tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / crypto / gcm.c
at v4.13 1316 lines 34 kB view raw
1/* 2 * GCM: Galois/Counter Mode. 3 * 4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi> 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published 8 * by the Free Software Foundation. 9 */ 10 11#include <crypto/gf128mul.h> 12#include <crypto/internal/aead.h> 13#include <crypto/internal/skcipher.h> 14#include <crypto/internal/hash.h> 15#include <crypto/null.h> 16#include <crypto/scatterwalk.h> 17#include <crypto/hash.h> 18#include "internal.h" 19#include <linux/completion.h> 20#include <linux/err.h> 21#include <linux/init.h> 22#include <linux/kernel.h> 23#include <linux/module.h> 24#include <linux/slab.h> 25 26struct gcm_instance_ctx { 27 struct crypto_skcipher_spawn ctr; 28 struct crypto_ahash_spawn ghash; 29}; 30 31struct crypto_gcm_ctx { 32 struct crypto_skcipher *ctr; 33 struct crypto_ahash *ghash; 34}; 35 36struct crypto_rfc4106_ctx { 37 struct crypto_aead *child; 38 u8 nonce[4]; 39}; 40 41struct crypto_rfc4106_req_ctx { 42 struct scatterlist src[3]; 43 struct scatterlist dst[3]; 44 struct aead_request subreq; 45}; 46 47struct crypto_rfc4543_instance_ctx { 48 struct crypto_aead_spawn aead; 49}; 50 51struct crypto_rfc4543_ctx { 52 struct crypto_aead *child; 53 struct crypto_skcipher *null; 54 u8 nonce[4]; 55}; 56 57struct crypto_rfc4543_req_ctx { 58 struct aead_request subreq; 59}; 60 61struct crypto_gcm_ghash_ctx { 62 unsigned int cryptlen; 63 struct scatterlist *src; 64 int (*complete)(struct aead_request *req, u32 flags); 65}; 66 67struct crypto_gcm_req_priv_ctx { 68 u8 iv[16]; 69 u8 auth_tag[16]; 70 u8 iauth_tag[16]; 71 struct scatterlist src[3]; 72 struct scatterlist dst[3]; 73 struct scatterlist sg; 74 struct crypto_gcm_ghash_ctx ghash_ctx; 75 union { 76 struct ahash_request ahreq; 77 struct skcipher_request skreq; 78 } u; 79}; 80 81struct crypto_gcm_setkey_result { 82 int err; 83 struct completion completion; 84}; 85 86static struct { 87 u8 buf[16]; 88 struct scatterlist sg; 89} *gcm_zeroes; 90 91static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc); 92 93static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx( 94 struct aead_request *req) 95{ 96 unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req)); 97 98 return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); 99} 100 101static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err) 102{ 103 struct crypto_gcm_setkey_result *result = req->data; 104 105 if (err == -EINPROGRESS) 106 return; 107 108 result->err = err; 109 complete(&result->completion); 110} 111 112static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, 113 unsigned int keylen) 114{ 115 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 116 struct crypto_ahash *ghash = ctx->ghash; 117 struct crypto_skcipher *ctr = ctx->ctr; 118 struct { 119 be128 hash; 120 u8 iv[16]; 121 122 struct crypto_gcm_setkey_result result; 123 124 struct scatterlist sg[1]; 125 struct skcipher_request req; 126 } *data; 127 int err; 128 129 crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK); 130 crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) & 131 CRYPTO_TFM_REQ_MASK); 132 err = crypto_skcipher_setkey(ctr, key, keylen); 133 crypto_aead_set_flags(aead, crypto_skcipher_get_flags(ctr) & 134 CRYPTO_TFM_RES_MASK); 135 if (err) 136 return err; 137 138 data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr), 139 GFP_KERNEL); 140 if (!data) 141 return -ENOMEM; 142 143 init_completion(&data->result.completion); 144 sg_init_one(data->sg, &data->hash, sizeof(data->hash)); 145 skcipher_request_set_tfm(&data->req, ctr); 146 skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP | 147 CRYPTO_TFM_REQ_MAY_BACKLOG, 148 crypto_gcm_setkey_done, 149 &data->result); 150 skcipher_request_set_crypt(&data->req, data->sg, data->sg, 151 sizeof(data->hash), data->iv); 152 153 err = crypto_skcipher_encrypt(&data->req); 154 if (err == -EINPROGRESS || err == -EBUSY) { 155 wait_for_completion(&data->result.completion); 156 err = data->result.err; 157 } 158 159 if (err) 160 goto out; 161 162 crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK); 163 crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) & 164 CRYPTO_TFM_REQ_MASK); 165 err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128)); 166 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) & 167 CRYPTO_TFM_RES_MASK); 168 169out: 170 kzfree(data); 171 return err; 172} 173 174static int crypto_gcm_setauthsize(struct crypto_aead *tfm, 175 unsigned int authsize) 176{ 177 switch (authsize) { 178 case 4: 179 case 8: 180 case 12: 181 case 13: 182 case 14: 183 case 15: 184 case 16: 185 break; 186 default: 187 return -EINVAL; 188 } 189 190 return 0; 191} 192 193static void crypto_gcm_init_common(struct aead_request *req) 194{ 195 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 196 __be32 counter = cpu_to_be32(1); 197 struct scatterlist *sg; 198 199 memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag)); 200 memcpy(pctx->iv, req->iv, 12); 201 memcpy(pctx->iv + 12, &counter, 4); 202 203 sg_init_table(pctx->src, 3); 204 sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag)); 205 sg = scatterwalk_ffwd(pctx->src + 1, req->src, req->assoclen); 206 if (sg != pctx->src + 1) 207 sg_chain(pctx->src, 2, sg); 208 209 if (req->src != req->dst) { 210 sg_init_table(pctx->dst, 3); 211 sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag)); 212 sg = scatterwalk_ffwd(pctx->dst + 1, req->dst, req->assoclen); 213 if (sg != pctx->dst + 1) 214 sg_chain(pctx->dst, 2, sg); 215 } 216} 217 218static void crypto_gcm_init_crypt(struct aead_request *req, 219 unsigned int cryptlen) 220{ 221 struct crypto_aead *aead = crypto_aead_reqtfm(req); 222 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead); 223 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 224 struct skcipher_request *skreq = &pctx->u.skreq; 225 struct scatterlist *dst; 226 227 dst = req->src == req->dst ? pctx->src : pctx->dst; 228 229 skcipher_request_set_tfm(skreq, ctx->ctr); 230 skcipher_request_set_crypt(skreq, pctx->src, dst, 231 cryptlen + sizeof(pctx->auth_tag), 232 pctx->iv); 233} 234 235static inline unsigned int gcm_remain(unsigned int len) 236{ 237 len &= 0xfU; 238 return len ? 16 - len : 0; 239} 240 241static void gcm_hash_len_done(struct crypto_async_request *areq, int err); 242 243static int gcm_hash_update(struct aead_request *req, 244 crypto_completion_t compl, 245 struct scatterlist *src, 246 unsigned int len, u32 flags) 247{ 248 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 249 struct ahash_request *ahreq = &pctx->u.ahreq; 250 251 ahash_request_set_callback(ahreq, flags, compl, req); 252 ahash_request_set_crypt(ahreq, src, NULL, len); 253 254 return crypto_ahash_update(ahreq); 255} 256 257static int gcm_hash_remain(struct aead_request *req, 258 unsigned int remain, 259 crypto_completion_t compl, u32 flags) 260{ 261 return gcm_hash_update(req, compl, &gcm_zeroes->sg, remain, flags); 262} 263 264static int gcm_hash_len(struct aead_request *req, u32 flags) 265{ 266 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 267 struct ahash_request *ahreq = &pctx->u.ahreq; 268 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 269 u128 lengths; 270 271 lengths.a = cpu_to_be64(req->assoclen * 8); 272 lengths.b = cpu_to_be64(gctx->cryptlen * 8); 273 memcpy(pctx->iauth_tag, &lengths, 16); 274 sg_init_one(&pctx->sg, pctx->iauth_tag, 16); 275 ahash_request_set_callback(ahreq, flags, gcm_hash_len_done, req); 276 ahash_request_set_crypt(ahreq, &pctx->sg, 277 pctx->iauth_tag, sizeof(lengths)); 278 279 return crypto_ahash_finup(ahreq); 280} 281 282static int gcm_hash_len_continue(struct aead_request *req, u32 flags) 283{ 284 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 285 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 286 287 return gctx->complete(req, flags); 288} 289 290static void gcm_hash_len_done(struct crypto_async_request *areq, int err) 291{ 292 struct aead_request *req = areq->data; 293 294 if (err) 295 goto out; 296 297 err = gcm_hash_len_continue(req, 0); 298 if (err == -EINPROGRESS) 299 return; 300 301out: 302 aead_request_complete(req, err); 303} 304 305static int gcm_hash_crypt_remain_continue(struct aead_request *req, u32 flags) 306{ 307 return gcm_hash_len(req, flags) ?: 308 gcm_hash_len_continue(req, flags); 309} 310 311static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq, 312 int err) 313{ 314 struct aead_request *req = areq->data; 315 316 if (err) 317 goto out; 318 319 err = gcm_hash_crypt_remain_continue(req, 0); 320 if (err == -EINPROGRESS) 321 return; 322 323out: 324 aead_request_complete(req, err); 325} 326 327static int gcm_hash_crypt_continue(struct aead_request *req, u32 flags) 328{ 329 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 330 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 331 unsigned int remain; 332 333 remain = gcm_remain(gctx->cryptlen); 334 if (remain) 335 return gcm_hash_remain(req, remain, 336 gcm_hash_crypt_remain_done, flags) ?: 337 gcm_hash_crypt_remain_continue(req, flags); 338 339 return gcm_hash_crypt_remain_continue(req, flags); 340} 341 342static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err) 343{ 344 struct aead_request *req = areq->data; 345 346 if (err) 347 goto out; 348 349 err = gcm_hash_crypt_continue(req, 0); 350 if (err == -EINPROGRESS) 351 return; 352 353out: 354 aead_request_complete(req, err); 355} 356 357static int gcm_hash_assoc_remain_continue(struct aead_request *req, u32 flags) 358{ 359 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 360 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 361 362 if (gctx->cryptlen) 363 return gcm_hash_update(req, gcm_hash_crypt_done, 364 gctx->src, gctx->cryptlen, flags) ?: 365 gcm_hash_crypt_continue(req, flags); 366 367 return gcm_hash_crypt_remain_continue(req, flags); 368} 369 370static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq, 371 int err) 372{ 373 struct aead_request *req = areq->data; 374 375 if (err) 376 goto out; 377 378 err = gcm_hash_assoc_remain_continue(req, 0); 379 if (err == -EINPROGRESS) 380 return; 381 382out: 383 aead_request_complete(req, err); 384} 385 386static int gcm_hash_assoc_continue(struct aead_request *req, u32 flags) 387{ 388 unsigned int remain; 389 390 remain = gcm_remain(req->assoclen); 391 if (remain) 392 return gcm_hash_remain(req, remain, 393 gcm_hash_assoc_remain_done, flags) ?: 394 gcm_hash_assoc_remain_continue(req, flags); 395 396 return gcm_hash_assoc_remain_continue(req, flags); 397} 398 399static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err) 400{ 401 struct aead_request *req = areq->data; 402 403 if (err) 404 goto out; 405 406 err = gcm_hash_assoc_continue(req, 0); 407 if (err == -EINPROGRESS) 408 return; 409 410out: 411 aead_request_complete(req, err); 412} 413 414static int gcm_hash_init_continue(struct aead_request *req, u32 flags) 415{ 416 if (req->assoclen) 417 return gcm_hash_update(req, gcm_hash_assoc_done, 418 req->src, req->assoclen, flags) ?: 419 gcm_hash_assoc_continue(req, flags); 420 421 return gcm_hash_assoc_remain_continue(req, flags); 422} 423 424static void gcm_hash_init_done(struct crypto_async_request *areq, int err) 425{ 426 struct aead_request *req = areq->data; 427 428 if (err) 429 goto out; 430 431 err = gcm_hash_init_continue(req, 0); 432 if (err == -EINPROGRESS) 433 return; 434 435out: 436 aead_request_complete(req, err); 437} 438 439static int gcm_hash(struct aead_request *req, u32 flags) 440{ 441 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 442 struct ahash_request *ahreq = &pctx->u.ahreq; 443 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 444 445 ahash_request_set_tfm(ahreq, ctx->ghash); 446 447 ahash_request_set_callback(ahreq, flags, gcm_hash_init_done, req); 448 return crypto_ahash_init(ahreq) ?: 449 gcm_hash_init_continue(req, flags); 450} 451 452static int gcm_enc_copy_hash(struct aead_request *req, u32 flags) 453{ 454 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 455 struct crypto_aead *aead = crypto_aead_reqtfm(req); 456 u8 *auth_tag = pctx->auth_tag; 457 458 crypto_xor(auth_tag, pctx->iauth_tag, 16); 459 scatterwalk_map_and_copy(auth_tag, req->dst, 460 req->assoclen + req->cryptlen, 461 crypto_aead_authsize(aead), 1); 462 return 0; 463} 464 465static int gcm_encrypt_continue(struct aead_request *req, u32 flags) 466{ 467 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 468 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 469 470 gctx->src = sg_next(req->src == req->dst ? pctx->src : pctx->dst); 471 gctx->cryptlen = req->cryptlen; 472 gctx->complete = gcm_enc_copy_hash; 473 474 return gcm_hash(req, flags); 475} 476 477static void gcm_encrypt_done(struct crypto_async_request *areq, int err) 478{ 479 struct aead_request *req = areq->data; 480 481 if (err) 482 goto out; 483 484 err = gcm_encrypt_continue(req, 0); 485 if (err == -EINPROGRESS) 486 return; 487 488out: 489 aead_request_complete(req, err); 490} 491 492static int crypto_gcm_encrypt(struct aead_request *req) 493{ 494 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 495 struct skcipher_request *skreq = &pctx->u.skreq; 496 u32 flags = aead_request_flags(req); 497 498 crypto_gcm_init_common(req); 499 crypto_gcm_init_crypt(req, req->cryptlen); 500 skcipher_request_set_callback(skreq, flags, gcm_encrypt_done, req); 501 502 return crypto_skcipher_encrypt(skreq) ?: 503 gcm_encrypt_continue(req, flags); 504} 505 506static int crypto_gcm_verify(struct aead_request *req) 507{ 508 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 509 struct crypto_aead *aead = crypto_aead_reqtfm(req); 510 u8 *auth_tag = pctx->auth_tag; 511 u8 *iauth_tag = pctx->iauth_tag; 512 unsigned int authsize = crypto_aead_authsize(aead); 513 unsigned int cryptlen = req->cryptlen - authsize; 514 515 crypto_xor(auth_tag, iauth_tag, 16); 516 scatterwalk_map_and_copy(iauth_tag, req->src, 517 req->assoclen + cryptlen, authsize, 0); 518 return crypto_memneq(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0; 519} 520 521static void gcm_decrypt_done(struct crypto_async_request *areq, int err) 522{ 523 struct aead_request *req = areq->data; 524 525 if (!err) 526 err = crypto_gcm_verify(req); 527 528 aead_request_complete(req, err); 529} 530 531static int gcm_dec_hash_continue(struct aead_request *req, u32 flags) 532{ 533 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 534 struct skcipher_request *skreq = &pctx->u.skreq; 535 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 536 537 crypto_gcm_init_crypt(req, gctx->cryptlen); 538 skcipher_request_set_callback(skreq, flags, gcm_decrypt_done, req); 539 return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req); 540} 541 542static int crypto_gcm_decrypt(struct aead_request *req) 543{ 544 struct crypto_aead *aead = crypto_aead_reqtfm(req); 545 struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); 546 struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; 547 unsigned int authsize = crypto_aead_authsize(aead); 548 unsigned int cryptlen = req->cryptlen; 549 u32 flags = aead_request_flags(req); 550 551 cryptlen -= authsize; 552 553 crypto_gcm_init_common(req); 554 555 gctx->src = sg_next(pctx->src); 556 gctx->cryptlen = cryptlen; 557 gctx->complete = gcm_dec_hash_continue; 558 559 return gcm_hash(req, flags); 560} 561 562static int crypto_gcm_init_tfm(struct crypto_aead *tfm) 563{ 564 struct aead_instance *inst = aead_alg_instance(tfm); 565 struct gcm_instance_ctx *ictx = aead_instance_ctx(inst); 566 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 567 struct crypto_skcipher *ctr; 568 struct crypto_ahash *ghash; 569 unsigned long align; 570 int err; 571 572 ghash = crypto_spawn_ahash(&ictx->ghash); 573 if (IS_ERR(ghash)) 574 return PTR_ERR(ghash); 575 576 ctr = crypto_spawn_skcipher(&ictx->ctr); 577 err = PTR_ERR(ctr); 578 if (IS_ERR(ctr)) 579 goto err_free_hash; 580 581 ctx->ctr = ctr; 582 ctx->ghash = ghash; 583 584 align = crypto_aead_alignmask(tfm); 585 align &= ~(crypto_tfm_ctx_alignment() - 1); 586 crypto_aead_set_reqsize(tfm, 587 align + offsetof(struct crypto_gcm_req_priv_ctx, u) + 588 max(sizeof(struct skcipher_request) + 589 crypto_skcipher_reqsize(ctr), 590 sizeof(struct ahash_request) + 591 crypto_ahash_reqsize(ghash))); 592 593 return 0; 594 595err_free_hash: 596 crypto_free_ahash(ghash); 597 return err; 598} 599 600static void crypto_gcm_exit_tfm(struct crypto_aead *tfm) 601{ 602 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm); 603 604 crypto_free_ahash(ctx->ghash); 605 crypto_free_skcipher(ctx->ctr); 606} 607 608static void crypto_gcm_free(struct aead_instance *inst) 609{ 610 struct gcm_instance_ctx *ctx = aead_instance_ctx(inst); 611 612 crypto_drop_skcipher(&ctx->ctr); 613 crypto_drop_ahash(&ctx->ghash); 614 kfree(inst); 615} 616 617static int crypto_gcm_create_common(struct crypto_template *tmpl, 618 struct rtattr **tb, 619 const char *full_name, 620 const char *ctr_name, 621 const char *ghash_name) 622{ 623 struct crypto_attr_type *algt; 624 struct aead_instance *inst; 625 struct skcipher_alg *ctr; 626 struct crypto_alg *ghash_alg; 627 struct hash_alg_common *ghash; 628 struct gcm_instance_ctx *ctx; 629 int err; 630 631 algt = crypto_get_attr_type(tb); 632 if (IS_ERR(algt)) 633 return PTR_ERR(algt); 634 635 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 636 return -EINVAL; 637 638 ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type, 639 CRYPTO_ALG_TYPE_HASH, 640 CRYPTO_ALG_TYPE_AHASH_MASK | 641 crypto_requires_sync(algt->type, 642 algt->mask)); 643 if (IS_ERR(ghash_alg)) 644 return PTR_ERR(ghash_alg); 645 646 ghash = __crypto_hash_alg_common(ghash_alg); 647 648 err = -ENOMEM; 649 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 650 if (!inst) 651 goto out_put_ghash; 652 653 ctx = aead_instance_ctx(inst); 654 err = crypto_init_ahash_spawn(&ctx->ghash, ghash, 655 aead_crypto_instance(inst)); 656 if (err) 657 goto err_free_inst; 658 659 err = -EINVAL; 660 if (ghash->digestsize != 16) 661 goto err_drop_ghash; 662 663 crypto_set_skcipher_spawn(&ctx->ctr, aead_crypto_instance(inst)); 664 err = crypto_grab_skcipher(&ctx->ctr, ctr_name, 0, 665 crypto_requires_sync(algt->type, 666 algt->mask)); 667 if (err) 668 goto err_drop_ghash; 669 670 ctr = crypto_spawn_skcipher_alg(&ctx->ctr); 671 672 /* We only support 16-byte blocks. */ 673 err = -EINVAL; 674 if (crypto_skcipher_alg_ivsize(ctr) != 16) 675 goto out_put_ctr; 676 677 /* Not a stream cipher? */ 678 if (ctr->base.cra_blocksize != 1) 679 goto out_put_ctr; 680 681 err = -ENAMETOOLONG; 682 if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 683 "gcm_base(%s,%s)", ctr->base.cra_driver_name, 684 ghash_alg->cra_driver_name) >= 685 CRYPTO_MAX_ALG_NAME) 686 goto out_put_ctr; 687 688 memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME); 689 690 inst->alg.base.cra_flags = (ghash->base.cra_flags | 691 ctr->base.cra_flags) & CRYPTO_ALG_ASYNC; 692 inst->alg.base.cra_priority = (ghash->base.cra_priority + 693 ctr->base.cra_priority) / 2; 694 inst->alg.base.cra_blocksize = 1; 695 inst->alg.base.cra_alignmask = ghash->base.cra_alignmask | 696 ctr->base.cra_alignmask; 697 inst->alg.base.cra_ctxsize = sizeof(struct crypto_gcm_ctx); 698 inst->alg.ivsize = 12; 699 inst->alg.chunksize = crypto_skcipher_alg_chunksize(ctr); 700 inst->alg.maxauthsize = 16; 701 inst->alg.init = crypto_gcm_init_tfm; 702 inst->alg.exit = crypto_gcm_exit_tfm; 703 inst->alg.setkey = crypto_gcm_setkey; 704 inst->alg.setauthsize = crypto_gcm_setauthsize; 705 inst->alg.encrypt = crypto_gcm_encrypt; 706 inst->alg.decrypt = crypto_gcm_decrypt; 707 708 inst->free = crypto_gcm_free; 709 710 err = aead_register_instance(tmpl, inst); 711 if (err) 712 goto out_put_ctr; 713 714out_put_ghash: 715 crypto_mod_put(ghash_alg); 716 return err; 717 718out_put_ctr: 719 crypto_drop_skcipher(&ctx->ctr); 720err_drop_ghash: 721 crypto_drop_ahash(&ctx->ghash); 722err_free_inst: 723 kfree(inst); 724 goto out_put_ghash; 725} 726 727static int crypto_gcm_create(struct crypto_template *tmpl, struct rtattr **tb) 728{ 729 const char *cipher_name; 730 char ctr_name[CRYPTO_MAX_ALG_NAME]; 731 char full_name[CRYPTO_MAX_ALG_NAME]; 732 733 cipher_name = crypto_attr_alg_name(tb[1]); 734 if (IS_ERR(cipher_name)) 735 return PTR_ERR(cipher_name); 736 737 if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >= 738 CRYPTO_MAX_ALG_NAME) 739 return -ENAMETOOLONG; 740 741 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >= 742 CRYPTO_MAX_ALG_NAME) 743 return -ENAMETOOLONG; 744 745 return crypto_gcm_create_common(tmpl, tb, full_name, 746 ctr_name, "ghash"); 747} 748 749static struct crypto_template crypto_gcm_tmpl = { 750 .name = "gcm", 751 .create = crypto_gcm_create, 752 .module = THIS_MODULE, 753}; 754 755static int crypto_gcm_base_create(struct crypto_template *tmpl, 756 struct rtattr **tb) 757{ 758 const char *ctr_name; 759 const char *ghash_name; 760 char full_name[CRYPTO_MAX_ALG_NAME]; 761 762 ctr_name = crypto_attr_alg_name(tb[1]); 763 if (IS_ERR(ctr_name)) 764 return PTR_ERR(ctr_name); 765 766 ghash_name = crypto_attr_alg_name(tb[2]); 767 if (IS_ERR(ghash_name)) 768 return PTR_ERR(ghash_name); 769 770 if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)", 771 ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME) 772 return -ENAMETOOLONG; 773 774 return crypto_gcm_create_common(tmpl, tb, full_name, 775 ctr_name, ghash_name); 776} 777 778static struct crypto_template crypto_gcm_base_tmpl = { 779 .name = "gcm_base", 780 .create = crypto_gcm_base_create, 781 .module = THIS_MODULE, 782}; 783 784static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, 785 unsigned int keylen) 786{ 787 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 788 struct crypto_aead *child = ctx->child; 789 int err; 790 791 if (keylen < 4) 792 return -EINVAL; 793 794 keylen -= 4; 795 memcpy(ctx->nonce, key + keylen, 4); 796 797 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 798 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 799 CRYPTO_TFM_REQ_MASK); 800 err = crypto_aead_setkey(child, key, keylen); 801 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 802 CRYPTO_TFM_RES_MASK); 803 804 return err; 805} 806 807static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, 808 unsigned int authsize) 809{ 810 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); 811 812 switch (authsize) { 813 case 8: 814 case 12: 815 case 16: 816 break; 817 default: 818 return -EINVAL; 819 } 820 821 return crypto_aead_setauthsize(ctx->child, authsize); 822} 823 824static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) 825{ 826 struct crypto_rfc4106_req_ctx *rctx = aead_request_ctx(req); 827 struct crypto_aead *aead = crypto_aead_reqtfm(req); 828 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead); 829 struct aead_request *subreq = &rctx->subreq; 830 struct crypto_aead *child = ctx->child; 831 struct scatterlist *sg; 832 u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child), 833 crypto_aead_alignmask(child) + 1); 834 835 scatterwalk_map_and_copy(iv + 12, req->src, 0, req->assoclen - 8, 0); 836 837 memcpy(iv, ctx->nonce, 4); 838 memcpy(iv + 4, req->iv, 8); 839 840 sg_init_table(rctx->src, 3); 841 sg_set_buf(rctx->src, iv + 12, req->assoclen - 8); 842 sg = scatterwalk_ffwd(rctx->src + 1, req->src, req->assoclen); 843 if (sg != rctx->src + 1) 844 sg_chain(rctx->src, 2, sg); 845 846 if (req->src != req->dst) { 847 sg_init_table(rctx->dst, 3); 848 sg_set_buf(rctx->dst, iv + 12, req->assoclen - 8); 849 sg = scatterwalk_ffwd(rctx->dst + 1, req->dst, req->assoclen); 850 if (sg != rctx->dst + 1) 851 sg_chain(rctx->dst, 2, sg); 852 } 853 854 aead_request_set_tfm(subreq, child); 855 aead_request_set_callback(subreq, req->base.flags, req->base.complete, 856 req->base.data); 857 aead_request_set_crypt(subreq, rctx->src, 858 req->src == req->dst ? rctx->src : rctx->dst, 859 req->cryptlen, iv); 860 aead_request_set_ad(subreq, req->assoclen - 8); 861 862 return subreq; 863} 864 865static int crypto_rfc4106_encrypt(struct aead_request *req) 866{ 867 if (req->assoclen != 16 && req->assoclen != 20) 868 return -EINVAL; 869 870 req = crypto_rfc4106_crypt(req); 871 872 return crypto_aead_encrypt(req); 873} 874 875static int crypto_rfc4106_decrypt(struct aead_request *req) 876{ 877 if (req->assoclen != 16 && req->assoclen != 20) 878 return -EINVAL; 879 880 req = crypto_rfc4106_crypt(req); 881 882 return crypto_aead_decrypt(req); 883} 884 885static int crypto_rfc4106_init_tfm(struct crypto_aead *tfm) 886{ 887 struct aead_instance *inst = aead_alg_instance(tfm); 888 struct crypto_aead_spawn *spawn = aead_instance_ctx(inst); 889 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 890 struct crypto_aead *aead; 891 unsigned long align; 892 893 aead = crypto_spawn_aead(spawn); 894 if (IS_ERR(aead)) 895 return PTR_ERR(aead); 896 897 ctx->child = aead; 898 899 align = crypto_aead_alignmask(aead); 900 align &= ~(crypto_tfm_ctx_alignment() - 1); 901 crypto_aead_set_reqsize( 902 tfm, 903 sizeof(struct crypto_rfc4106_req_ctx) + 904 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 905 align + 24); 906 907 return 0; 908} 909 910static void crypto_rfc4106_exit_tfm(struct crypto_aead *tfm) 911{ 912 struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm); 913 914 crypto_free_aead(ctx->child); 915} 916 917static void crypto_rfc4106_free(struct aead_instance *inst) 918{ 919 crypto_drop_aead(aead_instance_ctx(inst)); 920 kfree(inst); 921} 922 923static int crypto_rfc4106_create(struct crypto_template *tmpl, 924 struct rtattr **tb) 925{ 926 struct crypto_attr_type *algt; 927 struct aead_instance *inst; 928 struct crypto_aead_spawn *spawn; 929 struct aead_alg *alg; 930 const char *ccm_name; 931 int err; 932 933 algt = crypto_get_attr_type(tb); 934 if (IS_ERR(algt)) 935 return PTR_ERR(algt); 936 937 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 938 return -EINVAL; 939 940 ccm_name = crypto_attr_alg_name(tb[1]); 941 if (IS_ERR(ccm_name)) 942 return PTR_ERR(ccm_name); 943 944 inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); 945 if (!inst) 946 return -ENOMEM; 947 948 spawn = aead_instance_ctx(inst); 949 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 950 err = crypto_grab_aead(spawn, ccm_name, 0, 951 crypto_requires_sync(algt->type, algt->mask)); 952 if (err) 953 goto out_free_inst; 954 955 alg = crypto_spawn_aead_alg(spawn); 956 957 err = -EINVAL; 958 959 /* Underlying IV size must be 12. */ 960 if (crypto_aead_alg_ivsize(alg) != 12) 961 goto out_drop_alg; 962 963 /* Not a stream cipher? */ 964 if (alg->base.cra_blocksize != 1) 965 goto out_drop_alg; 966 967 err = -ENAMETOOLONG; 968 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 969 "rfc4106(%s)", alg->base.cra_name) >= 970 CRYPTO_MAX_ALG_NAME || 971 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 972 "rfc4106(%s)", alg->base.cra_driver_name) >= 973 CRYPTO_MAX_ALG_NAME) 974 goto out_drop_alg; 975 976 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 977 inst->alg.base.cra_priority = alg->base.cra_priority; 978 inst->alg.base.cra_blocksize = 1; 979 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 980 981 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx); 982 983 inst->alg.ivsize = 8; 984 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 985 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 986 987 inst->alg.init = crypto_rfc4106_init_tfm; 988 inst->alg.exit = crypto_rfc4106_exit_tfm; 989 990 inst->alg.setkey = crypto_rfc4106_setkey; 991 inst->alg.setauthsize = crypto_rfc4106_setauthsize; 992 inst->alg.encrypt = crypto_rfc4106_encrypt; 993 inst->alg.decrypt = crypto_rfc4106_decrypt; 994 995 inst->free = crypto_rfc4106_free; 996 997 err = aead_register_instance(tmpl, inst); 998 if (err) 999 goto out_drop_alg; 1000 1001out: 1002 return err; 1003 1004out_drop_alg: 1005 crypto_drop_aead(spawn); 1006out_free_inst: 1007 kfree(inst); 1008 goto out; 1009} 1010 1011static struct crypto_template crypto_rfc4106_tmpl = { 1012 .name = "rfc4106", 1013 .create = crypto_rfc4106_create, 1014 .module = THIS_MODULE, 1015}; 1016 1017static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, 1018 unsigned int keylen) 1019{ 1020 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1021 struct crypto_aead *child = ctx->child; 1022 int err; 1023 1024 if (keylen < 4) 1025 return -EINVAL; 1026 1027 keylen -= 4; 1028 memcpy(ctx->nonce, key + keylen, 4); 1029 1030 crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK); 1031 crypto_aead_set_flags(child, crypto_aead_get_flags(parent) & 1032 CRYPTO_TFM_REQ_MASK); 1033 err = crypto_aead_setkey(child, key, keylen); 1034 crypto_aead_set_flags(parent, crypto_aead_get_flags(child) & 1035 CRYPTO_TFM_RES_MASK); 1036 1037 return err; 1038} 1039 1040static int crypto_rfc4543_setauthsize(struct crypto_aead *parent, 1041 unsigned int authsize) 1042{ 1043 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent); 1044 1045 if (authsize != 16) 1046 return -EINVAL; 1047 1048 return crypto_aead_setauthsize(ctx->child, authsize); 1049} 1050 1051static int crypto_rfc4543_crypt(struct aead_request *req, bool enc) 1052{ 1053 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1054 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1055 struct crypto_rfc4543_req_ctx *rctx = aead_request_ctx(req); 1056 struct aead_request *subreq = &rctx->subreq; 1057 unsigned int authsize = crypto_aead_authsize(aead); 1058 u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child), 1059 crypto_aead_alignmask(ctx->child) + 1); 1060 int err; 1061 1062 if (req->src != req->dst) { 1063 err = crypto_rfc4543_copy_src_to_dst(req, enc); 1064 if (err) 1065 return err; 1066 } 1067 1068 memcpy(iv, ctx->nonce, 4); 1069 memcpy(iv + 4, req->iv, 8); 1070 1071 aead_request_set_tfm(subreq, ctx->child); 1072 aead_request_set_callback(subreq, req->base.flags, 1073 req->base.complete, req->base.data); 1074 aead_request_set_crypt(subreq, req->src, req->dst, 1075 enc ? 0 : authsize, iv); 1076 aead_request_set_ad(subreq, req->assoclen + req->cryptlen - 1077 subreq->cryptlen); 1078 1079 return enc ? crypto_aead_encrypt(subreq) : crypto_aead_decrypt(subreq); 1080} 1081 1082static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc) 1083{ 1084 struct crypto_aead *aead = crypto_aead_reqtfm(req); 1085 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead); 1086 unsigned int authsize = crypto_aead_authsize(aead); 1087 unsigned int nbytes = req->assoclen + req->cryptlen - 1088 (enc ? 0 : authsize); 1089 SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null); 1090 1091 skcipher_request_set_tfm(nreq, ctx->null); 1092 skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL); 1093 skcipher_request_set_crypt(nreq, req->src, req->dst, nbytes, NULL); 1094 1095 return crypto_skcipher_encrypt(nreq); 1096} 1097 1098static int crypto_rfc4543_encrypt(struct aead_request *req) 1099{ 1100 return crypto_rfc4543_crypt(req, true); 1101} 1102 1103static int crypto_rfc4543_decrypt(struct aead_request *req) 1104{ 1105 return crypto_rfc4543_crypt(req, false); 1106} 1107 1108static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm) 1109{ 1110 struct aead_instance *inst = aead_alg_instance(tfm); 1111 struct crypto_rfc4543_instance_ctx *ictx = aead_instance_ctx(inst); 1112 struct crypto_aead_spawn *spawn = &ictx->aead; 1113 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1114 struct crypto_aead *aead; 1115 struct crypto_skcipher *null; 1116 unsigned long align; 1117 int err = 0; 1118 1119 aead = crypto_spawn_aead(spawn); 1120 if (IS_ERR(aead)) 1121 return PTR_ERR(aead); 1122 1123 null = crypto_get_default_null_skcipher2(); 1124 err = PTR_ERR(null); 1125 if (IS_ERR(null)) 1126 goto err_free_aead; 1127 1128 ctx->child = aead; 1129 ctx->null = null; 1130 1131 align = crypto_aead_alignmask(aead); 1132 align &= ~(crypto_tfm_ctx_alignment() - 1); 1133 crypto_aead_set_reqsize( 1134 tfm, 1135 sizeof(struct crypto_rfc4543_req_ctx) + 1136 ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) + 1137 align + 12); 1138 1139 return 0; 1140 1141err_free_aead: 1142 crypto_free_aead(aead); 1143 return err; 1144} 1145 1146static void crypto_rfc4543_exit_tfm(struct crypto_aead *tfm) 1147{ 1148 struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm); 1149 1150 crypto_free_aead(ctx->child); 1151 crypto_put_default_null_skcipher2(); 1152} 1153 1154static void crypto_rfc4543_free(struct aead_instance *inst) 1155{ 1156 struct crypto_rfc4543_instance_ctx *ctx = aead_instance_ctx(inst); 1157 1158 crypto_drop_aead(&ctx->aead); 1159 1160 kfree(inst); 1161} 1162 1163static int crypto_rfc4543_create(struct crypto_template *tmpl, 1164 struct rtattr **tb) 1165{ 1166 struct crypto_attr_type *algt; 1167 struct aead_instance *inst; 1168 struct crypto_aead_spawn *spawn; 1169 struct aead_alg *alg; 1170 struct crypto_rfc4543_instance_ctx *ctx; 1171 const char *ccm_name; 1172 int err; 1173 1174 algt = crypto_get_attr_type(tb); 1175 if (IS_ERR(algt)) 1176 return PTR_ERR(algt); 1177 1178 if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask) 1179 return -EINVAL; 1180 1181 ccm_name = crypto_attr_alg_name(tb[1]); 1182 if (IS_ERR(ccm_name)) 1183 return PTR_ERR(ccm_name); 1184 1185 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); 1186 if (!inst) 1187 return -ENOMEM; 1188 1189 ctx = aead_instance_ctx(inst); 1190 spawn = &ctx->aead; 1191 crypto_set_aead_spawn(spawn, aead_crypto_instance(inst)); 1192 err = crypto_grab_aead(spawn, ccm_name, 0, 1193 crypto_requires_sync(algt->type, algt->mask)); 1194 if (err) 1195 goto out_free_inst; 1196 1197 alg = crypto_spawn_aead_alg(spawn); 1198 1199 err = -EINVAL; 1200 1201 /* Underlying IV size must be 12. */ 1202 if (crypto_aead_alg_ivsize(alg) != 12) 1203 goto out_drop_alg; 1204 1205 /* Not a stream cipher? */ 1206 if (alg->base.cra_blocksize != 1) 1207 goto out_drop_alg; 1208 1209 err = -ENAMETOOLONG; 1210 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, 1211 "rfc4543(%s)", alg->base.cra_name) >= 1212 CRYPTO_MAX_ALG_NAME || 1213 snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, 1214 "rfc4543(%s)", alg->base.cra_driver_name) >= 1215 CRYPTO_MAX_ALG_NAME) 1216 goto out_drop_alg; 1217 1218 inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC; 1219 inst->alg.base.cra_priority = alg->base.cra_priority; 1220 inst->alg.base.cra_blocksize = 1; 1221 inst->alg.base.cra_alignmask = alg->base.cra_alignmask; 1222 1223 inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx); 1224 1225 inst->alg.ivsize = 8; 1226 inst->alg.chunksize = crypto_aead_alg_chunksize(alg); 1227 inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg); 1228 1229 inst->alg.init = crypto_rfc4543_init_tfm; 1230 inst->alg.exit = crypto_rfc4543_exit_tfm; 1231 1232 inst->alg.setkey = crypto_rfc4543_setkey; 1233 inst->alg.setauthsize = crypto_rfc4543_setauthsize; 1234 inst->alg.encrypt = crypto_rfc4543_encrypt; 1235 inst->alg.decrypt = crypto_rfc4543_decrypt; 1236 1237 inst->free = crypto_rfc4543_free, 1238 1239 err = aead_register_instance(tmpl, inst); 1240 if (err) 1241 goto out_drop_alg; 1242 1243out: 1244 return err; 1245 1246out_drop_alg: 1247 crypto_drop_aead(spawn); 1248out_free_inst: 1249 kfree(inst); 1250 goto out; 1251} 1252 1253static struct crypto_template crypto_rfc4543_tmpl = { 1254 .name = "rfc4543", 1255 .create = crypto_rfc4543_create, 1256 .module = THIS_MODULE, 1257}; 1258 1259static int __init crypto_gcm_module_init(void) 1260{ 1261 int err; 1262 1263 gcm_zeroes = kzalloc(sizeof(*gcm_zeroes), GFP_KERNEL); 1264 if (!gcm_zeroes) 1265 return -ENOMEM; 1266 1267 sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf)); 1268 1269 err = crypto_register_template(&crypto_gcm_base_tmpl); 1270 if (err) 1271 goto out; 1272 1273 err = crypto_register_template(&crypto_gcm_tmpl); 1274 if (err) 1275 goto out_undo_base; 1276 1277 err = crypto_register_template(&crypto_rfc4106_tmpl); 1278 if (err) 1279 goto out_undo_gcm; 1280 1281 err = crypto_register_template(&crypto_rfc4543_tmpl); 1282 if (err) 1283 goto out_undo_rfc4106; 1284 1285 return 0; 1286 1287out_undo_rfc4106: 1288 crypto_unregister_template(&crypto_rfc4106_tmpl); 1289out_undo_gcm: 1290 crypto_unregister_template(&crypto_gcm_tmpl); 1291out_undo_base: 1292 crypto_unregister_template(&crypto_gcm_base_tmpl); 1293out: 1294 kfree(gcm_zeroes); 1295 return err; 1296} 1297 1298static void __exit crypto_gcm_module_exit(void) 1299{ 1300 kfree(gcm_zeroes); 1301 crypto_unregister_template(&crypto_rfc4543_tmpl); 1302 crypto_unregister_template(&crypto_rfc4106_tmpl); 1303 crypto_unregister_template(&crypto_gcm_tmpl); 1304 crypto_unregister_template(&crypto_gcm_base_tmpl); 1305} 1306 1307module_init(crypto_gcm_module_init); 1308module_exit(crypto_gcm_module_exit); 1309 1310MODULE_LICENSE("GPL"); 1311MODULE_DESCRIPTION("Galois/Counter Mode"); 1312MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>"); 1313MODULE_ALIAS_CRYPTO("gcm_base"); 1314MODULE_ALIAS_CRYPTO("rfc4106"); 1315MODULE_ALIAS_CRYPTO("rfc4543"); 1316MODULE_ALIAS_CRYPTO("gcm");