Root/
1 | /* |
2 | * AEAD: Authenticated Encryption with Associated Data |
3 | * |
4 | * This file provides API support for AEAD algorithms. |
5 | * |
6 | * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au> |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify it |
9 | * under the terms of the GNU General Public License as published by the Free |
10 | * Software Foundation; either version 2 of the License, or (at your option) |
11 | * any later version. |
12 | * |
13 | */ |
14 | |
15 | #include <crypto/internal/aead.h> |
16 | #include <linux/err.h> |
17 | #include <linux/init.h> |
18 | #include <linux/kernel.h> |
19 | #include <linux/module.h> |
20 | #include <linux/rtnetlink.h> |
21 | #include <linux/sched.h> |
22 | #include <linux/slab.h> |
23 | #include <linux/seq_file.h> |
24 | |
25 | #include "internal.h" |
26 | |
27 | static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, |
28 | unsigned int keylen) |
29 | { |
30 | struct aead_alg *aead = crypto_aead_alg(tfm); |
31 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
32 | int ret; |
33 | u8 *buffer, *alignbuffer; |
34 | unsigned long absize; |
35 | |
36 | absize = keylen + alignmask; |
37 | buffer = kmalloc(absize, GFP_ATOMIC); |
38 | if (!buffer) |
39 | return -ENOMEM; |
40 | |
41 | alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); |
42 | memcpy(alignbuffer, key, keylen); |
43 | ret = aead->setkey(tfm, alignbuffer, keylen); |
44 | memset(alignbuffer, 0, keylen); |
45 | kfree(buffer); |
46 | return ret; |
47 | } |
48 | |
49 | static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) |
50 | { |
51 | struct aead_alg *aead = crypto_aead_alg(tfm); |
52 | unsigned long alignmask = crypto_aead_alignmask(tfm); |
53 | |
54 | if ((unsigned long)key & alignmask) |
55 | return setkey_unaligned(tfm, key, keylen); |
56 | |
57 | return aead->setkey(tfm, key, keylen); |
58 | } |
59 | |
60 | int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize) |
61 | { |
62 | struct aead_tfm *crt = crypto_aead_crt(tfm); |
63 | int err; |
64 | |
65 | if (authsize > crypto_aead_alg(tfm)->maxauthsize) |
66 | return -EINVAL; |
67 | |
68 | if (crypto_aead_alg(tfm)->setauthsize) { |
69 | err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize); |
70 | if (err) |
71 | return err; |
72 | } |
73 | |
74 | crypto_aead_crt(crt->base)->authsize = authsize; |
75 | crt->authsize = authsize; |
76 | return 0; |
77 | } |
78 | EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); |
79 | |
80 | static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type, |
81 | u32 mask) |
82 | { |
83 | return alg->cra_ctxsize; |
84 | } |
85 | |
86 | static int no_givcrypt(struct aead_givcrypt_request *req) |
87 | { |
88 | return -ENOSYS; |
89 | } |
90 | |
91 | static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask) |
92 | { |
93 | struct aead_alg *alg = &tfm->__crt_alg->cra_aead; |
94 | struct aead_tfm *crt = &tfm->crt_aead; |
95 | |
96 | if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8) |
97 | return -EINVAL; |
98 | |
99 | crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ? |
100 | alg->setkey : setkey; |
101 | crt->encrypt = alg->encrypt; |
102 | crt->decrypt = alg->decrypt; |
103 | crt->givencrypt = alg->givencrypt ?: no_givcrypt; |
104 | crt->givdecrypt = alg->givdecrypt ?: no_givcrypt; |
105 | crt->base = __crypto_aead_cast(tfm); |
106 | crt->ivsize = alg->ivsize; |
107 | crt->authsize = alg->maxauthsize; |
108 | |
109 | return 0; |
110 | } |
111 | |
112 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) |
113 | __attribute__ ((unused)); |
114 | static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg) |
115 | { |
116 | struct aead_alg *aead = &alg->cra_aead; |
117 | |
118 | seq_printf(m, "type : aead\n"); |
119 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? |
120 | "yes" : "no"); |
121 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
122 | seq_printf(m, "ivsize : %u\n", aead->ivsize); |
123 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); |
124 | seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>"); |
125 | } |
126 | |
127 | const struct crypto_type crypto_aead_type = { |
128 | .ctxsize = crypto_aead_ctxsize, |
129 | .init = crypto_init_aead_ops, |
130 | #ifdef CONFIG_PROC_FS |
131 | .show = crypto_aead_show, |
132 | #endif |
133 | }; |
134 | EXPORT_SYMBOL_GPL(crypto_aead_type); |
135 | |
136 | static int aead_null_givencrypt(struct aead_givcrypt_request *req) |
137 | { |
138 | return crypto_aead_encrypt(&req->areq); |
139 | } |
140 | |
141 | static int aead_null_givdecrypt(struct aead_givcrypt_request *req) |
142 | { |
143 | return crypto_aead_decrypt(&req->areq); |
144 | } |
145 | |
146 | static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask) |
147 | { |
148 | struct aead_alg *alg = &tfm->__crt_alg->cra_aead; |
149 | struct aead_tfm *crt = &tfm->crt_aead; |
150 | |
151 | if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8) |
152 | return -EINVAL; |
153 | |
154 | crt->setkey = setkey; |
155 | crt->encrypt = alg->encrypt; |
156 | crt->decrypt = alg->decrypt; |
157 | if (!alg->ivsize) { |
158 | crt->givencrypt = aead_null_givencrypt; |
159 | crt->givdecrypt = aead_null_givdecrypt; |
160 | } |
161 | crt->base = __crypto_aead_cast(tfm); |
162 | crt->ivsize = alg->ivsize; |
163 | crt->authsize = alg->maxauthsize; |
164 | |
165 | return 0; |
166 | } |
167 | |
168 | static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) |
169 | __attribute__ ((unused)); |
170 | static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg) |
171 | { |
172 | struct aead_alg *aead = &alg->cra_aead; |
173 | |
174 | seq_printf(m, "type : nivaead\n"); |
175 | seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ? |
176 | "yes" : "no"); |
177 | seq_printf(m, "blocksize : %u\n", alg->cra_blocksize); |
178 | seq_printf(m, "ivsize : %u\n", aead->ivsize); |
179 | seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize); |
180 | seq_printf(m, "geniv : %s\n", aead->geniv); |
181 | } |
182 | |
183 | const struct crypto_type crypto_nivaead_type = { |
184 | .ctxsize = crypto_aead_ctxsize, |
185 | .init = crypto_init_nivaead_ops, |
186 | #ifdef CONFIG_PROC_FS |
187 | .show = crypto_nivaead_show, |
188 | #endif |
189 | }; |
190 | EXPORT_SYMBOL_GPL(crypto_nivaead_type); |
191 | |
192 | static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn, |
193 | const char *name, u32 type, u32 mask) |
194 | { |
195 | struct crypto_alg *alg; |
196 | int err; |
197 | |
198 | type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
199 | type |= CRYPTO_ALG_TYPE_AEAD; |
200 | mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV; |
201 | |
202 | alg = crypto_alg_mod_lookup(name, type, mask); |
203 | if (IS_ERR(alg)) |
204 | return PTR_ERR(alg); |
205 | |
206 | err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask); |
207 | crypto_mod_put(alg); |
208 | return err; |
209 | } |
210 | |
211 | struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl, |
212 | struct rtattr **tb, u32 type, |
213 | u32 mask) |
214 | { |
215 | const char *name; |
216 | struct crypto_aead_spawn *spawn; |
217 | struct crypto_attr_type *algt; |
218 | struct crypto_instance *inst; |
219 | struct crypto_alg *alg; |
220 | int err; |
221 | |
222 | algt = crypto_get_attr_type(tb); |
223 | err = PTR_ERR(algt); |
224 | if (IS_ERR(algt)) |
225 | return ERR_PTR(err); |
226 | |
227 | if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) & |
228 | algt->mask) |
229 | return ERR_PTR(-EINVAL); |
230 | |
231 | name = crypto_attr_alg_name(tb[1]); |
232 | err = PTR_ERR(name); |
233 | if (IS_ERR(name)) |
234 | return ERR_PTR(err); |
235 | |
236 | inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); |
237 | if (!inst) |
238 | return ERR_PTR(-ENOMEM); |
239 | |
240 | spawn = crypto_instance_ctx(inst); |
241 | |
242 | /* Ignore async algorithms if necessary. */ |
243 | mask |= crypto_requires_sync(algt->type, algt->mask); |
244 | |
245 | crypto_set_aead_spawn(spawn, inst); |
246 | err = crypto_grab_nivaead(spawn, name, type, mask); |
247 | if (err) |
248 | goto err_free_inst; |
249 | |
250 | alg = crypto_aead_spawn_alg(spawn); |
251 | |
252 | err = -EINVAL; |
253 | if (!alg->cra_aead.ivsize) |
254 | goto err_drop_alg; |
255 | |
256 | /* |
257 | * This is only true if we're constructing an algorithm with its |
258 | * default IV generator. For the default generator we elide the |
259 | * template name and double-check the IV generator. |
260 | */ |
261 | if (algt->mask & CRYPTO_ALG_GENIV) { |
262 | if (strcmp(tmpl->name, alg->cra_aead.geniv)) |
263 | goto err_drop_alg; |
264 | |
265 | memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME); |
266 | memcpy(inst->alg.cra_driver_name, alg->cra_driver_name, |
267 | CRYPTO_MAX_ALG_NAME); |
268 | } else { |
269 | err = -ENAMETOOLONG; |
270 | if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, |
271 | "%s(%s)", tmpl->name, alg->cra_name) >= |
272 | CRYPTO_MAX_ALG_NAME) |
273 | goto err_drop_alg; |
274 | if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, |
275 | "%s(%s)", tmpl->name, alg->cra_driver_name) >= |
276 | CRYPTO_MAX_ALG_NAME) |
277 | goto err_drop_alg; |
278 | } |
279 | |
280 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV; |
281 | inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC; |
282 | inst->alg.cra_priority = alg->cra_priority; |
283 | inst->alg.cra_blocksize = alg->cra_blocksize; |
284 | inst->alg.cra_alignmask = alg->cra_alignmask; |
285 | inst->alg.cra_type = &crypto_aead_type; |
286 | |
287 | inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize; |
288 | inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize; |
289 | inst->alg.cra_aead.geniv = alg->cra_aead.geniv; |
290 | |
291 | inst->alg.cra_aead.setkey = alg->cra_aead.setkey; |
292 | inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize; |
293 | inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt; |
294 | inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt; |
295 | |
296 | out: |
297 | return inst; |
298 | |
299 | err_drop_alg: |
300 | crypto_drop_aead(spawn); |
301 | err_free_inst: |
302 | kfree(inst); |
303 | inst = ERR_PTR(err); |
304 | goto out; |
305 | } |
306 | EXPORT_SYMBOL_GPL(aead_geniv_alloc); |
307 | |
308 | void aead_geniv_free(struct crypto_instance *inst) |
309 | { |
310 | crypto_drop_aead(crypto_instance_ctx(inst)); |
311 | kfree(inst); |
312 | } |
313 | EXPORT_SYMBOL_GPL(aead_geniv_free); |
314 | |
315 | int aead_geniv_init(struct crypto_tfm *tfm) |
316 | { |
317 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
318 | struct crypto_aead *aead; |
319 | |
320 | aead = crypto_spawn_aead(crypto_instance_ctx(inst)); |
321 | if (IS_ERR(aead)) |
322 | return PTR_ERR(aead); |
323 | |
324 | tfm->crt_aead.base = aead; |
325 | tfm->crt_aead.reqsize += crypto_aead_reqsize(aead); |
326 | |
327 | return 0; |
328 | } |
329 | EXPORT_SYMBOL_GPL(aead_geniv_init); |
330 | |
331 | void aead_geniv_exit(struct crypto_tfm *tfm) |
332 | { |
333 | crypto_free_aead(tfm->crt_aead.base); |
334 | } |
335 | EXPORT_SYMBOL_GPL(aead_geniv_exit); |
336 | |
337 | static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask) |
338 | { |
339 | struct rtattr *tb[3]; |
340 | struct { |
341 | struct rtattr attr; |
342 | struct crypto_attr_type data; |
343 | } ptype; |
344 | struct { |
345 | struct rtattr attr; |
346 | struct crypto_attr_alg data; |
347 | } palg; |
348 | struct crypto_template *tmpl; |
349 | struct crypto_instance *inst; |
350 | struct crypto_alg *larval; |
351 | const char *geniv; |
352 | int err; |
353 | |
354 | larval = crypto_larval_lookup(alg->cra_driver_name, |
355 | CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV, |
356 | CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
357 | err = PTR_ERR(larval); |
358 | if (IS_ERR(larval)) |
359 | goto out; |
360 | |
361 | err = -EAGAIN; |
362 | if (!crypto_is_larval(larval)) |
363 | goto drop_larval; |
364 | |
365 | ptype.attr.rta_len = sizeof(ptype); |
366 | ptype.attr.rta_type = CRYPTOA_TYPE; |
367 | ptype.data.type = type | CRYPTO_ALG_GENIV; |
368 | /* GENIV tells the template that we're making a default geniv. */ |
369 | ptype.data.mask = mask | CRYPTO_ALG_GENIV; |
370 | tb[0] = &ptype.attr; |
371 | |
372 | palg.attr.rta_len = sizeof(palg); |
373 | palg.attr.rta_type = CRYPTOA_ALG; |
374 | /* Must use the exact name to locate ourselves. */ |
375 | memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME); |
376 | tb[1] = &palg.attr; |
377 | |
378 | tb[2] = NULL; |
379 | |
380 | geniv = alg->cra_aead.geniv; |
381 | |
382 | tmpl = crypto_lookup_template(geniv); |
383 | err = -ENOENT; |
384 | if (!tmpl) |
385 | goto kill_larval; |
386 | |
387 | inst = tmpl->alloc(tb); |
388 | err = PTR_ERR(inst); |
389 | if (IS_ERR(inst)) |
390 | goto put_tmpl; |
391 | |
392 | if ((err = crypto_register_instance(tmpl, inst))) { |
393 | tmpl->free(inst); |
394 | goto put_tmpl; |
395 | } |
396 | |
397 | /* Redo the lookup to use the instance we just registered. */ |
398 | err = -EAGAIN; |
399 | |
400 | put_tmpl: |
401 | crypto_tmpl_put(tmpl); |
402 | kill_larval: |
403 | crypto_larval_kill(larval); |
404 | drop_larval: |
405 | crypto_mod_put(larval); |
406 | out: |
407 | crypto_mod_put(alg); |
408 | return err; |
409 | } |
410 | |
411 | static struct crypto_alg *crypto_lookup_aead(const char *name, u32 type, |
412 | u32 mask) |
413 | { |
414 | struct crypto_alg *alg; |
415 | |
416 | alg = crypto_alg_mod_lookup(name, type, mask); |
417 | if (IS_ERR(alg)) |
418 | return alg; |
419 | |
420 | if (alg->cra_type == &crypto_aead_type) |
421 | return alg; |
422 | |
423 | if (!alg->cra_aead.ivsize) |
424 | return alg; |
425 | |
426 | crypto_mod_put(alg); |
427 | alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED, |
428 | mask & ~CRYPTO_ALG_TESTED); |
429 | if (IS_ERR(alg)) |
430 | return alg; |
431 | |
432 | if (alg->cra_type == &crypto_aead_type) { |
433 | if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) { |
434 | crypto_mod_put(alg); |
435 | alg = ERR_PTR(-ENOENT); |
436 | } |
437 | return alg; |
438 | } |
439 | |
440 | BUG_ON(!alg->cra_aead.ivsize); |
441 | |
442 | return ERR_PTR(crypto_nivaead_default(alg, type, mask)); |
443 | } |
444 | |
445 | int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name, |
446 | u32 type, u32 mask) |
447 | { |
448 | struct crypto_alg *alg; |
449 | int err; |
450 | |
451 | type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
452 | type |= CRYPTO_ALG_TYPE_AEAD; |
453 | mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
454 | mask |= CRYPTO_ALG_TYPE_MASK; |
455 | |
456 | alg = crypto_lookup_aead(name, type, mask); |
457 | if (IS_ERR(alg)) |
458 | return PTR_ERR(alg); |
459 | |
460 | err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask); |
461 | crypto_mod_put(alg); |
462 | return err; |
463 | } |
464 | EXPORT_SYMBOL_GPL(crypto_grab_aead); |
465 | |
466 | struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask) |
467 | { |
468 | struct crypto_tfm *tfm; |
469 | int err; |
470 | |
471 | type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
472 | type |= CRYPTO_ALG_TYPE_AEAD; |
473 | mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV); |
474 | mask |= CRYPTO_ALG_TYPE_MASK; |
475 | |
476 | for (;;) { |
477 | struct crypto_alg *alg; |
478 | |
479 | alg = crypto_lookup_aead(alg_name, type, mask); |
480 | if (IS_ERR(alg)) { |
481 | err = PTR_ERR(alg); |
482 | goto err; |
483 | } |
484 | |
485 | tfm = __crypto_alloc_tfm(alg, type, mask); |
486 | if (!IS_ERR(tfm)) |
487 | return __crypto_aead_cast(tfm); |
488 | |
489 | crypto_mod_put(alg); |
490 | err = PTR_ERR(tfm); |
491 | |
492 | err: |
493 | if (err != -EAGAIN) |
494 | break; |
495 | if (signal_pending(current)) { |
496 | err = -EINTR; |
497 | break; |
498 | } |
499 | } |
500 | |
501 | return ERR_PTR(err); |
502 | } |
503 | EXPORT_SYMBOL_GPL(crypto_alloc_aead); |
504 | |
505 | MODULE_LICENSE("GPL"); |
506 | MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)"); |
507 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9