diff options
-rw-r--r-- | crypto/authenc.c | 354 |
1 files changed, 285 insertions, 69 deletions
diff --git a/crypto/authenc.c b/crypto/authenc.c index 2e16ce0089cb..4d6f49a5daeb 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c | |||
@@ -23,24 +23,36 @@ | |||
23 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
24 | #include <linux/spinlock.h> | 24 | #include <linux/spinlock.h> |
25 | 25 | ||
26 | typedef u8 *(*authenc_ahash_t)(struct aead_request *req, unsigned int flags); | ||
27 | |||
26 | struct authenc_instance_ctx { | 28 | struct authenc_instance_ctx { |
27 | struct crypto_spawn auth; | 29 | struct crypto_ahash_spawn auth; |
28 | struct crypto_skcipher_spawn enc; | 30 | struct crypto_skcipher_spawn enc; |
29 | }; | 31 | }; |
30 | 32 | ||
31 | struct crypto_authenc_ctx { | 33 | struct crypto_authenc_ctx { |
32 | spinlock_t auth_lock; | 34 | unsigned int reqoff; |
33 | struct crypto_hash *auth; | 35 | struct crypto_ahash *auth; |
34 | struct crypto_ablkcipher *enc; | 36 | struct crypto_ablkcipher *enc; |
35 | }; | 37 | }; |
36 | 38 | ||
39 | struct authenc_request_ctx { | ||
40 | unsigned int cryptlen; | ||
41 | struct scatterlist *sg; | ||
42 | struct scatterlist asg[2]; | ||
43 | struct scatterlist cipher[2]; | ||
44 | crypto_completion_t complete; | ||
45 | crypto_completion_t update_complete; | ||
46 | char tail[]; | ||
47 | }; | ||
48 | |||
37 | static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, | 49 | static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, |
38 | unsigned int keylen) | 50 | unsigned int keylen) |
39 | { | 51 | { |
40 | unsigned int authkeylen; | 52 | unsigned int authkeylen; |
41 | unsigned int enckeylen; | 53 | unsigned int enckeylen; |
42 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | 54 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); |
43 | struct crypto_hash *auth = ctx->auth; | 55 | struct crypto_ahash *auth = ctx->auth; |
44 | struct crypto_ablkcipher *enc = ctx->enc; | 56 | struct crypto_ablkcipher *enc = ctx->enc; |
45 | struct rtattr *rta = (void *)key; | 57 | struct rtattr *rta = (void *)key; |
46 | struct crypto_authenc_key_param *param; | 58 | struct crypto_authenc_key_param *param; |
@@ -64,11 +76,11 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, | |||
64 | 76 | ||
65 | authkeylen = keylen - enckeylen; | 77 | authkeylen = keylen - enckeylen; |
66 | 78 | ||
67 | crypto_hash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); | 79 | crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); |
68 | crypto_hash_set_flags(auth, crypto_aead_get_flags(authenc) & | 80 | crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) & |
69 | CRYPTO_TFM_REQ_MASK); | 81 | CRYPTO_TFM_REQ_MASK); |
70 | err = crypto_hash_setkey(auth, key, authkeylen); | 82 | err = crypto_ahash_setkey(auth, key, authkeylen); |
71 | crypto_aead_set_flags(authenc, crypto_hash_get_flags(auth) & | 83 | crypto_aead_set_flags(authenc, crypto_ahash_get_flags(auth) & |
72 | CRYPTO_TFM_RES_MASK); | 84 | CRYPTO_TFM_RES_MASK); |
73 | 85 | ||
74 | if (err) | 86 | if (err) |
@@ -103,40 +115,198 @@ static void authenc_chain(struct scatterlist *head, struct scatterlist *sg, | |||
103 | sg_mark_end(head); | 115 | sg_mark_end(head); |
104 | } | 116 | } |
105 | 117 | ||
106 | static u8 *crypto_authenc_hash(struct aead_request *req, unsigned int flags, | 118 | static void authenc_geniv_ahash_update_done(struct crypto_async_request *areq, |
107 | struct scatterlist *cipher, | 119 | int err) |
108 | unsigned int cryptlen) | 120 | { |
121 | struct aead_request *req = areq->data; | ||
122 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
123 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | ||
124 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
125 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); | ||
126 | |||
127 | if (err) | ||
128 | goto out; | ||
129 | |||
130 | ahash_request_set_crypt(ahreq, areq_ctx->sg, ahreq->result, | ||
131 | areq_ctx->cryptlen); | ||
132 | ahash_request_set_callback(ahreq, aead_request_flags(req) & | ||
133 | CRYPTO_TFM_REQ_MAY_SLEEP, | ||
134 | areq_ctx->complete, req); | ||
135 | |||
136 | err = crypto_ahash_finup(ahreq); | ||
137 | if (err) | ||
138 | goto out; | ||
139 | |||
140 | scatterwalk_map_and_copy(ahreq->result, areq_ctx->sg, | ||
141 | areq_ctx->cryptlen, | ||
142 | crypto_aead_authsize(authenc), 1); | ||
143 | |||
144 | out: | ||
145 | aead_request_complete(req, err); | ||
146 | } | ||
147 | |||
148 | static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err) | ||
149 | { | ||
150 | struct aead_request *req = areq->data; | ||
151 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
152 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | ||
153 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
154 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); | ||
155 | |||
156 | if (err) | ||
157 | goto out; | ||
158 | |||
159 | scatterwalk_map_and_copy(ahreq->result, areq_ctx->sg, | ||
160 | areq_ctx->cryptlen, | ||
161 | crypto_aead_authsize(authenc), 1); | ||
162 | |||
163 | out: | ||
164 | aead_request_complete(req, err); | ||
165 | } | ||
166 | |||
167 | static void authenc_verify_ahash_update_done(struct crypto_async_request *areq, | ||
168 | int err) | ||
109 | { | 169 | { |
170 | u8 *ihash; | ||
171 | unsigned int authsize; | ||
172 | struct ablkcipher_request *abreq; | ||
173 | struct aead_request *req = areq->data; | ||
110 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | 174 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); |
111 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | 175 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); |
112 | struct crypto_hash *auth = ctx->auth; | 176 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); |
113 | struct hash_desc desc = { | 177 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); |
114 | .tfm = auth, | 178 | |
115 | .flags = aead_request_flags(req) & flags, | 179 | if (err) |
116 | }; | 180 | goto out; |
117 | u8 *hash = aead_request_ctx(req); | 181 | |
182 | ahash_request_set_crypt(ahreq, areq_ctx->sg, ahreq->result, | ||
183 | areq_ctx->cryptlen); | ||
184 | ahash_request_set_callback(ahreq, aead_request_flags(req) & | ||
185 | CRYPTO_TFM_REQ_MAY_SLEEP, | ||
186 | areq_ctx->complete, req); | ||
187 | |||
188 | err = crypto_ahash_finup(ahreq); | ||
189 | if (err) | ||
190 | goto out; | ||
191 | |||
192 | authsize = crypto_aead_authsize(authenc); | ||
193 | ihash = ahreq->result + authsize; | ||
194 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | ||
195 | authsize, 0); | ||
196 | |||
197 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG: 0; | ||
198 | if (err) | ||
199 | goto out; | ||
200 | |||
201 | abreq = aead_request_ctx(req); | ||
202 | ablkcipher_request_set_tfm(abreq, ctx->enc); | ||
203 | ablkcipher_request_set_callback(abreq, aead_request_flags(req), | ||
204 | req->base.complete, req->base.data); | ||
205 | ablkcipher_request_set_crypt(abreq, req->src, req->dst, | ||
206 | req->cryptlen, req->iv); | ||
207 | |||
208 | err = crypto_ablkcipher_decrypt(abreq); | ||
209 | |||
210 | out: | ||
211 | aead_request_complete(req, err); | ||
212 | } | ||
213 | |||
214 | static void authenc_verify_ahash_done(struct crypto_async_request *areq, | ||
215 | int err) | ||
216 | { | ||
217 | u8 *ihash; | ||
218 | unsigned int authsize; | ||
219 | struct ablkcipher_request *abreq; | ||
220 | struct aead_request *req = areq->data; | ||
221 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
222 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | ||
223 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
224 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); | ||
225 | |||
226 | if (err) | ||
227 | goto out; | ||
228 | |||
229 | authsize = crypto_aead_authsize(authenc); | ||
230 | ihash = ahreq->result + authsize; | ||
231 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | ||
232 | authsize, 0); | ||
233 | |||
234 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG: 0; | ||
235 | if (err) | ||
236 | goto out; | ||
237 | |||
238 | abreq = aead_request_ctx(req); | ||
239 | ablkcipher_request_set_tfm(abreq, ctx->enc); | ||
240 | ablkcipher_request_set_callback(abreq, aead_request_flags(req), | ||
241 | req->base.complete, req->base.data); | ||
242 | ablkcipher_request_set_crypt(abreq, req->src, req->dst, | ||
243 | req->cryptlen, req->iv); | ||
244 | |||
245 | err = crypto_ablkcipher_decrypt(abreq); | ||
246 | |||
247 | out: | ||
248 | aead_request_complete(req, err); | ||
249 | } | ||
250 | |||
251 | static u8 *crypto_authenc_ahash_fb(struct aead_request *req, unsigned int flags) | ||
252 | { | ||
253 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
254 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | ||
255 | struct crypto_ahash *auth = ctx->auth; | ||
256 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
257 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); | ||
258 | u8 *hash = areq_ctx->tail; | ||
118 | int err; | 259 | int err; |
119 | 260 | ||
120 | hash = (u8 *)ALIGN((unsigned long)hash + crypto_hash_alignmask(auth), | 261 | hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth), |
121 | crypto_hash_alignmask(auth) + 1); | 262 | crypto_ahash_alignmask(auth) + 1); |
263 | |||
264 | ahash_request_set_tfm(ahreq, auth); | ||
122 | 265 | ||
123 | spin_lock_bh(&ctx->auth_lock); | 266 | err = crypto_ahash_init(ahreq); |
124 | err = crypto_hash_init(&desc); | ||
125 | if (err) | 267 | if (err) |
126 | goto auth_unlock; | 268 | return ERR_PTR(err); |
269 | |||
270 | ahash_request_set_crypt(ahreq, req->assoc, hash, req->assoclen); | ||
271 | ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, | ||
272 | areq_ctx->update_complete, req); | ||
127 | 273 | ||
128 | err = crypto_hash_update(&desc, req->assoc, req->assoclen); | 274 | err = crypto_ahash_update(ahreq); |
129 | if (err) | 275 | if (err) |
130 | goto auth_unlock; | 276 | return ERR_PTR(err); |
277 | |||
278 | ahash_request_set_crypt(ahreq, areq_ctx->sg, hash, | ||
279 | areq_ctx->cryptlen); | ||
280 | ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, | ||
281 | areq_ctx->complete, req); | ||
131 | 282 | ||
132 | err = crypto_hash_update(&desc, cipher, cryptlen); | 283 | err = crypto_ahash_finup(ahreq); |
133 | if (err) | 284 | if (err) |
134 | goto auth_unlock; | 285 | return ERR_PTR(err); |
135 | 286 | ||
136 | err = crypto_hash_final(&desc, hash); | 287 | return hash; |
137 | auth_unlock: | 288 | } |
138 | spin_unlock_bh(&ctx->auth_lock); | 289 | |
290 | static u8 *crypto_authenc_ahash(struct aead_request *req, unsigned int flags) | ||
291 | { | ||
292 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | ||
293 | struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); | ||
294 | struct crypto_ahash *auth = ctx->auth; | ||
295 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
296 | struct ahash_request *ahreq = (void *)(areq_ctx->tail + ctx->reqoff); | ||
297 | u8 *hash = areq_ctx->tail; | ||
298 | int err; | ||
139 | 299 | ||
300 | hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth), | ||
301 | crypto_ahash_alignmask(auth) + 1); | ||
302 | |||
303 | ahash_request_set_tfm(ahreq, auth); | ||
304 | ahash_request_set_crypt(ahreq, areq_ctx->sg, hash, | ||
305 | areq_ctx->cryptlen); | ||
306 | ahash_request_set_callback(ahreq, aead_request_flags(req) & flags, | ||
307 | areq_ctx->complete, req); | ||
308 | |||
309 | err = crypto_ahash_digest(ahreq); | ||
140 | if (err) | 310 | if (err) |
141 | return ERR_PTR(err); | 311 | return ERR_PTR(err); |
142 | 312 | ||
@@ -147,11 +317,15 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, | |||
147 | unsigned int flags) | 317 | unsigned int flags) |
148 | { | 318 | { |
149 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | 319 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); |
320 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
150 | struct scatterlist *dst = req->dst; | 321 | struct scatterlist *dst = req->dst; |
151 | struct scatterlist cipher[2]; | 322 | struct scatterlist *assoc = req->assoc; |
152 | struct page *dstp; | 323 | struct scatterlist *cipher = areq_ctx->cipher; |
324 | struct scatterlist *asg = areq_ctx->asg; | ||
153 | unsigned int ivsize = crypto_aead_ivsize(authenc); | 325 | unsigned int ivsize = crypto_aead_ivsize(authenc); |
154 | unsigned int cryptlen; | 326 | unsigned int cryptlen = req->cryptlen; |
327 | authenc_ahash_t authenc_ahash_fn = crypto_authenc_ahash_fb; | ||
328 | struct page *dstp; | ||
155 | u8 *vdst; | 329 | u8 *vdst; |
156 | u8 *hash; | 330 | u8 *hash; |
157 | 331 | ||
@@ -163,10 +337,25 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, | |||
163 | sg_set_buf(cipher, iv, ivsize); | 337 | sg_set_buf(cipher, iv, ivsize); |
164 | authenc_chain(cipher, dst, vdst == iv + ivsize); | 338 | authenc_chain(cipher, dst, vdst == iv + ivsize); |
165 | dst = cipher; | 339 | dst = cipher; |
340 | cryptlen += ivsize; | ||
166 | } | 341 | } |
167 | 342 | ||
168 | cryptlen = req->cryptlen + ivsize; | 343 | if (sg_is_last(assoc)) { |
169 | hash = crypto_authenc_hash(req, flags, dst, cryptlen); | 344 | authenc_ahash_fn = crypto_authenc_ahash; |
345 | sg_init_table(asg, 2); | ||
346 | sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset); | ||
347 | authenc_chain(asg, dst, 0); | ||
348 | dst = asg; | ||
349 | cryptlen += req->assoclen; | ||
350 | } | ||
351 | |||
352 | areq_ctx->cryptlen = cryptlen; | ||
353 | areq_ctx->sg = dst; | ||
354 | |||
355 | areq_ctx->complete = authenc_geniv_ahash_done; | ||
356 | areq_ctx->update_complete = authenc_geniv_ahash_update_done; | ||
357 | |||
358 | hash = authenc_ahash_fn(req, flags); | ||
170 | if (IS_ERR(hash)) | 359 | if (IS_ERR(hash)) |
171 | return PTR_ERR(hash); | 360 | return PTR_ERR(hash); |
172 | 361 | ||
@@ -256,22 +445,25 @@ static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req) | |||
256 | } | 445 | } |
257 | 446 | ||
258 | static int crypto_authenc_verify(struct aead_request *req, | 447 | static int crypto_authenc_verify(struct aead_request *req, |
259 | struct scatterlist *cipher, | 448 | authenc_ahash_t authenc_ahash_fn) |
260 | unsigned int cryptlen) | ||
261 | { | 449 | { |
262 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | 450 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); |
451 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
263 | u8 *ohash; | 452 | u8 *ohash; |
264 | u8 *ihash; | 453 | u8 *ihash; |
265 | unsigned int authsize; | 454 | unsigned int authsize; |
266 | 455 | ||
267 | ohash = crypto_authenc_hash(req, CRYPTO_TFM_REQ_MAY_SLEEP, cipher, | 456 | areq_ctx->complete = authenc_verify_ahash_done; |
268 | cryptlen); | 457 | areq_ctx->complete = authenc_verify_ahash_update_done; |
458 | |||
459 | ohash = authenc_ahash_fn(req, CRYPTO_TFM_REQ_MAY_SLEEP); | ||
269 | if (IS_ERR(ohash)) | 460 | if (IS_ERR(ohash)) |
270 | return PTR_ERR(ohash); | 461 | return PTR_ERR(ohash); |
271 | 462 | ||
272 | authsize = crypto_aead_authsize(authenc); | 463 | authsize = crypto_aead_authsize(authenc); |
273 | ihash = ohash + authsize; | 464 | ihash = ohash + authsize; |
274 | scatterwalk_map_and_copy(ihash, cipher, cryptlen, authsize, 0); | 465 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
466 | authsize, 0); | ||
275 | return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0; | 467 | return memcmp(ihash, ohash, authsize) ? -EBADMSG: 0; |
276 | } | 468 | } |
277 | 469 | ||
@@ -279,10 +471,14 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, | |||
279 | unsigned int cryptlen) | 471 | unsigned int cryptlen) |
280 | { | 472 | { |
281 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); | 473 | struct crypto_aead *authenc = crypto_aead_reqtfm(req); |
474 | struct authenc_request_ctx *areq_ctx = aead_request_ctx(req); | ||
282 | struct scatterlist *src = req->src; | 475 | struct scatterlist *src = req->src; |
283 | struct scatterlist cipher[2]; | 476 | struct scatterlist *assoc = req->assoc; |
284 | struct page *srcp; | 477 | struct scatterlist *cipher = areq_ctx->cipher; |
478 | struct scatterlist *asg = areq_ctx->asg; | ||
285 | unsigned int ivsize = crypto_aead_ivsize(authenc); | 479 | unsigned int ivsize = crypto_aead_ivsize(authenc); |
480 | authenc_ahash_t authenc_ahash_fn = crypto_authenc_ahash_fb; | ||
481 | struct page *srcp; | ||
286 | u8 *vsrc; | 482 | u8 *vsrc; |
287 | 483 | ||
288 | srcp = sg_page(src); | 484 | srcp = sg_page(src); |
@@ -293,9 +489,22 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv, | |||
293 | sg_set_buf(cipher, iv, ivsize); | 489 | sg_set_buf(cipher, iv, ivsize); |
294 | authenc_chain(cipher, src, vsrc == iv + ivsize); | 490 | authenc_chain(cipher, src, vsrc == iv + ivsize); |
295 | src = cipher; | 491 | src = cipher; |
492 | cryptlen += ivsize; | ||
493 | } | ||
494 | |||
495 | if (sg_is_last(assoc)) { | ||
496 | authenc_ahash_fn = crypto_authenc_ahash; | ||
497 | sg_init_table(asg, 2); | ||
498 | sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset); | ||
499 | authenc_chain(asg, src, 0); | ||
500 | src = asg; | ||
501 | cryptlen += req->assoclen; | ||
296 | } | 502 | } |
297 | 503 | ||
298 | return crypto_authenc_verify(req, src, cryptlen + ivsize); | 504 | areq_ctx->cryptlen = cryptlen; |
505 | areq_ctx->sg = src; | ||
506 | |||
507 | return crypto_authenc_verify(req, authenc_ahash_fn); | ||
299 | } | 508 | } |
300 | 509 | ||
301 | static int crypto_authenc_decrypt(struct aead_request *req) | 510 | static int crypto_authenc_decrypt(struct aead_request *req) |
@@ -326,38 +535,41 @@ static int crypto_authenc_decrypt(struct aead_request *req) | |||
326 | 535 | ||
327 | static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) | 536 | static int crypto_authenc_init_tfm(struct crypto_tfm *tfm) |
328 | { | 537 | { |
329 | struct crypto_instance *inst = (void *)tfm->__crt_alg; | 538 | struct crypto_instance *inst = crypto_tfm_alg_instance(tfm); |
330 | struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst); | 539 | struct authenc_instance_ctx *ictx = crypto_instance_ctx(inst); |
331 | struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); | 540 | struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); |
332 | struct crypto_hash *auth; | 541 | struct crypto_ahash *auth; |
333 | struct crypto_ablkcipher *enc; | 542 | struct crypto_ablkcipher *enc; |
334 | int err; | 543 | int err; |
335 | 544 | ||
336 | auth = crypto_spawn_hash(&ictx->auth); | 545 | auth = crypto_spawn_ahash(&ictx->auth); |
337 | if (IS_ERR(auth)) | 546 | if (IS_ERR(auth)) |
338 | return PTR_ERR(auth); | 547 | return PTR_ERR(auth); |
339 | 548 | ||
549 | ctx->reqoff = ALIGN(2 * crypto_ahash_digestsize(auth) + | ||
550 | crypto_ahash_alignmask(auth), | ||
551 | crypto_ahash_alignmask(auth) + 1); | ||
552 | |||
340 | enc = crypto_spawn_skcipher(&ictx->enc); | 553 | enc = crypto_spawn_skcipher(&ictx->enc); |
341 | err = PTR_ERR(enc); | 554 | err = PTR_ERR(enc); |
342 | if (IS_ERR(enc)) | 555 | if (IS_ERR(enc)) |
343 | goto err_free_hash; | 556 | goto err_free_ahash; |
344 | 557 | ||
345 | ctx->auth = auth; | 558 | ctx->auth = auth; |
346 | ctx->enc = enc; | 559 | ctx->enc = enc; |
560 | |||
347 | tfm->crt_aead.reqsize = max_t(unsigned int, | 561 | tfm->crt_aead.reqsize = max_t(unsigned int, |
348 | (crypto_hash_alignmask(auth) & | 562 | crypto_ahash_reqsize(auth) + ctx->reqoff + |
349 | ~(crypto_tfm_ctx_alignment() - 1)) + | 563 | sizeof(struct authenc_request_ctx) + |
350 | crypto_hash_digestsize(auth) * 2, | 564 | sizeof(struct ahash_request), |
351 | sizeof(struct skcipher_givcrypt_request) + | 565 | sizeof(struct skcipher_givcrypt_request) + |
352 | crypto_ablkcipher_reqsize(enc) + | 566 | crypto_ablkcipher_reqsize(enc) + |
353 | crypto_ablkcipher_ivsize(enc)); | 567 | crypto_ablkcipher_ivsize(enc)); |
354 | |||
355 | spin_lock_init(&ctx->auth_lock); | ||
356 | 568 | ||
357 | return 0; | 569 | return 0; |
358 | 570 | ||
359 | err_free_hash: | 571 | err_free_ahash: |
360 | crypto_free_hash(auth); | 572 | crypto_free_ahash(auth); |
361 | return err; | 573 | return err; |
362 | } | 574 | } |
363 | 575 | ||
@@ -365,7 +577,7 @@ static void crypto_authenc_exit_tfm(struct crypto_tfm *tfm) | |||
365 | { | 577 | { |
366 | struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); | 578 | struct crypto_authenc_ctx *ctx = crypto_tfm_ctx(tfm); |
367 | 579 | ||
368 | crypto_free_hash(ctx->auth); | 580 | crypto_free_ahash(ctx->auth); |
369 | crypto_free_ablkcipher(ctx->enc); | 581 | crypto_free_ablkcipher(ctx->enc); |
370 | } | 582 | } |
371 | 583 | ||
@@ -373,7 +585,8 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) | |||
373 | { | 585 | { |
374 | struct crypto_attr_type *algt; | 586 | struct crypto_attr_type *algt; |
375 | struct crypto_instance *inst; | 587 | struct crypto_instance *inst; |
376 | struct crypto_alg *auth; | 588 | struct hash_alg_common *auth; |
589 | struct crypto_alg *auth_base; | ||
377 | struct crypto_alg *enc; | 590 | struct crypto_alg *enc; |
378 | struct authenc_instance_ctx *ctx; | 591 | struct authenc_instance_ctx *ctx; |
379 | const char *enc_name; | 592 | const char *enc_name; |
@@ -387,11 +600,13 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) | |||
387 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) | 600 | if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) |
388 | return ERR_PTR(-EINVAL); | 601 | return ERR_PTR(-EINVAL); |
389 | 602 | ||
390 | auth = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, | 603 | auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH, |
391 | CRYPTO_ALG_TYPE_HASH_MASK); | 604 | CRYPTO_ALG_TYPE_AHASH_MASK); |
392 | if (IS_ERR(auth)) | 605 | if (IS_ERR(auth)) |
393 | return ERR_PTR(PTR_ERR(auth)); | 606 | return ERR_PTR(PTR_ERR(auth)); |
394 | 607 | ||
608 | auth_base = &auth->base; | ||
609 | |||
395 | enc_name = crypto_attr_alg_name(tb[2]); | 610 | enc_name = crypto_attr_alg_name(tb[2]); |
396 | err = PTR_ERR(enc_name); | 611 | err = PTR_ERR(enc_name); |
397 | if (IS_ERR(enc_name)) | 612 | if (IS_ERR(enc_name)) |
@@ -404,7 +619,7 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) | |||
404 | 619 | ||
405 | ctx = crypto_instance_ctx(inst); | 620 | ctx = crypto_instance_ctx(inst); |
406 | 621 | ||
407 | err = crypto_init_spawn(&ctx->auth, auth, inst, CRYPTO_ALG_TYPE_MASK); | 622 | err = crypto_init_ahash_spawn(&ctx->auth, auth, inst); |
408 | if (err) | 623 | if (err) |
409 | goto err_free_inst; | 624 | goto err_free_inst; |
410 | 625 | ||
@@ -419,24 +634,25 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) | |||
419 | 634 | ||
420 | err = -ENAMETOOLONG; | 635 | err = -ENAMETOOLONG; |
421 | if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, | 636 | if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, |
422 | "authenc(%s,%s)", auth->cra_name, enc->cra_name) >= | 637 | "authenc(%s,%s)", auth_base->cra_name, enc->cra_name) >= |
423 | CRYPTO_MAX_ALG_NAME) | 638 | CRYPTO_MAX_ALG_NAME) |
424 | goto err_drop_enc; | 639 | goto err_drop_enc; |
425 | 640 | ||
426 | if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, | 641 | if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, |
427 | "authenc(%s,%s)", auth->cra_driver_name, | 642 | "authenc(%s,%s)", auth_base->cra_driver_name, |
428 | enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) | 643 | enc->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) |
429 | goto err_drop_enc; | 644 | goto err_drop_enc; |
430 | 645 | ||
431 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; | 646 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD; |
432 | inst->alg.cra_flags |= enc->cra_flags & CRYPTO_ALG_ASYNC; | 647 | inst->alg.cra_flags |= enc->cra_flags & CRYPTO_ALG_ASYNC; |
433 | inst->alg.cra_priority = enc->cra_priority * 10 + auth->cra_priority; | 648 | inst->alg.cra_priority = enc->cra_priority * |
649 | 10 + auth_base->cra_priority; | ||
434 | inst->alg.cra_blocksize = enc->cra_blocksize; | 650 | inst->alg.cra_blocksize = enc->cra_blocksize; |
435 | inst->alg.cra_alignmask = auth->cra_alignmask | enc->cra_alignmask; | 651 | inst->alg.cra_alignmask = auth_base->cra_alignmask | enc->cra_alignmask; |
436 | inst->alg.cra_type = &crypto_aead_type; | 652 | inst->alg.cra_type = &crypto_aead_type; |
437 | 653 | ||
438 | inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize; | 654 | inst->alg.cra_aead.ivsize = enc->cra_ablkcipher.ivsize; |
439 | inst->alg.cra_aead.maxauthsize = __crypto_shash_alg(auth)->digestsize; | 655 | inst->alg.cra_aead.maxauthsize = auth->digestsize; |
440 | 656 | ||
441 | inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx); | 657 | inst->alg.cra_ctxsize = sizeof(struct crypto_authenc_ctx); |
442 | 658 | ||
@@ -449,13 +665,13 @@ static struct crypto_instance *crypto_authenc_alloc(struct rtattr **tb) | |||
449 | inst->alg.cra_aead.givencrypt = crypto_authenc_givencrypt; | 665 | inst->alg.cra_aead.givencrypt = crypto_authenc_givencrypt; |
450 | 666 | ||
451 | out: | 667 | out: |
452 | crypto_mod_put(auth); | 668 | crypto_mod_put(auth_base); |
453 | return inst; | 669 | return inst; |
454 | 670 | ||
455 | err_drop_enc: | 671 | err_drop_enc: |
456 | crypto_drop_skcipher(&ctx->enc); | 672 | crypto_drop_skcipher(&ctx->enc); |
457 | err_drop_auth: | 673 | err_drop_auth: |
458 | crypto_drop_spawn(&ctx->auth); | 674 | crypto_drop_ahash(&ctx->auth); |
459 | err_free_inst: | 675 | err_free_inst: |
460 | kfree(inst); | 676 | kfree(inst); |
461 | out_put_auth: | 677 | out_put_auth: |
@@ -468,7 +684,7 @@ static void crypto_authenc_free(struct crypto_instance *inst) | |||
468 | struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst); | 684 | struct authenc_instance_ctx *ctx = crypto_instance_ctx(inst); |
469 | 685 | ||
470 | crypto_drop_skcipher(&ctx->enc); | 686 | crypto_drop_skcipher(&ctx->enc); |
471 | crypto_drop_spawn(&ctx->auth); | 687 | crypto_drop_ahash(&ctx->auth); |
472 | kfree(inst); | 688 | kfree(inst); |
473 | } | 689 | } |
474 | 690 | ||