^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0-or-later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * AEAD: Authenticated Encryption with Associated Data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #ifndef _CRYPTO_AEAD_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #define _CRYPTO_AEAD_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * The AEAD cipher API is used with the ciphers of type CRYPTO_ALG_TYPE_AEAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * (listed as type "aead" in /proc/crypto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * The most prominent examples for this type of encryption is GCM and CCM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * However, the kernel supports other types of AEAD ciphers which are defined
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * with the following cipher string:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * authenc(keyed message digest, block cipher)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) * For example: authenc(hmac(sha256), cbc(aes))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) * The example code provided for the symmetric key cipher operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) * applies here as well. Naturally all *skcipher* symbols must be exchanged
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) * the *aead* pendants discussed in the following. In addition, for the AEAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) * operation, the aead_request_set_ad function must be used to set the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) * pointer to the associated data memory location before performing the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) * encryption or decryption operation. In case of an encryption, the associated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * data memory is filled during the encryption operation. For decryption, the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) * associated data memory must contain data that is used to verify the integrity
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) * of the decrypted data. Another deviation from the asynchronous block cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) * operation is that the caller should explicitly check for -EBADMSG of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) * crypto_aead_decrypt. That error indicates an authentication error, i.e.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) * a breach in the integrity of the message. In essence, that -EBADMSG error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) * code is the key bonus an AEAD cipher has over "standard" block chaining
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) * modes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) * Memory Structure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * The source scatterlist must contain the concatenation of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * associated data || plaintext or ciphertext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) * The destination scatterlist has the same layout, except that the plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) * (resp. ciphertext) will grow (resp. shrink) by the authentication tag size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) * during encryption (resp. decryption).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) * In-place encryption/decryption is enabled by using the same scatterlist
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) * pointer for both the source and destination.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) * Even in the out-of-place case, space must be reserved in the destination for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) * the associated data, even though it won't be written to. This makes the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) * in-place and out-of-place cases more consistent. It is permissible for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) * "destination" associated data to alias the "source" associated data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) * As with the other scatterlist crypto APIs, zero-length scatterlist elements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) * are not allowed in the used part of the scatterlist. Thus, if there is no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) * associated data, the first element must point to the plaintext/ciphertext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) * To meet the needs of IPsec, a special quirk applies to rfc4106, rfc4309,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) * rfc4543, and rfc7539esp ciphers. For these ciphers, the final 'ivsize' bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) * of the associated data buffer must contain a second copy of the IV. This is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) * in addition to the copy passed to aead_request_set_crypt(). These two IV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) * copies must not differ; different implementations of the same algorithm may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) * behave differently in that case. Note that the algorithm might not actually
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) * treat the IV as associated data; nevertheless the length passed to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) * aead_request_set_ad() must include it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) struct crypto_aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * struct aead_request - AEAD request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * @base: Common attributes for async crypto requests
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * @assoclen: Length in bytes of associated data for authentication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) * @cryptlen: Length of data to be encrypted or decrypted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) * @iv: Initialisation vector
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) * @src: Source data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) * @dst: Destination data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) * @__ctx: Start of private context data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) struct aead_request {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) struct crypto_async_request base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) unsigned int assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) unsigned int cryptlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) u8 *iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) struct scatterlist *src;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) struct scatterlist *dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) void *__ctx[] CRYPTO_MINALIGN_ATTR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * struct aead_alg - AEAD cipher definition
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) * @maxauthsize: Set the maximum authentication tag size supported by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) * transformation. A transformation may support smaller tag sizes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) * As the authentication tag is a message digest to ensure the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) * integrity of the encrypted data, a consumer typically wants the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) * largest authentication tag possible as defined by this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * variable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) * @setauthsize: Set authentication size for the AEAD transformation. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) * function is used to specify the consumer requested size of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) * authentication tag to be either generated by the transformation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) * during encryption or the size of the authentication tag to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) * supplied during the decryption operation. This function is also
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) * responsible for checking the authentication tag size for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) * validity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) * @setkey: see struct skcipher_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) * @encrypt: see struct skcipher_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) * @decrypt: see struct skcipher_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) * @ivsize: see struct skcipher_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) * @chunksize: see struct skcipher_alg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) * @init: Initialize the cryptographic transformation object. This function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) * is used to initialize the cryptographic transformation object.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) * This function is called only once at the instantiation time, right
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) * after the transformation context was allocated. In case the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) * cryptographic hardware has some special requirements which need to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) * be handled by software, this function shall check for the precise
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) * requirement of the transformation and put any software fallbacks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) * in place.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) * @exit: Deinitialize the cryptographic transformation object. This is a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) * counterpart to @init, used to remove various changes set in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * @init.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) * @base: Definition of a generic crypto cipher algorithm.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) * All fields except @ivsize is mandatory and must be filled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) struct aead_alg {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) int (*setkey)(struct crypto_aead *tfm, const u8 *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) unsigned int keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) int (*setauthsize)(struct crypto_aead *tfm, unsigned int authsize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) int (*encrypt)(struct aead_request *req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) int (*decrypt)(struct aead_request *req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) int (*init)(struct crypto_aead *tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) void (*exit)(struct crypto_aead *tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) unsigned int ivsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) unsigned int maxauthsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) unsigned int chunksize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) struct crypto_alg base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) struct crypto_aead {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) unsigned int authsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) unsigned int reqsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) struct crypto_tfm base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) static inline struct crypto_aead *__crypto_aead_cast(struct crypto_tfm *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) return container_of(tfm, struct crypto_aead, base);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) * crypto_alloc_aead() - allocate AEAD cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) * @alg_name: is the cra_name / name or cra_driver_name / driver name of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) * AEAD cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) * @type: specifies the type of the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) * @mask: specifies the mask for the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) * Allocate a cipher handle for an AEAD. The returned struct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) * crypto_aead is the cipher handle that is required for any subsequent
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) * API invocation for that AEAD.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) * Return: allocated cipher handle in case of success; IS_ERR() is true in case
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) * of an error, PTR_ERR() returns the error code.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) struct crypto_aead *crypto_alloc_aead(const char *alg_name, u32 type, u32 mask);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) static inline struct crypto_tfm *crypto_aead_tfm(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) return &tfm->base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) * crypto_free_aead() - zeroize and free aead handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) * @tfm: cipher handle to be freed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) * If @tfm is a NULL or error pointer, this function does nothing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) static inline void crypto_free_aead(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) crypto_destroy_tfm(tfm, crypto_aead_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) static inline struct aead_alg *crypto_aead_alg(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) return container_of(crypto_aead_tfm(tfm)->__crt_alg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) struct aead_alg, base);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) static inline unsigned int crypto_aead_alg_ivsize(struct aead_alg *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) return alg->ivsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) * crypto_aead_ivsize() - obtain IV size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) * The size of the IV for the aead referenced by the cipher handle is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) * returned. This IV size may be zero if the cipher does not need an IV.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) * Return: IV size in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) static inline unsigned int crypto_aead_ivsize(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) return crypto_aead_alg_ivsize(crypto_aead_alg(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) * crypto_aead_authsize() - obtain maximum authentication data size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) * The maximum size of the authentication data for the AEAD cipher referenced
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) * by the AEAD cipher handle is returned. The authentication data size may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) * zero if the cipher implements a hard-coded maximum.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) * The authentication data may also be known as "tag value".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) * Return: authentication data size / tag size in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) static inline unsigned int crypto_aead_authsize(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) return tfm->authsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) static inline unsigned int crypto_aead_alg_maxauthsize(struct aead_alg *alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) return alg->maxauthsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) static inline unsigned int crypto_aead_maxauthsize(struct crypto_aead *aead)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) return crypto_aead_alg_maxauthsize(crypto_aead_alg(aead));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) * crypto_aead_blocksize() - obtain block size of cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) * The block size for the AEAD referenced with the cipher handle is returned.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) * The caller may use that information to allocate appropriate memory for the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) * data returned by the encryption or decryption operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) * Return: block size of cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) static inline unsigned int crypto_aead_blocksize(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) return crypto_tfm_alg_blocksize(crypto_aead_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) static inline unsigned int crypto_aead_alignmask(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) return crypto_tfm_alg_alignmask(crypto_aead_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) static inline u32 crypto_aead_get_flags(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) return crypto_tfm_get_flags(crypto_aead_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) static inline void crypto_aead_set_flags(struct crypto_aead *tfm, u32 flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) crypto_tfm_set_flags(crypto_aead_tfm(tfm), flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) static inline void crypto_aead_clear_flags(struct crypto_aead *tfm, u32 flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) crypto_tfm_clear_flags(crypto_aead_tfm(tfm), flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) * crypto_aead_setkey() - set key for cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) * @key: buffer holding the key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) * @keylen: length of the key in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) * The caller provided key is set for the AEAD referenced by the cipher
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) * handle.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) * Note, the key length determines the cipher type. Many block ciphers implement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) * different cipher modes depending on the key size, such as AES-128 vs AES-192
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) * vs. AES-256. When providing a 16 byte key for an AES cipher handle, AES-128
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) * is performed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) * Return: 0 if the setting of the key was successful; < 0 if an error occurred
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) int crypto_aead_setkey(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) const u8 *key, unsigned int keylen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) * crypto_aead_setauthsize() - set authentication data size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) * @authsize: size of the authentication data / tag in bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) * Set the authentication data size / tag size. AEAD requires an authentication
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) * tag (or MAC) in addition to the associated data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) * Return: 0 if the setting of the key was successful; < 0 if an error occurred
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) int crypto_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) static inline struct crypto_aead *crypto_aead_reqtfm(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) return __crypto_aead_cast(req->base.tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) * crypto_aead_encrypt() - encrypt plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) * @req: reference to the aead_request handle that holds all information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) * needed to perform the cipher operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) * Encrypt plaintext data using the aead_request handle. That data structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) * and how it is filled with data is discussed with the aead_request_*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) * functions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) * IMPORTANT NOTE The encryption operation creates the authentication data /
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) * tag. That data is concatenated with the created ciphertext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) * The ciphertext memory size is therefore the given number of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) * block cipher blocks + the size defined by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) * crypto_aead_setauthsize invocation. The caller must ensure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) * that sufficient memory is available for the ciphertext and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) * the authentication tag.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) * Return: 0 if the cipher operation was successful; < 0 if an error occurred
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) int crypto_aead_encrypt(struct aead_request *req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) * crypto_aead_decrypt() - decrypt ciphertext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) * @req: reference to the aead_request handle that holds all information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) * needed to perform the cipher operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) * Decrypt ciphertext data using the aead_request handle. That data structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) * and how it is filled with data is discussed with the aead_request_*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) * functions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) * IMPORTANT NOTE The caller must concatenate the ciphertext followed by the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) * authentication data / tag. That authentication data / tag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) * must have the size defined by the crypto_aead_setauthsize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) * invocation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) * Return: 0 if the cipher operation was successful; -EBADMSG: The AEAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) * cipher operation performs the authentication of the data during the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) * decryption operation. Therefore, the function returns this error if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) * the authentication of the ciphertext was unsuccessful (i.e. the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) * integrity of the ciphertext or the associated data was violated);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) * < 0 if an error occurred.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) int crypto_aead_decrypt(struct aead_request *req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) * DOC: Asynchronous AEAD Request Handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) * The aead_request data structure contains all pointers to data required for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) * the AEAD cipher operation. This includes the cipher handle (which can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) * used by multiple aead_request instances), pointer to plaintext and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) * ciphertext, asynchronous callback function, etc. It acts as a handle to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) * aead_request_* API calls in a similar way as AEAD handle to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) * crypto_aead_* API calls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) * crypto_aead_reqsize() - obtain size of the request data structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) * @tfm: cipher handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) * Return: number of bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) static inline unsigned int crypto_aead_reqsize(struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) return tfm->reqsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) * aead_request_set_tfm() - update cipher handle reference in request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) * @req: request handle to be modified
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) * @tfm: cipher handle that shall be added to the request handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) * Allow the caller to replace the existing aead handle in the request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) * data structure with a different one.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) static inline void aead_request_set_tfm(struct aead_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) struct crypto_aead *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) req->base.tfm = crypto_aead_tfm(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) * aead_request_alloc() - allocate request data structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) * @tfm: cipher handle to be registered with the request
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) * @gfp: memory allocation flag that is handed to kmalloc by the API call.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) * Allocate the request data structure that must be used with the AEAD
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) * encrypt and decrypt API calls. During the allocation, the provided aead
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) * handle is registered in the request data structure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) * Return: allocated request handle in case of success, or NULL if out of memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) gfp_t gfp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) struct aead_request *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) if (likely(req))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) aead_request_set_tfm(req, tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) return req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) * aead_request_free() - zeroize and free request data structure
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) * @req: request data structure cipher handle to be freed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) static inline void aead_request_free(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) kfree_sensitive(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) * aead_request_set_callback() - set asynchronous callback function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) * @req: request handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) * @flags: specify zero or an ORing of the flags
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) * CRYPTO_TFM_REQ_MAY_BACKLOG the request queue may back log and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) * increase the wait queue beyond the initial maximum size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) * CRYPTO_TFM_REQ_MAY_SLEEP the request processing may sleep
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) * @compl: callback function pointer to be registered with the request handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) * @data: The data pointer refers to memory that is not used by the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) * crypto API, but provided to the callback function for it to use. Here,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) * the caller can provide a reference to memory the callback function can
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) * operate on. As the callback function is invoked asynchronously to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) * related functionality, it may need to access data structures of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) * related functionality which can be referenced using this pointer. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) * callback function can access the memory via the "data" field in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) * crypto_async_request data structure provided to the callback function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) * Setting the callback function that is triggered once the cipher operation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) * completes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) * The callback function is registered with the aead_request handle and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) * must comply with the following template::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) * void callback_function(struct crypto_async_request *req, int error)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) static inline void aead_request_set_callback(struct aead_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) u32 flags,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) crypto_completion_t compl,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) void *data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) req->base.complete = compl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) req->base.data = data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) req->base.flags = flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) * aead_request_set_crypt - set data buffers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) * @req: request handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) * @src: source scatter / gather list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) * @dst: destination scatter / gather list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) * @cryptlen: number of bytes to process from @src
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) * @iv: IV for the cipher operation which must comply with the IV size defined
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) * by crypto_aead_ivsize()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) * Setting the source data and destination data scatter / gather lists which
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) * hold the associated data concatenated with the plaintext or ciphertext. See
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) * below for the authentication tag.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) * For encryption, the source is treated as the plaintext and the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) * destination is the ciphertext. For a decryption operation, the use is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) * reversed - the source is the ciphertext and the destination is the plaintext.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) * The memory structure for cipher operation has the following structure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) * - AEAD encryption input: assoc data || plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) * - AEAD encryption output: assoc data || cipherntext || auth tag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) * - AEAD decryption input: assoc data || ciphertext || auth tag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) * - AEAD decryption output: assoc data || plaintext
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) * Albeit the kernel requires the presence of the AAD buffer, however,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) * the kernel does not fill the AAD buffer in the output case. If the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) * caller wants to have that data buffer filled, the caller must either
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) * use an in-place cipher operation (i.e. same memory location for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) * input/output memory location).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) static inline void aead_request_set_crypt(struct aead_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) struct scatterlist *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) struct scatterlist *dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) unsigned int cryptlen, u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) req->src = src;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) req->dst = dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) req->cryptlen = cryptlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) req->iv = iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) * aead_request_set_ad - set associated data information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) * @req: request handle
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) * @assoclen: number of bytes in associated data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) * Setting the AD information. This function sets the length of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) * the associated data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) static inline void aead_request_set_ad(struct aead_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) req->assoclen = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) #endif /* _CRYPTO_AEAD_H */
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags