aboutsummaryrefslogtreecommitdiffstats
path: root/include/crypto
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2015-05-21 03:11:01 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2015-05-21 23:25:51 -0400
commit996d98d85ccc27d9c592ad7dc1371c60cd6585cc (patch)
treea7f9c96dc0ec10e5761495fc2116d4d3364705bd /include/crypto
parentfc42bcba97bae738f905b83741134a63af7e6c02 (diff)
crypto: aead - Add new interface with single SG list
The primary user of AEAD, IPsec includes the IV in the AD in most cases, except where it is implicitly authenticated by the underlying algorithm. The way it is currently implemented is a hack because we pass the data in piecemeal and the underlying algorithms try to stitch them back up into one piece. This is why this patch is adding a new interface that allows a single SG list to be passed in that contains everything so the algorithm implementors do not have to stitch. The new interface accepts a single source SG list and a single destination SG list. Both must be laid out as follows: AD, skipped data, plain/cipher text, ICV The ICV is not present from the source during encryption and from the destination during decryption. For the top-level IPsec AEAD algorithm the plain/cipher text will contain the generated (or received) IV. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/aead.h35
1 files changed, 29 insertions, 6 deletions
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index dbcad08f4891..e2d2c3c62e68 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -52,6 +52,7 @@
52 * @base: Common attributes for async crypto requests 52 * @base: Common attributes for async crypto requests
53 * @assoclen: Length in bytes of associated data for authentication 53 * @assoclen: Length in bytes of associated data for authentication
54 * @cryptlen: Length of data to be encrypted or decrypted 54 * @cryptlen: Length of data to be encrypted or decrypted
55 * @cryptoff: Bytes to skip after AD before plain/cipher text
55 * @iv: Initialisation vector 56 * @iv: Initialisation vector
56 * @assoc: Associated data 57 * @assoc: Associated data
57 * @src: Source data 58 * @src: Source data
@@ -61,8 +62,11 @@
61struct aead_request { 62struct aead_request {
62 struct crypto_async_request base; 63 struct crypto_async_request base;
63 64
65 bool old;
66
64 unsigned int assoclen; 67 unsigned int assoclen;
65 unsigned int cryptlen; 68 unsigned int cryptlen;
69 unsigned int cryptoff;
66 70
67 u8 *iv; 71 u8 *iv;
68 72
@@ -314,10 +318,7 @@ static inline int crypto_aead_decrypt(struct aead_request *req)
314 * 318 *
315 * Return: number of bytes 319 * Return: number of bytes
316 */ 320 */
317static inline unsigned int crypto_aead_reqsize(struct crypto_aead *tfm) 321unsigned int crypto_aead_reqsize(struct crypto_aead *tfm);
318{
319 return tfm->reqsize;
320}
321 322
322/** 323/**
323 * aead_request_set_tfm() - update cipher handle reference in request 324 * aead_request_set_tfm() - update cipher handle reference in request
@@ -417,6 +418,9 @@ static inline void aead_request_set_callback(struct aead_request *req,
417 * destination is the ciphertext. For a decryption operation, the use is 418 * destination is the ciphertext. For a decryption operation, the use is
418 * reversed - the source is the ciphertext and the destination is the plaintext. 419 * reversed - the source is the ciphertext and the destination is the plaintext.
419 * 420 *
421 * For both src/dst the layout is associated data, skipped data,
422 * plain/cipher text, authentication tag.
423 *
420 * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption, 424 * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption,
421 * the caller must concatenate the ciphertext followed by the 425 * the caller must concatenate the ciphertext followed by the
422 * authentication tag and provide the entire data stream to the 426 * authentication tag and provide the entire data stream to the
@@ -449,8 +453,7 @@ static inline void aead_request_set_crypt(struct aead_request *req,
449 * @assoc: associated data scatter / gather list 453 * @assoc: associated data scatter / gather list
450 * @assoclen: number of bytes to process from @assoc 454 * @assoclen: number of bytes to process from @assoc
451 * 455 *
452 * For encryption, the memory is filled with the associated data. For 456 * Obsolete, do not use.
453 * decryption, the memory must point to the associated data.
454 */ 457 */
455static inline void aead_request_set_assoc(struct aead_request *req, 458static inline void aead_request_set_assoc(struct aead_request *req,
456 struct scatterlist *assoc, 459 struct scatterlist *assoc,
@@ -458,6 +461,26 @@ static inline void aead_request_set_assoc(struct aead_request *req,
458{ 461{
459 req->assoc = assoc; 462 req->assoc = assoc;
460 req->assoclen = assoclen; 463 req->assoclen = assoclen;
464 req->old = true;
465}
466
467/**
468 * aead_request_set_ad - set associated data information
469 * @req: request handle
470 * @assoclen: number of bytes in associated data
471 * @cryptoff: Number of bytes to skip after AD before plain/cipher text
472 *
473 * Setting the AD information. This function sets the length of
474 * the associated data and the number of bytes to skip after it to
475 * access the plain/cipher text.
476 */
477static inline void aead_request_set_ad(struct aead_request *req,
478 unsigned int assoclen,
479 unsigned int cryptoff)
480{
481 req->assoclen = assoclen;
482 req->cryptoff = cryptoff;
483 req->old = false;
461} 484}
462 485
463static inline struct crypto_aead *aead_givcrypt_reqtfm( 486static inline struct crypto_aead *aead_givcrypt_reqtfm(
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 00:47:53 -0500