tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

kernel / crypto / gcm.c
at v4.10-rc7 1318 lines 34 kB view raw
1/* 2 * GCM: Galois/Counter Mode. 3 * 4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published 8 * by the Free Software Foundation. 9 */ 10 11#include <crypto/gf128mul.h> 12#include <crypto/internal/aead.h> 13#include <crypto/internal/skcipher.h> 14#include <crypto/internal/hash.h> 15#include <crypto/null.h> 16#include <crypto/scatterwalk.h> 17#include <crypto/hash.h> 18#include "internal.h" 19#include <linux/completion.h> 20#include <linux/err.h> 21#include <linux/init.h> 22#include <linux/kernel.h> 23#include <linux/module.h> 24#include <linux/slab.h> 25 26struct gcm_instance_ctx { 27 struct crypto_skcipher_spawn ctr; 28 struct crypto_ahash_spawn ghash; 29}; 30 31struct crypto_gcm_ctx { 32 struct crypto_skcipher *ctr; 33 struct crypto_ahash *ghash; 34}; 35 36struct crypto_rfc4106_ctx { 37 struct crypto_aead *child; 38 u8 nonce[4]; 39}; 40 41struct crypto_rfc4106_req_ctx { 42 struct scatterlist src[3]; 43 struct scatterlist dst[3]; 44 struct aead_request subreq; 45}; 46 47struct crypto_rfc4543_instance_ctx { 48 struct crypto_aead_spawn aead; 49}; 50 51struct crypto_rfc4543_ctx { 52 struct crypto_aead *child; 53 struct crypto_skcipher *null; 54 u8 nonce[4]; 55}; 56 57struct crypto_rfc4543_req_ctx { 58 struct aead_request subreq; 59}; 60 61struct crypto_gcm_ghash_ctx { 62 unsigned int cryptlen; 63 struct scatterlist *src; 64 int (*complete)(struct aead_request *req, u32 flags); 65}; 66 67struct crypto_gcm_req_priv_ctx { 68 u8 iv[16]; 69 u8 auth_tag[16]; 70 u8 iauth_tag[16]; 71 struct scatterlist src[3]; 72 struct scatterlist dst[3]; 73 struct scatterlist sg; 74 struct crypto_gcm_ghash_ctx ghash_ctx; 75 union { 76 struct ahash_request ahreq; 77 struct skcipher_request skreq; 78 } u; 79}; 80 81struct crypto_gcm_setkey_result { 82 int err; 83 struct completion completion; 84}; 85 86static struct { 87 u8 buf[16]; 88 struct scatterlist sg; 89} *gcm_zeroes; 90 91static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc); 92 93static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 94 struct aead_request *req) 95{ 96 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 97 98 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 99} 100 101static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err) 102{ 103 struct crypto_gcm_setkey_result *result = req->data; 104 105 if (err == -EINPROGRESS) 106 return; 107 108 result->err = err; 109 complete(&result->completion); 110} 111 112static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, 113 unsigned int keylen) 114{ 115 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 116 struct crypto_ahash *ghash = ctx->ghash; 117 struct crypto_skcipher *ctr = ctx->ctr; 118 struct { 119 be128 hash; 120 u8 iv[16]; 121 122 struct crypto_gcm_setkey_result result; 123 124 struct scatterlist sg[1]; 125 struct skcipher_request req; 126 } *data; 127 int err; 128 129 crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); 130 crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) & 131 CRYPTO_TFM_REQ_MASK); 132 err = crypto_skcipher_setkey(ctr, key, keylen); 133 crypto_aead_set_flags(aead, crypto_skcipher_get_flags(ctr) & 134 CRYPTO_TFM_RES_MASK); 135 if (err) 136 return err; 137 138 data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr), 139 GFP_KERNEL); 140 if (!data) 141 return -ENOMEM; 142 143 init_completion(&data->result.completion); 144 sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 145 skcipher_request_set_tfm(&data->req, ctr); 146 skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 147 CRYPTO_TFM_REQ_MAY_BACKLOG, 148 crypto_gcm_setkey_done, 149 &data->result); 150 skcipher_request_set_crypt(&data->req, data->sg, data->sg, 151 sizeof(data->hash), data->iv); 152 153 err = crypto_skcipher_encrypt(&data->req); 154 if (err == -EINPROGRESS || err == -EBUSY) { 155 err = wait_for_completion_interruptible( 156 &data->result.completion); 157 if (!err) 158 err = data->result.err; 159 } 160 161 if (err) 162 goto out; 163 164 crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 165 crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 166 CRYPTO_TFM_REQ_MASK); 167 err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 168 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) & 169 CRYPTO_TFM_RES_MASK); 170 171out: 172 kzfree(data); 173 return err; 174} 175 176static int crypto_gcm_setauthsize(struct crypto_aead *tfm, 177 unsigned int authsize) 178{ 179 switch (authsize) { 180 case 4: 181 case 8: 182 case 12: 183 case 13: 184 case 14: 185 case 15: 186 case 16: 187 break; 188 default: 189 return -EINVAL; 190 } 191 192 return 0; 193} 194 195static void crypto_gcm_init_common(struct aead_request *req) 196{ 197 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 198 __be32 counter = cpu_to_be32(1); 199 struct scatterlist *sg; 200 201 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag)); 202 memcpy(pctx->iv, req->iv, 12); 203 memcpy(pctx->iv + 12, &counter, 4); 204 205 sg_init_table(pctx->src, 3); 206 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag)); 207 sg = scatterwalk_ffwd(pctx->src + 1, req->src, req->assoclen); 208 if (sg != pctx->src + 1) 209 sg_chain(pctx->src, 2, sg); 210 211 if (req->src != req->dst) { 212 sg_init_table(pctx->dst, 3); 213 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag)); 214 sg = scatterwalk_ffwd(pctx->dst + 1, req->dst, req->assoclen); 215 if (sg != pctx->dst + 1) 216 sg_chain(pctx->dst, 2, sg); 217 } 218} 219 220static void crypto_gcm_init_crypt(struct aead_request *req, 221 unsigned int cryptlen) 222{ 223 struct crypto_aead *aead = crypto_aead_reqtfm(req); 224 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 225 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 226 struct skcipher_request *skreq = &pctx->u.skreq; 227 struct scatterlist *dst; 228 229 dst = req->src == req->dst ? pctx->src : pctx->dst; 230 231 skcipher_request_set_tfm(skreq, ctx->ctr); 232 skcipher_request_set_crypt(skreq, pctx->src, dst, 233 cryptlen + sizeof(pctx->auth_tag), 234 pctx->iv); 235} 236 237static inline unsigned int gcm_remain(unsigned int len) 238{ 239 len &= 0xfU; 240 return len ? 16 - len : 0; 241} 242 243static void gcm_hash_len_done(struct crypto_async_request *areq, int err); 244 245static int gcm_hash_update(struct aead_request *req, 246 crypto_completion_t compl, 247 struct scatterlist *src, 248 unsigned int len, u32 flags) 249{ 250 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 251 struct ahash_request *ahreq = &pctx->u.ahreq; 252 253 ahash_request_set_callback(ahreq, flags, compl, req); 254 ahash_request_set_crypt(ahreq, src, NULL, len); 255 256 return crypto_ahash_update(ahreq); 257} 258 259static int gcm_hash_remain(struct aead_request *req, 260 unsigned int remain, 261 crypto_completion_t compl, u32 flags) 262{ 263 return gcm_hash_update(req, compl, &gcm_zeroes->sg, remain, flags); 264} 265 266static int gcm_hash_len(struct aead_request *req, u32 flags) 267{ 268 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 269 struct ahash_request *ahreq = &pctx->u.ahreq; 270 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 271 u128 lengths; 272 273 lengths.a = cpu_to_be64(req->assoclen * 8); 274 lengths.b = cpu_to_be64(gctx->cryptlen * 8); 275 memcpy(pctx->iauth_tag, &lengths, 16); 276 sg_init_one(&pctx->sg, pctx->iauth_tag, 16); 277 ahash_request_set_callback(ahreq, flags, gcm_hash_len_done, req); 278 ahash_request_set_crypt(ahreq, &pctx->sg, 279 pctx->iauth_tag, sizeof(lengths)); 280 281 return crypto_ahash_finup(ahreq); 282} 283 284static int gcm_hash_len_continue(struct aead_request *req, u32 flags) 285{ 286 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 287 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 288 289 return gctx->complete(req, flags); 290} 291 292static void gcm_hash_len_done(struct crypto_async_request *areq, int err) 293{ 294 struct aead_request *req = areq->data; 295 296 if (err) 297 goto out; 298 299 err = gcm_hash_len_continue(req, 0); 300 if (err == -EINPROGRESS) 301 return; 302 303out: 304 aead_request_complete(req, err); 305} 306 307static int gcm_hash_crypt_remain_continue(struct aead_request *req, u32 flags) 308{ 309 return gcm_hash_len(req, flags) ?: 310 gcm_hash_len_continue(req, flags); 311} 312 313static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq, 314 int err) 315{ 316 struct aead_request *req = areq->data; 317 318 if (err) 319 goto out; 320 321 err = gcm_hash_crypt_remain_continue(req, 0); 322 if (err == -EINPROGRESS) 323 return; 324 325out: 326 aead_request_complete(req, err); 327} 328 329static int gcm_hash_crypt_continue(struct aead_request *req, u32 flags) 330{ 331 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 332 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 333 unsigned int remain; 334 335 remain = gcm_remain(gctx->cryptlen); 336 if (remain) 337 return gcm_hash_remain(req, remain, 338 gcm_hash_crypt_remain_done, flags) ?: 339 gcm_hash_crypt_remain_continue(req, flags); 340 341 return gcm_hash_crypt_remain_continue(req, flags); 342} 343 344static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err) 345{ 346 struct aead_request *req = areq->data; 347 348 if (err) 349 goto out; 350 351 err = gcm_hash_crypt_continue(req, 0); 352 if (err == -EINPROGRESS) 353 return; 354 355out: 356 aead_request_complete(req, err); 357} 358 359static int gcm_hash_assoc_remain_continue(struct aead_request *req, u32 flags) 360{ 361 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 362 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 363 364 if (gctx->cryptlen) 365 return gcm_hash_update(req, gcm_hash_crypt_done, 366 gctx->src, gctx->cryptlen, flags) ?: 367 gcm_hash_crypt_continue(req, flags); 368 369 return gcm_hash_crypt_remain_continue(req, flags); 370} 371 372static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq, 373 int err) 374{ 375 struct aead_request *req = areq->data; 376 377 if (err) 378 goto out; 379 380 err = gcm_hash_assoc_remain_continue(req, 0); 381 if (err == -EINPROGRESS) 382 return; 383 384out: 385 aead_request_complete(req, err); 386} 387 388static int gcm_hash_assoc_continue(struct aead_request *req, u32 flags) 389{ 390 unsigned int remain; 391 392 remain = gcm_remain(req->assoclen); 393 if (remain) 394 return gcm_hash_remain(req, remain, 395 gcm_hash_assoc_remain_done, flags) ?: 396 gcm_hash_assoc_remain_continue(req, flags); 397 398 return gcm_hash_assoc_remain_continue(req, flags); 399} 400 401static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err) 402{ 403 struct aead_request *req = areq->data; 404 405 if (err) 406 goto out; 407 408 err = gcm_hash_assoc_continue(req, 0); 409 if (err == -EINPROGRESS) 410 return; 411 412out: 413 aead_request_complete(req, err); 414} 415 416static int gcm_hash_init_continue(struct aead_request *req, u32 flags) 417{ 418 if (req->assoclen) 419 return gcm_hash_update(req, gcm_hash_assoc_done, 420 req->src, req->assoclen, flags) ?: 421 gcm_hash_assoc_continue(req, flags); 422 423 return gcm_hash_assoc_remain_continue(req, flags); 424} 425 426static void gcm_hash_init_done(struct crypto_async_request *areq, int err) 427{ 428 struct aead_request *req = areq->data; 429 430 if (err) 431 goto out; 432 433 err = gcm_hash_init_continue(req, 0); 434 if (err == -EINPROGRESS) 435 return; 436 437out: 438 aead_request_complete(req, err); 439} 440 441static int gcm_hash(struct aead_request *req, u32 flags) 442{ 443 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 444 struct ahash_request *ahreq = &pctx->u.ahreq; 445 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 446 447 ahash_request_set_tfm(ahreq, ctx->ghash); 448 449 ahash_request_set_callback(ahreq, flags, gcm_hash_init_done, req); 450 return crypto_ahash_init(ahreq) ?: 451 gcm_hash_init_continue(req, flags); 452} 453 454static int gcm_enc_copy_hash(struct aead_request *req, u32 flags) 455{ 456 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 457 struct crypto_aead *aead = crypto_aead_reqtfm(req); 458 u8 *auth_tag = pctx->auth_tag; 459 460 crypto_xor(auth_tag, pctx->iauth_tag, 16); 461 scatterwalk_map_and_copy(auth_tag, req->dst, 462 req->assoclen + req->cryptlen, 463 crypto_aead_authsize(aead), 1); 464 return 0; 465} 466 467static int gcm_encrypt_continue(struct aead_request *req, u32 flags) 468{ 469 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 470 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 471 472 gctx->src = sg_next(req->src == req->dst ? pctx->src : pctx->dst); 473 gctx->cryptlen = req->cryptlen; 474 gctx->complete = gcm_enc_copy_hash; 475 476 return gcm_hash(req, flags); 477} 478 479static void gcm_encrypt_done(struct crypto_async_request *areq, int err) 480{ 481 struct aead_request *req = areq->data; 482 483 if (err) 484 goto out; 485 486 err = gcm_encrypt_continue(req, 0); 487 if (err == -EINPROGRESS) 488 return; 489 490out: 491 aead_request_complete(req, err); 492} 493 494static int crypto_gcm_encrypt(struct aead_request *req) 495{ 496 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 497 struct skcipher_request *skreq = &pctx->u.skreq; 498 u32 flags = aead_request_flags(req); 499 500 crypto_gcm_init_common(req); 501 crypto_gcm_init_crypt(req, req->cryptlen); 502 skcipher_request_set_callback(skreq, flags, gcm_encrypt_done, req); 503 504 return crypto_skcipher_encrypt(skreq) ?: 505 gcm_encrypt_continue(req, flags); 506} 507 508static int crypto_gcm_verify(struct aead_request *req) 509{ 510 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 511 struct crypto_aead *aead = crypto_aead_reqtfm(req); 512 u8 *auth_tag = pctx->auth_tag; 513 u8 *iauth_tag = pctx->iauth_tag; 514 unsigned int authsize = crypto_aead_authsize(aead); 515 unsigned int cryptlen = req->cryptlen - authsize; 516 517 crypto_xor(auth_tag, iauth_tag, 16); 518 scatterwalk_map_and_copy(iauth_tag, req->src, 519 req->assoclen + cryptlen, authsize, 0); 520 return crypto_memneq(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0; 521} 522 523static void gcm_decrypt_done(struct crypto_async_request *areq, int err) 524{ 525 struct aead_request *req = areq->data; 526 527 if (!err) 528 err = crypto_gcm_verify(req); 529 530 aead_request_complete(req, err); 531} 532 533static int gcm_dec_hash_continue(struct aead_request *req, u32 flags) 534{ 535 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 536 struct skcipher_request *skreq = &pctx->u.skreq; 537 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 538 539 crypto_gcm_init_crypt(req, gctx->cryptlen); 540 skcipher_request_set_callback(skreq, flags, gcm_decrypt_done, req); 541 return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req); 542} 543 544static int crypto_gcm_decrypt(struct aead_request *req) 545{ 546 struct crypto_aead *aead = crypto_aead_reqtfm(req); 547 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 548 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 549 unsigned int authsize = crypto_aead_authsize(aead); 550 unsigned int cryptlen = req->cryptlen; 551 u32 flags = aead_request_flags(req); 552 553 cryptlen -= authsize; 554 555 crypto_gcm_init_common(req); 556 557 gctx->src = sg_next(pctx->src); 558 gctx->cryptlen = cryptlen; 559 gctx->complete = gcm_dec_hash_continue; 560 561 return gcm_hash(req, flags); 562} 563 564static int crypto_gcm_init_tfm(struct crypto_aead *tfm) 565{ 566 struct aead_instance *inst = aead_alg_instance(tfm); 567 struct gcm_instance_ctx *ictx = aead_instance_ctx(inst); 568 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 569 struct crypto_skcipher *ctr; 570 struct crypto_ahash *ghash; 571 unsigned long align; 572 int err; 573 574 ghash = crypto_spawn_ahash(&ictx->ghash); 575 if (IS_ERR(ghash)) 576 return PTR_ERR(ghash); 577 578 ctr = crypto_spawn_skcipher(&ictx->ctr); 579 err = PTR_ERR(ctr); 580 if (IS_ERR(ctr)) 581 goto err_free_hash; 582 583 ctx->ctr = ctr; 584 ctx->ghash = ghash; 585 586 align = crypto_aead_alignmask(tfm); 587 align &= ~(crypto_tfm_ctx_alignment() - 1); 588 crypto_aead_set_reqsize(tfm, 589 align + offsetof(struct crypto_gcm_req_priv_ctx, u) + 590 max(sizeof(struct skcipher_request) + 591 crypto_skcipher_reqsize(ctr), 592 sizeof(struct ahash_request) + 593 crypto_ahash_reqsize(ghash))); 594 595 return 0; 596 597err_free_hash: 598 crypto_free_ahash(ghash); 599 return err; 600} 601 602static void crypto_gcm_exit_tfm(struct crypto_aead *tfm) 603{ 604 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 605 606 crypto_free_ahash(ctx->ghash); 607 crypto_free_skcipher(ctx->ctr); 608} 609 610static void crypto_gcm_free(struct aead_instance *inst) 611{ 612 struct gcm_instance_ctx *ctx = aead_instance_ctx(inst); 613 614 crypto_drop_skcipher(&ctx->ctr); 615 crypto_drop_ahash(&ctx->ghash); 616 kfree(inst); 617} 618 619static int crypto_gcm_create_common(struct crypto_template *tmpl, 620 struct rtattr **tb, 621 const char *full_name, 622 const char *ctr_name, 623 const char *ghash_name) 624{ 625 struct crypto_attr_type *algt; 626 struct aead_instance *inst; 627 struct skcipher_alg *ctr; 628 struct crypto_alg *ghash_alg; 629 struct hash_alg_common *ghash; 630 struct gcm_instance_ctx *ctx; 631 int err; 632 633 algt = crypto_get_attr_type(tb); 634 if (IS_ERR(algt)) 635 return PTR_ERR(algt); 636 637 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 638 return -EINVAL; 639 640 ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, 641 CRYPTO_ALG_TYPE_HASH, 642 CRYPTO_ALG_TYPE_AHASH_MASK | 643 crypto_requires_sync(algt->type, 644 algt->mask)); 645 if (IS_ERR(ghash_alg)) 646 return PTR_ERR(ghash_alg); 647 648 ghash = __crypto_hash_alg_common(ghash_alg); 649 650 err = -ENOMEM; 651 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 652 if (!inst) 653 goto out_put_ghash; 654 655 ctx = aead_instance_ctx(inst); 656 err = crypto_init_ahash_spawn(&ctx->ghash, ghash, 657 aead_crypto_instance(inst)); 658 if (err) 659 goto err_free_inst; 660 661 err = -EINVAL; 662 if (ghash->digestsize != 16) 663 goto err_drop_ghash; 664 665 crypto_set_skcipher_spawn(&ctx->ctr, aead_crypto_instance(inst)); 666 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0, 667 crypto_requires_sync(algt->type, 668 algt->mask)); 669 if (err) 670 goto err_drop_ghash; 671 672 ctr = crypto_spawn_skcipher_alg(&ctx->ctr); 673 674 /* We only support 16-byte blocks. */ 675 err = -EINVAL; 676 if (crypto_skcipher_alg_ivsize(ctr) != 16) 677 goto out_put_ctr; 678 679 /* Not a stream cipher? */ 680 if (ctr->base.cra_blocksize != 1) 681 goto out_put_ctr; 682 683 err = -ENAMETOOLONG; 684 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 685 "gcm_base(%s,%s)", ctr->base.cra_driver_name, 686 ghash_alg->cra_driver_name) >= 687 CRYPTO_MAX_ALG_NAME) 688 goto out_put_ctr; 689 690 memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME); 691 692 inst->alg.base.cra_flags = (ghash->base.cra_flags | 693 ctr->base.cra_flags) & CRYPTO_ALG_ASYNC; 694 inst->alg.base.cra_priority = (ghash->base.cra_priority + 695 ctr->base.cra_priority) / 2; 696 inst->alg.base.cra_blocksize = 1; 697 inst->alg.base.cra_alignmask = ghash->base.cra_alignmask | 698 ctr->base.cra_alignmask; 699 inst->alg.base.cra_ctxsize = sizeof(struct crypto_gcm_ctx); 700 inst->alg.ivsize = 12; 701 inst->alg.chunksize = crypto_skcipher_alg_chunksize(ctr); 702 inst->alg.maxauthsize = 16; 703 inst->alg.init = crypto_gcm_init_tfm; 704 inst->alg.exit = crypto_gcm_exit_tfm; 705 inst->alg.setkey = crypto_gcm_setkey; 706 inst->alg.setauthsize = crypto_gcm_setauthsize; 707 inst->alg.encrypt = crypto_gcm_encrypt; 708 inst->alg.decrypt = crypto_gcm_decrypt; 709 710 inst->free = crypto_gcm_free; 711 712 err = aead_register_instance(tmpl, inst); 713 if (err) 714 goto out_put_ctr; 715 716out_put_ghash: 717 crypto_mod_put(ghash_alg); 718 return err; 719 720out_put_ctr: 721 crypto_drop_skcipher(&ctx->ctr); 722err_drop_ghash: 723 crypto_drop_ahash(&ctx->ghash); 724err_free_inst: 725 kfree(inst); 726 goto out_put_ghash; 727} 728 729static int crypto_gcm_create(struct crypto_template *tmpl, struct rtattr **tb) 730{ 731 const char *cipher_name; 732 char ctr_name[CRYPTO_MAX_ALG_NAME]; 733 char full_name[CRYPTO_MAX_ALG_NAME]; 734 735 cipher_name = crypto_attr_alg_name(tb[1]); 736 if (IS_ERR(cipher_name)) 737 return PTR_ERR(cipher_name); 738 739 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >= 740 CRYPTO_MAX_ALG_NAME) 741 return -ENAMETOOLONG; 742 743 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >= 744 CRYPTO_MAX_ALG_NAME) 745 return -ENAMETOOLONG; 746 747 return crypto_gcm_create_common(tmpl, tb, full_name, 748 ctr_name, "ghash"); 749} 750 751static struct crypto_template crypto_gcm_tmpl = { 752 .name = "gcm", 753 .create = crypto_gcm_create, 754 .module = THIS_MODULE, 755}; 756 757static int crypto_gcm_base_create(struct crypto_template *tmpl, 758 struct rtattr **tb) 759{ 760 const char *ctr_name; 761 const char *ghash_name; 762 char full_name[CRYPTO_MAX_ALG_NAME]; 763 764 ctr_name = crypto_attr_alg_name(tb[1]); 765 if (IS_ERR(ctr_name)) 766 return PTR_ERR(ctr_name); 767 768 ghash_name = crypto_attr_alg_name(tb[2]); 769 if (IS_ERR(ghash_name)) 770 return PTR_ERR(ghash_name); 771 772 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)", 773 ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME) 774 return -ENAMETOOLONG; 775 776 return crypto_gcm_create_common(tmpl, tb, full_name, 777 ctr_name, ghash_name); 778} 779 780static struct crypto_template crypto_gcm_base_tmpl = { 781 .name = "gcm_base", 782 .create = crypto_gcm_base_create, 783 .module = THIS_MODULE, 784}; 785 786static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, 787 unsigned int keylen) 788{ 789 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 790 struct crypto_aead *child = ctx->child; 791 int err; 792 793 if (keylen < 4) 794 return -EINVAL; 795 796 keylen -= 4; 797 memcpy(ctx->nonce, key + keylen, 4); 798 799 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 800 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 801 CRYPTO_TFM_REQ_MASK); 802 err = crypto_aead_setkey(child, key, keylen); 803 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 804 CRYPTO_TFM_RES_MASK); 805 806 return err; 807} 808 809static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, 810 unsigned int authsize) 811{ 812 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 813 814 switch (authsize) { 815 case 8: 816 case 12: 817 case 16: 818 break; 819 default: 820 return -EINVAL; 821 } 822 823 return crypto_aead_setauthsize(ctx->child, authsize); 824} 825 826static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) 827{ 828 struct crypto_rfc4106_req_ctx *rctx = aead_request_ctx(req); 829 struct crypto_aead *aead = crypto_aead_reqtfm(req); 830 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead); 831 struct aead_request *subreq = &rctx->subreq; 832 struct crypto_aead *child = ctx->child; 833 struct scatterlist *sg; 834 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child), 835 crypto_aead_alignmask(child) + 1); 836 837 scatterwalk_map_and_copy(iv + 12, req->src, 0, req->assoclen - 8, 0); 838 839 memcpy(iv, ctx->nonce, 4); 840 memcpy(iv + 4, req->iv, 8); 841 842 sg_init_table(rctx->src, 3); 843 sg_set_buf(rctx->src, iv + 12, req->assoclen - 8); 844 sg = scatterwalk_ffwd(rctx->src + 1, req->src, req->assoclen); 845 if (sg != rctx->src + 1) 846 sg_chain(rctx->src, 2, sg); 847 848 if (req->src != req->dst) { 849 sg_init_table(rctx->dst, 3); 850 sg_set_buf(rctx->dst, iv + 12, req->assoclen - 8); 851 sg = scatterwalk_ffwd(rctx->dst + 1, req->dst, req->assoclen); 852 if (sg != rctx->dst + 1) 853 sg_chain(rctx->dst, 2, sg); 854 } 855 856 aead_request_set_tfm(subreq, child); 857 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 858 req->base.data); 859 aead_request_set_crypt(subreq, rctx->src, 860 req->src == req->dst ? rctx->src : rctx->dst, 861 req->cryptlen, iv); 862 aead_request_set_ad(subreq, req->assoclen - 8); 863 864 return subreq; 865} 866 867static int crypto_rfc4106_encrypt(struct aead_request *req) 868{ 869 if (req->assoclen != 16 && req->assoclen != 20) 870 return -EINVAL; 871 872 req = crypto_rfc4106_crypt(req); 873 874 return crypto_aead_encrypt(req); 875} 876 877static int crypto_rfc4106_decrypt(struct aead_request *req) 878{ 879 if (req->assoclen != 16 && req->assoclen != 20) 880 return -EINVAL; 881 882 req = crypto_rfc4106_crypt(req); 883 884 return crypto_aead_decrypt(req); 885} 886 887static int crypto_rfc4106_init_tfm(struct crypto_aead *tfm) 888{ 889 struct aead_instance *inst = aead_alg_instance(tfm); 890 struct crypto_aead_spawn *spawn = aead_instance_ctx(inst); 891 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 892 struct crypto_aead *aead; 893 unsigned long align; 894 895 aead = crypto_spawn_aead(spawn); 896 if (IS_ERR(aead)) 897 return PTR_ERR(aead); 898 899 ctx->child = aead; 900 901 align = crypto_aead_alignmask(aead); 902 align &= ~(crypto_tfm_ctx_alignment() - 1); 903 crypto_aead_set_reqsize( 904 tfm, 905 sizeof(struct crypto_rfc4106_req_ctx) + 906 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 907 align + 24); 908 909 return 0; 910} 911 912static void crypto_rfc4106_exit_tfm(struct crypto_aead *tfm) 913{ 914 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 915 916 crypto_free_aead(ctx->child); 917} 918 919static void crypto_rfc4106_free(struct aead_instance *inst) 920{ 921 crypto_drop_aead(aead_instance_ctx(inst)); 922 kfree(inst); 923} 924 925static int crypto_rfc4106_create(struct crypto_template *tmpl, 926 struct rtattr **tb) 927{ 928 struct crypto_attr_type *algt; 929 struct aead_instance *inst; 930 struct crypto_aead_spawn *spawn; 931 struct aead_alg *alg; 932 const char *ccm_name; 933 int err; 934 935 algt = crypto_get_attr_type(tb); 936 if (IS_ERR(algt)) 937 return PTR_ERR(algt); 938 939 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 940 return -EINVAL; 941 942 ccm_name = crypto_attr_alg_name(tb[1]); 943 if (IS_ERR(ccm_name)) 944 return PTR_ERR(ccm_name); 945 946 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 947 if (!inst) 948 return -ENOMEM; 949 950 spawn = aead_instance_ctx(inst); 951 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 952 err = crypto_grab_aead(spawn, ccm_name, 0, 953 crypto_requires_sync(algt->type, algt->mask)); 954 if (err) 955 goto out_free_inst; 956 957 alg = crypto_spawn_aead_alg(spawn); 958 959 err = -EINVAL; 960 961 /* Underlying IV size must be 12. */ 962 if (crypto_aead_alg_ivsize(alg) != 12) 963 goto out_drop_alg; 964 965 /* Not a stream cipher? */ 966 if (alg->base.cra_blocksize != 1) 967 goto out_drop_alg; 968 969 err = -ENAMETOOLONG; 970 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 971 "rfc4106(%s)", alg->base.cra_name) >= 972 CRYPTO_MAX_ALG_NAME || 973 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 974 "rfc4106(%s)", alg->base.cra_driver_name) >= 975 CRYPTO_MAX_ALG_NAME) 976 goto out_drop_alg; 977 978 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 979 inst->alg.base.cra_priority = alg->base.cra_priority; 980 inst->alg.base.cra_blocksize = 1; 981 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 982 983 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx); 984 985 inst->alg.ivsize = 8; 986 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 987 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 988 989 inst->alg.init = crypto_rfc4106_init_tfm; 990 inst->alg.exit = crypto_rfc4106_exit_tfm; 991 992 inst->alg.setkey = crypto_rfc4106_setkey; 993 inst->alg.setauthsize = crypto_rfc4106_setauthsize; 994 inst->alg.encrypt = crypto_rfc4106_encrypt; 995 inst->alg.decrypt = crypto_rfc4106_decrypt; 996 997 inst->free = crypto_rfc4106_free; 998 999 err = aead_register_instance(tmpl, inst); 1000 if (err) 1001 goto out_drop_alg; 1002 1003out: 1004 return err; 1005 1006out_drop_alg: 1007 crypto_drop_aead(spawn); 1008out_free_inst: 1009 kfree(inst); 1010 goto out; 1011} 1012 1013static struct crypto_template crypto_rfc4106_tmpl = { 1014 .name = "rfc4106", 1015 .create = crypto_rfc4106_create, 1016 .module = THIS_MODULE, 1017}; 1018 1019static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, 1020 unsigned int keylen) 1021{ 1022 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1023 struct crypto_aead *child = ctx->child; 1024 int err; 1025 1026 if (keylen < 4) 1027 return -EINVAL; 1028 1029 keylen -= 4; 1030 memcpy(ctx->nonce, key + keylen, 4); 1031 1032 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 1033 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 1034 CRYPTO_TFM_REQ_MASK); 1035 err = crypto_aead_setkey(child, key, keylen); 1036 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 1037 CRYPTO_TFM_RES_MASK); 1038 1039 return err; 1040} 1041 1042static int crypto_rfc4543_setauthsize(struct crypto_aead *parent, 1043 unsigned int authsize) 1044{ 1045 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1046 1047 if (authsize != 16) 1048 return -EINVAL; 1049 1050 return crypto_aead_setauthsize(ctx->child, authsize); 1051} 1052 1053static int crypto_rfc4543_crypt(struct aead_request *req, bool enc) 1054{ 1055 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1056 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1057 struct crypto_rfc4543_req_ctx *rctx = aead_request_ctx(req); 1058 struct aead_request *subreq = &rctx->subreq; 1059 unsigned int authsize = crypto_aead_authsize(aead); 1060 u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child), 1061 crypto_aead_alignmask(ctx->child) + 1); 1062 int err; 1063 1064 if (req->src != req->dst) { 1065 err = crypto_rfc4543_copy_src_to_dst(req, enc); 1066 if (err) 1067 return err; 1068 } 1069 1070 memcpy(iv, ctx->nonce, 4); 1071 memcpy(iv + 4, req->iv, 8); 1072 1073 aead_request_set_tfm(subreq, ctx->child); 1074 aead_request_set_callback(subreq, req->base.flags, 1075 req->base.complete, req->base.data); 1076 aead_request_set_crypt(subreq, req->src, req->dst, 1077 enc ? 0 : authsize, iv); 1078 aead_request_set_ad(subreq, req->assoclen + req->cryptlen - 1079 subreq->cryptlen); 1080 1081 return enc ? crypto_aead_encrypt(subreq) : crypto_aead_decrypt(subreq); 1082} 1083 1084static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc) 1085{ 1086 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1087 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1088 unsigned int authsize = crypto_aead_authsize(aead); 1089 unsigned int nbytes = req->assoclen + req->cryptlen - 1090 (enc ? 0 : authsize); 1091 SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null); 1092 1093 skcipher_request_set_tfm(nreq, ctx->null); 1094 skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL); 1095 skcipher_request_set_crypt(nreq, req->src, req->dst, nbytes, NULL); 1096 1097 return crypto_skcipher_encrypt(nreq); 1098} 1099 1100static int crypto_rfc4543_encrypt(struct aead_request *req) 1101{ 1102 return crypto_rfc4543_crypt(req, true); 1103} 1104 1105static int crypto_rfc4543_decrypt(struct aead_request *req) 1106{ 1107 return crypto_rfc4543_crypt(req, false); 1108} 1109 1110static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm) 1111{ 1112 struct aead_instance *inst = aead_alg_instance(tfm); 1113 struct crypto_rfc4543_instance_ctx *ictx = aead_instance_ctx(inst); 1114 struct crypto_aead_spawn *spawn = &ictx->aead; 1115 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1116 struct crypto_aead *aead; 1117 struct crypto_skcipher *null; 1118 unsigned long align; 1119 int err = 0; 1120 1121 aead = crypto_spawn_aead(spawn); 1122 if (IS_ERR(aead)) 1123 return PTR_ERR(aead); 1124 1125 null = crypto_get_default_null_skcipher2(); 1126 err = PTR_ERR(null); 1127 if (IS_ERR(null)) 1128 goto err_free_aead; 1129 1130 ctx->child = aead; 1131 ctx->null = null; 1132 1133 align = crypto_aead_alignmask(aead); 1134 align &= ~(crypto_tfm_ctx_alignment() - 1); 1135 crypto_aead_set_reqsize( 1136 tfm, 1137 sizeof(struct crypto_rfc4543_req_ctx) + 1138 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 1139 align + 12); 1140 1141 return 0; 1142 1143err_free_aead: 1144 crypto_free_aead(aead); 1145 return err; 1146} 1147 1148static void crypto_rfc4543_exit_tfm(struct crypto_aead *tfm) 1149{ 1150 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1151 1152 crypto_free_aead(ctx->child); 1153 crypto_put_default_null_skcipher2(); 1154} 1155 1156static void crypto_rfc4543_free(struct aead_instance *inst) 1157{ 1158 struct crypto_rfc4543_instance_ctx *ctx = aead_instance_ctx(inst); 1159 1160 crypto_drop_aead(&ctx->aead); 1161 1162 kfree(inst); 1163} 1164 1165static int crypto_rfc4543_create(struct crypto_template *tmpl, 1166 struct rtattr **tb) 1167{ 1168 struct crypto_attr_type *algt; 1169 struct aead_instance *inst; 1170 struct crypto_aead_spawn *spawn; 1171 struct aead_alg *alg; 1172 struct crypto_rfc4543_instance_ctx *ctx; 1173 const char *ccm_name; 1174 int err; 1175 1176 algt = crypto_get_attr_type(tb); 1177 if (IS_ERR(algt)) 1178 return PTR_ERR(algt); 1179 1180 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 1181 return -EINVAL; 1182 1183 ccm_name = crypto_attr_alg_name(tb[1]); 1184 if (IS_ERR(ccm_name)) 1185 return PTR_ERR(ccm_name); 1186 1187 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 1188 if (!inst) 1189 return -ENOMEM; 1190 1191 ctx = aead_instance_ctx(inst); 1192 spawn = &ctx->aead; 1193 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 1194 err = crypto_grab_aead(spawn, ccm_name, 0, 1195 crypto_requires_sync(algt->type, algt->mask)); 1196 if (err) 1197 goto out_free_inst; 1198 1199 alg = crypto_spawn_aead_alg(spawn); 1200 1201 err = -EINVAL; 1202 1203 /* Underlying IV size must be 12. */ 1204 if (crypto_aead_alg_ivsize(alg) != 12) 1205 goto out_drop_alg; 1206 1207 /* Not a stream cipher? */ 1208 if (alg->base.cra_blocksize != 1) 1209 goto out_drop_alg; 1210 1211 err = -ENAMETOOLONG; 1212 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 1213 "rfc4543(%s)", alg->base.cra_name) >= 1214 CRYPTO_MAX_ALG_NAME || 1215 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1216 "rfc4543(%s)", alg->base.cra_driver_name) >= 1217 CRYPTO_MAX_ALG_NAME) 1218 goto out_drop_alg; 1219 1220 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 1221 inst->alg.base.cra_priority = alg->base.cra_priority; 1222 inst->alg.base.cra_blocksize = 1; 1223 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 1224 1225 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx); 1226 1227 inst->alg.ivsize = 8; 1228 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 1229 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 1230 1231 inst->alg.init = crypto_rfc4543_init_tfm; 1232 inst->alg.exit = crypto_rfc4543_exit_tfm; 1233 1234 inst->alg.setkey = crypto_rfc4543_setkey; 1235 inst->alg.setauthsize = crypto_rfc4543_setauthsize; 1236 inst->alg.encrypt = crypto_rfc4543_encrypt; 1237 inst->alg.decrypt = crypto_rfc4543_decrypt; 1238 1239 inst->free = crypto_rfc4543_free, 1240 1241 err = aead_register_instance(tmpl, inst); 1242 if (err) 1243 goto out_drop_alg; 1244 1245out: 1246 return err; 1247 1248out_drop_alg: 1249 crypto_drop_aead(spawn); 1250out_free_inst: 1251 kfree(inst); 1252 goto out; 1253} 1254 1255static struct crypto_template crypto_rfc4543_tmpl = { 1256 .name = "rfc4543", 1257 .create = crypto_rfc4543_create, 1258 .module = THIS_MODULE, 1259}; 1260 1261static int __init crypto_gcm_module_init(void) 1262{ 1263 int err; 1264 1265 gcm_zeroes = kzalloc(sizeof(*gcm_zeroes), GFP_KERNEL); 1266 if (!gcm_zeroes) 1267 return -ENOMEM; 1268 1269 sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf)); 1270 1271 err = crypto_register_template(&crypto_gcm_base_tmpl); 1272 if (err) 1273 goto out; 1274 1275 err = crypto_register_template(&crypto_gcm_tmpl); 1276 if (err) 1277 goto out_undo_base; 1278 1279 err = crypto_register_template(&crypto_rfc4106_tmpl); 1280 if (err) 1281 goto out_undo_gcm; 1282 1283 err = crypto_register_template(&crypto_rfc4543_tmpl); 1284 if (err) 1285 goto out_undo_rfc4106; 1286 1287 return 0; 1288 1289out_undo_rfc4106: 1290 crypto_unregister_template(&crypto_rfc4106_tmpl); 1291out_undo_gcm: 1292 crypto_unregister_template(&crypto_gcm_tmpl); 1293out_undo_base: 1294 crypto_unregister_template(&crypto_gcm_base_tmpl); 1295out: 1296 kfree(gcm_zeroes); 1297 return err; 1298} 1299 1300static void __exit crypto_gcm_module_exit(void) 1301{ 1302 kfree(gcm_zeroes); 1303 crypto_unregister_template(&crypto_rfc4543_tmpl); 1304 crypto_unregister_template(&crypto_rfc4106_tmpl); 1305 crypto_unregister_template(&crypto_gcm_tmpl); 1306 crypto_unregister_template(&crypto_gcm_base_tmpl); 1307} 1308 1309module_init(crypto_gcm_module_init); 1310module_exit(crypto_gcm_module_exit); 1311 1312MODULE_LICENSE("GPL"); 1313MODULE_DESCRIPTION("Galois/Counter Mode"); 1314MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>"); 1315MODULE_ALIAS_CRYPTO("gcm_base"); 1316MODULE_ALIAS_CRYPTO("rfc4106"); 1317MODULE_ALIAS_CRYPTO("rfc4543"); 1318MODULE_ALIAS_CRYPTO("gcm");