path: root/crypto/gcm.c (plain)
blob: 398f048c452af2a1148edda5cb9abac02301d836

1	/*
2	* GCM: Galois/Counter Mode.
3	*
4	* Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
5	*
6	* This program is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU General Public License version 2 as published
8	* by the Free Software Foundation.
9	*/
10
11	#include <crypto/gf128mul.h>
12	#include <crypto/internal/aead.h>
13	#include <crypto/internal/skcipher.h>
14	#include <crypto/internal/hash.h>
15	#include <crypto/null.h>
16	#include <crypto/scatterwalk.h>
17	#include <crypto/hash.h>
18	#include "internal.h"
19	#include <linux/completion.h>
20	#include <linux/err.h>
21	#include <linux/init.h>
22	#include <linux/kernel.h>
23	#include <linux/module.h>
24	#include <linux/slab.h>
25
26	struct gcm_instance_ctx {
27	struct crypto_skcipher_spawn ctr;
28	struct crypto_ahash_spawn ghash;
29	};
30
31	struct crypto_gcm_ctx {
32	struct crypto_skcipher *ctr;
33	struct crypto_ahash *ghash;
34	};
35
36	struct crypto_rfc4106_ctx {
37	struct crypto_aead *child;
38	u8 nonce[4];
39	};
40
41	struct crypto_rfc4106_req_ctx {
42	struct scatterlist src[3];
43	struct scatterlist dst[3];
44	struct aead_request subreq;
45	};
46
47	struct crypto_rfc4543_instance_ctx {
48	struct crypto_aead_spawn aead;
49	};
50
51	struct crypto_rfc4543_ctx {
52	struct crypto_aead *child;
53	struct crypto_skcipher *null;
54	u8 nonce[4];
55	};
56
57	struct crypto_rfc4543_req_ctx {
58	struct aead_request subreq;
59	};
60
61	struct crypto_gcm_ghash_ctx {
62	unsigned int cryptlen;
63	struct scatterlist *src;
64	int (*complete)(struct aead_request *req, u32 flags);
65	};
66
67	struct crypto_gcm_req_priv_ctx {
68	u8 iv[16];
69	u8 auth_tag[16];
70	u8 iauth_tag[16];
71	struct scatterlist src[3];
72	struct scatterlist dst[3];
73	struct scatterlist sg;
74	struct crypto_gcm_ghash_ctx ghash_ctx;
75	union {
76	struct ahash_request ahreq;
77	struct skcipher_request skreq;
78	} u;
79	};
80
81	struct crypto_gcm_setkey_result {
82	int err;
83	struct completion completion;
84	};
85
86	static struct {
87	u8 buf[16];
88	struct scatterlist sg;
89	} *gcm_zeroes;
90
91	static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc);
92
93	static inline struct crypto_gcm_req_priv_ctx *crypto_gcm_reqctx(
94	struct aead_request *req)
95	{
96	unsigned long align = crypto_aead_alignmask(crypto_aead_reqtfm(req));
97
98	return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1);
99	}
100
101	static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err)
102	{
103	struct crypto_gcm_setkey_result *result = req->data;
104
105	if (err == -EINPROGRESS)
106	return;
107
108	result->err = err;
109	complete(&result->completion);
110	}
111
112	static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
113	unsigned int keylen)
114	{
115	struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
116	struct crypto_ahash *ghash = ctx->ghash;
117	struct crypto_skcipher *ctr = ctx->ctr;
118	struct {
119	be128 hash;
120	u8 iv[16];
121
122	struct crypto_gcm_setkey_result result;
123
124	struct scatterlist sg[1];
125	struct skcipher_request req;
126	} *data;
127	int err;
128
129	crypto_skcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK);
130	crypto_skcipher_set_flags(ctr, crypto_aead_get_flags(aead) &
131	CRYPTO_TFM_REQ_MASK);
132	err = crypto_skcipher_setkey(ctr, key, keylen);
133	crypto_aead_set_flags(aead, crypto_skcipher_get_flags(ctr) &
134	CRYPTO_TFM_RES_MASK);
135	if (err)
136	return err;
137
138	data = kzalloc(sizeof(*data) + crypto_skcipher_reqsize(ctr),
139	GFP_KERNEL);
140	if (!data)
141	return -ENOMEM;
142
143	init_completion(&data->result.completion);
144	sg_init_one(data->sg, &data->hash, sizeof(data->hash));
145	skcipher_request_set_tfm(&data->req, ctr);
146	skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
147	CRYPTO_TFM_REQ_MAY_BACKLOG,
148	crypto_gcm_setkey_done,
149	&data->result);
150	skcipher_request_set_crypt(&data->req, data->sg, data->sg,
151	sizeof(data->hash), data->iv);
152
153	err = crypto_skcipher_encrypt(&data->req);
154	if (err == -EINPROGRESS || err == -EBUSY) {
155	wait_for_completion(&data->result.completion);
156	err = data->result.err;
157	}
158
159	if (err)
160	goto out;
161
162	crypto_ahash_clear_flags(ghash, CRYPTO_TFM_REQ_MASK);
163	crypto_ahash_set_flags(ghash, crypto_aead_get_flags(aead) &
164	CRYPTO_TFM_REQ_MASK);
165	err = crypto_ahash_setkey(ghash, (u8 *)&data->hash, sizeof(be128));
166	crypto_aead_set_flags(aead, crypto_ahash_get_flags(ghash) &
167	CRYPTO_TFM_RES_MASK);
168
169	out:
170	kzfree(data);
171	return err;
172	}
173
174	static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
175	unsigned int authsize)
176	{
177	switch (authsize) {
178	case 4:
179	case 8:
180	case 12:
181	case 13:
182	case 14:
183	case 15:
184	case 16:
185	break;
186	default:
187	return -EINVAL;
188	}
189
190	return 0;
191	}
192
193	static void crypto_gcm_init_common(struct aead_request *req)
194	{
195	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
196	__be32 counter = cpu_to_be32(1);
197	struct scatterlist *sg;
198
199	memset(pctx->auth_tag, 0, sizeof(pctx->auth_tag));
200	memcpy(pctx->iv, req->iv, 12);
201	memcpy(pctx->iv + 12, &counter, 4);
202
203	sg_init_table(pctx->src, 3);
204	sg_set_buf(pctx->src, pctx->auth_tag, sizeof(pctx->auth_tag));
205	sg = scatterwalk_ffwd(pctx->src + 1, req->src, req->assoclen);
206	if (sg != pctx->src + 1)
207	sg_chain(pctx->src, 2, sg);
208
209	if (req->src != req->dst) {
210	sg_init_table(pctx->dst, 3);
211	sg_set_buf(pctx->dst, pctx->auth_tag, sizeof(pctx->auth_tag));
212	sg = scatterwalk_ffwd(pctx->dst + 1, req->dst, req->assoclen);
213	if (sg != pctx->dst + 1)
214	sg_chain(pctx->dst, 2, sg);
215	}
216	}
217
218	static void crypto_gcm_init_crypt(struct aead_request *req,
219	unsigned int cryptlen)
220	{
221	struct crypto_aead *aead = crypto_aead_reqtfm(req);
222	struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
223	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
224	struct skcipher_request *skreq = &pctx->u.skreq;
225	struct scatterlist *dst;
226
227	dst = req->src == req->dst ? pctx->src : pctx->dst;
228
229	skcipher_request_set_tfm(skreq, ctx->ctr);
230	skcipher_request_set_crypt(skreq, pctx->src, dst,
231	cryptlen + sizeof(pctx->auth_tag),
232	pctx->iv);
233	}
234
235	static inline unsigned int gcm_remain(unsigned int len)
236	{
237	len &= 0xfU;
238	return len ? 16 - len : 0;
239	}
240
241	static void gcm_hash_len_done(struct crypto_async_request *areq, int err);
242
243	static int gcm_hash_update(struct aead_request *req,
244	crypto_completion_t compl,
245	struct scatterlist *src,
246	unsigned int len, u32 flags)
247	{
248	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
249	struct ahash_request *ahreq = &pctx->u.ahreq;
250
251	ahash_request_set_callback(ahreq, flags, compl, req);
252	ahash_request_set_crypt(ahreq, src, NULL, len);
253
254	return crypto_ahash_update(ahreq);
255	}
256
257	static int gcm_hash_remain(struct aead_request *req,
258	unsigned int remain,
259	crypto_completion_t compl, u32 flags)
260	{
261	return gcm_hash_update(req, compl, &gcm_zeroes->sg, remain, flags);
262	}
263
264	static int gcm_hash_len(struct aead_request *req, u32 flags)
265	{
266	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
267	struct ahash_request *ahreq = &pctx->u.ahreq;
268	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
269	u128 lengths;
270
271	lengths.a = cpu_to_be64(req->assoclen * 8);
272	lengths.b = cpu_to_be64(gctx->cryptlen * 8);
273	memcpy(pctx->iauth_tag, &lengths, 16);
274	sg_init_one(&pctx->sg, pctx->iauth_tag, 16);
275	ahash_request_set_callback(ahreq, flags, gcm_hash_len_done, req);
276	ahash_request_set_crypt(ahreq, &pctx->sg,
277	pctx->iauth_tag, sizeof(lengths));
278
279	return crypto_ahash_finup(ahreq);
280	}
281
282	static int gcm_hash_len_continue(struct aead_request *req, u32 flags)
283	{
284	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
285	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
286
287	return gctx->complete(req, flags);
288	}
289
290	static void gcm_hash_len_done(struct crypto_async_request *areq, int err)
291	{
292	struct aead_request *req = areq->data;
293
294	if (err)
295	goto out;
296
297	err = gcm_hash_len_continue(req, 0);
298	if (err == -EINPROGRESS)
299	return;
300
301	out:
302	aead_request_complete(req, err);
303	}
304
305	static int gcm_hash_crypt_remain_continue(struct aead_request *req, u32 flags)
306	{
307	return gcm_hash_len(req, flags) ?:
308	gcm_hash_len_continue(req, flags);
309	}
310
311	static void gcm_hash_crypt_remain_done(struct crypto_async_request *areq,
312	int err)
313	{
314	struct aead_request *req = areq->data;
315
316	if (err)
317	goto out;
318
319	err = gcm_hash_crypt_remain_continue(req, 0);
320	if (err == -EINPROGRESS)
321	return;
322
323	out:
324	aead_request_complete(req, err);
325	}
326
327	static int gcm_hash_crypt_continue(struct aead_request *req, u32 flags)
328	{
329	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
330	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
331	unsigned int remain;
332
333	remain = gcm_remain(gctx->cryptlen);
334	if (remain)
335	return gcm_hash_remain(req, remain,
336	gcm_hash_crypt_remain_done, flags) ?:
337	gcm_hash_crypt_remain_continue(req, flags);
338
339	return gcm_hash_crypt_remain_continue(req, flags);
340	}
341
342	static void gcm_hash_crypt_done(struct crypto_async_request *areq, int err)
343	{
344	struct aead_request *req = areq->data;
345
346	if (err)
347	goto out;
348
349	err = gcm_hash_crypt_continue(req, 0);
350	if (err == -EINPROGRESS)
351	return;
352
353	out:
354	aead_request_complete(req, err);
355	}
356
357	static int gcm_hash_assoc_remain_continue(struct aead_request *req, u32 flags)
358	{
359	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
360	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
361
362	if (gctx->cryptlen)
363	return gcm_hash_update(req, gcm_hash_crypt_done,
364	gctx->src, gctx->cryptlen, flags) ?:
365	gcm_hash_crypt_continue(req, flags);
366
367	return gcm_hash_crypt_remain_continue(req, flags);
368	}
369
370	static void gcm_hash_assoc_remain_done(struct crypto_async_request *areq,
371	int err)
372	{
373	struct aead_request *req = areq->data;
374
375	if (err)
376	goto out;
377
378	err = gcm_hash_assoc_remain_continue(req, 0);
379	if (err == -EINPROGRESS)
380	return;
381
382	out:
383	aead_request_complete(req, err);
384	}
385
386	static int gcm_hash_assoc_continue(struct aead_request *req, u32 flags)
387	{
388	unsigned int remain;
389
390	remain = gcm_remain(req->assoclen);
391	if (remain)
392	return gcm_hash_remain(req, remain,
393	gcm_hash_assoc_remain_done, flags) ?:
394	gcm_hash_assoc_remain_continue(req, flags);
395
396	return gcm_hash_assoc_remain_continue(req, flags);
397	}
398
399	static void gcm_hash_assoc_done(struct crypto_async_request *areq, int err)
400	{
401	struct aead_request *req = areq->data;
402
403	if (err)
404	goto out;
405
406	err = gcm_hash_assoc_continue(req, 0);
407	if (err == -EINPROGRESS)
408	return;
409
410	out:
411	aead_request_complete(req, err);
412	}
413
414	static int gcm_hash_init_continue(struct aead_request *req, u32 flags)
415	{
416	if (req->assoclen)
417	return gcm_hash_update(req, gcm_hash_assoc_done,
418	req->src, req->assoclen, flags) ?:
419	gcm_hash_assoc_continue(req, flags);
420
421	return gcm_hash_assoc_remain_continue(req, flags);
422	}
423
424	static void gcm_hash_init_done(struct crypto_async_request *areq, int err)
425	{
426	struct aead_request *req = areq->data;
427
428	if (err)
429	goto out;
430
431	err = gcm_hash_init_continue(req, 0);
432	if (err == -EINPROGRESS)
433	return;
434
435	out:
436	aead_request_complete(req, err);
437	}
438
439	static int gcm_hash(struct aead_request *req, u32 flags)
440	{
441	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
442	struct ahash_request *ahreq = &pctx->u.ahreq;
443	struct crypto_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
444
445	ahash_request_set_tfm(ahreq, ctx->ghash);
446
447	ahash_request_set_callback(ahreq, flags, gcm_hash_init_done, req);
448	return crypto_ahash_init(ahreq) ?:
449	gcm_hash_init_continue(req, flags);
450	}
451
452	static int gcm_enc_copy_hash(struct aead_request *req, u32 flags)
453	{
454	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
455	struct crypto_aead *aead = crypto_aead_reqtfm(req);
456	u8 *auth_tag = pctx->auth_tag;
457
458	crypto_xor(auth_tag, pctx->iauth_tag, 16);
459	scatterwalk_map_and_copy(auth_tag, req->dst,
460	req->assoclen + req->cryptlen,
461	crypto_aead_authsize(aead), 1);
462	return 0;
463	}
464
465	static int gcm_encrypt_continue(struct aead_request *req, u32 flags)
466	{
467	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
468	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
469
470	gctx->src = sg_next(req->src == req->dst ? pctx->src : pctx->dst);
471	gctx->cryptlen = req->cryptlen;
472	gctx->complete = gcm_enc_copy_hash;
473
474	return gcm_hash(req, flags);
475	}
476
477	static void gcm_encrypt_done(struct crypto_async_request *areq, int err)
478	{
479	struct aead_request *req = areq->data;
480
481	if (err)
482	goto out;
483
484	err = gcm_encrypt_continue(req, 0);
485	if (err == -EINPROGRESS)
486	return;
487
488	out:
489	aead_request_complete(req, err);
490	}
491
492	static int crypto_gcm_encrypt(struct aead_request *req)
493	{
494	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
495	struct skcipher_request *skreq = &pctx->u.skreq;
496	u32 flags = aead_request_flags(req);
497
498	crypto_gcm_init_common(req);
499	crypto_gcm_init_crypt(req, req->cryptlen);
500	skcipher_request_set_callback(skreq, flags, gcm_encrypt_done, req);
501
502	return crypto_skcipher_encrypt(skreq) ?:
503	gcm_encrypt_continue(req, flags);
504	}
505
506	static int crypto_gcm_verify(struct aead_request *req)
507	{
508	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
509	struct crypto_aead *aead = crypto_aead_reqtfm(req);
510	u8 *auth_tag = pctx->auth_tag;
511	u8 *iauth_tag = pctx->iauth_tag;
512	unsigned int authsize = crypto_aead_authsize(aead);
513	unsigned int cryptlen = req->cryptlen - authsize;
514
515	crypto_xor(auth_tag, iauth_tag, 16);
516	scatterwalk_map_and_copy(iauth_tag, req->src,
517	req->assoclen + cryptlen, authsize, 0);
518	return crypto_memneq(iauth_tag, auth_tag, authsize) ? -EBADMSG : 0;
519	}
520
521	static void gcm_decrypt_done(struct crypto_async_request *areq, int err)
522	{
523	struct aead_request *req = areq->data;
524
525	if (!err)
526	err = crypto_gcm_verify(req);
527
528	aead_request_complete(req, err);
529	}
530
531	static int gcm_dec_hash_continue(struct aead_request *req, u32 flags)
532	{
533	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
534	struct skcipher_request *skreq = &pctx->u.skreq;
535	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
536
537	crypto_gcm_init_crypt(req, gctx->cryptlen);
538	skcipher_request_set_callback(skreq, flags, gcm_decrypt_done, req);
539	return crypto_skcipher_decrypt(skreq) ?: crypto_gcm_verify(req);
540	}
541
542	static int crypto_gcm_decrypt(struct aead_request *req)
543	{
544	struct crypto_aead *aead = crypto_aead_reqtfm(req);
545	struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
546	struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
547	unsigned int authsize = crypto_aead_authsize(aead);
548	unsigned int cryptlen = req->cryptlen;
549	u32 flags = aead_request_flags(req);
550
551	cryptlen -= authsize;
552
553	crypto_gcm_init_common(req);
554
555	gctx->src = sg_next(pctx->src);
556	gctx->cryptlen = cryptlen;
557	gctx->complete = gcm_dec_hash_continue;
558
559	return gcm_hash(req, flags);
560	}
561
562	static int crypto_gcm_init_tfm(struct crypto_aead *tfm)
563	{
564	struct aead_instance *inst = aead_alg_instance(tfm);
565	struct gcm_instance_ctx *ictx = aead_instance_ctx(inst);
566	struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm);
567	struct crypto_skcipher *ctr;
568	struct crypto_ahash *ghash;
569	unsigned long align;
570	int err;
571
572	ghash = crypto_spawn_ahash(&ictx->ghash);
573	if (IS_ERR(ghash))
574	return PTR_ERR(ghash);
575
576	ctr = crypto_spawn_skcipher2(&ictx->ctr);
577	err = PTR_ERR(ctr);
578	if (IS_ERR(ctr))
579	goto err_free_hash;
580
581	ctx->ctr = ctr;
582	ctx->ghash = ghash;
583
584	align = crypto_aead_alignmask(tfm);
585	align &= ~(crypto_tfm_ctx_alignment() - 1);
586	crypto_aead_set_reqsize(tfm,
587	align + offsetof(struct crypto_gcm_req_priv_ctx, u) +
588	max(sizeof(struct skcipher_request) +
589	crypto_skcipher_reqsize(ctr),
590	sizeof(struct ahash_request) +
591	crypto_ahash_reqsize(ghash)));
592
593	return 0;
594
595	err_free_hash:
596	crypto_free_ahash(ghash);
597	return err;
598	}
599
600	static void crypto_gcm_exit_tfm(struct crypto_aead *tfm)
601	{
602	struct crypto_gcm_ctx *ctx = crypto_aead_ctx(tfm);
603
604	crypto_free_ahash(ctx->ghash);
605	crypto_free_skcipher(ctx->ctr);
606	}
607
608	static void crypto_gcm_free(struct aead_instance *inst)
609	{
610	struct gcm_instance_ctx *ctx = aead_instance_ctx(inst);
611
612	crypto_drop_skcipher(&ctx->ctr);
613	crypto_drop_ahash(&ctx->ghash);
614	kfree(inst);
615	}
616
617	static int crypto_gcm_create_common(struct crypto_template *tmpl,
618	struct rtattr **tb,
619	const char *ctr_name,
620	const char *ghash_name)
621	{
622	struct crypto_attr_type *algt;
623	struct aead_instance *inst;
624	struct skcipher_alg *ctr;
625	struct crypto_alg *ghash_alg;
626	struct hash_alg_common *ghash;
627	struct gcm_instance_ctx *ctx;
628	int err;
629
630	algt = crypto_get_attr_type(tb);
631	if (IS_ERR(algt))
632	return PTR_ERR(algt);
633
634	if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
635	return -EINVAL;
636
637	ghash_alg = crypto_find_alg(ghash_name, &crypto_ahash_type,
638	CRYPTO_ALG_TYPE_HASH,
639	CRYPTO_ALG_TYPE_AHASH_MASK |
640	crypto_requires_sync(algt->type,
641	algt->mask));
642	if (IS_ERR(ghash_alg))
643	return PTR_ERR(ghash_alg);
644
645	ghash = __crypto_hash_alg_common(ghash_alg);
646
647	err = -ENOMEM;
648	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
649	if (!inst)
650	goto out_put_ghash;
651
652	ctx = aead_instance_ctx(inst);
653	err = crypto_init_ahash_spawn(&ctx->ghash, ghash,
654	aead_crypto_instance(inst));
655	if (err)
656	goto err_free_inst;
657
658	err = -EINVAL;
659	if (strcmp(ghash->base.cra_name, "ghash") != 0 ||
660	ghash->digestsize != 16)
661	goto err_drop_ghash;
662
663	crypto_set_skcipher_spawn(&ctx->ctr, aead_crypto_instance(inst));
664	err = crypto_grab_skcipher2(&ctx->ctr, ctr_name, 0,
665	crypto_requires_sync(algt->type,
666	algt->mask));
667	if (err)
668	goto err_drop_ghash;
669
670	ctr = crypto_spawn_skcipher_alg(&ctx->ctr);
671
672	/* The skcipher algorithm must be CTR mode, using 16-byte blocks. */
673	err = -EINVAL;
674	if (strncmp(ctr->base.cra_name, "ctr(", 4) != 0 ||
675	crypto_skcipher_alg_ivsize(ctr) != 16 ||
676	ctr->base.cra_blocksize != 1)
677	goto out_put_ctr;
678
679	err = -ENAMETOOLONG;
680	if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
681	"gcm(%s", ctr->base.cra_name + 4) >= CRYPTO_MAX_ALG_NAME)
682	goto out_put_ctr;
683
684	if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
685	"gcm_base(%s,%s)", ctr->base.cra_driver_name,
686	ghash_alg->cra_driver_name) >=
687	CRYPTO_MAX_ALG_NAME)
688	goto out_put_ctr;
689
690	inst->alg.base.cra_flags = (ghash->base.cra_flags |
691	ctr->base.cra_flags) & CRYPTO_ALG_ASYNC;
692	inst->alg.base.cra_priority = (ghash->base.cra_priority +
693	ctr->base.cra_priority) / 2;
694	inst->alg.base.cra_blocksize = 1;
695	inst->alg.base.cra_alignmask = ghash->base.cra_alignmask |
696	ctr->base.cra_alignmask;
697	inst->alg.base.cra_ctxsize = sizeof(struct crypto_gcm_ctx);
698	inst->alg.ivsize = 12;
699	inst->alg.chunksize = crypto_skcipher_alg_chunksize(ctr);
700	inst->alg.maxauthsize = 16;
701	inst->alg.init = crypto_gcm_init_tfm;
702	inst->alg.exit = crypto_gcm_exit_tfm;
703	inst->alg.setkey = crypto_gcm_setkey;
704	inst->alg.setauthsize = crypto_gcm_setauthsize;
705	inst->alg.encrypt = crypto_gcm_encrypt;
706	inst->alg.decrypt = crypto_gcm_decrypt;
707
708	inst->free = crypto_gcm_free;
709
710	err = aead_register_instance(tmpl, inst);
711	if (err)
712	goto out_put_ctr;
713
714	out_put_ghash:
715	crypto_mod_put(ghash_alg);
716	return err;
717
718	out_put_ctr:
719	crypto_drop_skcipher(&ctx->ctr);
720	err_drop_ghash:
721	crypto_drop_ahash(&ctx->ghash);
722	err_free_inst:
723	kfree(inst);
724	goto out_put_ghash;
725	}
726
727	static int crypto_gcm_create(struct crypto_template *tmpl, struct rtattr **tb)
728	{
729	const char *cipher_name;
730	char ctr_name[CRYPTO_MAX_ALG_NAME];
731
732	cipher_name = crypto_attr_alg_name(tb[1]);
733	if (IS_ERR(cipher_name))
734	return PTR_ERR(cipher_name);
735
736	if (snprintf(ctr_name, CRYPTO_MAX_ALG_NAME, "ctr(%s)", cipher_name) >=
737	CRYPTO_MAX_ALG_NAME)
738	return -ENAMETOOLONG;
739
740	return crypto_gcm_create_common(tmpl, tb, ctr_name, "ghash");
741	}
742
743	static struct crypto_template crypto_gcm_tmpl = {
744	.name = "gcm",
745	.create = crypto_gcm_create,
746	.module = THIS_MODULE,
747	};
748
749	static int crypto_gcm_base_create(struct crypto_template *tmpl,
750	struct rtattr **tb)
751	{
752	const char *ctr_name;
753	const char *ghash_name;
754
755	ctr_name = crypto_attr_alg_name(tb[1]);
756	if (IS_ERR(ctr_name))
757	return PTR_ERR(ctr_name);
758
759	ghash_name = crypto_attr_alg_name(tb[2]);
760	if (IS_ERR(ghash_name))
761	return PTR_ERR(ghash_name);
762
763	return crypto_gcm_create_common(tmpl, tb, ctr_name, ghash_name);
764	}
765
766	static struct crypto_template crypto_gcm_base_tmpl = {
767	.name = "gcm_base",
768	.create = crypto_gcm_base_create,
769	.module = THIS_MODULE,
770	};
771
772	static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key,
773	unsigned int keylen)
774	{
775	struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
776	struct crypto_aead *child = ctx->child;
777	int err;
778
779	if (keylen < 4)
780	return -EINVAL;
781
782	keylen -= 4;
783	memcpy(ctx->nonce, key + keylen, 4);
784
785	crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
786	crypto_aead_set_flags(child, crypto_aead_get_flags(parent) &
787	CRYPTO_TFM_REQ_MASK);
788	err = crypto_aead_setkey(child, key, keylen);
789	crypto_aead_set_flags(parent, crypto_aead_get_flags(child) &
790	CRYPTO_TFM_RES_MASK);
791
792	return err;
793	}
794
795	static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
796	unsigned int authsize)
797	{
798	struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
799
800	switch (authsize) {
801	case 8:
802	case 12:
803	case 16:
804	break;
805	default:
806	return -EINVAL;
807	}
808
809	return crypto_aead_setauthsize(ctx->child, authsize);
810	}
811
812	static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
813	{
814	struct crypto_rfc4106_req_ctx *rctx = aead_request_ctx(req);
815	struct crypto_aead *aead = crypto_aead_reqtfm(req);
816	struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(aead);
817	struct aead_request *subreq = &rctx->subreq;
818	struct crypto_aead *child = ctx->child;
819	struct scatterlist *sg;
820	u8 *iv = PTR_ALIGN((u8 *)(subreq + 1) + crypto_aead_reqsize(child),
821	crypto_aead_alignmask(child) + 1);
822
823	scatterwalk_map_and_copy(iv + 12, req->src, 0, req->assoclen - 8, 0);
824
825	memcpy(iv, ctx->nonce, 4);
826	memcpy(iv + 4, req->iv, 8);
827
828	sg_init_table(rctx->src, 3);
829	sg_set_buf(rctx->src, iv + 12, req->assoclen - 8);
830	sg = scatterwalk_ffwd(rctx->src + 1, req->src, req->assoclen);
831	if (sg != rctx->src + 1)
832	sg_chain(rctx->src, 2, sg);
833
834	if (req->src != req->dst) {
835	sg_init_table(rctx->dst, 3);
836	sg_set_buf(rctx->dst, iv + 12, req->assoclen - 8);
837	sg = scatterwalk_ffwd(rctx->dst + 1, req->dst, req->assoclen);
838	if (sg != rctx->dst + 1)
839	sg_chain(rctx->dst, 2, sg);
840	}
841
842	aead_request_set_tfm(subreq, child);
843	aead_request_set_callback(subreq, req->base.flags, req->base.complete,
844	req->base.data);
845	aead_request_set_crypt(subreq, rctx->src,
846	req->src == req->dst ? rctx->src : rctx->dst,
847	req->cryptlen, iv);
848	aead_request_set_ad(subreq, req->assoclen - 8);
849
850	return subreq;
851	}
852
853	static int crypto_rfc4106_encrypt(struct aead_request *req)
854	{
855	if (req->assoclen != 16 && req->assoclen != 20)
856	return -EINVAL;
857
858	req = crypto_rfc4106_crypt(req);
859
860	return crypto_aead_encrypt(req);
861	}
862
863	static int crypto_rfc4106_decrypt(struct aead_request *req)
864	{
865	if (req->assoclen != 16 && req->assoclen != 20)
866	return -EINVAL;
867
868	req = crypto_rfc4106_crypt(req);
869
870	return crypto_aead_decrypt(req);
871	}
872
873	static int crypto_rfc4106_init_tfm(struct crypto_aead *tfm)
874	{
875	struct aead_instance *inst = aead_alg_instance(tfm);
876	struct crypto_aead_spawn *spawn = aead_instance_ctx(inst);
877	struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm);
878	struct crypto_aead *aead;
879	unsigned long align;
880
881	aead = crypto_spawn_aead(spawn);
882	if (IS_ERR(aead))
883	return PTR_ERR(aead);
884
885	ctx->child = aead;
886
887	align = crypto_aead_alignmask(aead);
888	align &= ~(crypto_tfm_ctx_alignment() - 1);
889	crypto_aead_set_reqsize(
890	tfm,
891	sizeof(struct crypto_rfc4106_req_ctx) +
892	ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) +
893	align + 24);
894
895	return 0;
896	}
897
898	static void crypto_rfc4106_exit_tfm(struct crypto_aead *tfm)
899	{
900	struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(tfm);
901
902	crypto_free_aead(ctx->child);
903	}
904
905	static void crypto_rfc4106_free(struct aead_instance *inst)
906	{
907	crypto_drop_aead(aead_instance_ctx(inst));
908	kfree(inst);
909	}
910
911	static int crypto_rfc4106_create(struct crypto_template *tmpl,
912	struct rtattr **tb)
913	{
914	struct crypto_attr_type *algt;
915	struct aead_instance *inst;
916	struct crypto_aead_spawn *spawn;
917	struct aead_alg *alg;
918	const char *ccm_name;
919	int err;
920
921	algt = crypto_get_attr_type(tb);
922	if (IS_ERR(algt))
923	return PTR_ERR(algt);
924
925	if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
926	return -EINVAL;
927
928	ccm_name = crypto_attr_alg_name(tb[1]);
929	if (IS_ERR(ccm_name))
930	return PTR_ERR(ccm_name);
931
932	inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
933	if (!inst)
934	return -ENOMEM;
935
936	spawn = aead_instance_ctx(inst);
937	crypto_set_aead_spawn(spawn, aead_crypto_instance(inst));
938	err = crypto_grab_aead(spawn, ccm_name, 0,
939	crypto_requires_sync(algt->type, algt->mask));
940	if (err)
941	goto out_free_inst;
942
943	alg = crypto_spawn_aead_alg(spawn);
944
945	err = -EINVAL;
946
947	/* Underlying IV size must be 12. */
948	if (crypto_aead_alg_ivsize(alg) != 12)
949	goto out_drop_alg;
950
951	/* Not a stream cipher? */
952	if (alg->base.cra_blocksize != 1)
953	goto out_drop_alg;
954
955	err = -ENAMETOOLONG;
956	if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
957	"rfc4106(%s)", alg->base.cra_name) >=
958	CRYPTO_MAX_ALG_NAME ||
959	snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
960	"rfc4106(%s)", alg->base.cra_driver_name) >=
961	CRYPTO_MAX_ALG_NAME)
962	goto out_drop_alg;
963
964	inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
965	inst->alg.base.cra_priority = alg->base.cra_priority;
966	inst->alg.base.cra_blocksize = 1;
967	inst->alg.base.cra_alignmask = alg->base.cra_alignmask;
968
969	inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4106_ctx);
970
971	inst->alg.ivsize = 8;
972	inst->alg.chunksize = crypto_aead_alg_chunksize(alg);
973	inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg);
974
975	inst->alg.init = crypto_rfc4106_init_tfm;
976	inst->alg.exit = crypto_rfc4106_exit_tfm;
977
978	inst->alg.setkey = crypto_rfc4106_setkey;
979	inst->alg.setauthsize = crypto_rfc4106_setauthsize;
980	inst->alg.encrypt = crypto_rfc4106_encrypt;
981	inst->alg.decrypt = crypto_rfc4106_decrypt;
982
983	inst->free = crypto_rfc4106_free;
984
985	err = aead_register_instance(tmpl, inst);
986	if (err)
987	goto out_drop_alg;
988
989	out:
990	return err;
991
992	out_drop_alg:
993	crypto_drop_aead(spawn);
994	out_free_inst:
995	kfree(inst);
996	goto out;
997	}
998
999	static struct crypto_template crypto_rfc4106_tmpl = {
1000	.name = "rfc4106",
1001	.create = crypto_rfc4106_create,
1002	.module = THIS_MODULE,
1003	};
1004
1005	static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key,
1006	unsigned int keylen)
1007	{
1008	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent);
1009	struct crypto_aead *child = ctx->child;
1010	int err;
1011
1012	if (keylen < 4)
1013	return -EINVAL;
1014
1015	keylen -= 4;
1016	memcpy(ctx->nonce, key + keylen, 4);
1017
1018	crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
1019	crypto_aead_set_flags(child, crypto_aead_get_flags(parent) &
1020	CRYPTO_TFM_REQ_MASK);
1021	err = crypto_aead_setkey(child, key, keylen);
1022	crypto_aead_set_flags(parent, crypto_aead_get_flags(child) &
1023	CRYPTO_TFM_RES_MASK);
1024
1025	return err;
1026	}
1027
1028	static int crypto_rfc4543_setauthsize(struct crypto_aead *parent,
1029	unsigned int authsize)
1030	{
1031	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(parent);
1032
1033	if (authsize != 16)
1034	return -EINVAL;
1035
1036	return crypto_aead_setauthsize(ctx->child, authsize);
1037	}
1038
1039	static int crypto_rfc4543_crypt(struct aead_request *req, bool enc)
1040	{
1041	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1042	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead);
1043	struct crypto_rfc4543_req_ctx *rctx = aead_request_ctx(req);
1044	struct aead_request *subreq = &rctx->subreq;
1045	unsigned int authsize = crypto_aead_authsize(aead);
1046	u8 *iv = PTR_ALIGN((u8 *)(rctx + 1) + crypto_aead_reqsize(ctx->child),
1047	crypto_aead_alignmask(ctx->child) + 1);
1048	int err;
1049
1050	if (req->src != req->dst) {
1051	err = crypto_rfc4543_copy_src_to_dst(req, enc);
1052	if (err)
1053	return err;
1054	}
1055
1056	memcpy(iv, ctx->nonce, 4);
1057	memcpy(iv + 4, req->iv, 8);
1058
1059	aead_request_set_tfm(subreq, ctx->child);
1060	aead_request_set_callback(subreq, req->base.flags,
1061	req->base.complete, req->base.data);
1062	aead_request_set_crypt(subreq, req->src, req->dst,
1063	enc ? 0 : authsize, iv);
1064	aead_request_set_ad(subreq, req->assoclen + req->cryptlen -
1065	subreq->cryptlen);
1066
1067	return enc ? crypto_aead_encrypt(subreq) : crypto_aead_decrypt(subreq);
1068	}
1069
1070	static int crypto_rfc4543_copy_src_to_dst(struct aead_request *req, bool enc)
1071	{
1072	struct crypto_aead *aead = crypto_aead_reqtfm(req);
1073	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(aead);
1074	unsigned int authsize = crypto_aead_authsize(aead);
1075	unsigned int nbytes = req->assoclen + req->cryptlen -
1076	(enc ? 0 : authsize);
1077	SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null);
1078
1079	skcipher_request_set_tfm(nreq, ctx->null);
1080	skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL);
1081	skcipher_request_set_crypt(nreq, req->src, req->dst, nbytes, NULL);
1082
1083	return crypto_skcipher_encrypt(nreq);
1084	}
1085
1086	static int crypto_rfc4543_encrypt(struct aead_request *req)
1087	{
1088	return crypto_rfc4543_crypt(req, true);
1089	}
1090
1091	static int crypto_rfc4543_decrypt(struct aead_request *req)
1092	{
1093	return crypto_rfc4543_crypt(req, false);
1094	}
1095
1096	static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm)
1097	{
1098	struct aead_instance *inst = aead_alg_instance(tfm);
1099	struct crypto_rfc4543_instance_ctx *ictx = aead_instance_ctx(inst);
1100	struct crypto_aead_spawn *spawn = &ictx->aead;
1101	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm);
1102	struct crypto_aead *aead;
1103	struct crypto_skcipher *null;
1104	unsigned long align;
1105	int err = 0;
1106
1107	aead = crypto_spawn_aead(spawn);
1108	if (IS_ERR(aead))
1109	return PTR_ERR(aead);
1110
1111	null = crypto_get_default_null_skcipher2();
1112	err = PTR_ERR(null);
1113	if (IS_ERR(null))
1114	goto err_free_aead;
1115
1116	ctx->child = aead;
1117	ctx->null = null;
1118
1119	align = crypto_aead_alignmask(aead);
1120	align &= ~(crypto_tfm_ctx_alignment() - 1);
1121	crypto_aead_set_reqsize(
1122	tfm,
1123	sizeof(struct crypto_rfc4543_req_ctx) +
1124	ALIGN(crypto_aead_reqsize(aead), crypto_tfm_ctx_alignment()) +
1125	align + 12);
1126
1127	return 0;
1128
1129	err_free_aead:
1130	crypto_free_aead(aead);
1131	return err;
1132	}
1133
1134	static void crypto_rfc4543_exit_tfm(struct crypto_aead *tfm)
1135	{
1136	struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm);
1137
1138	crypto_free_aead(ctx->child);
1139	crypto_put_default_null_skcipher2();
1140	}
1141
1142	static void crypto_rfc4543_free(struct aead_instance *inst)
1143	{
1144	struct crypto_rfc4543_instance_ctx *ctx = aead_instance_ctx(inst);
1145
1146	crypto_drop_aead(&ctx->aead);
1147
1148	kfree(inst);
1149	}
1150
1151	static int crypto_rfc4543_create(struct crypto_template *tmpl,
1152	struct rtattr **tb)
1153	{
1154	struct crypto_attr_type *algt;
1155	struct aead_instance *inst;
1156	struct crypto_aead_spawn *spawn;
1157	struct aead_alg *alg;
1158	struct crypto_rfc4543_instance_ctx *ctx;
1159	const char *ccm_name;
1160	int err;
1161
1162	algt = crypto_get_attr_type(tb);
1163	if (IS_ERR(algt))
1164	return PTR_ERR(algt);
1165
1166	if ((algt->type ^ CRYPTO_ALG_TYPE_AEAD) & algt->mask)
1167	return -EINVAL;
1168
1169	ccm_name = crypto_attr_alg_name(tb[1]);
1170	if (IS_ERR(ccm_name))
1171	return PTR_ERR(ccm_name);
1172
1173	inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
1174	if (!inst)
1175	return -ENOMEM;
1176
1177	ctx = aead_instance_ctx(inst);
1178	spawn = &ctx->aead;
1179	crypto_set_aead_spawn(spawn, aead_crypto_instance(inst));
1180	err = crypto_grab_aead(spawn, ccm_name, 0,
1181	crypto_requires_sync(algt->type, algt->mask));
1182	if (err)
1183	goto out_free_inst;
1184
1185	alg = crypto_spawn_aead_alg(spawn);
1186
1187	err = -EINVAL;
1188
1189	/* Underlying IV size must be 12. */
1190	if (crypto_aead_alg_ivsize(alg) != 12)
1191	goto out_drop_alg;
1192
1193	/* Not a stream cipher? */
1194	if (alg->base.cra_blocksize != 1)
1195	goto out_drop_alg;
1196
1197	err = -ENAMETOOLONG;
1198	if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
1199	"rfc4543(%s)", alg->base.cra_name) >=
1200	CRYPTO_MAX_ALG_NAME ||
1201	snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
1202	"rfc4543(%s)", alg->base.cra_driver_name) >=
1203	CRYPTO_MAX_ALG_NAME)
1204	goto out_drop_alg;
1205
1206	inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
1207	inst->alg.base.cra_priority = alg->base.cra_priority;
1208	inst->alg.base.cra_blocksize = 1;
1209	inst->alg.base.cra_alignmask = alg->base.cra_alignmask;
1210
1211	inst->alg.base.cra_ctxsize = sizeof(struct crypto_rfc4543_ctx);
1212
1213	inst->alg.ivsize = 8;
1214	inst->alg.chunksize = crypto_aead_alg_chunksize(alg);
1215	inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(alg);
1216
1217	inst->alg.init = crypto_rfc4543_init_tfm;
1218	inst->alg.exit = crypto_rfc4543_exit_tfm;
1219
1220	inst->alg.setkey = crypto_rfc4543_setkey;
1221	inst->alg.setauthsize = crypto_rfc4543_setauthsize;
1222	inst->alg.encrypt = crypto_rfc4543_encrypt;
1223	inst->alg.decrypt = crypto_rfc4543_decrypt;
1224
1225	inst->free = crypto_rfc4543_free,
1226
1227	err = aead_register_instance(tmpl, inst);
1228	if (err)
1229	goto out_drop_alg;
1230
1231	out:
1232	return err;
1233
1234	out_drop_alg:
1235	crypto_drop_aead(spawn);
1236	out_free_inst:
1237	kfree(inst);
1238	goto out;
1239	}
1240
1241	static struct crypto_template crypto_rfc4543_tmpl = {
1242	.name = "rfc4543",
1243	.create = crypto_rfc4543_create,
1244	.module = THIS_MODULE,
1245	};
1246
1247	static int __init crypto_gcm_module_init(void)
1248	{
1249	int err;
1250
1251	gcm_zeroes = kzalloc(sizeof(*gcm_zeroes), GFP_KERNEL);
1252	if (!gcm_zeroes)
1253	return -ENOMEM;
1254
1255	sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf));
1256
1257	err = crypto_register_template(&crypto_gcm_base_tmpl);
1258	if (err)
1259	goto out;
1260
1261	err = crypto_register_template(&crypto_gcm_tmpl);
1262	if (err)
1263	goto out_undo_base;
1264
1265	err = crypto_register_template(&crypto_rfc4106_tmpl);
1266	if (err)
1267	goto out_undo_gcm;
1268
1269	err = crypto_register_template(&crypto_rfc4543_tmpl);
1270	if (err)
1271	goto out_undo_rfc4106;
1272
1273	return 0;
1274
1275	out_undo_rfc4106:
1276	crypto_unregister_template(&crypto_rfc4106_tmpl);
1277	out_undo_gcm:
1278	crypto_unregister_template(&crypto_gcm_tmpl);
1279	out_undo_base:
1280	crypto_unregister_template(&crypto_gcm_base_tmpl);
1281	out:
1282	kfree(gcm_zeroes);
1283	return err;
1284	}
1285
1286	static void __exit crypto_gcm_module_exit(void)
1287	{
1288	kfree(gcm_zeroes);
1289	crypto_unregister_template(&crypto_rfc4543_tmpl);
1290	crypto_unregister_template(&crypto_rfc4106_tmpl);
1291	crypto_unregister_template(&crypto_gcm_tmpl);
1292	crypto_unregister_template(&crypto_gcm_base_tmpl);
1293	}
1294
1295	module_init(crypto_gcm_module_init);
1296	module_exit(crypto_gcm_module_exit);
1297
1298	MODULE_LICENSE("GPL");
1299	MODULE_DESCRIPTION("Galois/Counter Mode");
1300	MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>");
1301	MODULE_ALIAS_CRYPTO("gcm_base");
1302	MODULE_ALIAS_CRYPTO("rfc4106");
1303	MODULE_ALIAS_CRYPTO("rfc4543");
1304	MODULE_ALIAS_CRYPTO("gcm");
1305