[GitHub/mt8127/android_kernel_alcatel_ttab.git] / crypto / aead.c

/*
 * AEAD: Authenticated Encryption with Associated Data
 * 
 * This file provides API support for AEAD algorithms.
 *
 * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option) 
 * any later version.
 *
 */

#include <crypto/internal/aead.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/rtnetlink.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/seq_file.h>

#include "internal.h"

static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
			    unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);
	int ret;
	u8 *buffer, *alignbuffer;
	unsigned long absize;

	absize = keylen + alignmask;
	buffer = kmalloc(absize, GFP_ATOMIC);
	if (!buffer)
		return -ENOMEM;

	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	memcpy(alignbuffer, key, keylen);
	ret = aead->setkey(tfm, alignbuffer, keylen);
	memset(alignbuffer, 0, keylen);
	kfree(buffer);
	return ret;
}

static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
{
	struct aead_alg *aead = crypto_aead_alg(tfm);
	unsigned long alignmask = crypto_aead_alignmask(tfm);

	if ((unsigned long)key & alignmask)
		return setkey_unaligned(tfm, key, keylen);

	return aead->setkey(tfm, key, keylen);
}

int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
{
	struct aead_tfm *crt = crypto_aead_crt(tfm);
	int err;

	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
		return -EINVAL;

	if (crypto_aead_alg(tfm)->setauthsize) {
		err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
		if (err)
			return err;
	}

	crypto_aead_crt(crt->base)->authsize = authsize;
	crt->authsize = authsize;
	return 0;
}
EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);

static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
					u32 mask)
{
	return alg->cra_ctxsize;
}

static int no_givcrypt(struct aead_givcrypt_request *req)
{
	return -ENOSYS;
}

static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
		      alg->setkey : setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_aead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : aead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv ?: "<built-in>");
}

const struct crypto_type crypto_aead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_aead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_aead_show,
#endif
};
EXPORT_SYMBOL_GPL(crypto_aead_type);

static int aead_null_givencrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_encrypt(&req->areq);
}

static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
{
	return crypto_aead_decrypt(&req->areq);
}

static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
{
	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	struct aead_tfm *crt = &tfm->crt_aead;

	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
		return -EINVAL;

	crt->setkey = setkey;
	crt->encrypt = alg->encrypt;
	crt->decrypt = alg->decrypt;
	if (!alg->ivsize) {
		crt->givencrypt = aead_null_givencrypt;
		crt->givdecrypt = aead_null_givdecrypt;
	}
	crt->base = __crypto_aead_cast(tfm);
	crt->ivsize = alg->ivsize;
	crt->authsize = alg->maxauthsize;

	return 0;
}

static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
	__attribute__ ((unused));
static void crypto_nivaead_show(struct seq_file *m, struct crypto_alg *alg)
{
	struct aead_alg *aead = &alg->cra_aead;

	seq_printf(m, "type         : nivaead\n");
	seq_printf(m, "async        : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
					     "yes" : "no");
	seq_printf(m, "blocksize    : %u\n", alg->cra_blocksize);
	seq_printf(m, "ivsize       : %u\n", aead->ivsize);
	seq_printf(m, "maxauthsize  : %u\n", aead->maxauthsize);
	seq_printf(m, "geniv        : %s\n", aead->geniv);
}

const struct crypto_type crypto_nivaead_type = {
	.ctxsize = crypto_aead_ctxsize,
	.init = crypto_init_nivaead_ops,
#ifdef CONFIG_PROC_FS
	.show = crypto_nivaead_show,
#endif
};
EXPORT_SYMBOL_GPL(crypto_nivaead_type);

static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
			       const char *name, u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask |= CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}

struct crypto_instance *aead_geniv_alloc(struct crypto_template *tmpl,
					 struct rtattr **tb, u32 type,
					 u32 mask)
{
	const char *name;
	struct crypto_aead_spawn *spawn;
	struct crypto_attr_type *algt;
	struct crypto_instance *inst;
	struct crypto_alg *alg;
	int err;

	algt = crypto_get_attr_type(tb);
	err = PTR_ERR(algt);
	if (IS_ERR(algt))
		return ERR_PTR(err);

	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV)) &
	    algt->mask)
		return ERR_PTR(-EINVAL);

	name = crypto_attr_alg_name(tb[1]);
	err = PTR_ERR(name);
	if (IS_ERR(name))
		return ERR_PTR(err);

	inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
	if (!inst)
		return ERR_PTR(-ENOMEM);

	spawn = crypto_instance_ctx(inst);

	/* Ignore async algorithms if necessary. */
	mask |= crypto_requires_sync(algt->type, algt->mask);

	crypto_set_aead_spawn(spawn, inst);
	err = crypto_grab_nivaead(spawn, name, type, mask);
	if (err)
		goto err_free_inst;

	alg = crypto_aead_spawn_alg(spawn);

	err = -EINVAL;
	if (!alg->cra_aead.ivsize)
		goto err_drop_alg;

	/*
	 * This is only true if we're constructing an algorithm with its
	 * default IV generator.  For the default generator we elide the
	 * template name and double-check the IV generator.
	 */
	if (algt->mask & CRYPTO_ALG_GENIV) {
		if (strcmp(tmpl->name, alg->cra_aead.geniv))
			goto err_drop_alg;

		memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
		memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
		       CRYPTO_MAX_ALG_NAME);
	} else {
		err = -ENAMETOOLONG;
		if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
		if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
			     "%s(%s)", tmpl->name, alg->cra_driver_name) >=
		    CRYPTO_MAX_ALG_NAME)
			goto err_drop_alg;
	}

	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV;
	inst->alg.cra_flags |= alg->cra_flags & CRYPTO_ALG_ASYNC;
	inst->alg.cra_priority = alg->cra_priority;
	inst->alg.cra_blocksize = alg->cra_blocksize;
	inst->alg.cra_alignmask = alg->cra_alignmask;
	inst->alg.cra_type = &crypto_aead_type;

	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;

	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;

out:
	return inst;

err_drop_alg:
	crypto_drop_aead(spawn);
err_free_inst:
	kfree(inst);
	inst = ERR_PTR(err);
	goto out;
}
EXPORT_SYMBOL_GPL(aead_geniv_alloc);

void aead_geniv_free(struct crypto_instance *inst)
{
	crypto_drop_aead(crypto_instance_ctx(inst));
	kfree(inst);
}
EXPORT_SYMBOL_GPL(aead_geniv_free);

int aead_geniv_init(struct crypto_tfm *tfm)
{
	struct crypto_instance *inst = (void *)tfm->__crt_alg;
	struct crypto_aead *aead;

	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
	if (IS_ERR(aead))
		return PTR_ERR(aead);

	tfm->crt_aead.base = aead;
	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);

	return 0;
}
EXPORT_SYMBOL_GPL(aead_geniv_init);

void aead_geniv_exit(struct crypto_tfm *tfm)
{
	crypto_free_aead(tfm->crt_aead.base);
}
EXPORT_SYMBOL_GPL(aead_geniv_exit);

static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
{
	struct rtattr *tb[3];
	struct {
		struct rtattr attr;
		struct crypto_attr_type data;
	} ptype;
	struct {
		struct rtattr attr;
		struct crypto_attr_alg data;
	} palg;
	struct crypto_template *tmpl;
	struct crypto_instance *inst;
	struct crypto_alg *larval;
	const char *geniv;
	int err;

	larval = crypto_larval_lookup(alg->cra_driver_name,
				      CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_GENIV,
				      CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	err = PTR_ERR(larval);
	if (IS_ERR(larval))
		goto out;

	err = -EAGAIN;
	if (!crypto_is_larval(larval))
		goto drop_larval;

	ptype.attr.rta_len = sizeof(ptype);
	ptype.attr.rta_type = CRYPTOA_TYPE;
	ptype.data.type = type | CRYPTO_ALG_GENIV;
	/* GENIV tells the template that we're making a default geniv. */
	ptype.data.mask = mask | CRYPTO_ALG_GENIV;
	tb[0] = &ptype.attr;

	palg.attr.rta_len = sizeof(palg);
	palg.attr.rta_type = CRYPTOA_ALG;
	/* Must use the exact name to locate ourselves. */
	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	tb[1] = &palg.attr;

	tb[2] = NULL;

	geniv = alg->cra_aead.geniv;

	tmpl = crypto_lookup_template(geniv);
	err = -ENOENT;
	if (!tmpl)
		goto kill_larval;

	inst = tmpl->alloc(tb);
	err = PTR_ERR(inst);
	if (IS_ERR(inst))
		goto put_tmpl;

	if ((err = crypto_register_instance(tmpl, inst))) {
		tmpl->free(inst);
		goto put_tmpl;
	}

	/* Redo the lookup to use the instance we just registered. */
	err = -EAGAIN;

put_tmpl:
	crypto_tmpl_put(tmpl);
kill_larval:
	crypto_larval_kill(larval);
drop_larval:
	crypto_mod_put(larval);
out:
	crypto_mod_put(alg);
	return err;
}

static struct crypto_alg *crypto_lookup_aead(const char *name, u32 type,
					     u32 mask)
{
	struct crypto_alg *alg;

	alg = crypto_alg_mod_lookup(name, type, mask);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type)
		return alg;

	if (!alg->cra_aead.ivsize)
		return alg;

	crypto_mod_put(alg);
	alg = crypto_alg_mod_lookup(name, type | CRYPTO_ALG_TESTED,
				    mask & ~CRYPTO_ALG_TESTED);
	if (IS_ERR(alg))
		return alg;

	if (alg->cra_type == &crypto_aead_type) {
		if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
			crypto_mod_put(alg);
			alg = ERR_PTR(-ENOENT);
		}
		return alg;
	}

	BUG_ON(!alg->cra_aead.ivsize);

	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
}

int crypto_grab_aead(struct crypto_aead_spawn *spawn, const char *name,
		     u32 type, u32 mask)
{
	struct crypto_alg *alg;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	alg = crypto_lookup_aead(name, type, mask);
	if (IS_ERR(alg))
		return PTR_ERR(alg);

	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	crypto_mod_put(alg);
	return err;
}
EXPORT_SYMBOL_GPL(crypto_grab_aead);

struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask)
{
	struct crypto_tfm *tfm;
	int err;

	type &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	type |= CRYPTO_ALG_TYPE_AEAD;
	mask &= ~(CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_GENIV);
	mask |= CRYPTO_ALG_TYPE_MASK;

	for (;;) {
		struct crypto_alg *alg;

		alg = crypto_lookup_aead(alg_name, type, mask);
		if (IS_ERR(alg)) {
			err = PTR_ERR(alg);
			goto err;
		}

		tfm = __crypto_alloc_tfm(alg, type, mask);
		if (!IS_ERR(tfm))
			return __crypto_aead_cast(tfm);

		crypto_mod_put(alg);
		err = PTR_ERR(tfm);

err:
		if (err != -EAGAIN)
			break;
		if (signal_pending(current)) {
			err = -EINTR;
			break;
		}
	}

	return ERR_PTR(err);
}
EXPORT_SYMBOL_GPL(crypto_alloc_aead);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");
Commit	Line	Data
1ae97820 HX	1	/*
	2	* AEAD: Authenticated Encryption with Associated Data
	3	*
	4	* This file provides API support for AEAD algorithms.
	5	*
	6	* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
	7	*
	8	* This program is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the Free
	10	* Software Foundation; either version 2 of the License, or (at your option)
	11	* any later version.
	12	*
	13	*/
	14
5b6d2d7f HX	15	#include <crypto/internal/aead.h>
5b6d2d7f HX	16	#include <linux/err.h>
1ae97820 HX	17	#include <linux/init.h>
	18	#include <linux/kernel.h>
	19	#include <linux/module.h>
d29ce988	20	#include <linux/rtnetlink.h>
d43c36dc	21	#include <linux/sched.h>
1ae97820 HX	22	#include <linux/slab.h>
	23	#include <linux/seq_file.h>
	24
5b6d2d7f HX	25	#include "internal.h"
5b6d2d7f HX	26
1ae97820 HX	27	static int setkey_unaligned(struct crypto_aead tfm, const u8 key,
	28	unsigned int keylen)
	29	{
	30	struct aead_alg *aead = crypto_aead_alg(tfm);
	31	unsigned long alignmask = crypto_aead_alignmask(tfm);
	32	int ret;
	33	u8 buffer, alignbuffer;
	34	unsigned long absize;
	35
	36	absize = keylen + alignmask;
	37	buffer = kmalloc(absize, GFP_ATOMIC);
	38	if (!buffer)
	39	return -ENOMEM;
	40
	41	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
	42	memcpy(alignbuffer, key, keylen);
	43	ret = aead->setkey(tfm, alignbuffer, keylen);
	44	memset(alignbuffer, 0, keylen);
	45	kfree(buffer);
	46	return ret;
	47	}
	48
	49	static int setkey(struct crypto_aead tfm, const u8 key, unsigned int keylen)
	50	{
	51	struct aead_alg *aead = crypto_aead_alg(tfm);
	52	unsigned long alignmask = crypto_aead_alignmask(tfm);
	53
	54	if ((unsigned long)key & alignmask)
	55	return setkey_unaligned(tfm, key, keylen);
	56
	57	return aead->setkey(tfm, key, keylen);
	58	}
	59
7ba683a6 HX	60	int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
7ba683a6 HX	61	{
5b6d2d7f	62	struct aead_tfm *crt = crypto_aead_crt(tfm);
7ba683a6 HX	63	int err;
	64
	65	if (authsize > crypto_aead_alg(tfm)->maxauthsize)
	66	return -EINVAL;
	67
	68	if (crypto_aead_alg(tfm)->setauthsize) {
5b6d2d7f	69	err = crypto_aead_alg(tfm)->setauthsize(crt->base, authsize);
7ba683a6 HX	70	if (err)
	71	return err;
	72	}
	73
5b6d2d7f HX	74	crypto_aead_crt(crt->base)->authsize = authsize;
5b6d2d7f HX	75	crt->authsize = authsize;
7ba683a6 HX	76	return 0;
	77	}
	78	EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
	79
1ae97820 HX	80	static unsigned int crypto_aead_ctxsize(struct crypto_alg *alg, u32 type,
	81	u32 mask)
	82	{
	83	return alg->cra_ctxsize;
	84	}
	85
aedb30dc	86	static int no_givcrypt(struct aead_givcrypt_request *req)
743edf57 HX	87	{
	88	return -ENOSYS;
	89	}
	90
1ae97820 HX	91	static int crypto_init_aead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	92	{
	93	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	94	struct aead_tfm *crt = &tfm->crt_aead;
	95
7ba683a6	96	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
1ae97820 HX	97	return -EINVAL;
1ae97820 HX	98
5b6d2d7f HX	99	crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
5b6d2d7f HX	100	alg->setkey : setkey;
1ae97820 HX	101	crt->encrypt = alg->encrypt;
1ae97820 HX	102	crt->decrypt = alg->decrypt;
aedb30dc HX	103	crt->givencrypt = alg->givencrypt ?: no_givcrypt;
aedb30dc HX	104	crt->givdecrypt = alg->givdecrypt ?: no_givcrypt;
5b6d2d7f	105	crt->base = __crypto_aead_cast(tfm);
1ae97820	106	crt->ivsize = alg->ivsize;
7ba683a6	107	crt->authsize = alg->maxauthsize;
1ae97820 HX	108
	109	return 0;
	110	}
	111
	112	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	113	__attribute__ ((unused));
	114	static void crypto_aead_show(struct seq_file m, struct crypto_alg alg)
	115	{
	116	struct aead_alg *aead = &alg->cra_aead;
	117
	118	seq_printf(m, "type : aead\n");
189ed66e HX	119	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	120	"yes" : "no");
1ae97820 HX	121	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
1ae97820 HX	122	seq_printf(m, "ivsize : %u\n", aead->ivsize);
7ba683a6	123	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
5b6d2d7f	124	seq_printf(m, "geniv : %s\n", aead->geniv ?: "<built-in>");
1ae97820 HX	125	}
	126
	127	const struct crypto_type crypto_aead_type = {
	128	.ctxsize = crypto_aead_ctxsize,
	129	.init = crypto_init_aead_ops,
	130	#ifdef CONFIG_PROC_FS
	131	.show = crypto_aead_show,
	132	#endif
	133	};
	134	EXPORT_SYMBOL_GPL(crypto_aead_type);
	135
5b6d2d7f HX	136	static int aead_null_givencrypt(struct aead_givcrypt_request *req)
	137	{
	138	return crypto_aead_encrypt(&req->areq);
	139	}
	140
	141	static int aead_null_givdecrypt(struct aead_givcrypt_request *req)
	142	{
	143	return crypto_aead_decrypt(&req->areq);
	144	}
	145
	146	static int crypto_init_nivaead_ops(struct crypto_tfm *tfm, u32 type, u32 mask)
	147	{
	148	struct aead_alg *alg = &tfm->__crt_alg->cra_aead;
	149	struct aead_tfm *crt = &tfm->crt_aead;
	150
	151	if (max(alg->maxauthsize, alg->ivsize) > PAGE_SIZE / 8)
	152	return -EINVAL;
	153
	154	crt->setkey = setkey;
	155	crt->encrypt = alg->encrypt;
	156	crt->decrypt = alg->decrypt;
	157	if (!alg->ivsize) {
	158	crt->givencrypt = aead_null_givencrypt;
	159	crt->givdecrypt = aead_null_givdecrypt;
	160	}
	161	crt->base = __crypto_aead_cast(tfm);
	162	crt->ivsize = alg->ivsize;
	163	crt->authsize = alg->maxauthsize;
	164
	165	return 0;
	166	}
	167
	168	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	169	__attribute__ ((unused));
	170	static void crypto_nivaead_show(struct seq_file m, struct crypto_alg alg)
	171	{
	172	struct aead_alg *aead = &alg->cra_aead;
	173
	174	seq_printf(m, "type : nivaead\n");
189ed66e HX	175	seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
189ed66e HX	176	"yes" : "no");
5b6d2d7f HX	177	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
	178	seq_printf(m, "ivsize : %u\n", aead->ivsize);
	179	seq_printf(m, "maxauthsize : %u\n", aead->maxauthsize);
	180	seq_printf(m, "geniv : %s\n", aead->geniv);
	181	}
	182
	183	const struct crypto_type crypto_nivaead_type = {
	184	.ctxsize = crypto_aead_ctxsize,
	185	.init = crypto_init_nivaead_ops,
	186	#ifdef CONFIG_PROC_FS
	187	.show = crypto_nivaead_show,
	188	#endif
	189	};
	190	EXPORT_SYMBOL_GPL(crypto_nivaead_type);
	191
	192	static int crypto_grab_nivaead(struct crypto_aead_spawn *spawn,
	193	const char *name, u32 type, u32 mask)
	194	{
	195	struct crypto_alg *alg;
	196	int err;
	197
	198	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	199	type \|= CRYPTO_ALG_TYPE_AEAD;
	200	mask \|= CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV;
	201
	202	alg = crypto_alg_mod_lookup(name, type, mask);
	203	if (IS_ERR(alg))
	204	return PTR_ERR(alg);
	205
	206	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	207	crypto_mod_put(alg);
	208	return err;
	209	}
	210
	211	struct crypto_instance aead_geniv_alloc(struct crypto_template tmpl,
	212	struct rtattr **tb, u32 type,
	213	u32 mask)
	214	{
	215	const char *name;
	216	struct crypto_aead_spawn *spawn;
	217	struct crypto_attr_type *algt;
	218	struct crypto_instance *inst;
	219	struct crypto_alg *alg;
	220	int err;
	221
	222	algt = crypto_get_attr_type(tb);
	223	err = PTR_ERR(algt);
	224	if (IS_ERR(algt))
	225	return ERR_PTR(err);
	226
	227	if ((algt->type ^ (CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV)) &
	228	algt->mask)
	229	return ERR_PTR(-EINVAL);
	230
	231	name = crypto_attr_alg_name(tb[1]);
	232	err = PTR_ERR(name);
	233	if (IS_ERR(name))
	234	return ERR_PTR(err);
	235
	236	inst = kzalloc(sizeof(inst) + sizeof(spawn), GFP_KERNEL);
	237	if (!inst)
	238	return ERR_PTR(-ENOMEM);
	239
	240	spawn = crypto_instance_ctx(inst);
241
242	/* Ignore async algorithms if necessary. */
243	mask \|= crypto_requires_sync(algt->type, algt->mask);
244
245	crypto_set_aead_spawn(spawn, inst);
246	err = crypto_grab_nivaead(spawn, name, type, mask);
247	if (err)
248	goto err_free_inst;
249
250	alg = crypto_aead_spawn_alg(spawn);
251
252	err = -EINVAL;
253	if (!alg->cra_aead.ivsize)
254	goto err_drop_alg;
255
256	/*
257	* This is only true if we're constructing an algorithm with its
258	* default IV generator. For the default generator we elide the
259	* template name and double-check the IV generator.
260	*/
261	if (algt->mask & CRYPTO_ALG_GENIV) {
262	if (strcmp(tmpl->name, alg->cra_aead.geniv))
263	goto err_drop_alg;
264
265	memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
266	memcpy(inst->alg.cra_driver_name, alg->cra_driver_name,
267	CRYPTO_MAX_ALG_NAME);
268	} else {
269	err = -ENAMETOOLONG;
270	if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
271	"%s(%s)", tmpl->name, alg->cra_name) >=
272	CRYPTO_MAX_ALG_NAME)
273	goto err_drop_alg;
274	if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
275	"%s(%s)", tmpl->name, alg->cra_driver_name) >=
276	CRYPTO_MAX_ALG_NAME)
277	goto err_drop_alg;
278	}
279
280	inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV;
281	inst->alg.cra_flags \|= alg->cra_flags & CRYPTO_ALG_ASYNC;
282	inst->alg.cra_priority = alg->cra_priority;
283	inst->alg.cra_blocksize = alg->cra_blocksize;
284	inst->alg.cra_alignmask = alg->cra_alignmask;
285	inst->alg.cra_type = &crypto_aead_type;
286
287	inst->alg.cra_aead.ivsize = alg->cra_aead.ivsize;
288	inst->alg.cra_aead.maxauthsize = alg->cra_aead.maxauthsize;
289	inst->alg.cra_aead.geniv = alg->cra_aead.geniv;
290
291	inst->alg.cra_aead.setkey = alg->cra_aead.setkey;
292	inst->alg.cra_aead.setauthsize = alg->cra_aead.setauthsize;
293	inst->alg.cra_aead.encrypt = alg->cra_aead.encrypt;
294	inst->alg.cra_aead.decrypt = alg->cra_aead.decrypt;
295
296	out:
297	return inst;
298
299	err_drop_alg:
300	crypto_drop_aead(spawn);
301	err_free_inst:
302	kfree(inst);
303	inst = ERR_PTR(err);
304	goto out;
305	}
306	EXPORT_SYMBOL_GPL(aead_geniv_alloc);
307
308	void aead_geniv_free(struct crypto_instance *inst)
309	{
310	crypto_drop_aead(crypto_instance_ctx(inst));
311	kfree(inst);
312	}
313	EXPORT_SYMBOL_GPL(aead_geniv_free);
314
315	int aead_geniv_init(struct crypto_tfm *tfm)
316	{
317	struct crypto_instance inst = (void )tfm->__crt_alg;
318	struct crypto_aead *aead;
319
320	aead = crypto_spawn_aead(crypto_instance_ctx(inst));
321	if (IS_ERR(aead))
322	return PTR_ERR(aead);
323
324	tfm->crt_aead.base = aead;
325	tfm->crt_aead.reqsize += crypto_aead_reqsize(aead);
326
327	return 0;
328	}
329	EXPORT_SYMBOL_GPL(aead_geniv_init);
330
331	void aead_geniv_exit(struct crypto_tfm *tfm)
332	{
333	crypto_free_aead(tfm->crt_aead.base);
334	}
335	EXPORT_SYMBOL_GPL(aead_geniv_exit);
336
d29ce988 HX	337	static int crypto_nivaead_default(struct crypto_alg *alg, u32 type, u32 mask)
	338	{
	339	struct rtattr *tb[3];
	340	struct {
	341	struct rtattr attr;
	342	struct crypto_attr_type data;
	343	} ptype;
	344	struct {
	345	struct rtattr attr;
	346	struct crypto_attr_alg data;
	347	} palg;
	348	struct crypto_template *tmpl;
	349	struct crypto_instance *inst;
	350	struct crypto_alg *larval;
	351	const char *geniv;
	352	int err;
	353
	354	larval = crypto_larval_lookup(alg->cra_driver_name,
	355	CRYPTO_ALG_TYPE_AEAD \| CRYPTO_ALG_GENIV,
	356	CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	357	err = PTR_ERR(larval);
	358	if (IS_ERR(larval))
	359	goto out;
	360
	361	err = -EAGAIN;
	362	if (!crypto_is_larval(larval))
	363	goto drop_larval;
	364
	365	ptype.attr.rta_len = sizeof(ptype);
	366	ptype.attr.rta_type = CRYPTOA_TYPE;
	367	ptype.data.type = type \| CRYPTO_ALG_GENIV;
	368	/* GENIV tells the template that we're making a default geniv. */
	369	ptype.data.mask = mask \| CRYPTO_ALG_GENIV;
	370	tb[0] = &ptype.attr;
	371
	372	palg.attr.rta_len = sizeof(palg);
	373	palg.attr.rta_type = CRYPTOA_ALG;
	374	/* Must use the exact name to locate ourselves. */
	375	memcpy(palg.data.name, alg->cra_driver_name, CRYPTO_MAX_ALG_NAME);
	376	tb[1] = &palg.attr;
	377
	378	tb[2] = NULL;
	379
	380	geniv = alg->cra_aead.geniv;
	381
	382	tmpl = crypto_lookup_template(geniv);
	383	err = -ENOENT;
	384	if (!tmpl)
	385	goto kill_larval;
	386
	387	inst = tmpl->alloc(tb);
	388	err = PTR_ERR(inst);
	389	if (IS_ERR(inst))
	390	goto put_tmpl;
	391
	392	if ((err = crypto_register_instance(tmpl, inst))) {
	393	tmpl->free(inst);
	394	goto put_tmpl;
	395	}
	396
	397	/* Redo the lookup to use the instance we just registered. */
	398	err = -EAGAIN;
	399
	400	put_tmpl:
401	crypto_tmpl_put(tmpl);
402	kill_larval:
403	crypto_larval_kill(larval);
404	drop_larval:
405	crypto_mod_put(larval);
406	out:
407	crypto_mod_put(alg);
408	return err;
409	}
410
411	static struct crypto_alg crypto_lookup_aead(const char name, u32 type,
412	u32 mask)
413	{
414	struct crypto_alg *alg;
415
416	alg = crypto_alg_mod_lookup(name, type, mask);
417	if (IS_ERR(alg))
418	return alg;
419
420	if (alg->cra_type == &crypto_aead_type)
421	return alg;
422
423	if (!alg->cra_aead.ivsize)
424	return alg;
425
5852ae42 HX	426	crypto_mod_put(alg);
	427	alg = crypto_alg_mod_lookup(name, type \| CRYPTO_ALG_TESTED,
	428	mask & ~CRYPTO_ALG_TESTED);
	429	if (IS_ERR(alg))
	430	return alg;
	431
	432	if (alg->cra_type == &crypto_aead_type) {
	433	if ((alg->cra_flags ^ type ^ ~mask) & CRYPTO_ALG_TESTED) {
	434	crypto_mod_put(alg);
	435	alg = ERR_PTR(-ENOENT);
	436	}
	437	return alg;
	438	}
	439
	440	BUG_ON(!alg->cra_aead.ivsize);
	441
d29ce988 HX	442	return ERR_PTR(crypto_nivaead_default(alg, type, mask));
	443	}
	444
	445	int crypto_grab_aead(struct crypto_aead_spawn spawn, const char name,
	446	u32 type, u32 mask)
	447	{
	448	struct crypto_alg *alg;
	449	int err;
	450
	451	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	452	type \|= CRYPTO_ALG_TYPE_AEAD;
	453	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	454	mask \|= CRYPTO_ALG_TYPE_MASK;
	455
	456	alg = crypto_lookup_aead(name, type, mask);
	457	if (IS_ERR(alg))
	458	return PTR_ERR(alg);
	459
	460	err = crypto_init_spawn(&spawn->base, alg, spawn->base.inst, mask);
	461	crypto_mod_put(alg);
	462	return err;
	463	}
	464	EXPORT_SYMBOL_GPL(crypto_grab_aead);
	465
	466	struct crypto_aead crypto_alloc_aead(const char alg_name, u32 type, u32 mask)
	467	{
	468	struct crypto_tfm *tfm;
	469	int err;
	470
	471	type &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	472	type \|= CRYPTO_ALG_TYPE_AEAD;
	473	mask &= ~(CRYPTO_ALG_TYPE_MASK \| CRYPTO_ALG_GENIV);
	474	mask \|= CRYPTO_ALG_TYPE_MASK;
	475
	476	for (;;) {
	477	struct crypto_alg *alg;
	478
	479	alg = crypto_lookup_aead(alg_name, type, mask);
	480	if (IS_ERR(alg)) {
	481	err = PTR_ERR(alg);
	482	goto err;
	483	}
	484
	485	tfm = __crypto_alloc_tfm(alg, type, mask);
	486	if (!IS_ERR(tfm))
	487	return __crypto_aead_cast(tfm);
	488
	489	crypto_mod_put(alg);
	490	err = PTR_ERR(tfm);
	491
	492	err:
	493	if (err != -EAGAIN)
	494	break;
	495	if (signal_pending(current)) {
	496	err = -EINTR;
	497	break;
	498	}
	499	}
	500
	501	return ERR_PTR(err);
	502	}
	503	EXPORT_SYMBOL_GPL(crypto_alloc_aead);
	504
1ae97820 HX	505	MODULE_LICENSE("GPL");
1ae97820 HX	506	MODULE_DESCRIPTION("Authenticated Encryption with Associated Data (AEAD)");