net/ovpn/crypto_aead.c

32 static int ovpn_aead_encap_overhead(const struct ovpn_crypto_key_slot *ks)
36 		crypto_aead_authsize(ks->encrypt);	/* Auth Tag */
39 int ovpn_aead_encrypt(struct ovpn_peer *peer, struct ovpn_crypto_key_slot *ks,
42 	const unsigned int tag_size = crypto_aead_authsize(ks->encrypt);
51 	ovpn_skb_cb(skb)->ks = ks;
104 	ret = ovpn_pktid_xmit_next(&ks->pid_xmit, &pktid);
118 	ovpn_pktid_aead_write(pktid, ks->nonce_tail_xmit, iv);
125 	op = ovpn_opcode_compose(OVPN_DATA_V2, ks->key_id, peer->id);
133 	req = aead_request_alloc(ks->encrypt, GFP_ATOMIC);
140 	aead_request_set_tfm(req, ks->encrypt);
143 			       skb->len - ovpn_aead_encap_overhead(ks), iv);
150 int ovpn_aead_decrypt(struct ovpn_peer *peer, struct ovpn_crypto_key_slot *ks,
153 	const unsigned int tag_size = crypto_aead_authsize(ks->decrypt);
166 	ovpn_skb_cb(skb)->ks = ks;
225 	memcpy(iv + OVPN_NONCE_WIRE_SIZE, ks->nonce_tail_recv,
228 	req = aead_request_alloc(ks->decrypt, GFP_ATOMIC);
235 	aead_request_set_tfm(req, ks->decrypt);
297 void ovpn_aead_crypto_key_slot_destroy(struct ovpn_crypto_key_slot *ks)
299 	if (!ks)
302 	crypto_free_aead(ks->encrypt);
303 	crypto_free_aead(ks->decrypt);
304 	kfree(ks);
310 	struct ovpn_crypto_key_slot *ks = NULL;
331 	ks = kmalloc(sizeof(*ks), GFP_KERNEL);
332 	if (!ks)
335 	ks->encrypt = NULL;
336 	ks->decrypt = NULL;
337 	kref_init(&ks->refcount);
338 	ks->key_id = kc->key_id;
340 	ks->encrypt = ovpn_aead_init("encrypt", alg_name,
343 	if (IS_ERR(ks->encrypt)) {
344 		ret = PTR_ERR(ks->encrypt);
345 		ks->encrypt = NULL;
349 	ks->decrypt = ovpn_aead_init("decrypt", alg_name,
352 	if (IS_ERR(ks->decrypt)) {
353 		ret = PTR_ERR(ks->decrypt);
354 		ks->decrypt = NULL;
358 	memcpy(ks->nonce_tail_xmit, kc->encrypt.nonce_tail,
360 	memcpy(ks->nonce_tail_recv, kc->decrypt.nonce_tail,
364 	ovpn_pktid_xmit_init(&ks->pid_xmit);
365 	ovpn_pktid_recv_init(&ks->pid_recv);
367 	return ks;
370 	ovpn_aead_crypto_key_slot_destroy(ks);
374 enum ovpn_cipher_alg ovpn_aead_crypto_alg(struct ovpn_crypto_key_slot *ks)
378 	if (!ks->encrypt)
381 	alg_name = crypto_tfm_alg_name(crypto_aead_tfm(ks->encrypt));