HASH, 713 CRYPTO_ALG_TYPE_AHASH_MASK); 714 if (IS_ERR(ghash_alg)) 715 return ERR_CAST(ghash_alg); 716 717 err = -ENOMEM; 718 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 719 if (!inst) 720 goto out_put_ghash; 721 722 ctx = crypto_instance_ctx(inst); 723 ghash_ahash_alg = container_of(ghash_alg, struct ahash_alg, halg.base); 724 err = crypto_init_ahash_spawn(&ctx->ghash, &ghash_ahash_alg->halg, 725 inst); 726 if (err) 727 goto err_free_inst; 728 729 crypto_set_skcipher_spawn(&ctx->ctr, inst); 730 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0, 731 crypto_requires_sync(algt->type, 732 algt->mask)); 733 if (err) 734 goto err_drop_ghash; 735 736 ctr = crypto_skcipher_spawn_alg(&ctx->ctr); 737 738 /* We only support 16-byte blocks. */ 739 if (ctr->cra_ablkcipher.ivsize != 16) 740 goto out_put_ctr; 741 742 /* Not a stream cipher? */ 743 err = -EINVAL; 744 if (ctr->cra_blocksize != 1) 745 goto out_put_ctr; 746 747 err = -ENAMETOOLONG; 748 if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 749 "gcm_base(%s,%s)", ctr->cra_driver_name, 750 ghash_alg->cra_driver_name) >= 751 CRYPTO_MAX_ALG_NAME) 752 goto out_put_ctr; 753 754 memcpy(inst->alg.cra_name, full_name, CRYPTO_MAX_ALG_NAME); 755 756 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 757 inst->alg.cra_flags |= ctr->cra_flags & CRYPTO_ALG_ASYNC; 758 inst->alg.cra_priority = ctr->cra_priority; 759 inst->alg.cra_blocksize = 1; 760 inst->alg.cra_alignmask = ctr->cra_alignmask | (__alignof__(u64) - 1); 761 inst->alg.cra_type = &crypto_aead_type; 762 inst->alg.cra_aead.ivsize = 16; 763 inst->alg.cra_aead.maxauthsize = 16; 764 inst->alg.cra_ctxsize = sizeof(struct crypto_gcm_ctx); 765 inst->alg.cra_init = crypto_gcm_init_tfm; 766 inst->alg.cra_exit = crypto_gcm_exit_tfm; 767 inst->alg.cra_aead.setkey = crypto_gcm_setkey; 768 inst->alg.cra_aead.setauthsize = crypto_gcm_setauthsize; 769 inst->alg.cra_aead.encrypt = crypto_gcm_encrypt; 770 inst->alg.cra_aead.decrypt = crypto_gcm_decrypt; 771 772 out: 773 crypto_mod_put(ghash_alg); 774 return inst; 775 776 out_put_ctr: 777 crypto_drop_skcipher(&ctx->ctr); 778 err_drop_ghash: 779 crypto_drop_ahash(&ctx->ghash); 780 err_free_inst: 781 kfree(inst); 782 out_put_ghash: 783 inst = ERR_PTR(err); 784 goto out; 785 } 786 787 static struct crypto_instance *crypto_gcm_alloc(struct rtattr **tb) 788 { 789 const char *cipher_name; 790 char ctr_name[CRYPTO_MAX_ALG_NAME]; 791 char full_name[CRYPTO_MAX_ALG_NAME]; 792 793 cipher_name = crypto_attr_alg_name(tb[1]); 794 if (IS_ERR(cipher_name)) 795 return ERR_CAST(cipher_name); 796 797 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >= 798 CRYPTO_MAX_ALG_NAME) 799 return ERR_PTR(-ENAMETOOLONG); 800 801 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >= 802 CRYPTO_MAX_ALG_NAME) 803 return ERR_PTR(-ENAMETOOLONG); 804 805 return crypto_gcm_alloc_common(tb, full_name, ctr_name, "ghash"); 806 } 807 808 static void crypto_gcm_free(struct crypto_instance *inst) 809 { 810 struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst); 811 812 crypto_drop_skcipher(&ctx->ctr); 813 crypto_drop_ahash(&ctx->ghash); 814 kfree(inst); 815 } 816 817 static struct crypto_template crypto_gcm_tmpl = { 818 .name = "gcm", 819 .alloc = crypto_gcm_alloc, 820 .free = crypto_gcm_free, 821 .module = THIS_MODULE, 822 }; 823 824 static struct crypto_instance *crypto_gcm_base_alloc(struct rtattr **tb) 825 { 826 const char *ctr_name; 827 const char *ghash_name; 828 char full_name[CRYPTO_MAX_ALG_NAME]; 829 830 ctr_name = crypto_attr_alg_name(tb[1]); 831 if (IS_ERR(ctr_name)) 832 return ERR_CAST(ctr_name); 833 834 ghash_name = crypto_attr_alg_name(tb[2]); 835 if (IS_ERR(ghash_name)) 836 return ERR_CAST(ghash_name); 837 838 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)", 839 ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME) 840 return ERR_PTR(-ENAMETOOLONG); 841 842 return crypto_gcm_alloc_common(tb, full_name, ctr_name, ghash_name); 843 } 844 845 static struct crypto_template crypto_gcm_base_tmpl = { 846 .name = "gcm_base", 847 .alloc = crypto_gcm_base_alloc, 848 .free = crypto_gcm_free, 849 .module = THIS_MODULE, 850 }; 851 852 static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, 853 unsigned int keylen) 854 { 855 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 856 struct crypto_aead *child = ctx->child; 857 int err; 858 859 if (keylen < 4) 860 return -EINVAL; 861 862 keylen -= 4; 863 memcpy(ctx->nonce, key + keylen, 4); 864 865 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 866 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 867 CRYPTO_TFM_REQ_MASK); 868 err = crypto_aead_setkey(child, key, keylen); 869 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 870 CRYPTO_TFM_RES_MASK); 871 872 return err; 873 } 874 875 static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, 876 unsigned int authsize) 877 { 878 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 879 880 switch (authsize) { 881 case 8: 882 case 12: 883 case 16: 884 break; 885 default: 886 return -EINVAL; 887 } 888 889 return crypto_aead_setauthsize(ctx->child, authsize); 890 } 891 892 static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) 893 { 894 struct aead_request *subreq = aead_request_ctx(req); 895 struct crypto_aead *aead = crypto_aead_reqtfm(req); 896 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead); 897 struct crypto_aead *child = ctx->child; 898 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child), 899 crypto_aead_alignmask(child) + 1); 900 901 memcpy(iv, ctx->nonce, 4); 902 memcpy(iv + 4, req->iv, 8); 903 904 aead_request_set_tfm(subreq, child); 905 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 906 req->base.data); 907 aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, iv); 908 aead_request_set_assoc(subreq, req->assoc, req->assoclen); 909 910 return subreq; 911 } 912 913 static int crypto_rfc4106_encrypt(struct aead_request *req) 914 { 915 req = crypto_rfc4106_crypt(req); 916 917 return crypto_aead_encrypt(req); 918 } 919 920 static int crypto_rfc4106_decrypt(struct aead_request *req) 921 { 922 req = crypto_rfc4106_crypt(req); 923 924 return crypto_aead_decrypt(req); 925 } 926 927 static int crypto_rfc4106_init_tfm(struct crypto_tfm *tfm) 928 { 929 struct crypto_instance *inst = (void *)tfm->__crt_alg; 930 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst); 931 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm); 932 struct crypto_aead *aead; 933 unsigned long align; 934 935 aead = crypto_spawn_aead(spawn); 936 if (IS_ERR(aead)) 937 return PTR_ERR(aead); 938 939 ctx->child = aead; 940 941 align = crypto_aead_alignmask(aead); 942 align &= ~(crypto_tfm_ctx_alignment() - 1); 943 tfm->crt_aead.reqsize = sizeof(struct aead_request) + 944 ALIGN(crypto_aead_reqsize(aead), 945 crypto_tfm_ctx_alignment()) + 946 align + 16; 947 948 return 0; 949 } 950 951 static void crypto_rfc4106_exit_tfm(struct crypto_tfm *tfm) 952 { 953 struct crypto_rfc4106_ctx *ctx = crypto_tfm_ctx(tfm); 954 955 crypto_free_aead(ctx->child); 956 } 957 958 static struct crypto_instance *crypto_rfc4106_alloc(struct rtattr **tb) 959 { 960 struct crypto_attr_type *algt; 961 struct crypto_instance *inst; 962 struct crypto_aead_spawn *spawn; 963 struct crypto_alg *alg; 964 const char *ccm_name; 965 int err; 966 967 algt = crypto_get_attr_type(tb); 968 if (IS_ERR(algt)) 969 return ERR_CAST(algt); 970 971 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 972 return ERR_PTR(-EINVAL); 973 974 ccm_name = crypto_attr_alg_name(tb[1]); 975 if (IS_ERR(ccm_name)) 976 return ERR_CAST(ccm_name); 977 978 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 979 if (!inst) 980 return ERR_PTR(-ENOMEM); 981 982 spawn = crypto_instance_ctx(inst); 983 crypto_set_aead_spawn(spawn, inst); 984 err = crypto_grab_aead(spawn, ccm_name, 0, 985 crypto_requires_sync(algt->type, algt->mask)); 986 if (err) 987 goto out_free_inst; 988 989 alg = crypto_aead_spawn_alg(spawn); 990 991 err = -EINVAL; 992 993 /* We only support 16-byte blocks. */ 994 if (alg->cra_aead.ivsize != 16) 995 goto out_drop_alg; 996 997 /* Not a stream cipher? */ 998 if (alg->cra_blocksize != 1) 999 goto out_drop_alg; 1000 1001 err = -ENAMETOOLONG; 1002 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, 1003 "rfc4106(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME || 1004 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1005 "rfc4106(%s)", alg->cra_driver_name) >= 1006 CRYPTO_MAX_ALG_NAME) 1007 goto out_drop_alg; 1008 1009 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 1010 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; 1011 inst->alg.cra_priority = alg->cra_priority; 1012 inst->alg.cra_blocksize = 1; 1013 inst->alg.cra_alignmask = alg->cra_alignmask; 1014 inst->alg.cra_type = &crypto_nivaead_type; 1015 1016 inst->alg.cra_aead.ivsize = 8; 1017 inst->alg.cra_aead.maxauthsize = 16; 1018 1019 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx); 1020 1021 inst->alg.cra_init = crypto_rfc4106_init_tfm; 1022 inst->alg.cra_exit = crypto_rfc4106_exit_tfm; 1023 1024 inst->alg.cra_aead.setkey = crypto_rfc4106_setkey; 1025 inst->alg.cra_aead.setauthsize = crypto_rfc4106_setauthsize; 1026 inst->alg.cra_aead.encrypt = crypto_rfc4106_encrypt; 1027 inst->alg.cra_aead.decrypt = crypto_rfc4106_decrypt; 1028 1029 inst->alg.cra_aead.geniv = "seqiv"; 1030 1031 out: 1032 return inst; 1033 1034 out_drop_alg: 1035 crypto_drop_aead(spawn); 1036 out_free_inst: 1037 kfree(inst); 1038 inst = ERR_PTR(err); 1039 goto out; 1040 } 1041 1042 static void crypto_rfc4106_free(struct crypto_instance *inst) 1043 { 1044 crypto_drop_spawn(crypto_instance_ctx(inst)); 1045 kfree(inst); 1046 } 1047 1048 static struct crypto_template crypto_rfc4106_tmpl = { 1049 .name = "rfc4106", 1050 .alloc = crypto_rfc4106_alloc, 1051 .free = crypto_rfc4106_free, 1052 .module = THIS_MODULE, 1053 }; 1054 1055 static inline struct crypto_rfc4543_req_ctx *crypto_rfc4543_reqctx( 1056 struct aead_request *req) 1057 { 1058 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 1059 1060 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 1061 } 1062 1063 static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, 1064 unsigned int keylen) 1065 { 1066 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1067 struct crypto_aead *child = ctx->child; 1068 int err; 1069 1070 if (keylen < 4) 1071 return -EINVAL; 1072 1073 keylen -= 4; 1074 memcpy(ctx->nonce, key + keylen, 4); 1075 1076 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 1077 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 1078 CRYPTO_TFM_REQ_MASK); 1079 err = crypto_aead_setkey(child, key, keylen); 1080 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 1081 CRYPTO_TFM_RES_MASK); 1082 1083 return err; 1084 } 1085 1086 static int crypto_rfc4543_setauthsize(struct crypto_aead *parent, 1087 unsigned int authsize) 1088 { 1089 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1090 1091 if (authsize != 16) 1092 return -EINVAL; 1093 1094 return crypto_aead_setauthsize(ctx->child, authsize); 1095 } 1096 1097 static struct aead_request *crypto_rfc4543_crypt(struct aead_request *req, 1098 int enc) 1099 { 1100 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1101 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1102 struct crypto_rfc4543_req_ctx *rctx = crypto_rfc4543_reqctx(req); 1103 struct aead_request *subreq = &rctx->subreq; 1104 struct scatterlist *dst = req->dst; 1105 struct scatterlist *cipher = rctx->cipher; 1106 struct scatterlist *payload = rctx->payload; 1107 struct scatterlist *assoc = rctx->assoc; 1108 unsigned int authsize = crypto_aead_authsize(aead); 1109 unsigned int assoclen = req->assoclen; 1110 struct page *dstp; 1111 u8 *vdst; 1112 u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child), 1113 crypto_aead_alignmask(ctx->child) + 1); 1114 1115 memcpy(iv, ctx->nonce, 4); 1116 memcpy(iv + 4, req->iv, 8); 1117 1118 /* construct cipher/plaintext */ 1119 if (enc) 1120 memset(rctx->auth_tag, 0, authsize); 1121 else 1122 scatterwalk_map_and_copy(rctx->auth_tag, dst, 1123 req->cryptlen - authsize, 1124 authsize, 0); 1125 1126 sg_init_one(cipher, rctx->auth_tag, authsize); 1127 1128 /* construct the aad */ 1129 dstp = sg_page(dst); 1130 vdst = PageHighMem(dstp) ? NULL : page_address(dstp) + dst->offset; 1131 1132 sg_init_table(payload, 2); 1133 sg_set_buf(payload, req->iv, 8); 1134 scatterwalk_crypto_chain(payload, dst, vdst == req->iv + 8, 2); 1135 assoclen += 8 + req->cryptlen - (enc ? 0 : authsize); 1136 1137 if (req->assoc->length == req->assoclen) { 1138 sg_init_table(assoc, 2); 1139 sg_set_page(assoc, sg_page(req->assoc), req->assoc->length, 1140 req->assoc->offset); 1141 } else { 1142 BUG_ON(req->assoclen > sizeof(rctx->assocbuf)); 1143 1144 scatterwalk_map_and_copy(rctx->assocbuf, req->assoc, 0, 1145 req->assoclen, 0); 1146 1147 sg_init_table(assoc, 2); 1148 sg_set_buf(assoc, rctx->assocbuf, req->assoclen); 1149 } 1150 scatterwalk_crypto_chain(assoc, payload, 0, 2); 1151 1152 aead_request_set_tfm(subreq, ctx->child); 1153 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 1154 req->base.data); 1155 aead_request_set_crypt(subreq, cipher, cipher, enc ? 0 : authsize, iv); 1156 aead_request_set_assoc(subreq, assoc, assoclen); 1157 1158 return subreq; 1159 } 1160 1161 static int crypto_rfc4543_encrypt(struct aead_request *req) 1162 { 1163 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1164 struct crypto_rfc4543_req_ctx *rctx = crypto_rfc4543_reqctx(req); 1165 struct aead_request *subreq; 1166 int err; 1167 1168 subreq = crypto_rfc4543_crypt(req, 1); 1169 err = crypto_aead_encrypt(subreq); 1170 if (err) 1171 return err; 1172 1173 scatterwalk_map_and_copy(rctx->auth_tag, req->dst, req->cryptlen, 1174 crypto_aead_authsize(aead), 1); 1175 1176 return 0; 1177 } 1178 1179 static int crypto_rfc4543_decrypt(struct aead_request *req) 1180 { 1181 req = crypto_rfc4543_crypt(req, 0); 1182 1183 return crypto_aead_decrypt(req); 1184 } 1185 1186 static int crypto_rfc4543_init_tfm(struct crypto_tfm *tfm) 1187 { 1188 struct crypto_instance *inst = (void *)tfm->__crt_alg; 1189 struct crypto_aead_spawn *spawn = crypto_instance_ctx(inst); 1190 struct crypto_rfc4543_ctx *ctx = crypto_tfm_ctx(tfm); 1191 struct crypto_aead *aead; 1192 unsigned long align; 1193 1194 aead = crypto_spawn_aead(spawn); 1195 if (IS_ERR(aead)) 1196 return PTR_ERR(aead); 1197 1198 ctx->child = aead; 1199 1200 align = crypto_aead_alignmask(aead); 1201 align &= ~(crypto_tfm_ctx_alignment() - 1); 1202 tfm->crt_aead.reqsize = sizeof(struct crypto_rfc4543_req_ctx) + 1203 ALIGN(crypto_aead_reqsize(aead), 1204 crypto_tfm_ctx_alignment()) + 1205 align + 16; 1206 1207 return 0; 1208 } 1209 1210 static void crypto_rfc4543_exit_tfm(struct crypto_tfm *tfm) 1211 { 1212 struct crypto_rfc4543_ctx *ctx = crypto_tfm_ctx(tfm); 1213 1214 crypto_free_aead(ctx->child); 1215 } 1216 1217 static struct crypto_instance *crypto_rfc4543_alloc(struct rtattr **tb) 1218 { 1219 struct crypto_attr_type *algt; 1220 struct crypto_instance *inst; 1221 struct crypto_aead_spawn *spawn; 1222 struct crypto_alg *alg; 1223 const char *ccm_name; 1224 int err; 1225 1226 algt = crypto_get_attr_type(tb); 1227 if (IS_ERR(algt)) 1228 return ERR_CAST(algt); 1229 1230 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 1231 return ERR_PTR(-EINVAL); 1232 1233 ccm_name = crypto_attr_alg_name(tb[1]); 1234 if (IS_ERR(ccm_name)) 1235 return ERR_CAST(ccm_name); 1236 1237 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 1238 if (!inst) 1239 return ERR_PTR(-ENOMEM); 1240 1241 spawn = crypto_instance_ctx(inst); 1242 crypto_set_aead_spawn(spawn, inst); 1243 err = crypto_grab_aead(spawn, ccm_name, 0, 1244 crypto_requires_sync(algt->type, algt->mask)); 1245 if (err) 1246 goto out_free_inst; 1247 1248 alg = crypto_aead_spawn_alg(spawn); 1249 1250 err = -EINVAL; 1251 1252 /* We only support 16-byte blocks. */ 1253 if (alg->cra_aead.ivsize != 16) 1254 goto out_drop_alg; 1255 1256 /* Not a stream cipher? */ 1257 if (alg->cra_blocksize != 1) 1258 goto out_drop_alg; 1259 1260 err = -ENAMETOOLONG; 1261 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, 1262 "rfc4543(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME || 1263 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1264 "rfc4543(%s)", alg->cra_driver_name) >= 1265 CRYPTO_MAX_ALG_NAME) 1266 goto out_drop_alg; 1267 1268 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; 1269 inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; 1270 inst->alg.cra_priority = alg->cra_priority; 1271 inst->alg.cra_blocksize = 1; 1272 inst->alg.cra_alignmask = alg->cra_alignmask; 1273 inst->alg.cra_type = &crypto_nivaead_type; 1274 1275 inst->alg.cra_aead.ivsize = 8; 1276 inst->alg.cra_aead.maxauthsize = 16; 1277 1278 inst->alg.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx); 1279 1280 inst->alg.cra_init = crypto_rfc4543_init_tfm; 1281 inst->alg.cra_exit = crypto_rfc4543_exit_tfm; 1282 1283 inst->alg.cra_aead.setkey = crypto_rfc4543_setkey; 1284 inst->alg.cra_aead.setauthsize = crypto_rfc4543_setauthsize; 1285 inst->alg.cra_aead.encrypt = crypto_rfc4543_encrypt; 1286 inst->alg.cra_aead.decrypt = crypto_rfc4543_decrypt; 1287 1288 inst->alg.cra_aead.geniv = "seqiv"; 1289 1290 out: 1291 return inst; 1292 1293 out_drop_alg: 1294 crypto_drop_aead(spawn); 1295 out_free_inst: 1296 kfree(inst); 1297 inst = ERR_PTR(err); 1298 goto out; 1299 } 1300 1301 static void crypto_rfc4543_free(struct crypto_instance *inst) 1302 { 1303 crypto_drop_spawn(crypto_instance_ctx(inst)); 1304 kfree(inst); 1305 } 1306 1307 static struct crypto_template crypto_rfc4543_tmpl = { 1308 .name = "rfc4543", 1309 .alloc = crypto_rfc4543_alloc, 1310 .free = crypto_rfc4543_free, 1311 .module = THIS_MODULE, 1312 }; 1313 1314 static int __init crypto_gcm_module_init(void) 1315 { 1316 int err; 1317 1318 gcm_zeroes = kzalloc(16, GFP_KERNEL); 1319 if (!gcm_zeroes) 1320 return -ENOMEM; 1321 1322 err = crypto_register_template(&crypto_gcm_base_tmpl); 1323 if (err) 1324 goto out; 1325 1326 err = crypto_register_template(&crypto_gcm_tmpl); 1327 if (err) 1328 goto out_undo_base; 1329 1330 err = crypto_register_template(&crypto_rfc4106_tmpl); 1331 if (err) 1332 goto out_undo_gcm; 1333 1334 err = crypto_register_template(&crypto_rfc4543_tmpl); 1335 if (err) 1336 goto out_undo_rfc4106; 1337 1338 return 0; 1339 1340 out_undo_rfc4106: 1341 crypto_unregister_template(&crypto_rfc4106_tmpl); 1342 out_undo_gcm: 1343 crypto_unregister_template(&crypto_gcm_tmpl); 1344 out_undo_base: 1345 crypto_unregister_template(&crypto_gcm_base_tmpl); 1346 out: 1347 kfree(gcm_zeroes); 1348 return err; 1349 } 1350 1351 static void __exit crypto_gcm_module_exit(void) 1352 { 1353 kfree(gcm_zeroes); 1354 crypto_unregister_template(&crypto_rfc4543_tmpl); 1355 crypto_unregister_template(&crypto_rfc4106_tmpl); 1356 crypto_unregister_template(&crypto_gcm_tmpl); 1357 crypto_unregister_template(&crypto_gcm_base_tmpl); 1358 } 1359 1360 module_init(crypto_gcm_module_init); 1361 module_exit(crypto_gcm_module_exit); 1362 1363 MODULE_LICENSE("GPL"); 1364 MODULE_DESCRIPTION("Galois/Counter Mode"); 1365 MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>"); 1366 MODULE_ALIAS("gcm_base"); 1367 MODULE_ALIAS("rfc4106"); 1368 MODULE_ALIAS("rfc4543"); 1369