Commit 5311f248b7764ba8b59e6d477355f766e5609686
1 parent
653ebd9c85
Exists in
master
and in
4 other branches
[CRYPTO] ctr: Refactor into ctr and rfc3686
As discussed previously, this patch moves the basic CTR functionality into a chainable algorithm called ctr. The IPsec-specific variant of it is now placed on top with the name rfc3686. So ctr(aes) gives a chainable cipher with IV size 16 while the IPsec variant will be called rfc3686(ctr(aes)). This patch also adjusts gcm accordingly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 4 changed files with 233 additions and 136 deletions Side-by-side Diff
crypto/ctr.c
... | ... | @@ -11,6 +11,7 @@ |
11 | 11 | */ |
12 | 12 | |
13 | 13 | #include <crypto/algapi.h> |
14 | +#include <crypto/ctr.h> | |
14 | 15 | #include <linux/err.h> |
15 | 16 | #include <linux/init.h> |
16 | 17 | #include <linux/kernel.h> |
17 | 18 | |
18 | 19 | |
19 | 20 | |
20 | 21 | |
... | ... | @@ -19,36 +20,22 @@ |
19 | 20 | #include <linux/scatterlist.h> |
20 | 21 | #include <linux/slab.h> |
21 | 22 | |
22 | -struct ctr_instance_ctx { | |
23 | - struct crypto_spawn alg; | |
24 | - unsigned int noncesize; | |
25 | - unsigned int ivsize; | |
26 | - unsigned int countersize; | |
27 | -}; | |
28 | - | |
29 | 23 | struct crypto_ctr_ctx { |
30 | 24 | struct crypto_cipher *child; |
31 | - u8 *nonce; | |
32 | 25 | }; |
33 | 26 | |
27 | +struct crypto_rfc3686_ctx { | |
28 | + struct crypto_blkcipher *child; | |
29 | + u8 nonce[CTR_RFC3686_NONCE_SIZE]; | |
30 | +}; | |
31 | + | |
34 | 32 | static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key, |
35 | 33 | unsigned int keylen) |
36 | 34 | { |
37 | 35 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent); |
38 | 36 | struct crypto_cipher *child = ctx->child; |
39 | - struct ctr_instance_ctx *ictx = | |
40 | - crypto_instance_ctx(crypto_tfm_alg_instance(parent)); | |
41 | - unsigned int noncelen = ictx->noncesize; | |
42 | - int err = 0; | |
37 | + int err; | |
43 | 38 | |
44 | - /* the nonce is stored in bytes at end of key */ | |
45 | - if (keylen < noncelen) | |
46 | - return -EINVAL; | |
47 | - | |
48 | - memcpy(ctx->nonce, key + (keylen - noncelen), noncelen); | |
49 | - | |
50 | - keylen -= noncelen; | |
51 | - | |
52 | 39 | crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); |
53 | 40 | crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & |
54 | 41 | CRYPTO_TFM_REQ_MASK); |
55 | 42 | |
... | ... | @@ -60,11 +47,13 @@ |
60 | 47 | } |
61 | 48 | |
62 | 49 | static void crypto_ctr_crypt_final(struct blkcipher_walk *walk, |
63 | - struct crypto_cipher *tfm, u8 *ctrblk, | |
64 | - unsigned int countersize) | |
50 | + struct crypto_cipher *tfm) | |
65 | 51 | { |
66 | 52 | unsigned int bsize = crypto_cipher_blocksize(tfm); |
67 | - u8 *keystream = ctrblk + bsize; | |
53 | + unsigned long alignmask = crypto_cipher_alignmask(tfm); | |
54 | + u8 *ctrblk = walk->iv; | |
55 | + u8 tmp[bsize + alignmask]; | |
56 | + u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1); | |
68 | 57 | u8 *src = walk->src.virt.addr; |
69 | 58 | u8 *dst = walk->dst.virt.addr; |
70 | 59 | unsigned int nbytes = walk->nbytes; |
71 | 60 | |
72 | 61 | |
... | ... | @@ -72,15 +61,17 @@ |
72 | 61 | crypto_cipher_encrypt_one(tfm, keystream, ctrblk); |
73 | 62 | crypto_xor(keystream, src, nbytes); |
74 | 63 | memcpy(dst, keystream, nbytes); |
64 | + | |
65 | + crypto_inc(ctrblk, bsize); | |
75 | 66 | } |
76 | 67 | |
77 | 68 | static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk, |
78 | - struct crypto_cipher *tfm, u8 *ctrblk, | |
79 | - unsigned int countersize) | |
69 | + struct crypto_cipher *tfm) | |
80 | 70 | { |
81 | 71 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = |
82 | 72 | crypto_cipher_alg(tfm)->cia_encrypt; |
83 | 73 | unsigned int bsize = crypto_cipher_blocksize(tfm); |
74 | + u8 *ctrblk = walk->iv; | |
84 | 75 | u8 *src = walk->src.virt.addr; |
85 | 76 | u8 *dst = walk->dst.virt.addr; |
86 | 77 | unsigned int nbytes = walk->nbytes; |
... | ... | @@ -91,7 +82,7 @@ |
91 | 82 | crypto_xor(dst, src, bsize); |
92 | 83 | |
93 | 84 | /* increment counter in counterblock */ |
94 | - crypto_inc(ctrblk + bsize - countersize, countersize); | |
85 | + crypto_inc(ctrblk, bsize); | |
95 | 86 | |
96 | 87 | src += bsize; |
97 | 88 | dst += bsize; |
98 | 89 | |
99 | 90 | |
100 | 91 | |
... | ... | @@ -101,15 +92,17 @@ |
101 | 92 | } |
102 | 93 | |
103 | 94 | static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk, |
104 | - struct crypto_cipher *tfm, u8 *ctrblk, | |
105 | - unsigned int countersize) | |
95 | + struct crypto_cipher *tfm) | |
106 | 96 | { |
107 | 97 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = |
108 | 98 | crypto_cipher_alg(tfm)->cia_encrypt; |
109 | 99 | unsigned int bsize = crypto_cipher_blocksize(tfm); |
100 | + unsigned long alignmask = crypto_cipher_alignmask(tfm); | |
110 | 101 | unsigned int nbytes = walk->nbytes; |
102 | + u8 *ctrblk = walk->iv; | |
111 | 103 | u8 *src = walk->src.virt.addr; |
112 | - u8 *keystream = ctrblk + bsize; | |
104 | + u8 tmp[bsize + alignmask]; | |
105 | + u8 *keystream = PTR_ALIGN(tmp + 0, alignmask + 1); | |
113 | 106 | |
114 | 107 | do { |
115 | 108 | /* create keystream */ |
... | ... | @@ -117,7 +110,7 @@ |
117 | 110 | crypto_xor(src, keystream, bsize); |
118 | 111 | |
119 | 112 | /* increment counter in counterblock */ |
120 | - crypto_inc(ctrblk + bsize - countersize, countersize); | |
113 | + crypto_inc(ctrblk, bsize); | |
121 | 114 | |
122 | 115 | src += bsize; |
123 | 116 | } while ((nbytes -= bsize) >= bsize); |
124 | 117 | |
125 | 118 | |
126 | 119 | |
127 | 120 | |
... | ... | @@ -134,41 +127,22 @@ |
134 | 127 | struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm); |
135 | 128 | struct crypto_cipher *child = ctx->child; |
136 | 129 | unsigned int bsize = crypto_cipher_blocksize(child); |
137 | - struct ctr_instance_ctx *ictx = | |
138 | - crypto_instance_ctx(crypto_tfm_alg_instance(&tfm->base)); | |
139 | - unsigned long alignmask = crypto_cipher_alignmask(child) | | |
140 | - (__alignof__(u32) - 1); | |
141 | - u8 cblk[bsize * 2 + alignmask]; | |
142 | - u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1); | |
143 | 130 | int err; |
144 | 131 | |
145 | 132 | blkcipher_walk_init(&walk, dst, src, nbytes); |
146 | 133 | err = blkcipher_walk_virt_block(desc, &walk, bsize); |
147 | 134 | |
148 | - /* set up counter block */ | |
149 | - memset(counterblk, 0 , bsize); | |
150 | - memcpy(counterblk, ctx->nonce, ictx->noncesize); | |
151 | - memcpy(counterblk + ictx->noncesize, walk.iv, ictx->ivsize); | |
152 | - | |
153 | - /* initialize counter portion of counter block */ | |
154 | - crypto_inc(counterblk + bsize - ictx->countersize, ictx->countersize); | |
155 | - | |
156 | 135 | while (walk.nbytes >= bsize) { |
157 | 136 | if (walk.src.virt.addr == walk.dst.virt.addr) |
158 | - nbytes = crypto_ctr_crypt_inplace(&walk, child, | |
159 | - counterblk, | |
160 | - ictx->countersize); | |
137 | + nbytes = crypto_ctr_crypt_inplace(&walk, child); | |
161 | 138 | else |
162 | - nbytes = crypto_ctr_crypt_segment(&walk, child, | |
163 | - counterblk, | |
164 | - ictx->countersize); | |
139 | + nbytes = crypto_ctr_crypt_segment(&walk, child); | |
165 | 140 | |
166 | 141 | err = blkcipher_walk_done(desc, &walk, nbytes); |
167 | 142 | } |
168 | 143 | |
169 | 144 | if (walk.nbytes) { |
170 | - crypto_ctr_crypt_final(&walk, child, counterblk, | |
171 | - ictx->countersize); | |
145 | + crypto_ctr_crypt_final(&walk, child); | |
172 | 146 | err = blkcipher_walk_done(desc, &walk, 0); |
173 | 147 | } |
174 | 148 | |
175 | 149 | |
... | ... | @@ -178,15 +152,11 @@ |
178 | 152 | static int crypto_ctr_init_tfm(struct crypto_tfm *tfm) |
179 | 153 | { |
180 | 154 | struct crypto_instance *inst = (void *)tfm->__crt_alg; |
181 | - struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst); | |
155 | + struct crypto_spawn *spawn = crypto_instance_ctx(inst); | |
182 | 156 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); |
183 | 157 | struct crypto_cipher *cipher; |
184 | 158 | |
185 | - ctx->nonce = kzalloc(ictx->noncesize, GFP_KERNEL); | |
186 | - if (!ctx->nonce) | |
187 | - return -ENOMEM; | |
188 | - | |
189 | - cipher = crypto_spawn_cipher(&ictx->alg); | |
159 | + cipher = crypto_spawn_cipher(spawn); | |
190 | 160 | if (IS_ERR(cipher)) |
191 | 161 | return PTR_ERR(cipher); |
192 | 162 | |
... | ... | @@ -199,7 +169,6 @@ |
199 | 169 | { |
200 | 170 | struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); |
201 | 171 | |
202 | - kfree(ctx->nonce); | |
203 | 172 | crypto_free_cipher(ctx->child); |
204 | 173 | } |
205 | 174 | |
... | ... | @@ -207,10 +176,6 @@ |
207 | 176 | { |
208 | 177 | struct crypto_instance *inst; |
209 | 178 | struct crypto_alg *alg; |
210 | - struct ctr_instance_ctx *ictx; | |
211 | - unsigned int noncesize; | |
212 | - unsigned int ivsize; | |
213 | - unsigned int countersize; | |
214 | 179 | int err; |
215 | 180 | |
216 | 181 | err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); |
217 | 182 | |
218 | 183 | |
219 | 184 | |
220 | 185 | |
221 | 186 | |
... | ... | @@ -222,71 +187,28 @@ |
222 | 187 | if (IS_ERR(alg)) |
223 | 188 | return ERR_PTR(PTR_ERR(alg)); |
224 | 189 | |
225 | - err = crypto_attr_u32(tb[2], &noncesize); | |
226 | - if (err) | |
227 | - goto out_put_alg; | |
228 | - | |
229 | - err = crypto_attr_u32(tb[3], &ivsize); | |
230 | - if (err) | |
231 | - goto out_put_alg; | |
232 | - | |
233 | - err = crypto_attr_u32(tb[4], &countersize); | |
234 | - if (err) | |
235 | - goto out_put_alg; | |
236 | - | |
237 | - /* verify size of nonce + iv + counter | |
238 | - * counter must be >= 4 bytes. | |
239 | - */ | |
190 | + /* Block size must be >= 4 bytes. */ | |
240 | 191 | err = -EINVAL; |
241 | - if (((noncesize + ivsize + countersize) < alg->cra_blocksize) || | |
242 | - ((noncesize + ivsize) > alg->cra_blocksize) || | |
243 | - (countersize > alg->cra_blocksize) || (countersize < 4)) | |
192 | + if (alg->cra_blocksize < 4) | |
244 | 193 | goto out_put_alg; |
245 | 194 | |
246 | 195 | /* If this is false we'd fail the alignment of crypto_inc. */ |
247 | - if ((alg->cra_blocksize - countersize) % 4) | |
196 | + if (alg->cra_blocksize % 4) | |
248 | 197 | goto out_put_alg; |
249 | 198 | |
250 | - inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL); | |
251 | - err = -ENOMEM; | |
252 | - if (!inst) | |
253 | - goto out_put_alg; | |
199 | + inst = crypto_alloc_instance("ctr", alg); | |
200 | + if (IS_ERR(inst)) | |
201 | + goto out; | |
254 | 202 | |
255 | - err = -ENAMETOOLONG; | |
256 | - if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, | |
257 | - "ctr(%s,%u,%u,%u)", alg->cra_name, noncesize, | |
258 | - ivsize, countersize) >= CRYPTO_MAX_ALG_NAME) { | |
259 | - goto err_free_inst; | |
260 | - } | |
261 | - | |
262 | - if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, | |
263 | - "ctr(%s,%u,%u,%u)", alg->cra_driver_name, noncesize, | |
264 | - ivsize, countersize) >= CRYPTO_MAX_ALG_NAME) { | |
265 | - goto err_free_inst; | |
266 | - } | |
267 | - | |
268 | - ictx = crypto_instance_ctx(inst); | |
269 | - ictx->noncesize = noncesize; | |
270 | - ictx->ivsize = ivsize; | |
271 | - ictx->countersize = countersize; | |
272 | - | |
273 | - err = crypto_init_spawn(&ictx->alg, alg, inst, | |
274 | - CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); | |
275 | - if (err) | |
276 | - goto err_free_inst; | |
277 | - | |
278 | - err = 0; | |
279 | 203 | inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; |
280 | 204 | inst->alg.cra_priority = alg->cra_priority; |
281 | 205 | inst->alg.cra_blocksize = 1; |
282 | 206 | inst->alg.cra_alignmask = alg->cra_alignmask | (__alignof__(u32) - 1); |
283 | 207 | inst->alg.cra_type = &crypto_blkcipher_type; |
284 | 208 | |
285 | - inst->alg.cra_blkcipher.ivsize = ivsize; | |
286 | - inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize | |
287 | - + noncesize; | |
288 | - inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize | |
289 | - + noncesize; | |
209 | + inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; | |
210 | + inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; | |
211 | + inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; | |
290 | 212 | |
291 | 213 | inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx); |
292 | 214 | |
293 | 215 | |
294 | 216 | |
295 | 217 | |
... | ... | @@ -297,24 +219,18 @@ |
297 | 219 | inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt; |
298 | 220 | inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt; |
299 | 221 | |
300 | -err_free_inst: | |
301 | - if (err) | |
302 | - kfree(inst); | |
303 | - | |
304 | -out_put_alg: | |
222 | +out: | |
305 | 223 | crypto_mod_put(alg); |
306 | - | |
307 | - if (err) | |
308 | - inst = ERR_PTR(err); | |
309 | - | |
310 | 224 | return inst; |
225 | + | |
226 | +out_put_alg: | |
227 | + inst = ERR_PTR(err); | |
228 | + goto out; | |
311 | 229 | } |
312 | 230 | |
313 | 231 | static void crypto_ctr_free(struct crypto_instance *inst) |
314 | 232 | { |
315 | - struct ctr_instance_ctx *ictx = crypto_instance_ctx(inst); | |
316 | - | |
317 | - crypto_drop_spawn(&ictx->alg); | |
233 | + crypto_drop_spawn(crypto_instance_ctx(inst)); | |
318 | 234 | kfree(inst); |
319 | 235 | } |
320 | 236 | |
321 | 237 | |
322 | 238 | |
... | ... | @@ -325,13 +241,174 @@ |
325 | 241 | .module = THIS_MODULE, |
326 | 242 | }; |
327 | 243 | |
244 | +static int crypto_rfc3686_setkey(struct crypto_tfm *parent, const u8 *key, | |
245 | + unsigned int keylen) | |
246 | +{ | |
247 | + struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(parent); | |
248 | + struct crypto_blkcipher *child = ctx->child; | |
249 | + int err; | |
250 | + | |
251 | + /* the nonce is stored in bytes at end of key */ | |
252 | + if (keylen < CTR_RFC3686_NONCE_SIZE) | |
253 | + return -EINVAL; | |
254 | + | |
255 | + memcpy(ctx->nonce, key + (keylen - CTR_RFC3686_NONCE_SIZE), | |
256 | + CTR_RFC3686_NONCE_SIZE); | |
257 | + | |
258 | + keylen -= CTR_RFC3686_NONCE_SIZE; | |
259 | + | |
260 | + crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | |
261 | + crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) & | |
262 | + CRYPTO_TFM_REQ_MASK); | |
263 | + err = crypto_blkcipher_setkey(child, key, keylen); | |
264 | + crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) & | |
265 | + CRYPTO_TFM_RES_MASK); | |
266 | + | |
267 | + return err; | |
268 | +} | |
269 | + | |
270 | +static int crypto_rfc3686_crypt(struct blkcipher_desc *desc, | |
271 | + struct scatterlist *dst, | |
272 | + struct scatterlist *src, unsigned int nbytes) | |
273 | +{ | |
274 | + struct crypto_blkcipher *tfm = desc->tfm; | |
275 | + struct crypto_rfc3686_ctx *ctx = crypto_blkcipher_ctx(tfm); | |
276 | + struct crypto_blkcipher *child = ctx->child; | |
277 | + unsigned long alignmask = crypto_blkcipher_alignmask(tfm); | |
278 | + u8 ivblk[CTR_RFC3686_BLOCK_SIZE + alignmask]; | |
279 | + u8 *iv = PTR_ALIGN(ivblk + 0, alignmask + 1); | |
280 | + u8 *info = desc->info; | |
281 | + int err; | |
282 | + | |
283 | + /* set up counter block */ | |
284 | + memcpy(iv, ctx->nonce, CTR_RFC3686_NONCE_SIZE); | |
285 | + memcpy(iv + CTR_RFC3686_NONCE_SIZE, info, CTR_RFC3686_IV_SIZE); | |
286 | + | |
287 | + /* initialize counter portion of counter block */ | |
288 | + *(__be32 *)(iv + CTR_RFC3686_NONCE_SIZE + CTR_RFC3686_IV_SIZE) = | |
289 | + cpu_to_be32(1); | |
290 | + | |
291 | + desc->tfm = child; | |
292 | + desc->info = iv; | |
293 | + err = crypto_blkcipher_encrypt_iv(desc, dst, src, nbytes); | |
294 | + desc->tfm = tfm; | |
295 | + desc->info = info; | |
296 | + | |
297 | + return err; | |
298 | +} | |
299 | + | |
300 | +static int crypto_rfc3686_init_tfm(struct crypto_tfm *tfm) | |
301 | +{ | |
302 | + struct crypto_instance *inst = (void *)tfm->__crt_alg; | |
303 | + struct crypto_spawn *spawn = crypto_instance_ctx(inst); | |
304 | + struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(tfm); | |
305 | + struct crypto_blkcipher *cipher; | |
306 | + | |
307 | + cipher = crypto_spawn_blkcipher(spawn); | |
308 | + if (IS_ERR(cipher)) | |
309 | + return PTR_ERR(cipher); | |
310 | + | |
311 | + ctx->child = cipher; | |
312 | + | |
313 | + return 0; | |
314 | +} | |
315 | + | |
316 | +static void crypto_rfc3686_exit_tfm(struct crypto_tfm *tfm) | |
317 | +{ | |
318 | + struct crypto_rfc3686_ctx *ctx = crypto_tfm_ctx(tfm); | |
319 | + | |
320 | + crypto_free_blkcipher(ctx->child); | |
321 | +} | |
322 | + | |
323 | +static struct crypto_instance *crypto_rfc3686_alloc(struct rtattr **tb) | |
324 | +{ | |
325 | + struct crypto_instance *inst; | |
326 | + struct crypto_alg *alg; | |
327 | + int err; | |
328 | + | |
329 | + err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); | |
330 | + if (err) | |
331 | + return ERR_PTR(err); | |
332 | + | |
333 | + alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_BLKCIPHER, | |
334 | + CRYPTO_ALG_TYPE_MASK); | |
335 | + err = PTR_ERR(alg); | |
336 | + if (IS_ERR(alg)) | |
337 | + return ERR_PTR(err); | |
338 | + | |
339 | + /* We only support 16-byte blocks. */ | |
340 | + err = -EINVAL; | |
341 | + if (alg->cra_blkcipher.ivsize != CTR_RFC3686_BLOCK_SIZE) | |
342 | + goto out_put_alg; | |
343 | + | |
344 | + /* Not a stream cipher? */ | |
345 | + if (alg->cra_blocksize != 1) | |
346 | + goto out_put_alg; | |
347 | + | |
348 | + inst = crypto_alloc_instance("rfc3686", alg); | |
349 | + if (IS_ERR(inst)) | |
350 | + goto out; | |
351 | + | |
352 | + inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; | |
353 | + inst->alg.cra_priority = alg->cra_priority; | |
354 | + inst->alg.cra_blocksize = 1; | |
355 | + inst->alg.cra_alignmask = alg->cra_alignmask; | |
356 | + inst->alg.cra_type = &crypto_blkcipher_type; | |
357 | + | |
358 | + inst->alg.cra_blkcipher.ivsize = CTR_RFC3686_IV_SIZE; | |
359 | + inst->alg.cra_blkcipher.min_keysize = alg->cra_blkcipher.min_keysize | |
360 | + + CTR_RFC3686_NONCE_SIZE; | |
361 | + inst->alg.cra_blkcipher.max_keysize = alg->cra_blkcipher.max_keysize | |
362 | + + CTR_RFC3686_NONCE_SIZE; | |
363 | + | |
364 | + inst->alg.cra_ctxsize = sizeof(struct crypto_rfc3686_ctx); | |
365 | + | |
366 | + inst->alg.cra_init = crypto_rfc3686_init_tfm; | |
367 | + inst->alg.cra_exit = crypto_rfc3686_exit_tfm; | |
368 | + | |
369 | + inst->alg.cra_blkcipher.setkey = crypto_rfc3686_setkey; | |
370 | + inst->alg.cra_blkcipher.encrypt = crypto_rfc3686_crypt; | |
371 | + inst->alg.cra_blkcipher.decrypt = crypto_rfc3686_crypt; | |
372 | + | |
373 | +out: | |
374 | + crypto_mod_put(alg); | |
375 | + return inst; | |
376 | + | |
377 | +out_put_alg: | |
378 | + inst = ERR_PTR(err); | |
379 | + goto out; | |
380 | +} | |
381 | + | |
382 | +static struct crypto_template crypto_rfc3686_tmpl = { | |
383 | + .name = "rfc3686", | |
384 | + .alloc = crypto_rfc3686_alloc, | |
385 | + .free = crypto_ctr_free, | |
386 | + .module = THIS_MODULE, | |
387 | +}; | |
388 | + | |
328 | 389 | static int __init crypto_ctr_module_init(void) |
329 | 390 | { |
330 | - return crypto_register_template(&crypto_ctr_tmpl); | |
391 | + int err; | |
392 | + | |
393 | + err = crypto_register_template(&crypto_ctr_tmpl); | |
394 | + if (err) | |
395 | + goto out; | |
396 | + | |
397 | + err = crypto_register_template(&crypto_rfc3686_tmpl); | |
398 | + if (err) | |
399 | + goto out_drop_ctr; | |
400 | + | |
401 | +out: | |
402 | + return err; | |
403 | + | |
404 | +out_drop_ctr: | |
405 | + crypto_unregister_template(&crypto_ctr_tmpl); | |
406 | + goto out; | |
331 | 407 | } |
332 | 408 | |
333 | 409 | static void __exit crypto_ctr_module_exit(void) |
334 | 410 | { |
411 | + crypto_unregister_template(&crypto_rfc3686_tmpl); | |
335 | 412 | crypto_unregister_template(&crypto_ctr_tmpl); |
336 | 413 | } |
337 | 414 | |
... | ... | @@ -340,4 +417,5 @@ |
340 | 417 | |
341 | 418 | MODULE_LICENSE("GPL"); |
342 | 419 | MODULE_DESCRIPTION("CTR Counter block mode"); |
420 | +MODULE_ALIAS("rfc3686"); |
crypto/gcm.c
... | ... | @@ -160,7 +160,7 @@ |
160 | 160 | |
161 | 161 | static inline void crypto_gcm_set_counter(u8 *counterblock, u32 value) |
162 | 162 | { |
163 | - *((u32 *)&counterblock[12]) = cpu_to_be32(value); | |
163 | + *((u32 *)&counterblock[12]) = cpu_to_be32(value + 1); | |
164 | 164 | } |
165 | 165 | |
166 | 166 | static int crypto_gcm_encrypt_counter(struct crypto_aead *aead, u8 *block, |
... | ... | @@ -400,9 +400,8 @@ |
400 | 400 | return inst; |
401 | 401 | |
402 | 402 | inst = ERR_PTR(ENAMETOOLONG); |
403 | - if (snprintf( | |
404 | - ctr_name, CRYPTO_MAX_ALG_NAME, | |
405 | - "ctr(%s,0,16,4)", cipher->cra_name) >= CRYPTO_MAX_ALG_NAME) | |
403 | + if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", | |
404 | + cipher->cra_name) >= CRYPTO_MAX_ALG_NAME) | |
406 | 405 | return inst; |
407 | 406 | |
408 | 407 | ctr = crypto_alg_mod_lookup(ctr_name, CRYPTO_ALG_TYPE_BLKCIPHER, |
crypto/tcrypt.c
... | ... | @@ -1193,9 +1193,9 @@ |
1193 | 1193 | AES_XTS_ENC_TEST_VECTORS); |
1194 | 1194 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, |
1195 | 1195 | AES_XTS_DEC_TEST_VECTORS); |
1196 | - test_cipher("ctr(aes,4,8,4)", ENCRYPT, aes_ctr_enc_tv_template, | |
1196 | + test_cipher("rfc3686(ctr(aes))", ENCRYPT, aes_ctr_enc_tv_template, | |
1197 | 1197 | AES_CTR_ENC_TEST_VECTORS); |
1198 | - test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template, | |
1198 | + test_cipher("rfc3686(ctr(aes))", DECRYPT, aes_ctr_dec_tv_template, | |
1199 | 1199 | AES_CTR_DEC_TEST_VECTORS); |
1200 | 1200 | test_aead("gcm(aes)", ENCRYPT, aes_gcm_enc_tv_template, |
1201 | 1201 | AES_GCM_ENC_TEST_VECTORS); |
1202 | 1202 | |
... | ... | @@ -1394,9 +1394,9 @@ |
1394 | 1394 | AES_XTS_ENC_TEST_VECTORS); |
1395 | 1395 | test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, |
1396 | 1396 | AES_XTS_DEC_TEST_VECTORS); |
1397 | - test_cipher("ctr(aes,4,8,4)", ENCRYPT, aes_ctr_enc_tv_template, | |
1397 | + test_cipher("rfc3686(ctr(aes))", ENCRYPT, aes_ctr_enc_tv_template, | |
1398 | 1398 | AES_CTR_ENC_TEST_VECTORS); |
1399 | - test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template, | |
1399 | + test_cipher("rfc3686(ctr(aes))", DECRYPT, aes_ctr_dec_tv_template, | |
1400 | 1400 | AES_CTR_DEC_TEST_VECTORS); |
1401 | 1401 | break; |
1402 | 1402 |
include/crypto/ctr.h
1 | +/* | |
2 | + * CTR: Counter mode | |
3 | + * | |
4 | + * Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au> | |
5 | + * | |
6 | + * This program is free software; you can redistribute it and/or modify it | |
7 | + * under the terms of the GNU General Public License as published by the Free | |
8 | + * Software Foundation; either version 2 of the License, or (at your option) | |
9 | + * any later version. | |
10 | + * | |
11 | + */ | |
12 | + | |
13 | +#ifndef _CRYPTO_CTR_H | |
14 | +#define _CRYPTO_CTR_H | |
15 | + | |
16 | +#define CTR_RFC3686_NONCE_SIZE 4 | |
17 | +#define CTR_RFC3686_IV_SIZE 8 | |
18 | +#define CTR_RFC3686_BLOCK_SIZE 16 | |
19 | + | |
20 | +#endif /* _CRYPTO_CTR_H */ |