[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
/*
|
|
|
|
* Authenc: Simple AEAD wrapper for IPsec
|
|
|
|
*
|
2015-07-30 12:53:16 +03:00
|
|
|
* Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
|
|
* any later version.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2015-05-11 12:47:41 +03:00
|
|
|
#include <crypto/internal/aead.h>
|
2008-08-31 16:21:09 +04:00
|
|
|
#include <crypto/internal/hash.h>
|
2007-12-17 15:12:49 +03:00
|
|
|
#include <crypto/internal/skcipher.h>
|
2007-11-22 18:11:53 +03:00
|
|
|
#include <crypto/authenc.h>
|
2015-07-30 12:53:16 +03:00
|
|
|
#include <crypto/null.h>
|
2007-12-07 13:52:49 +03:00
|
|
|
#include <crypto/scatterwalk.h>
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
#include <linux/err.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
2007-11-22 18:11:53 +03:00
|
|
|
#include <linux/rtnetlink.h>
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
|
|
|
|
struct authenc_instance_ctx {
|
2009-08-05 13:35:34 +04:00
|
|
|
struct crypto_ahash_spawn auth;
|
2007-12-17 15:12:49 +03:00
|
|
|
struct crypto_skcipher_spawn enc;
|
2015-07-30 12:53:16 +03:00
|
|
|
unsigned int reqoff;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
struct crypto_authenc_ctx {
|
2009-08-05 13:35:34 +04:00
|
|
|
struct crypto_ahash *auth;
|
2016-07-12 08:17:34 +03:00
|
|
|
struct crypto_skcipher *enc;
|
2018-09-19 05:10:51 +03:00
|
|
|
struct crypto_sync_skcipher *null;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
};
|
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
struct authenc_request_ctx {
|
2015-07-30 12:53:16 +03:00
|
|
|
struct scatterlist src[2];
|
|
|
|
struct scatterlist dst[2];
|
2009-08-05 13:35:34 +04:00
|
|
|
char tail[];
|
|
|
|
};
|
|
|
|
|
2010-04-26 05:14:05 +04:00
|
|
|
static void authenc_request_complete(struct aead_request *req, int err)
|
|
|
|
{
|
|
|
|
if (err != -EINPROGRESS)
|
|
|
|
aead_request_complete(req, err);
|
|
|
|
}
|
|
|
|
|
2013-10-15 15:49:30 +04:00
|
|
|
int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
|
|
|
|
unsigned int keylen)
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
{
|
2013-10-15 15:49:30 +04:00
|
|
|
struct rtattr *rta = (struct rtattr *)key;
|
2007-11-22 18:11:53 +03:00
|
|
|
struct crypto_authenc_key_param *param;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2007-12-10 05:55:21 +03:00
|
|
|
if (!RTA_OK(rta, keylen))
|
2013-10-15 15:49:30 +04:00
|
|
|
return -EINVAL;
|
2007-11-22 18:11:53 +03:00
|
|
|
if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
|
2013-10-15 15:49:30 +04:00
|
|
|
return -EINVAL;
|
2007-11-22 18:11:53 +03:00
|
|
|
if (RTA_PAYLOAD(rta) < sizeof(*param))
|
2013-10-15 15:49:30 +04:00
|
|
|
return -EINVAL;
|
2007-11-22 18:11:53 +03:00
|
|
|
|
|
|
|
param = RTA_DATA(rta);
|
2013-10-15 15:49:30 +04:00
|
|
|
keys->enckeylen = be32_to_cpu(param->enckeylen);
|
2007-11-22 18:11:53 +03:00
|
|
|
|
|
|
|
key += RTA_ALIGN(rta->rta_len);
|
|
|
|
keylen -= RTA_ALIGN(rta->rta_len);
|
|
|
|
|
2013-10-15 15:49:30 +04:00
|
|
|
if (keylen < keys->enckeylen)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
keys->authkeylen = keylen - keys->enckeylen;
|
|
|
|
keys->authkey = key;
|
|
|
|
keys->enckey = key + keys->authkeylen;
|
2007-11-22 18:11:53 +03:00
|
|
|
|
2013-10-15 15:49:30 +04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(crypto_authenc_extractkeys);
|
|
|
|
|
|
|
|
static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key,
|
|
|
|
unsigned int keylen)
|
|
|
|
{
|
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
|
|
|
struct crypto_ahash *auth = ctx->auth;
|
2016-07-12 08:17:34 +03:00
|
|
|
struct crypto_skcipher *enc = ctx->enc;
|
2013-10-15 15:49:30 +04:00
|
|
|
struct crypto_authenc_keys keys;
|
|
|
|
int err = -EINVAL;
|
|
|
|
|
|
|
|
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
|
|
|
|
goto badkey;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
|
|
|
|
crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) &
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
CRYPTO_TFM_REQ_MASK);
|
2013-10-15 15:49:30 +04:00
|
|
|
err = crypto_ahash_setkey(auth, keys.authkey, keys.authkeylen);
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_aead_set_flags(authenc, crypto_ahash_get_flags(auth) &
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
CRYPTO_TFM_RES_MASK);
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
goto out;
|
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
crypto_skcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK);
|
|
|
|
crypto_skcipher_set_flags(enc, crypto_aead_get_flags(authenc) &
|
|
|
|
CRYPTO_TFM_REQ_MASK);
|
|
|
|
err = crypto_skcipher_setkey(enc, keys.enckey, keys.enckeylen);
|
|
|
|
crypto_aead_set_flags(authenc, crypto_skcipher_get_flags(enc) &
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
CRYPTO_TFM_RES_MASK);
|
|
|
|
|
|
|
|
out:
|
2018-04-03 09:39:00 +03:00
|
|
|
memzero_explicit(&keys, sizeof(keys));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
return err;
|
2007-11-22 18:11:53 +03:00
|
|
|
|
|
|
|
badkey:
|
|
|
|
crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
|
|
|
goto out;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err)
|
|
|
|
{
|
|
|
|
struct aead_request *req = areq->data;
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst = aead_alg_instance(authenc);
|
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
2009-08-05 13:35:34 +04:00
|
|
|
struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
|
2009-08-05 13:35:34 +04:00
|
|
|
|
|
|
|
if (err)
|
|
|
|
goto out;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
scatterwalk_map_and_copy(ahreq->result, req->dst,
|
|
|
|
req->assoclen + req->cryptlen,
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_aead_authsize(authenc), 1);
|
|
|
|
|
|
|
|
out:
|
|
|
|
aead_request_complete(req, err);
|
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static int crypto_authenc_genicv(struct aead_request *req, unsigned int flags)
|
2009-08-05 13:35:34 +04:00
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst = aead_alg_instance(authenc);
|
2009-08-05 13:35:34 +04:00
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
2009-08-05 13:35:34 +04:00
|
|
|
struct crypto_ahash *auth = ctx->auth;
|
|
|
|
struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
|
2009-08-05 13:35:34 +04:00
|
|
|
u8 *hash = areq_ctx->tail;
|
|
|
|
int err;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth),
|
|
|
|
crypto_ahash_alignmask(auth) + 1);
|
|
|
|
|
|
|
|
ahash_request_set_tfm(ahreq, auth);
|
2015-07-30 12:53:16 +03:00
|
|
|
ahash_request_set_crypt(ahreq, req->dst, hash,
|
|
|
|
req->assoclen + req->cryptlen);
|
|
|
|
ahash_request_set_callback(ahreq, flags,
|
|
|
|
authenc_geniv_ahash_done, req);
|
2009-08-05 13:35:34 +04:00
|
|
|
|
|
|
|
err = crypto_ahash_digest(ahreq);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (err)
|
2015-07-30 12:53:16 +03:00
|
|
|
return err;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
scatterwalk_map_and_copy(hash, req->dst, req->assoclen + req->cryptlen,
|
2007-12-02 10:49:21 +03:00
|
|
|
crypto_aead_authsize(authenc), 1);
|
2015-07-30 12:53:16 +03:00
|
|
|
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
|
|
|
|
int err)
|
|
|
|
{
|
2008-08-22 19:04:06 +04:00
|
|
|
struct aead_request *areq = req->data;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
if (err)
|
|
|
|
goto out;
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
err = crypto_authenc_genicv(areq, 0);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
out:
|
2010-04-26 05:14:05 +04:00
|
|
|
authenc_request_complete(areq, err);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static int crypto_authenc_copy_assoc(struct aead_request *req)
|
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
2018-09-19 05:10:51 +03:00
|
|
|
SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
|
2015-07-30 12:53:16 +03:00
|
|
|
|
2018-09-19 05:10:51 +03:00
|
|
|
skcipher_request_set_sync_tfm(skreq, ctx->null);
|
2016-07-12 08:17:34 +03:00
|
|
|
skcipher_request_set_callback(skreq, aead_request_flags(req),
|
|
|
|
NULL, NULL);
|
|
|
|
skcipher_request_set_crypt(skreq, req->src, req->dst, req->assoclen,
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
return crypto_skcipher_encrypt(skreq);
|
2015-07-30 12:53:16 +03:00
|
|
|
}
|
|
|
|
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
static int crypto_authenc_encrypt(struct aead_request *req)
|
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst = aead_alg_instance(authenc);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
2010-03-03 17:41:08 +03:00
|
|
|
struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
|
2016-07-12 08:17:34 +03:00
|
|
|
struct crypto_skcipher *enc = ctx->enc;
|
2007-12-10 11:20:24 +03:00
|
|
|
unsigned int cryptlen = req->cryptlen;
|
2016-07-12 08:17:34 +03:00
|
|
|
struct skcipher_request *skreq = (void *)(areq_ctx->tail +
|
|
|
|
ictx->reqoff);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct scatterlist *src, *dst;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
int err;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen);
|
|
|
|
dst = src;
|
|
|
|
|
|
|
|
if (req->src != req->dst) {
|
|
|
|
err = crypto_authenc_copy_assoc(req);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
|
|
|
|
}
|
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
skcipher_request_set_tfm(skreq, enc);
|
|
|
|
skcipher_request_set_callback(skreq, aead_request_flags(req),
|
|
|
|
crypto_authenc_encrypt_done, req);
|
|
|
|
skcipher_request_set_crypt(skreq, src, dst, cryptlen, req->iv);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
err = crypto_skcipher_encrypt(skreq);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
return crypto_authenc_genicv(req, aead_request_flags(req));
|
2007-12-10 11:20:24 +03:00
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static int crypto_authenc_decrypt_tail(struct aead_request *req,
|
|
|
|
unsigned int flags)
|
2007-12-10 11:20:24 +03:00
|
|
|
{
|
2015-07-30 12:53:16 +03:00
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
|
|
|
struct aead_instance *inst = aead_alg_instance(authenc);
|
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
|
|
|
struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
|
|
|
|
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
|
2016-07-12 08:17:34 +03:00
|
|
|
struct skcipher_request *skreq = (void *)(areq_ctx->tail +
|
|
|
|
ictx->reqoff);
|
2015-07-30 12:53:16 +03:00
|
|
|
unsigned int authsize = crypto_aead_authsize(authenc);
|
|
|
|
u8 *ihash = ahreq->result + authsize;
|
|
|
|
struct scatterlist *src, *dst;
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
if (crypto_memneq(ihash, ahreq->result, authsize))
|
|
|
|
return -EBADMSG;
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen);
|
|
|
|
dst = src;
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2016-06-28 21:54:43 +03:00
|
|
|
if (req->src != req->dst)
|
2015-07-30 12:53:16 +03:00
|
|
|
dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
skcipher_request_set_tfm(skreq, ctx->enc);
|
|
|
|
skcipher_request_set_callback(skreq, aead_request_flags(req),
|
|
|
|
req->base.complete, req->base.data);
|
|
|
|
skcipher_request_set_crypt(skreq, src, dst,
|
|
|
|
req->cryptlen - authsize, req->iv);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
return crypto_skcipher_decrypt(skreq);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static void authenc_verify_ahash_done(struct crypto_async_request *areq,
|
|
|
|
int err)
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
{
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_request *req = areq->data;
|
2009-08-05 13:35:34 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
if (err)
|
|
|
|
goto out;
|
2007-12-10 11:20:24 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
err = crypto_authenc_decrypt_tail(req, 0);
|
2009-08-05 13:35:34 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
out:
|
|
|
|
authenc_request_complete(req, err);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static int crypto_authenc_decrypt(struct aead_request *req)
|
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2007-12-04 12:04:21 +03:00
|
|
|
unsigned int authsize = crypto_aead_authsize(authenc);
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst = aead_alg_instance(authenc);
|
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
|
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
|
|
|
struct crypto_ahash *auth = ctx->auth;
|
|
|
|
struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
|
|
|
|
struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
|
|
|
|
u8 *hash = areq_ctx->tail;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
int err;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth),
|
|
|
|
crypto_ahash_alignmask(auth) + 1);
|
2007-12-04 12:04:21 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
ahash_request_set_tfm(ahreq, auth);
|
|
|
|
ahash_request_set_crypt(ahreq, req->src, hash,
|
|
|
|
req->assoclen + req->cryptlen - authsize);
|
|
|
|
ahash_request_set_callback(ahreq, aead_request_flags(req),
|
|
|
|
authenc_verify_ahash_done, req);
|
|
|
|
|
|
|
|
err = crypto_ahash_digest(ahreq);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
return crypto_authenc_decrypt_tail(req, aead_request_flags(req));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static int crypto_authenc_init_tfm(struct crypto_aead *tfm)
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
{
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst = aead_alg_instance(tfm);
|
|
|
|
struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
|
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(tfm);
|
2009-08-05 13:35:34 +04:00
|
|
|
struct crypto_ahash *auth;
|
2016-07-12 08:17:34 +03:00
|
|
|
struct crypto_skcipher *enc;
|
2018-09-19 05:10:51 +03:00
|
|
|
struct crypto_sync_skcipher *null;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
int err;
|
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
auth = crypto_spawn_ahash(&ictx->auth);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (IS_ERR(auth))
|
|
|
|
return PTR_ERR(auth);
|
|
|
|
|
2016-10-28 19:52:19 +03:00
|
|
|
enc = crypto_spawn_skcipher(&ictx->enc);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
err = PTR_ERR(enc);
|
|
|
|
if (IS_ERR(enc))
|
2009-08-05 13:35:34 +04:00
|
|
|
goto err_free_ahash;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2017-12-07 21:56:34 +03:00
|
|
|
null = crypto_get_default_null_skcipher();
|
2015-07-30 12:53:16 +03:00
|
|
|
err = PTR_ERR(null);
|
|
|
|
if (IS_ERR(null))
|
|
|
|
goto err_free_skcipher;
|
|
|
|
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
ctx->auth = auth;
|
|
|
|
ctx->enc = enc;
|
2015-07-30 12:53:16 +03:00
|
|
|
ctx->null = null;
|
2010-02-16 15:27:20 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
crypto_aead_set_reqsize(
|
|
|
|
tfm,
|
2015-05-11 12:47:53 +03:00
|
|
|
sizeof(struct authenc_request_ctx) +
|
2015-07-30 12:53:16 +03:00
|
|
|
ictx->reqoff +
|
2015-05-11 12:47:53 +03:00
|
|
|
max_t(unsigned int,
|
2015-07-30 12:53:16 +03:00
|
|
|
crypto_ahash_reqsize(auth) +
|
|
|
|
sizeof(struct ahash_request),
|
2016-07-12 08:17:34 +03:00
|
|
|
sizeof(struct skcipher_request) +
|
|
|
|
crypto_skcipher_reqsize(enc)));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
err_free_skcipher:
|
2016-07-12 08:17:34 +03:00
|
|
|
crypto_free_skcipher(enc);
|
2009-08-05 13:35:34 +04:00
|
|
|
err_free_ahash:
|
|
|
|
crypto_free_ahash(auth);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static void crypto_authenc_exit_tfm(struct crypto_aead *tfm)
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
{
|
2015-07-30 12:53:16 +03:00
|
|
|
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(tfm);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_free_ahash(ctx->auth);
|
2016-07-12 08:17:34 +03:00
|
|
|
crypto_free_skcipher(ctx->enc);
|
2017-12-07 21:56:34 +03:00
|
|
|
crypto_put_default_null_skcipher();
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
}
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
static void crypto_authenc_free(struct aead_instance *inst)
|
|
|
|
{
|
|
|
|
struct authenc_instance_ctx *ctx = aead_instance_ctx(inst);
|
|
|
|
|
|
|
|
crypto_drop_skcipher(&ctx->enc);
|
|
|
|
crypto_drop_ahash(&ctx->auth);
|
|
|
|
kfree(inst);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypto_authenc_create(struct crypto_template *tmpl,
|
|
|
|
struct rtattr **tb)
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
{
|
2007-12-17 15:12:49 +03:00
|
|
|
struct crypto_attr_type *algt;
|
2015-07-30 12:53:16 +03:00
|
|
|
struct aead_instance *inst;
|
2009-08-05 13:35:34 +04:00
|
|
|
struct hash_alg_common *auth;
|
|
|
|
struct crypto_alg *auth_base;
|
2016-07-12 08:17:34 +03:00
|
|
|
struct skcipher_alg *enc;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
struct authenc_instance_ctx *ctx;
|
2007-12-17 15:12:49 +03:00
|
|
|
const char *enc_name;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
int err;
|
|
|
|
|
2007-12-17 15:12:49 +03:00
|
|
|
algt = crypto_get_attr_type(tb);
|
|
|
|
if (IS_ERR(algt))
|
2015-07-30 12:53:16 +03:00
|
|
|
return PTR_ERR(algt);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-08-13 12:29:06 +03:00
|
|
|
if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
|
2015-07-30 12:53:16 +03:00
|
|
|
return -EINVAL;
|
2007-12-17 15:12:49 +03:00
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
auth = ahash_attr_alg(tb[1], CRYPTO_ALG_TYPE_HASH,
|
2016-06-29 13:03:46 +03:00
|
|
|
CRYPTO_ALG_TYPE_AHASH_MASK |
|
|
|
|
crypto_requires_sync(algt->type, algt->mask));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (IS_ERR(auth))
|
2015-07-30 12:53:16 +03:00
|
|
|
return PTR_ERR(auth);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2009-08-05 13:35:34 +04:00
|
|
|
auth_base = &auth->base;
|
|
|
|
|
2007-12-17 15:12:49 +03:00
|
|
|
enc_name = crypto_attr_alg_name(tb[2]);
|
|
|
|
err = PTR_ERR(enc_name);
|
|
|
|
if (IS_ERR(enc_name))
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
goto out_put_auth;
|
|
|
|
|
|
|
|
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
|
|
|
|
err = -ENOMEM;
|
|
|
|
if (!inst)
|
2007-12-17 15:12:49 +03:00
|
|
|
goto out_put_auth;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
ctx = aead_instance_ctx(inst);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
err = crypto_init_ahash_spawn(&ctx->auth, auth,
|
|
|
|
aead_crypto_instance(inst));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (err)
|
|
|
|
goto err_free_inst;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
crypto_set_skcipher_spawn(&ctx->enc, aead_crypto_instance(inst));
|
2016-10-28 19:51:13 +03:00
|
|
|
err = crypto_grab_skcipher(&ctx->enc, enc_name, 0,
|
|
|
|
crypto_requires_sync(algt->type,
|
|
|
|
algt->mask));
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
if (err)
|
|
|
|
goto err_drop_auth;
|
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
enc = crypto_spawn_skcipher_alg(&ctx->enc);
|
2007-12-17 15:12:49 +03:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
ctx->reqoff = ALIGN(2 * auth->digestsize + auth_base->cra_alignmask,
|
|
|
|
auth_base->cra_alignmask + 1);
|
|
|
|
|
2007-12-17 15:12:49 +03:00
|
|
|
err = -ENAMETOOLONG;
|
2015-07-30 12:53:16 +03:00
|
|
|
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
|
2016-07-12 08:17:34 +03:00
|
|
|
"authenc(%s,%s)", auth_base->cra_name,
|
|
|
|
enc->base.cra_name) >=
|
2007-12-17 15:12:49 +03:00
|
|
|
CRYPTO_MAX_ALG_NAME)
|
|
|
|
goto err_drop_enc;
|
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
|
2009-08-05 13:35:34 +04:00
|
|
|
"authenc(%s,%s)", auth_base->cra_driver_name,
|
2016-07-12 08:17:34 +03:00
|
|
|
enc->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
|
2007-12-17 15:12:49 +03:00
|
|
|
goto err_drop_enc;
|
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
inst->alg.base.cra_flags = (auth_base->cra_flags |
|
|
|
|
enc->base.cra_flags) & CRYPTO_ALG_ASYNC;
|
|
|
|
inst->alg.base.cra_priority = enc->base.cra_priority * 10 +
|
2015-07-30 12:53:16 +03:00
|
|
|
auth_base->cra_priority;
|
2016-07-12 08:17:34 +03:00
|
|
|
inst->alg.base.cra_blocksize = enc->base.cra_blocksize;
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->alg.base.cra_alignmask = auth_base->cra_alignmask |
|
2016-07-12 08:17:34 +03:00
|
|
|
enc->base.cra_alignmask;
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->alg.base.cra_ctxsize = sizeof(struct crypto_authenc_ctx);
|
|
|
|
|
2016-07-12 08:17:34 +03:00
|
|
|
inst->alg.ivsize = crypto_skcipher_alg_ivsize(enc);
|
|
|
|
inst->alg.chunksize = crypto_skcipher_alg_chunksize(enc);
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->alg.maxauthsize = auth->digestsize;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->alg.init = crypto_authenc_init_tfm;
|
|
|
|
inst->alg.exit = crypto_authenc_exit_tfm;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->alg.setkey = crypto_authenc_setkey;
|
|
|
|
inst->alg.encrypt = crypto_authenc_encrypt;
|
|
|
|
inst->alg.decrypt = crypto_authenc_decrypt;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
inst->free = crypto_authenc_free;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2015-07-30 12:53:16 +03:00
|
|
|
err = aead_register_instance(tmpl, inst);
|
|
|
|
if (err)
|
|
|
|
goto err_drop_enc;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
|
|
|
out:
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_mod_put(auth_base);
|
2015-07-30 12:53:16 +03:00
|
|
|
return err;
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
|
2007-12-17 15:12:49 +03:00
|
|
|
err_drop_enc:
|
|
|
|
crypto_drop_skcipher(&ctx->enc);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
err_drop_auth:
|
2009-08-05 13:35:34 +04:00
|
|
|
crypto_drop_ahash(&ctx->auth);
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
err_free_inst:
|
|
|
|
kfree(inst);
|
2007-12-17 15:12:49 +03:00
|
|
|
out_put_auth:
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct crypto_template crypto_authenc_tmpl = {
|
|
|
|
.name = "authenc",
|
2015-07-30 12:53:16 +03:00
|
|
|
.create = crypto_authenc_create,
|
[CRYPTO] aead: Add authenc
This patch adds the authenc algorithm which constructs an AEAD algorithm
from an asynchronous block cipher and a hash. The construction is done
by concatenating the encrypted result from the cipher with the output
from the hash, as is used by the IPsec ESP protocol.
The authenc algorithm exists as a template with four parameters:
authenc(auth, authsize, enc, enckeylen).
The authentication algorithm, the authentication size (i.e., truncating
the output of the authentication algorithm), the encryption algorithm,
and the encryption key length. Both the size field and the key length
field are in bytes. For example, AES-128 with SHA1-HMAC would be
represented by
authenc(hmac(sha1), 12, cbc(aes), 16)
The key for the authenc algorithm is the concatenation of the keys for
the authentication algorithm with the encryption algorithm. For the
above example, if a key of length 36 bytes is given, then hmac(sha1)
would receive the first 20 bytes while the last 16 would be given to
cbc(aes).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2007-08-30 12:24:15 +04:00
|
|
|
.module = THIS_MODULE,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int __init crypto_authenc_module_init(void)
|
|
|
|
{
|
|
|
|
return crypto_register_template(&crypto_authenc_tmpl);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit crypto_authenc_module_exit(void)
|
|
|
|
{
|
|
|
|
crypto_unregister_template(&crypto_authenc_tmpl);
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(crypto_authenc_module_init);
|
|
|
|
module_exit(crypto_authenc_module_exit);
|
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");
|
2014-11-25 03:32:38 +03:00
|
|
|
MODULE_ALIAS_CRYPTO("authenc");
|