Eric Lee / linux-smarc-t335x-v3.2

Commit 5cde0af2a9825dd1edaca233bd9590566579ef21

Authored by Herbert Xu 2006-08-21 22:07:53 +0800

Exists in master and in 4 other branches

[CRYPTO] cipher: Added block cipher type

This patch adds the new type of block ciphers. Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data. As it is block-based,
it will skip any data remaining at the end which cannot form a block.

The block cipher has one major difference when compared to the existing
block cipher implementation. The sg walking is now performed by the
algorithm rather than the cipher mid-layer. This is needed for drivers
that directly support sg lists. It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.

In future the existing cipher algorithm will be converted to only have
a single-block interface. This will be done after all existing users
have switched over to the new block cipher type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Showing 5 changed files with 655 additions and 0 deletions Inline Diff

crypto/Kconfig
crypto/Makefile
crypto/blkcipher.c
include/crypto/algapi.h
include/linux/crypto.h

crypto/Kconfig

Diff comments View file @ 5cde0af

 #
 # Cryptographic API Configuration
 #
 menu "Cryptographic options"
 config CRYPTO
 	bool "Cryptographic API"
 	help
 	  This option provides the core Cryptographic API.
 if CRYPTO
 config CRYPTO_ALGAPI
 	tristate
 	help
 	  This option provides the API for cryptographic algorithms.
+config CRYPTO_BLKCIPHER
+	tristate
+	select CRYPTO_ALGAPI
 config CRYPTO_MANAGER
 	tristate "Cryptographic algorithm manager"
 	select CRYPTO_ALGAPI
 	default m
 	help
 	  Create default cryptographic template instantiations such as
 	  cbc(aes).
 config CRYPTO_HMAC
 	bool "HMAC support"
 	help
 	  HMAC: Keyed-Hashing for Message Authentication (RFC2104).
 	  This is required for IPSec.
 config CRYPTO_NULL
 	tristate "Null algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  These are 'Null' algorithms, used by IPsec, which do nothing.
 config CRYPTO_MD4
 	tristate "MD4 digest algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  MD4 message digest algorithm (RFC1320).
 config CRYPTO_MD5
 	tristate "MD5 digest algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  MD5 message digest algorithm (RFC1321).
 config CRYPTO_SHA1
 	tristate "SHA1 digest algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 config CRYPTO_SHA1_S390
 	tristate "SHA1 digest algorithm (s390)"
 	depends on S390
 	select CRYPTO_ALGAPI
 	help
 	  This is the s390 hardware accelerated implementation of the
 	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 config CRYPTO_SHA256
 	tristate "SHA256 digest algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  SHA256 secure hash standard (DFIPS 180-2).
 	  This version of SHA implements a 256 bit hash with 128 bits of
 	  security against collision attacks.
 config CRYPTO_SHA256_S390
 	tristate "SHA256 digest algorithm (s390)"
 	depends on S390
 	select CRYPTO_ALGAPI
 	help
 	  This is the s390 hardware accelerated implementation of the
 	  SHA256 secure hash standard (DFIPS 180-2).
 	  This version of SHA implements a 256 bit hash with 128 bits of
 	  security against collision attacks.
 config CRYPTO_SHA512
 	tristate "SHA384 and SHA512 digest algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  SHA512 secure hash standard (DFIPS 180-2).
 	  This version of SHA implements a 512 bit hash with 256 bits of
 	  security against collision attacks.
 	  This code also includes SHA-384, a 384 bit hash with 192 bits
 	  of security against collision attacks.
 config CRYPTO_WP512
 	tristate "Whirlpool digest algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  Whirlpool hash algorithm 512, 384 and 256-bit hashes
 	  Whirlpool-512 is part of the NESSIE cryptographic primitives.
 	  Whirlpool will be part of the ISO/IEC 10118-3:2003(E) standard
 	  See also:
 	  <http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html>
 config CRYPTO_TGR192
 	tristate "Tiger digest algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  Tiger hash algorithm 192, 160 and 128-bit hashes
 	  Tiger is a hash function optimized for 64-bit processors while
 	  still having decent performance on 32-bit processors.
 	  Tiger was developed by Ross Anderson and Eli Biham.
 	  See also:
 	  <http://www.cs.technion.ac.il/~biham/Reports/Tiger/>.
 config CRYPTO_DES
 	tristate "DES and Triple DES EDE cipher algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
 config CRYPTO_DES_S390
 	tristate "DES and Triple DES cipher algorithms (s390)"
 	depends on S390
 	select CRYPTO_ALGAPI
 	help
 	  DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
 config CRYPTO_BLOWFISH
 	tristate "Blowfish cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  Blowfish cipher algorithm, by Bruce Schneier.
 	  This is a variable key length cipher which can use keys from 32
 	  bits to 448 bits in length.  It's fast, simple and specifically
 	  designed for use on "large microprocessors".
 	  See also:
 	  <http://www.schneier.com/blowfish.html>
 config CRYPTO_TWOFISH
 	tristate "Twofish cipher algorithm"
 	select CRYPTO_ALGAPI
 	select CRYPTO_TWOFISH_COMMON
 	help
 	  Twofish cipher algorithm.
 	  Twofish was submitted as an AES (Advanced Encryption Standard)
 	  candidate cipher by researchers at CounterPane Systems.  It is a
 	  16 round block cipher supporting key sizes of 128, 192, and 256
 	  bits.
 	  See also:
 	  <http://www.schneier.com/twofish.html>
 config CRYPTO_TWOFISH_COMMON
 	tristate
 	help
 	  Common parts of the Twofish cipher algorithm shared by the
 	  generic c and the assembler implementations.
 config CRYPTO_TWOFISH_586
 	tristate "Twofish cipher algorithms (i586)"
 	depends on (X86 || UML_X86) && !64BIT
 	select CRYPTO_ALGAPI
 	select CRYPTO_TWOFISH_COMMON
 	help
 	  Twofish cipher algorithm.
 	  Twofish was submitted as an AES (Advanced Encryption Standard)
 	  candidate cipher by researchers at CounterPane Systems.  It is a
 	  16 round block cipher supporting key sizes of 128, 192, and 256
 	  bits.
 	  See also:
 	  <http://www.schneier.com/twofish.html>
 config CRYPTO_TWOFISH_X86_64
 	tristate "Twofish cipher algorithm (x86_64)"
 	depends on (X86 || UML_X86) && 64BIT
 	select CRYPTO_ALGAPI
 	select CRYPTO_TWOFISH_COMMON
 	help
 	  Twofish cipher algorithm (x86_64).
 	  Twofish was submitted as an AES (Advanced Encryption Standard)
 	  candidate cipher by researchers at CounterPane Systems.  It is a
 	  16 round block cipher supporting key sizes of 128, 192, and 256
 	  bits.
 	  See also:
 	  <http://www.schneier.com/twofish.html>
 config CRYPTO_SERPENT
 	tristate "Serpent cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  Serpent cipher algorithm, by Anderson, Biham & Knudsen.
 	  Keys are allowed to be from 0 to 256 bits in length, in steps
 	  of 8 bits.  Also includes the 'Tnepres' algorithm, a reversed
 	  variant of Serpent for compatibility with old kerneli code.
 	  See also:
 	  <http://www.cl.cam.ac.uk/~rja14/serpent.html>
 config CRYPTO_AES
 	tristate "AES cipher algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 	  algorithm.
 	  Rijndael appears to be consistently a very good performer in
 	  both hardware and software across a wide range of computing
 	  environments regardless of its use in feedback or non-feedback
 	  modes. Its key setup time is excellent, and its key agility is
 	  good. Rijndael's very low memory requirements make it very well
 	  suited for restricted-space environments, in which it also
 	  demonstrates excellent performance. Rijndael's operations are
 	  among the easiest to defend against power and timing attacks.
 	  The AES specifies three key sizes: 128, 192 and 256 bits
 	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
 config CRYPTO_AES_586
 	tristate "AES cipher algorithms (i586)"
 	depends on (X86 || UML_X86) && !64BIT
 	select CRYPTO_ALGAPI
 	help
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 	  algorithm.
 	  Rijndael appears to be consistently a very good performer in
 	  both hardware and software across a wide range of computing
 	  environments regardless of its use in feedback or non-feedback
 	  modes. Its key setup time is excellent, and its key agility is
 	  good. Rijndael's very low memory requirements make it very well
 	  suited for restricted-space environments, in which it also
 	  demonstrates excellent performance. Rijndael's operations are
 	  among the easiest to defend against power and timing attacks.
 	  The AES specifies three key sizes: 128, 192 and 256 bits
 	  See <http://csrc.nist.gov/encryption/aes/> for more information.
 config CRYPTO_AES_X86_64
 	tristate "AES cipher algorithms (x86_64)"
 	depends on (X86 || UML_X86) && 64BIT
 	select CRYPTO_ALGAPI
 	help
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 	  algorithm.
 	  Rijndael appears to be consistently a very good performer in
 	  both hardware and software across a wide range of computing
 	  environments regardless of its use in feedback or non-feedback
 	  modes. Its key setup time is excellent, and its key agility is
 	  good. Rijndael's very low memory requirements make it very well
 	  suited for restricted-space environments, in which it also
 	  demonstrates excellent performance. Rijndael's operations are
 	  among the easiest to defend against power and timing attacks.
 	  The AES specifies three key sizes: 128, 192 and 256 bits
 	  See <http://csrc.nist.gov/encryption/aes/> for more information.
 config CRYPTO_AES_S390
 	tristate "AES cipher algorithms (s390)"
 	depends on S390
 	select CRYPTO_ALGAPI
 	help
 	  This is the s390 hardware accelerated implementation of the
 	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
 	  algorithm.
 	  Rijndael appears to be consistently a very good performer in
 	  both hardware and software across a wide range of computing
 	  environments regardless of its use in feedback or non-feedback
 	  modes. Its key setup time is excellent, and its key agility is
 	  good. Rijndael's very low memory requirements make it very well
 	  suited for restricted-space environments, in which it also
 	  demonstrates excellent performance. Rijndael's operations are
 	  among the easiest to defend against power and timing attacks.
 	  On s390 the System z9-109 currently only supports the key size
 	  of 128 bit.
 config CRYPTO_CAST5
 	tristate "CAST5 (CAST-128) cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  The CAST5 encryption algorithm (synonymous with CAST-128) is
 	  described in RFC2144.
 config CRYPTO_CAST6
 	tristate "CAST6 (CAST-256) cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  The CAST6 encryption algorithm (synonymous with CAST-256) is
 	  described in RFC2612.
 config CRYPTO_TEA
 	tristate "TEA, XTEA and XETA cipher algorithms"
 	select CRYPTO_ALGAPI
 	help
 	  TEA cipher algorithm.
 	  Tiny Encryption Algorithm is a simple cipher that uses
 	  many rounds for security.  It is very fast and uses
 	  little memory.
 	  Xtendend Tiny Encryption Algorithm is a modification to
 	  the TEA algorithm to address a potential key weakness
 	  in the TEA algorithm.
 	  Xtendend Encryption Tiny Algorithm is a mis-implementation
 	  of the XTEA algorithm for compatibility purposes.
 config CRYPTO_ARC4
 	tristate "ARC4 cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  ARC4 cipher algorithm.
 	  ARC4 is a stream cipher using keys ranging from 8 bits to 2048
 	  bits in length.  This algorithm is required for driver-based
 	  WEP, but it should not be for other purposes because of the
 	  weakness of the algorithm.
 config CRYPTO_KHAZAD
 	tristate "Khazad cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  Khazad cipher algorithm.
 	  Khazad was a finalist in the initial NESSIE competition.  It is
 	  an algorithm optimized for 64-bit processors with good performance
 	  on 32-bit processors.  Khazad uses an 128 bit key size.
 	  See also:
 	  <http://planeta.terra.com.br/informatica/paulobarreto/KhazadPage.html>
 config CRYPTO_ANUBIS
 	tristate "Anubis cipher algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  Anubis cipher algorithm.
 	  Anubis is a variable key length cipher which can use keys from
 	  128 bits to 320 bits in length.  It was evaluated as a entrant
 	  in the NESSIE competition.
 	  See also:
 	  <https://www.cosic.esat.kuleuven.ac.be/nessie/reports/>
 	  <http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html>
 config CRYPTO_DEFLATE
 	tristate "Deflate compression algorithm"
 	select CRYPTO_ALGAPI
 	select ZLIB_INFLATE
 	select ZLIB_DEFLATE
 	help
 	  This is the Deflate algorithm (RFC1951), specified for use in
 	  IPSec with the IPCOMP protocol (RFC3173, RFC2394).
 	  You will most probably want this if using IPSec.
 config CRYPTO_MICHAEL_MIC
 	tristate "Michael MIC keyed digest algorithm"
 	select CRYPTO_ALGAPI
 	help
 	  Michael MIC is used for message integrity protection in TKIP
 	  (IEEE 802.11i). This algorithm is required for TKIP, but it
 	  should not be used for other purposes because of the weakness
 	  of the algorithm.
 config CRYPTO_CRC32C
 	tristate "CRC32c CRC algorithm"
 	select CRYPTO_ALGAPI
 	select LIBCRC32C
 	help
 	  Castagnoli, et al Cyclic Redundancy-Check Algorithm.  Used
 	  by iSCSI for header and data digests and by others.
 	  See Castagnoli93.  This implementation uses lib/libcrc32c.
           Module will be crc32c.
 config CRYPTO_TEST
 	tristate "Testing module"
 	depends on m
 	select CRYPTO_ALGAPI
 	help
 	  Quick & dirty crypto test module.
 source "drivers/crypto/Kconfig"
 endif	# if CRYPTO
 endmenu

crypto/Makefile

Diff comments View file @ 5cde0af

 #
 # Cryptographic API
 #
 obj-$(CONFIG_CRYPTO) += api.o scatterwalk.o cipher.o digest.o compress.o
 crypto_algapi-$(CONFIG_PROC_FS) += proc.o
 crypto_algapi-objs := algapi.o $(crypto_algapi-y)
 obj-$(CONFIG_CRYPTO_ALGAPI) += crypto_algapi.o
+obj-$(CONFIG_CRYPTO_BLKCIPHER) += blkcipher.o
 obj-$(CONFIG_CRYPTO_MANAGER) += cryptomgr.o
 obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
 obj-$(CONFIG_CRYPTO_NULL) += crypto_null.o
 obj-$(CONFIG_CRYPTO_MD4) += md4.o
 obj-$(CONFIG_CRYPTO_MD5) += md5.o
 obj-$(CONFIG_CRYPTO_SHA1) += sha1.o
 obj-$(CONFIG_CRYPTO_SHA256) += sha256.o
 obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
 obj-$(CONFIG_CRYPTO_WP512) += wp512.o
 obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
 obj-$(CONFIG_CRYPTO_DES) += des.o
 obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
 obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
 obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
 obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
 obj-$(CONFIG_CRYPTO_AES) += aes.o
 obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
 obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
 obj-$(CONFIG_CRYPTO_ARC4) += arc4.o
 obj-$(CONFIG_CRYPTO_TEA) += tea.o
 obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
 obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
 obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
 obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
 obj-$(CONFIG_CRYPTO_CRC32C) += crc32c.o
 obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o

crypto/blkcipher.c

Diff comments View file @ 5cde0af

File was created	1	/*
	2	* Block chaining cipher operations.
	3	*
	4	* Generic encrypt/decrypt wrapper for ciphers, handles operations across
	5	* multiple page boundaries by using temporary blocks. In user context,
	6	* the kernel is given a chance to schedule us once per page.
	7	*
	8	* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
	9	*
	10	* This program is free software; you can redistribute it and/or modify it
	11	* under the terms of the GNU General Public License as published by the Free
	12	* Software Foundation; either version 2 of the License, or (at your option)
	13	* any later version.
	14	*
	15	*/
	16
	17	#include <linux/crypto.h>
	18	#include <linux/errno.h>
	19	#include <linux/kernel.h>
	20	#include <linux/io.h>
	21	#include <linux/module.h>
	22	#include <linux/scatterlist.h>
	23	#include <linux/seq_file.h>
	24	#include <linux/slab.h>
	25	#include <linux/string.h>
	26
	27	#include "internal.h"
	28	#include "scatterwalk.h"
	29
	30	enum {
	31	BLKCIPHER_WALK_PHYS = 1 << 0,
	32	BLKCIPHER_WALK_SLOW = 1 << 1,
	33	BLKCIPHER_WALK_COPY = 1 << 2,
	34	BLKCIPHER_WALK_DIFF = 1 << 3,
	35	};
	36
	37	static int blkcipher_walk_next(struct blkcipher_desc *desc,
	38	struct blkcipher_walk *walk);
	39	static int blkcipher_walk_first(struct blkcipher_desc *desc,
	40	struct blkcipher_walk *walk);
	41
	42	static inline void blkcipher_map_src(struct blkcipher_walk *walk)
	43	{
	44	walk->src.virt.addr = scatterwalk_map(&walk->in, 0);
	45	}
	46
	47	static inline void blkcipher_map_dst(struct blkcipher_walk *walk)
	48	{
	49	walk->dst.virt.addr = scatterwalk_map(&walk->out, 1);
	50	}
	51
	52	static inline void blkcipher_unmap_src(struct blkcipher_walk *walk)
	53	{
	54	scatterwalk_unmap(walk->src.virt.addr, 0);
	55	}
	56
	57	static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk)
	58	{
	59	scatterwalk_unmap(walk->dst.virt.addr, 1);
	60	}
	61
	62	static inline u8 blkcipher_get_spot(u8 start, unsigned int len)
	63	{
	64	if (offset_in_page(start + len) < len)
	65	return (u8 *)((unsigned long)(start + len) & PAGE_MASK);
	66	return start;
	67	}
	68
	69	static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
	70	struct blkcipher_walk *walk,
	71	unsigned int bsize)
	72	{
	73	u8 *addr;
	74	unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
	75
	76	addr = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1);
	77	addr = blkcipher_get_spot(addr, bsize);
	78	scatterwalk_copychunks(addr, &walk->out, bsize, 1);
	79	return bsize;
	80	}
	81
	82	static inline unsigned int blkcipher_done_fast(struct blkcipher_walk *walk,
	83	unsigned int n)
	84	{
	85	n = walk->nbytes - n;
	86
	87	if (walk->flags & BLKCIPHER_WALK_COPY) {
	88	blkcipher_map_dst(walk);
	89	memcpy(walk->dst.virt.addr, walk->page, n);
	90	blkcipher_unmap_dst(walk);
	91	} else if (!(walk->flags & BLKCIPHER_WALK_PHYS)) {
	92	blkcipher_unmap_src(walk);
	93	if (walk->flags & BLKCIPHER_WALK_DIFF)
	94	blkcipher_unmap_dst(walk);
	95	}
	96
	97	scatterwalk_advance(&walk->in, n);
	98	scatterwalk_advance(&walk->out, n);
	99
	100	return n;
	101	}
	102
	103	int blkcipher_walk_done(struct blkcipher_desc *desc,
	104	struct blkcipher_walk *walk, int err)
	105	{
	106	struct crypto_blkcipher *tfm = desc->tfm;
	107	unsigned int nbytes = 0;
	108
	109	if (likely(err >= 0)) {
	110	unsigned int bsize = crypto_blkcipher_blocksize(tfm);
	111	unsigned int n;
	112
	113	if (likely(!(walk->flags & BLKCIPHER_WALK_SLOW)))
	114	n = blkcipher_done_fast(walk, err);
	115	else
	116	n = blkcipher_done_slow(tfm, walk, bsize);
	117
	118	nbytes = walk->total - n;
	119	err = 0;
	120	}
	121
	122	scatterwalk_done(&walk->in, 0, nbytes);
	123	scatterwalk_done(&walk->out, 1, nbytes);
	124
	125	walk->total = nbytes;
	126	walk->nbytes = nbytes;
	127
	128	if (nbytes) {
	129	crypto_yield(desc->flags);
	130	return blkcipher_walk_next(desc, walk);
	131	}
	132
	133	if (walk->iv != desc->info)
	134	memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm));
	135	if (walk->buffer != walk->page)
	136	kfree(walk->buffer);
	137	if (walk->page)
	138	free_page((unsigned long)walk->page);
	139
	140	return err;
	141	}
	142	EXPORT_SYMBOL_GPL(blkcipher_walk_done);
	143
	144	static inline int blkcipher_next_slow(struct blkcipher_desc *desc,
	145	struct blkcipher_walk *walk,
	146	unsigned int bsize,
	147	unsigned int alignmask)
	148	{
	149	unsigned int n;
	150
	151	if (walk->buffer)
	152	goto ok;
	153
	154	walk->buffer = walk->page;
	155	if (walk->buffer)
	156	goto ok;
	157
	158	n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
	159	walk->buffer = kmalloc(n, GFP_ATOMIC);
	160	if (!walk->buffer)
	161	return blkcipher_walk_done(desc, walk, -ENOMEM);
	162
	163	ok:
	164	walk->dst.virt.addr = (u8 *)ALIGN((unsigned long)walk->buffer,
	165	alignmask + 1);
	166	walk->dst.virt.addr = blkcipher_get_spot(walk->dst.virt.addr, bsize);
	167	walk->src.virt.addr = blkcipher_get_spot(walk->dst.virt.addr + bsize,
	168	bsize);
	169
	170	scatterwalk_copychunks(walk->src.virt.addr, &walk->in, bsize, 0);
	171
	172	walk->nbytes = bsize;
	173	walk->flags \|= BLKCIPHER_WALK_SLOW;
	174
	175	return 0;
	176	}
	177
	178	static inline int blkcipher_next_copy(struct blkcipher_walk *walk)
	179	{
	180	u8 *tmp = walk->page;
	181
	182	blkcipher_map_src(walk);
	183	memcpy(tmp, walk->src.virt.addr, walk->nbytes);
	184	blkcipher_unmap_src(walk);
	185
	186	walk->src.virt.addr = tmp;
	187	walk->dst.virt.addr = tmp;
	188
	189	return 0;
	190	}
	191
	192	static inline int blkcipher_next_fast(struct blkcipher_desc *desc,
	193	struct blkcipher_walk *walk)
	194	{
	195	unsigned long diff;
	196
	197	walk->src.phys.page = scatterwalk_page(&walk->in);
	198	walk->src.phys.offset = offset_in_page(walk->in.offset);
	199	walk->dst.phys.page = scatterwalk_page(&walk->out);
	200	walk->dst.phys.offset = offset_in_page(walk->out.offset);
	201
	202	if (walk->flags & BLKCIPHER_WALK_PHYS)
	203	return 0;
	204
	205	diff = walk->src.phys.offset - walk->dst.phys.offset;
	206	diff \|= walk->src.virt.page - walk->dst.virt.page;
	207
	208	blkcipher_map_src(walk);
	209	walk->dst.virt.addr = walk->src.virt.addr;
	210
	211	if (diff) {
	212	walk->flags \|= BLKCIPHER_WALK_DIFF;
	213	blkcipher_map_dst(walk);
	214	}
	215
	216	return 0;
	217	}
	218
	219	static int blkcipher_walk_next(struct blkcipher_desc *desc,
	220	struct blkcipher_walk *walk)
	221	{
	222	struct crypto_blkcipher *tfm = desc->tfm;
	223	unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
	224	unsigned int bsize = crypto_blkcipher_blocksize(tfm);
	225	unsigned int n;
	226	int err;
	227
	228	n = walk->total;
	229	if (unlikely(n < bsize)) {
	230	desc->flags \|= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
	231	return blkcipher_walk_done(desc, walk, -EINVAL);
	232	}
	233
	234	walk->flags &= ~(BLKCIPHER_WALK_SLOW \| BLKCIPHER_WALK_COPY \|
	235	BLKCIPHER_WALK_DIFF);
	236	if (!scatterwalk_aligned(&walk->in, alignmask) \|\|
	237	!scatterwalk_aligned(&walk->out, alignmask)) {
	238	walk->flags \|= BLKCIPHER_WALK_COPY;
	239	if (!walk->page) {
	240	walk->page = (void *)__get_free_page(GFP_ATOMIC);
	241	if (!walk->page)
	242	n = 0;
	243	}
	244	}
	245
	246	n = scatterwalk_clamp(&walk->in, n);
	247	n = scatterwalk_clamp(&walk->out, n);
	248
	249	if (unlikely(n < bsize)) {
	250	err = blkcipher_next_slow(desc, walk, bsize, alignmask);
	251	goto set_phys_lowmem;
	252	}
	253
	254	walk->nbytes = n;
	255	if (walk->flags & BLKCIPHER_WALK_COPY) {
	256	err = blkcipher_next_copy(walk);
	257	goto set_phys_lowmem;
	258	}
	259
	260	return blkcipher_next_fast(desc, walk);
	261
	262	set_phys_lowmem:
	263	if (walk->flags & BLKCIPHER_WALK_PHYS) {
	264	walk->src.phys.page = virt_to_page(walk->src.virt.addr);
	265	walk->dst.phys.page = virt_to_page(walk->dst.virt.addr);
	266	walk->src.phys.offset &= PAGE_SIZE - 1;
	267	walk->dst.phys.offset &= PAGE_SIZE - 1;
	268	}
	269	return err;
	270	}
	271
	272	static inline int blkcipher_copy_iv(struct blkcipher_walk *walk,
	273	struct crypto_blkcipher *tfm,
	274	unsigned int alignmask)
	275	{
	276	unsigned bs = crypto_blkcipher_blocksize(tfm);
	277	unsigned int ivsize = crypto_blkcipher_ivsize(tfm);
	278	unsigned int size = bs * 2 + ivsize + max(bs, ivsize) - (alignmask + 1);
	279	u8 *iv;
	280
	281	size += alignmask & ~(crypto_tfm_ctx_alignment() - 1);
	282	walk->buffer = kmalloc(size, GFP_ATOMIC);
	283	if (!walk->buffer)
	284	return -ENOMEM;
	285
	286	iv = (u8 *)ALIGN((unsigned long)walk->buffer, alignmask + 1);
	287	iv = blkcipher_get_spot(iv, bs) + bs;
	288	iv = blkcipher_get_spot(iv, bs) + bs;
	289	iv = blkcipher_get_spot(iv, ivsize);
	290
	291	walk->iv = memcpy(iv, walk->iv, ivsize);
	292	return 0;
	293	}
	294
	295	int blkcipher_walk_virt(struct blkcipher_desc *desc,
	296	struct blkcipher_walk *walk)
	297	{
	298	walk->flags &= ~BLKCIPHER_WALK_PHYS;
	299	return blkcipher_walk_first(desc, walk);
	300	}
	301	EXPORT_SYMBOL_GPL(blkcipher_walk_virt);
	302
	303	int blkcipher_walk_phys(struct blkcipher_desc *desc,
	304	struct blkcipher_walk *walk)
	305	{
	306	walk->flags \|= BLKCIPHER_WALK_PHYS;
	307	return blkcipher_walk_first(desc, walk);
	308	}
	309	EXPORT_SYMBOL_GPL(blkcipher_walk_phys);
	310
	311	static int blkcipher_walk_first(struct blkcipher_desc *desc,
	312	struct blkcipher_walk *walk)
	313	{
	314	struct crypto_blkcipher *tfm = desc->tfm;
	315	unsigned int alignmask = crypto_blkcipher_alignmask(tfm);
	316
	317	walk->nbytes = walk->total;
	318	if (unlikely(!walk->total))
	319	return 0;
	320
	321	walk->buffer = NULL;
	322	walk->iv = desc->info;
	323	if (unlikely(((unsigned long)walk->iv & alignmask))) {
	324	int err = blkcipher_copy_iv(walk, tfm, alignmask);
	325	if (err)
	326	return err;
	327	}
	328
	329	scatterwalk_start(&walk->in, walk->in.sg);
	330	scatterwalk_start(&walk->out, walk->out.sg);
	331	walk->page = NULL;
	332
	333	return blkcipher_walk_next(desc, walk);
	334	}
	335
	336	static int setkey(struct crypto_tfm tfm, const u8 key,
	337	unsigned int keylen)
	338	{
	339	struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
	340
	341	if (keylen < cipher->min_keysize \|\| keylen > cipher->max_keysize) {
	342	tfm->crt_flags \|= CRYPTO_TFM_RES_BAD_KEY_LEN;
	343	return -EINVAL;
	344	}
	345
	346	return cipher->setkey(tfm, key, keylen);
	347	}
	348
	349	static unsigned int crypto_blkcipher_ctxsize(struct crypto_alg *alg)
	350	{
	351	struct blkcipher_alg *cipher = &alg->cra_blkcipher;
	352	unsigned int len = alg->cra_ctxsize;
	353
	354	if (cipher->ivsize) {
	355	len = ALIGN(len, (unsigned long)alg->cra_alignmask + 1);
	356	len += cipher->ivsize;
	357	}
	358
	359	return len;
	360	}
	361
	362	static int crypto_init_blkcipher_ops(struct crypto_tfm *tfm)
	363	{
	364	struct blkcipher_tfm *crt = &tfm->crt_blkcipher;
	365	struct blkcipher_alg *alg = &tfm->__crt_alg->cra_blkcipher;
	366	unsigned long align = crypto_tfm_alg_alignmask(tfm) + 1;
	367	unsigned long addr;
	368
	369	if (alg->ivsize > PAGE_SIZE / 8)
	370	return -EINVAL;
	371
	372	crt->setkey = setkey;
	373	crt->encrypt = alg->encrypt;
	374	crt->decrypt = alg->decrypt;
	375
	376	addr = (unsigned long)crypto_tfm_ctx(tfm);
	377	addr = ALIGN(addr, align);
	378	addr += ALIGN(tfm->__crt_alg->cra_ctxsize, align);
	379	crt->iv = (void *)addr;
	380
	381	return 0;
	382	}
	383
	384	static void crypto_blkcipher_show(struct seq_file m, struct crypto_alg alg)
	385	__attribute_used__;
	386	static void crypto_blkcipher_show(struct seq_file m, struct crypto_alg alg)
	387	{
	388	seq_printf(m, "type : blkcipher\n");
	389	seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
	390	seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize);
	391	seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize);
	392	seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize);
	393	}
	394
	395	const struct crypto_type crypto_blkcipher_type = {
	396	.ctxsize = crypto_blkcipher_ctxsize,
	397	.init = crypto_init_blkcipher_ops,
	398	#ifdef CONFIG_PROC_FS
	399	.show = crypto_blkcipher_show,
	400	#endif
	401	};
	402	EXPORT_SYMBOL_GPL(crypto_blkcipher_type);
	403
	404	MODULE_LICENSE("GPL");
	405	MODULE_DESCRIPTION("Generic block chaining cipher type");
	406

include/crypto/algapi.h

Diff comments View file @ 5cde0af

 /*
  * Cryptographic API for algorithms (i.e., low-level API).
  *
  * Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation; either version 2 of the License, or (at your option)
  * any later version.
  *
  */
 #ifndef _CRYPTO_ALGAPI_H
 #define _CRYPTO_ALGAPI_H
 #include <linux/crypto.h>
 struct module;
 struct seq_file;
 struct crypto_type {
 	unsigned int (*ctxsize)(struct crypto_alg *alg);
 	int (*init)(struct crypto_tfm *tfm);
 	void (*exit)(struct crypto_tfm *tfm);
 	void (*show)(struct seq_file *m, struct crypto_alg *alg);
 };
 struct crypto_instance {
 	struct crypto_alg alg;
 	struct crypto_template *tmpl;
 	struct hlist_node list;
 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
 };
 struct crypto_template {
 	struct list_head list;
 	struct hlist_head instances;
 	struct module *module;
 	struct crypto_instance *(*alloc)(void *param, unsigned int len);
 	void (*free)(struct crypto_instance *inst);
 	char name[CRYPTO_MAX_ALG_NAME];
 };
 struct crypto_spawn {
 	struct list_head list;
 	struct crypto_alg *alg;
 	struct crypto_instance *inst;
 };
 struct scatter_walk {
 	struct scatterlist *sg;
 	unsigned int offset;
 };
+struct blkcipher_walk {
+	union {
+		struct {
+			struct page *page;
+			unsigned long offset;
+		} phys;
+		struct {
+			u8 *page;
+			u8 *addr;
+		} virt;
+	} src, dst;
+	struct scatter_walk in;
+	unsigned int nbytes;
+	struct scatter_walk out;
+	unsigned int total;
+	void *page;
+	u8 *buffer;
+	u8 *iv;
+	int flags;
+};
+extern const struct crypto_type crypto_blkcipher_type;
 int crypto_register_template(struct crypto_template *tmpl);
 void crypto_unregister_template(struct crypto_template *tmpl);
 struct crypto_template *crypto_lookup_template(const char *name);
 int crypto_init_spawn(struct crypto_spawn *spawn, struct crypto_alg *alg,
 		      struct crypto_instance *inst);
 void crypto_drop_spawn(struct crypto_spawn *spawn);
 struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn);
 struct crypto_alg *crypto_get_attr_alg(void *param, unsigned int len,
 				       u32 type, u32 mask);
 struct crypto_instance *crypto_alloc_instance(const char *name,
 					      struct crypto_alg *alg);
+int blkcipher_walk_done(struct blkcipher_desc *desc,
+			struct blkcipher_walk *walk, int err);
+int blkcipher_walk_virt(struct blkcipher_desc *desc,
+			struct blkcipher_walk *walk);
+int blkcipher_walk_phys(struct blkcipher_desc *desc,
+			struct blkcipher_walk *walk);
+static inline void *crypto_tfm_ctx_aligned(struct crypto_tfm *tfm)
+{
+	unsigned long addr = (unsigned long)crypto_tfm_ctx(tfm);
+	unsigned long align = crypto_tfm_alg_alignmask(tfm);
+	if (align <= crypto_tfm_ctx_alignment())
+		align = 1;
+	return (void *)ALIGN(addr, align);
+}
 static inline void *crypto_instance_ctx(struct crypto_instance *inst)
 {
 	return inst->__ctx;
 }
+static inline void *crypto_blkcipher_ctx(struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_ctx(&tfm->base);
+}
+static inline void *crypto_blkcipher_ctx_aligned(struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_ctx_aligned(&tfm->base);
+}
 static inline struct cipher_alg *crypto_cipher_alg(struct crypto_cipher *tfm)
 {
 	return &crypto_cipher_tfm(tfm)->__crt_alg->cra_cipher;
+}
+static inline void blkcipher_walk_init(struct blkcipher_walk *walk,
+				       struct scatterlist *dst,
+				       struct scatterlist *src,
+				       unsigned int nbytes)
+{
+	walk->in.sg = src;
+	walk->out.sg = dst;
+	walk->total = nbytes;
 }
 #endif	/* _CRYPTO_ALGAPI_H */

include/linux/crypto.h

Diff comments View file @ 5cde0af

 /*
  * Scatterlist Cryptographic API.
  *
  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
  * Copyright (c) 2002 David S. Miller (davem@redhat.com)
  * Copyright (c) 2005 Herbert Xu <herbert@gondor.apana.org.au>
  *
  * Portions derived from Cryptoapi, by Alexander Kjeldaas <astor@fast.no>
  * and Nettle, by Niels Möller.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation; either version 2 of the License, or (at your option)
  * any later version.
  *
  */
 #ifndef _LINUX_CRYPTO_H
 #define _LINUX_CRYPTO_H
 #include <asm/atomic.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/types.h>
 #include <linux/list.h>
 #include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/uaccess.h>
 /*
  * Algorithm masks and types.
  */
 #define CRYPTO_ALG_TYPE_MASK		0x0000000f
 #define CRYPTO_ALG_TYPE_CIPHER		0x00000001
 #define CRYPTO_ALG_TYPE_DIGEST		0x00000002
+#define CRYPTO_ALG_TYPE_BLKCIPHER	0x00000003
 #define CRYPTO_ALG_TYPE_COMPRESS	0x00000004
 #define CRYPTO_ALG_LARVAL		0x00000010
 #define CRYPTO_ALG_DEAD			0x00000020
 #define CRYPTO_ALG_DYING		0x00000040
 #define CRYPTO_ALG_ASYNC		0x00000080
 /*
  * Transform masks and values (for crt_flags).
  */
 #define CRYPTO_TFM_MODE_MASK		0x000000ff
 #define CRYPTO_TFM_REQ_MASK		0x000fff00
 #define CRYPTO_TFM_RES_MASK		0xfff00000
 #define CRYPTO_TFM_MODE_ECB		0x00000001
 #define CRYPTO_TFM_MODE_CBC		0x00000002
 #define CRYPTO_TFM_MODE_CFB		0x00000004
 #define CRYPTO_TFM_MODE_CTR		0x00000008
 #define CRYPTO_TFM_REQ_WEAK_KEY		0x00000100
 #define CRYPTO_TFM_REQ_MAY_SLEEP	0x00000200
 #define CRYPTO_TFM_RES_WEAK_KEY		0x00100000
 #define CRYPTO_TFM_RES_BAD_KEY_LEN   	0x00200000
 #define CRYPTO_TFM_RES_BAD_KEY_SCHED 	0x00400000
 #define CRYPTO_TFM_RES_BAD_BLOCK_LEN 	0x00800000
 #define CRYPTO_TFM_RES_BAD_FLAGS 	0x01000000
 /*
  * Miscellaneous stuff.
  */
 #define CRYPTO_UNSPEC			0
 #define CRYPTO_MAX_ALG_NAME		64
 #define CRYPTO_DIR_ENCRYPT		1
 #define CRYPTO_DIR_DECRYPT		0
 /*
  * The macro CRYPTO_MINALIGN_ATTR (along with the void * type in the actual
  * declaration) is used to ensure that the crypto_tfm context structure is
  * aligned correctly for the given architecture so that there are no alignment
  * faults for C data types.  In particular, this is required on platforms such
  * as arm where pointers are 32-bit aligned but there are data types such as
  * u64 which require 64-bit alignment.
  */
 #if defined(ARCH_KMALLOC_MINALIGN)
 #define CRYPTO_MINALIGN ARCH_KMALLOC_MINALIGN
 #elif defined(ARCH_SLAB_MINALIGN)
 #define CRYPTO_MINALIGN ARCH_SLAB_MINALIGN
 #endif
 #ifdef CRYPTO_MINALIGN
 #define CRYPTO_MINALIGN_ATTR __attribute__ ((__aligned__(CRYPTO_MINALIGN)))
 #else
 #define CRYPTO_MINALIGN_ATTR
 #endif
 struct scatterlist;
+struct crypto_blkcipher;
 struct crypto_tfm;
 struct crypto_type;
+struct blkcipher_desc {
+	struct crypto_blkcipher *tfm;
+	void *info;
+	u32 flags;
+};
 struct cipher_desc {
 	struct crypto_tfm *tfm;
 	void (*crfn)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 	unsigned int (*prfn)(const struct cipher_desc *desc, u8 *dst,
 			     const u8 *src, unsigned int nbytes);
 	void *info;
 };
 /*
  * Algorithms: modular crypto algorithm implementations, managed
  * via crypto_register_alg() and crypto_unregister_alg().
  */
+struct blkcipher_alg {
+	int (*setkey)(struct crypto_tfm *tfm, const u8 *key,
+	              unsigned int keylen);
+	int (*encrypt)(struct blkcipher_desc *desc,
+		       struct scatterlist *dst, struct scatterlist *src,
+		       unsigned int nbytes);
+	int (*decrypt)(struct blkcipher_desc *desc,
+		       struct scatterlist *dst, struct scatterlist *src,
+		       unsigned int nbytes);
+	unsigned int min_keysize;
+	unsigned int max_keysize;
+	unsigned int ivsize;
+};
 struct cipher_alg {
 	unsigned int cia_min_keysize;
 	unsigned int cia_max_keysize;
 	int (*cia_setkey)(struct crypto_tfm *tfm, const u8 *key,
 	                  unsigned int keylen);
 	void (*cia_encrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 	void (*cia_decrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 	unsigned int (*cia_encrypt_ecb)(const struct cipher_desc *desc,
 					u8 *dst, const u8 *src,
 					unsigned int nbytes);
 	unsigned int (*cia_decrypt_ecb)(const struct cipher_desc *desc,
 					u8 *dst, const u8 *src,
 					unsigned int nbytes);
 	unsigned int (*cia_encrypt_cbc)(const struct cipher_desc *desc,
 					u8 *dst, const u8 *src,
 					unsigned int nbytes);
 	unsigned int (*cia_decrypt_cbc)(const struct cipher_desc *desc,
 					u8 *dst, const u8 *src,
 					unsigned int nbytes);
 };
 struct digest_alg {
 	unsigned int dia_digestsize;
 	void (*dia_init)(struct crypto_tfm *tfm);
 	void (*dia_update)(struct crypto_tfm *tfm, const u8 *data,
 			   unsigned int len);
 	void (*dia_final)(struct crypto_tfm *tfm, u8 *out);
 	int (*dia_setkey)(struct crypto_tfm *tfm, const u8 *key,
 	                  unsigned int keylen);
 };
 struct compress_alg {
 	int (*coa_compress)(struct crypto_tfm *tfm, const u8 *src,
 			    unsigned int slen, u8 *dst, unsigned int *dlen);
 	int (*coa_decompress)(struct crypto_tfm *tfm, const u8 *src,
 			      unsigned int slen, u8 *dst, unsigned int *dlen);
 };
+#define cra_blkcipher	cra_u.blkcipher
 #define cra_cipher	cra_u.cipher
 #define cra_digest	cra_u.digest
 #define cra_compress	cra_u.compress
 struct crypto_alg {
 	struct list_head cra_list;
 	struct list_head cra_users;
 	u32 cra_flags;
 	unsigned int cra_blocksize;
 	unsigned int cra_ctxsize;
 	unsigned int cra_alignmask;
 	int cra_priority;
 	atomic_t cra_refcnt;
 	char cra_name[CRYPTO_MAX_ALG_NAME];
 	char cra_driver_name[CRYPTO_MAX_ALG_NAME];
 	const struct crypto_type *cra_type;
 	union {
+		struct blkcipher_alg blkcipher;
 		struct cipher_alg cipher;
 		struct digest_alg digest;
 		struct compress_alg compress;
 	} cra_u;
 	int (*cra_init)(struct crypto_tfm *tfm);
 	void (*cra_exit)(struct crypto_tfm *tfm);
 	void (*cra_destroy)(struct crypto_alg *alg);
 	struct module *cra_module;
 };
 /*
  * Algorithm registration interface.
  */
 int crypto_register_alg(struct crypto_alg *alg);
 int crypto_unregister_alg(struct crypto_alg *alg);
 /*
  * Algorithm query interface.
  */
 #ifdef CONFIG_CRYPTO
 int crypto_alg_available(const char *name, u32 flags);
 #else
 static inline int crypto_alg_available(const char *name, u32 flags)
 {
 	return 0;
 }
 #endif
 /*
  * Transforms: user-instantiated objects which encapsulate algorithms
  * and core processing logic.  Managed via crypto_alloc_*() and
  * crypto_free_*(), as well as the various helpers below.
  */
+struct blkcipher_tfm {
+	void *iv;
+	int (*setkey)(struct crypto_tfm *tfm, const u8 *key,
+		      unsigned int keylen);
+	int (*encrypt)(struct blkcipher_desc *desc, struct scatterlist *dst,
+		       struct scatterlist *src, unsigned int nbytes);
+	int (*decrypt)(struct blkcipher_desc *desc, struct scatterlist *dst,
+		       struct scatterlist *src, unsigned int nbytes);
+};
 struct cipher_tfm {
 	void *cit_iv;
 	unsigned int cit_ivsize;
 	u32 cit_mode;
 	int (*cit_setkey)(struct crypto_tfm *tfm,
 	                  const u8 *key, unsigned int keylen);
 	int (*cit_encrypt)(struct crypto_tfm *tfm,
 			   struct scatterlist *dst,
 			   struct scatterlist *src,
 			   unsigned int nbytes);
 	int (*cit_encrypt_iv)(struct crypto_tfm *tfm,
 	                      struct scatterlist *dst,
 	                      struct scatterlist *src,
 	                      unsigned int nbytes, u8 *iv);
 	int (*cit_decrypt)(struct crypto_tfm *tfm,
 			   struct scatterlist *dst,
 			   struct scatterlist *src,
 			   unsigned int nbytes);
 	int (*cit_decrypt_iv)(struct crypto_tfm *tfm,
 			   struct scatterlist *dst,
 			   struct scatterlist *src,
 			   unsigned int nbytes, u8 *iv);
 	void (*cit_xor_block)(u8 *dst, const u8 *src);
 	void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 	void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
 };
 struct digest_tfm {
 	void (*dit_init)(struct crypto_tfm *tfm);
 	void (*dit_update)(struct crypto_tfm *tfm,
 	                   struct scatterlist *sg, unsigned int nsg);
 	void (*dit_final)(struct crypto_tfm *tfm, u8 *out);
 	void (*dit_digest)(struct crypto_tfm *tfm, struct scatterlist *sg,
 	                   unsigned int nsg, u8 *out);
 	int (*dit_setkey)(struct crypto_tfm *tfm,
 	                  const u8 *key, unsigned int keylen);
 #ifdef CONFIG_CRYPTO_HMAC
 	void *dit_hmac_block;
 #endif
 };
 struct compress_tfm {
 	int (*cot_compress)(struct crypto_tfm *tfm,
 	                    const u8 *src, unsigned int slen,
 	                    u8 *dst, unsigned int *dlen);
 	int (*cot_decompress)(struct crypto_tfm *tfm,
 	                      const u8 *src, unsigned int slen,
 	                      u8 *dst, unsigned int *dlen);
 };
+#define crt_blkcipher	crt_u.blkcipher
 #define crt_cipher	crt_u.cipher
 #define crt_digest	crt_u.digest
 #define crt_compress	crt_u.compress
 struct crypto_tfm {
 	u32 crt_flags;
 	union {
+		struct blkcipher_tfm blkcipher;
 		struct cipher_tfm cipher;
 		struct digest_tfm digest;
 		struct compress_tfm compress;
 	} crt_u;
 	struct crypto_alg *__crt_alg;
 	void *__crt_ctx[] CRYPTO_MINALIGN_ATTR;
 };
 #define crypto_cipher crypto_tfm
+struct crypto_blkcipher {
+	struct crypto_tfm base;
+};
 enum {
 	CRYPTOA_UNSPEC,
 	CRYPTOA_ALG,
 };
 struct crypto_attr_alg {
 	char name[CRYPTO_MAX_ALG_NAME];
 };
 /*
  * Transform user interface.
  */
 struct crypto_tfm *crypto_alloc_tfm(const char *alg_name, u32 tfm_flags);
 struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask);
 void crypto_free_tfm(struct crypto_tfm *tfm);
 /*
  * Transform helpers which query the underlying algorithm.
  */
 static inline const char *crypto_tfm_alg_name(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_name;
 }
 static inline const char *crypto_tfm_alg_driver_name(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_driver_name;
 }
 static inline int crypto_tfm_alg_priority(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_priority;
 }
 static inline const char *crypto_tfm_alg_modname(struct crypto_tfm *tfm)
 {
 	return module_name(tfm->__crt_alg->cra_module);
 }
 static inline u32 crypto_tfm_alg_type(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_flags & CRYPTO_ALG_TYPE_MASK;
 }
 static inline unsigned int crypto_tfm_alg_min_keysize(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->__crt_alg->cra_cipher.cia_min_keysize;
 }
 static inline unsigned int crypto_tfm_alg_max_keysize(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->__crt_alg->cra_cipher.cia_max_keysize;
 }
 static inline unsigned int crypto_tfm_alg_ivsize(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_ivsize;
 }
 static inline unsigned int crypto_tfm_alg_blocksize(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_blocksize;
 }
 static inline unsigned int crypto_tfm_alg_digestsize(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	return tfm->__crt_alg->cra_digest.dia_digestsize;
 }
 static inline unsigned int crypto_tfm_alg_alignmask(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_alg->cra_alignmask;
 }
 static inline u32 crypto_tfm_get_flags(struct crypto_tfm *tfm)
 {
 	return tfm->crt_flags;
 }
 static inline void crypto_tfm_set_flags(struct crypto_tfm *tfm, u32 flags)
 {
 	tfm->crt_flags |= flags;
 }
 static inline void crypto_tfm_clear_flags(struct crypto_tfm *tfm, u32 flags)
 {
 	tfm->crt_flags &= ~flags;
 }
 static inline void *crypto_tfm_ctx(struct crypto_tfm *tfm)
 {
 	return tfm->__crt_ctx;
 }
 static inline unsigned int crypto_tfm_ctx_alignment(void)
 {
 	struct crypto_tfm *tfm;
 	return __alignof__(tfm->__crt_ctx);
 }
 /*
  * API wrappers.
  */
+static inline struct crypto_blkcipher *__crypto_blkcipher_cast(
+	struct crypto_tfm *tfm)
+{
+	return (struct crypto_blkcipher *)tfm;
+}
+static inline struct crypto_blkcipher *crypto_blkcipher_cast(
+	struct crypto_tfm *tfm)
+{
+	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_BLKCIPHER);
+	return __crypto_blkcipher_cast(tfm);
+}
+static inline struct crypto_blkcipher *crypto_alloc_blkcipher(
+	const char *alg_name, u32 type, u32 mask)
+{
+	type &= ~CRYPTO_ALG_TYPE_MASK;
+	type |= CRYPTO_ALG_TYPE_BLKCIPHER;
+	mask |= CRYPTO_ALG_TYPE_MASK;
+	return __crypto_blkcipher_cast(crypto_alloc_base(alg_name, type, mask));
+}
+static inline struct crypto_tfm *crypto_blkcipher_tfm(
+	struct crypto_blkcipher *tfm)
+{
+	return &tfm->base;
+}
+static inline void crypto_free_blkcipher(struct crypto_blkcipher *tfm)
+{
+	crypto_free_tfm(crypto_blkcipher_tfm(tfm));
+}
+static inline const char *crypto_blkcipher_name(struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_alg_name(crypto_blkcipher_tfm(tfm));
+}
+static inline struct blkcipher_tfm *crypto_blkcipher_crt(
+	struct crypto_blkcipher *tfm)
+{
+	return &crypto_blkcipher_tfm(tfm)->crt_blkcipher;
+}
+static inline struct blkcipher_alg *crypto_blkcipher_alg(
+	struct crypto_blkcipher *tfm)
+{
+	return &crypto_blkcipher_tfm(tfm)->__crt_alg->cra_blkcipher;
+}
+static inline unsigned int crypto_blkcipher_ivsize(struct crypto_blkcipher *tfm)
+{
+	return crypto_blkcipher_alg(tfm)->ivsize;
+}
+static inline unsigned int crypto_blkcipher_blocksize(
+	struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_alg_blocksize(crypto_blkcipher_tfm(tfm));
+}
+static inline unsigned int crypto_blkcipher_alignmask(
+	struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_alg_alignmask(crypto_blkcipher_tfm(tfm));
+}
+static inline u32 crypto_blkcipher_get_flags(struct crypto_blkcipher *tfm)
+{
+	return crypto_tfm_get_flags(crypto_blkcipher_tfm(tfm));
+}
+static inline void crypto_blkcipher_set_flags(struct crypto_blkcipher *tfm,
+					      u32 flags)
+{
+	crypto_tfm_set_flags(crypto_blkcipher_tfm(tfm), flags);
+}
+static inline void crypto_blkcipher_clear_flags(struct crypto_blkcipher *tfm,
+						u32 flags)
+{
+	crypto_tfm_clear_flags(crypto_blkcipher_tfm(tfm), flags);
+}
+static inline int crypto_blkcipher_setkey(struct crypto_blkcipher *tfm,
+					  const u8 *key, unsigned int keylen)
+{
+	return crypto_blkcipher_crt(tfm)->setkey(crypto_blkcipher_tfm(tfm),
+						 key, keylen);
+}
+static inline int crypto_blkcipher_encrypt(struct blkcipher_desc *desc,
+					   struct scatterlist *dst,
+					   struct scatterlist *src,
+					   unsigned int nbytes)
+{
+	desc->info = crypto_blkcipher_crt(desc->tfm)->iv;
+	return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes);
+}
+static inline int crypto_blkcipher_encrypt_iv(struct blkcipher_desc *desc,
+					      struct scatterlist *dst,
+					      struct scatterlist *src,
+					      unsigned int nbytes)
+{
+	return crypto_blkcipher_crt(desc->tfm)->encrypt(desc, dst, src, nbytes);
+}
+static inline int crypto_blkcipher_decrypt(struct blkcipher_desc *desc,
+					   struct scatterlist *dst,
+					   struct scatterlist *src,
+					   unsigned int nbytes)
+{
+	desc->info = crypto_blkcipher_crt(desc->tfm)->iv;
+	return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes);
+}
+static inline int crypto_blkcipher_decrypt_iv(struct blkcipher_desc *desc,
+					      struct scatterlist *dst,
+					      struct scatterlist *src,
+					      unsigned int nbytes)
+{
+	return crypto_blkcipher_crt(desc->tfm)->decrypt(desc, dst, src, nbytes);
+}
+static inline void crypto_blkcipher_set_iv(struct crypto_blkcipher *tfm,
+					   const u8 *src, unsigned int len)
+{
+	memcpy(crypto_blkcipher_crt(tfm)->iv, src, len);
+}
+static inline void crypto_blkcipher_get_iv(struct crypto_blkcipher *tfm,
+					   u8 *dst, unsigned int len)
+{
+	memcpy(dst, crypto_blkcipher_crt(tfm)->iv, len);
+}
 static inline struct crypto_cipher *__crypto_cipher_cast(struct crypto_tfm *tfm)
 {
 	return (struct crypto_cipher *)tfm;
 }
 static inline struct crypto_cipher *crypto_cipher_cast(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return __crypto_cipher_cast(tfm);
 }
 static inline struct crypto_cipher *crypto_alloc_cipher(const char *alg_name,
 							u32 type, u32 mask)
 {
 	type &= ~CRYPTO_ALG_TYPE_MASK;
 	type |= CRYPTO_ALG_TYPE_CIPHER;
 	mask |= CRYPTO_ALG_TYPE_MASK;
 	return __crypto_cipher_cast(crypto_alloc_base(alg_name, type, mask));
 }
 static inline struct crypto_tfm *crypto_cipher_tfm(struct crypto_cipher *tfm)
 {
 	return tfm;
 }
 static inline void crypto_free_cipher(struct crypto_cipher *tfm)
 {
 	crypto_free_tfm(crypto_cipher_tfm(tfm));
 }
 static inline struct cipher_tfm *crypto_cipher_crt(struct crypto_cipher *tfm)
 {
 	return &crypto_cipher_tfm(tfm)->crt_cipher;
 }
 static inline unsigned int crypto_cipher_blocksize(struct crypto_cipher *tfm)
 {
 	return crypto_tfm_alg_blocksize(crypto_cipher_tfm(tfm));
 }
 static inline unsigned int crypto_cipher_alignmask(struct crypto_cipher *tfm)
 {
 	return crypto_tfm_alg_alignmask(crypto_cipher_tfm(tfm));
 }
 static inline u32 crypto_cipher_get_flags(struct crypto_cipher *tfm)
 {
 	return crypto_tfm_get_flags(crypto_cipher_tfm(tfm));
 }
 static inline void crypto_cipher_set_flags(struct crypto_cipher *tfm,
 					   u32 flags)
 {
 	crypto_tfm_set_flags(crypto_cipher_tfm(tfm), flags);
 }
 static inline void crypto_cipher_clear_flags(struct crypto_cipher *tfm,
 					     u32 flags)
 {
 	crypto_tfm_clear_flags(crypto_cipher_tfm(tfm), flags);
 }
 static inline void crypto_cipher_encrypt_one(struct crypto_cipher *tfm,
 					     u8 *dst, const u8 *src)
 {
 	crypto_cipher_crt(tfm)->cit_encrypt_one(crypto_cipher_tfm(tfm),
 						dst, src);
 }
 static inline void crypto_cipher_decrypt_one(struct crypto_cipher *tfm,
 					     u8 *dst, const u8 *src)
 {
 	crypto_cipher_crt(tfm)->cit_decrypt_one(crypto_cipher_tfm(tfm),
 						dst, src);
 }
 static inline void crypto_digest_init(struct crypto_tfm *tfm)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	tfm->crt_digest.dit_init(tfm);
 }
 static inline void crypto_digest_update(struct crypto_tfm *tfm,
                                         struct scatterlist *sg,
                                         unsigned int nsg)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	tfm->crt_digest.dit_update(tfm, sg, nsg);
 }
 static inline void crypto_digest_final(struct crypto_tfm *tfm, u8 *out)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	tfm->crt_digest.dit_final(tfm, out);
 }
 static inline void crypto_digest_digest(struct crypto_tfm *tfm,
                                         struct scatterlist *sg,
                                         unsigned int nsg, u8 *out)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	tfm->crt_digest.dit_digest(tfm, sg, nsg, out);
 }
 static inline int crypto_digest_setkey(struct crypto_tfm *tfm,
                                        const u8 *key, unsigned int keylen)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_DIGEST);
 	return tfm->crt_digest.dit_setkey(tfm, key, keylen);
 }
 static inline int crypto_cipher_setkey(struct crypto_tfm *tfm,
                                        const u8 *key, unsigned int keylen)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_setkey(tfm, key, keylen);
 }
 static inline int crypto_cipher_encrypt(struct crypto_tfm *tfm,
                                         struct scatterlist *dst,
                                         struct scatterlist *src,
                                         unsigned int nbytes)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_encrypt(tfm, dst, src, nbytes);
 }
 static inline int crypto_cipher_encrypt_iv(struct crypto_tfm *tfm,
                                            struct scatterlist *dst,
                                            struct scatterlist *src,
                                            unsigned int nbytes, u8 *iv)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_encrypt_iv(tfm, dst, src, nbytes, iv);
 }
 static inline int crypto_cipher_decrypt(struct crypto_tfm *tfm,
                                         struct scatterlist *dst,
                                         struct scatterlist *src,
                                         unsigned int nbytes)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_decrypt(tfm, dst, src, nbytes);
 }
 static inline int crypto_cipher_decrypt_iv(struct crypto_tfm *tfm,
                                            struct scatterlist *dst,
                                            struct scatterlist *src,
                                            unsigned int nbytes, u8 *iv)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	return tfm->crt_cipher.cit_decrypt_iv(tfm, dst, src, nbytes, iv);
 }
 static inline void crypto_cipher_set_iv(struct crypto_tfm *tfm,
                                         const u8 *src, unsigned int len)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	memcpy(tfm->crt_cipher.cit_iv, src, len);
 }
 static inline void crypto_cipher_get_iv(struct crypto_tfm *tfm,
                                         u8 *dst, unsigned int len)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_CIPHER);
 	memcpy(dst, tfm->crt_cipher.cit_iv, len);
 }
 static inline int crypto_comp_compress(struct crypto_tfm *tfm,
                                        const u8 *src, unsigned int slen,
                                        u8 *dst, unsigned int *dlen)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_COMPRESS);
 	return tfm->crt_compress.cot_compress(tfm, src, slen, dst, dlen);
 }
 static inline int crypto_comp_decompress(struct crypto_tfm *tfm,
                                          const u8 *src, unsigned int slen,
                                          u8 *dst, unsigned int *dlen)
 {
 	BUG_ON(crypto_tfm_alg_type(tfm) != CRYPTO_ALG_TYPE_COMPRESS);
 	return tfm->crt_compress.cot_decompress(tfm, src, slen, dst, dlen);
 }
 /*
  * HMAC support.
  */
 #ifdef CONFIG_CRYPTO_HMAC
 void crypto_hmac_init(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen);
 void crypto_hmac_update(struct crypto_tfm *tfm,
                         struct scatterlist *sg, unsigned int nsg);
 void crypto_hmac_final(struct crypto_tfm *tfm, u8 *key,
                        unsigned int *keylen, u8 *out);
 void crypto_hmac(struct crypto_tfm *tfm, u8 *key, unsigned int *keylen,
                  struct scatterlist *sg, unsigned int nsg, u8 *out);
 #endif	/* CONFIG_CRYPTO_HMAC */
 #endif	/* _LINUX_CRYPTO_H */