File: v2-0008-crypto-AF_ALG-add-KPP-support.patch

package info (click to toggle)
libkcapi 1.4.0-1
links: PTS, VCS
area: main
in suites: bookworm, forky, sid, trixie
size: 2,992 kB
sloc: ansic: 13,808; sh: 2,422; perl: 1,949; makefile: 287
file content (728 lines) | stat: -rw-r--r-- 18,873 bytes
From 50b682087c42e5c42d9aad6333cc591c0de647f3 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Fri, 29 Sep 2017 01:28:40 +0200
Subject: [PATCH v2 8/8] crypto: AF_ALG - add KPP support

The patch externalizes the KPP kernel crypto API to user space. This
allows user space to make use of Diffie-Hellman and EC Diffie-Hellman
operations.

The following operations are supported:

 * DH parameters formatted in PKCS#3 with ALG_SET_DH_PARAMETERS
   setsockopt. The call returns the buffer length user space must
   allocate for the shared secret / public key operation.

 * ECDH curve selection via ALG_SET_ECDH_CURVE setsockopt. The call
   returns the buffer length user space must allocate for the shared
   secret / public key operation.

 * The private key can be set with the ALG_SET_KEY setsockopt. It is
   permissible to provide a NULL key. In this case, the kernel uses the
   tries to generate a private key of appropriate size and sets the key
   with the TFM. The idea is that the caller can obtain the public key
   from the private key, exchange it with the peer, inject the peer's
   public key into the kernel and derive the shared secret. This way,
   the private key does not leave the kernel realm. The call returns the
   buffer length user space must allocate for the shared secret / public
   key operation.

 * The public key is obtained from the private key via the recvmsg
   operation. For this operation, no data sent to the kernel via sendmsg
   or sendpage is required.

 * The shared secret is obtained by providing the peer's public key via
   sendmsg / sendpage and reading the shared secret via recvmsg.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/Kconfig          |  10 +
 crypto/Makefile         |   1 +
 crypto/af_alg.c         |   2 +
 crypto/algif_kpp.c      | 607 ++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/if_alg.h |   2 +
 5 files changed, 622 insertions(+)
 create mode 100644 crypto/algif_kpp.c

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 4975da52ce23..1aa5f4f30d26 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1780,6 +1780,16 @@ config CRYPTO_USER_API_AKCIPHER
 	  This option enables the user-space interface for asymmetric
 	  key cipher algorithms.
 
+config CRYPTO_USER_API_KPP
+	tristate "User-space interface for key protocol primitives algorithms"
+	depends on NET
+	select CRYPTO_KPP2
+	select CRYPTO_USER_API
+	help
+	  This option enables the user-spaces interface for key protocol
+	  primitives algorithms. This covers Diffie-Hellman and EC
+	  Diffie-Hellman.
+
 config CRYPTO_HASH_INFO
 	bool
 
diff --git a/crypto/Makefile b/crypto/Makefile
index d0e72df0f2d1..175dee56cb3d 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -140,6 +140,7 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
 obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o
 obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o
 obj-$(CONFIG_CRYPTO_USER_API_AKCIPHER) += algif_akcipher.o
+obj-$(CONFIG_CRYPTO_USER_API_KPP) += algif_kpp.o
 
 ecdh_generic-y := ecc.o
 ecdh_generic-y += ecdh.o
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 9335a1c56490..0d0b5a77dd73 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -881,6 +881,8 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size,
 		case ALG_OP_SIGN:
 		case ALG_OP_ENCRYPT:
 		case ALG_OP_DECRYPT:
+		case ALG_OP_KEYGEN:
+		case ALG_OP_SSGEN:
 			op = con.op;
 			break;
 		default:
diff --git a/crypto/algif_kpp.c b/crypto/algif_kpp.c
new file mode 100644
index 000000000000..0a05cf0d1d66
--- /dev/null
+++ b/crypto/algif_kpp.c
@@ -0,0 +1,607 @@
+/*
+ * algif_kpp: User-space interface for key protocol primitives algorithms
+ *
+ * Copyright (C) 2017 - 2022, Stephan Mueller <smueller@chronox.de>
+ *
+ * This file provides the user-space API for key protocol primitives.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * The following concept of the memory management is used:
+ *
+ * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
+ * filled by user space with the data submitted via sendpage/sendmsg. Filling
+ * up the TX SGL does not cause a crypto operation -- the data will only be
+ * tracked by the kernel. Upon receipt of one recvmsg call, the caller must
+ * provide a buffer which is tracked with the RX SGL.
+ *
+ * During the processing of the recvmsg operation, the cipher request is
+ * allocated and prepared. As part of the recvmsg operation, the processed
+ * TX buffers are extracted from the TX SGL into a separate SGL.
+ *
+ * After the completion of the crypto operation, the RX SGL and the cipher
+ * request is released. The extracted TX SGL parts are released together with
+ * the RX SGL release.
+ */
+
+#include <crypto/dh.h>
+#include <crypto/ecdh.h>
+#include <crypto/kpp.h>
+#include <crypto/rng.h>
+#include <crypto/if_alg.h>
+#include <crypto/scatterwalk.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/list.h>
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <linux/net.h>
+#include <net/sock.h>
+
+struct kpp_tfm {
+	struct crypto_kpp *kpp;
+	bool has_key;
+
+#define KPP_NO_PARAMS	0
+#define KPP_DH_PARAMS	1
+#define KPP_ECDH_PARAMS	2
+	int has_params;		/* Type of KPP mechanism */
+};
+
+static int kpp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
+{
+	return af_alg_sendmsg(sock, msg, size, 0);
+}
+
+static int _kpp_recvmsg(struct socket *sock, struct msghdr *msg,
+			     size_t ignored, int flags)
+{
+	struct sock *sk = sock->sk;
+	struct alg_sock *ask = alg_sk(sk);
+	struct sock *psk = ask->parent;
+	struct alg_sock *pask = alg_sk(psk);
+	struct af_alg_ctx *ctx = ask->private;
+	struct kpp_tfm *kpp = pask->private;
+	struct crypto_kpp *tfm = kpp->kpp;
+	struct af_alg_async_req *areq;
+	size_t len;
+	size_t used = 0;
+	int err;
+	int maxsize;
+
+	maxsize = crypto_kpp_maxsize(tfm);
+	if (maxsize < 0)
+		return maxsize;
+
+	/* Allocate cipher request for current operation. */
+	areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
+					    crypto_kpp_reqsize(tfm));
+	if (IS_ERR(areq))
+		return PTR_ERR(areq);
+
+	/* convert iovecs of output buffers into RX SGL */
+	err = af_alg_get_rsgl(sk, msg, flags, areq, maxsize, &len);
+	if (err)
+		goto free;
+
+	/* ensure output buffer is sufficiently large */
+	if (len < maxsize) {
+		err = -EMSGSIZE;
+		goto free;
+	}
+
+	/*
+	 * Create a per request TX SGL for this request which tracks the
+	 * SG entries from the global TX SGL.
+	 */
+	if (ctx->op == ALG_OP_SSGEN) {
+		used = ctx->used;
+
+		areq->tsgl_entries = af_alg_count_tsgl(sk, used, 0);
+		if (!areq->tsgl_entries)
+			areq->tsgl_entries = 1;
+		areq->tsgl = sock_kmalloc(
+				sk, sizeof(*areq->tsgl) * areq->tsgl_entries,
+				GFP_KERNEL);
+		if (!areq->tsgl) {
+			err = -ENOMEM;
+			goto free;
+		}
+		sg_init_table(areq->tsgl, areq->tsgl_entries);
+		af_alg_pull_tsgl(sk, used, areq->tsgl, 0);
+	}
+
+	/* Initialize the crypto operation */
+	kpp_request_set_input(&areq->cra_u.kpp_req, areq->tsgl, used);
+	kpp_request_set_output(&areq->cra_u.kpp_req, areq->first_rsgl.sgl.sg,
+			       len);
+	kpp_request_set_tfm(&areq->cra_u.kpp_req, tfm);
+
+	if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) {
+		/* AIO operation */
+		areq->iocb = msg->msg_iocb;
+		kpp_request_set_callback(&areq->cra_u.kpp_req,
+					      CRYPTO_TFM_REQ_MAY_SLEEP,
+					      af_alg_async_cb, areq);
+	} else {
+		/* Synchronous operation */
+		kpp_request_set_callback(&areq->cra_u.kpp_req,
+					      CRYPTO_TFM_REQ_MAY_SLEEP |
+					      CRYPTO_TFM_REQ_MAY_BACKLOG,
+					      af_alg_complete,
+					      &ctx->completion);
+	}
+
+	switch (ctx->op) {
+	case ALG_OP_KEYGEN:
+		err = crypto_kpp_generate_public_key(&areq->cra_u.kpp_req);
+		break;
+	case ALG_OP_SSGEN:
+		err = crypto_kpp_compute_shared_secret(&areq->cra_u.kpp_req);
+		break;
+	default:
+		err = -EOPNOTSUPP;
+		goto free;
+	}
+
+	/* Wait for synchronous operation completion */
+	if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb))
+		err = af_alg_wait_for_completion(err, &ctx->completion);
+
+	/* AIO operation in progress */
+	if (err == -EINPROGRESS) {
+		sock_hold(sk);
+
+		/* Remember output size that will be generated. */
+		areq->outlen = len;
+
+		return -EIOCBQUEUED;
+	}
+
+free:
+	af_alg_free_areq_sgls(areq);
+	sock_kfree_s(sk, areq, areq->areqlen);
+
+	return err ? err : len;
+}
+
+static int kpp_recvmsg(struct socket *sock, struct msghdr *msg,
+			    size_t ignored, int flags)
+{
+	struct sock *sk = sock->sk;
+	struct alg_sock *ask = alg_sk(sk);
+	struct sock *psk = ask->parent;
+	struct alg_sock *pask = alg_sk(psk);
+	struct kpp_tfm *kpp = pask->private;
+	struct crypto_kpp *tfm = kpp->kpp;
+	int ret = 0;
+	int err;
+
+	lock_sock(sk);
+
+	while (msg_data_left(msg)) {
+		err = _kpp_recvmsg(sock, msg, ignored, flags);
+
+		/*
+		 * This error covers -EIOCBQUEUED which implies that we can
+		 * only handle one AIO request. If the caller wants to have
+		 * multiple AIO requests in parallel, he must make multiple
+		 * separate AIO calls.
+		 */
+		if (err <= 0) {
+			if (err == -EIOCBQUEUED || err == -EBADMSG || !ret)
+				ret = err;
+			goto out;
+		}
+
+		ret += err;
+
+		/*
+		 * The caller must provide crypto_kpp_maxsize per request.
+		 * If he provides more, we conclude that multiple kpp
+		 * operations are requested.
+		 */
+		iov_iter_advance(&msg->msg_iter,
+				 crypto_kpp_maxsize(tfm) - err);
+	}
+
+out:
+
+	af_alg_wmem_wakeup(sk);
+	release_sock(sk);
+	return ret;
+}
+
+static struct proto_ops algif_kpp_ops = {
+	.family		=	PF_ALG,
+
+	.connect	=	sock_no_connect,
+	.socketpair	=	sock_no_socketpair,
+	.getname	=	sock_no_getname,
+	.ioctl		=	sock_no_ioctl,
+	.listen		=	sock_no_listen,
+	.shutdown	=	sock_no_shutdown,
+	.getsockopt	=	sock_no_getsockopt,
+	.mmap		=	sock_no_mmap,
+	.bind		=	sock_no_bind,
+	.accept		=	sock_no_accept,
+	.setsockopt	=	sock_no_setsockopt,
+
+	.release	=	af_alg_release,
+	.sendmsg	=	kpp_sendmsg,
+	.sendpage	=	af_alg_sendpage,
+	.recvmsg	=	kpp_recvmsg,
+	.poll		=	af_alg_poll,
+};
+
+static int kpp_check_key(struct socket *sock)
+{
+	struct sock *psk;
+	struct alg_sock *pask;
+	struct kpp_tfm *tfm;
+	struct sock *sk = sock->sk;
+	struct alg_sock *ask = alg_sk(sk);
+	int err = 0;
+
+	lock_sock(sk);
+	if (ask->refcnt)
+		goto unlock_child;
+
+	psk = ask->parent;
+	pask = alg_sk(ask->parent);
+	tfm = pask->private;
+
+	lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
+	if (!tfm->has_key || (tfm->has_params == KPP_NO_PARAMS)) {
+		err = -ENOKEY;
+		goto unlock;
+	}
+
+	if (!pask->refcnt++)
+		sock_hold(psk);
+
+	ask->refcnt = 1;
+	sock_put(psk);
+
+	err = 0;
+
+unlock:
+	release_sock(psk);
+unlock_child:
+	release_sock(sk);
+
+	return err;
+}
+
+static int kpp_sendmsg_nokey(struct socket *sock, struct msghdr *msg,
+				  size_t size)
+{
+	int err;
+
+	err = kpp_check_key(sock);
+	if (err)
+		return err;
+
+	return kpp_sendmsg(sock, msg, size);
+}
+
+static ssize_t kpp_sendpage_nokey(struct socket *sock, struct page *page,
+				       int offset, size_t size, int flags)
+{
+	int err;
+
+	err = kpp_check_key(sock);
+	if (err)
+		return err;
+
+	return af_alg_sendpage(sock, page, offset, size, flags);
+}
+
+static int kpp_recvmsg_nokey(struct socket *sock, struct msghdr *msg,
+				  size_t ignored, int flags)
+{
+	int err;
+
+	err = kpp_check_key(sock);
+	if (err)
+		return err;
+
+	return kpp_recvmsg(sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_kpp_ops_nokey = {
+	.family		=	PF_ALG,
+
+	.connect	=	sock_no_connect,
+	.socketpair	=	sock_no_socketpair,
+	.getname	=	sock_no_getname,
+	.ioctl		=	sock_no_ioctl,
+	.listen		=	sock_no_listen,
+	.shutdown	=	sock_no_shutdown,
+	.getsockopt	=	sock_no_getsockopt,
+	.mmap		=	sock_no_mmap,
+	.bind		=	sock_no_bind,
+	.accept		=	sock_no_accept,
+	.setsockopt	=	sock_no_setsockopt,
+
+	.release	=	af_alg_release,
+	.sendmsg	=	kpp_sendmsg_nokey,
+	.sendpage	=	kpp_sendpage_nokey,
+	.recvmsg	=	kpp_recvmsg_nokey,
+	.poll		=	af_alg_poll,
+};
+
+static void *kpp_bind(const char *name, u32 type, u32 mask)
+{
+	struct kpp_tfm *tfm;
+	struct crypto_kpp *kpp;
+
+	tfm = kmalloc(sizeof(*tfm), GFP_KERNEL);
+	if (!tfm)
+		return ERR_PTR(-ENOMEM);
+
+	kpp = crypto_alloc_kpp(name, type, mask);
+	if (IS_ERR(kpp)) {
+		kfree(tfm);
+		return ERR_CAST(kpp);
+	}
+
+	tfm->kpp = kpp;
+	tfm->has_key = false;
+	tfm->has_params = KPP_NO_PARAMS;
+
+	return tfm;
+}
+
+static void kpp_release(void *private)
+{
+	struct kpp_tfm *tfm = private;
+	struct crypto_kpp *kpp = tfm->kpp;
+
+	crypto_free_kpp(kpp);
+	kfree(tfm);
+}
+
+static int kpp_dh_set_secret(struct crypto_kpp *tfm, struct dh *params)
+{
+	char *packed_key = NULL;
+	unsigned int packed_key_len;
+	int ret;
+
+	packed_key_len = crypto_dh_key_len(params);
+	packed_key = kmalloc(packed_key_len, GFP_KERNEL);
+	if (!packed_key)
+		return -ENOMEM;
+
+	ret = crypto_dh_encode_key(packed_key, packed_key_len, params);
+	if (ret)
+		goto out;
+
+	ret = crypto_kpp_set_secret(tfm, packed_key, packed_key_len);
+
+out:
+	kfree(packed_key);
+	return ret;
+}
+
+static int kpp_dh_set_privkey(struct crypto_kpp *tfm, const u8 *key,
+			      unsigned int keylen)
+{
+	struct dh params = {
+		.key = key,
+		.key_size = keylen,
+		.p = NULL,
+		.p_size = 0,
+		.g = NULL,
+		.g_size = 0,
+	};
+
+	return kpp_dh_set_secret(tfm, &params);
+}
+
+static int kpp_ecdh_set_secret(struct crypto_kpp *tfm, struct ecdh *params)
+{
+	char *packed_key = NULL;
+	unsigned int packed_key_len;
+	int ret;
+
+	packed_key_len = crypto_ecdh_key_len(params);
+	packed_key = kmalloc(packed_key_len, GFP_KERNEL);
+	if (!packed_key)
+		return -ENOMEM;
+
+	ret = crypto_ecdh_encode_key(packed_key, packed_key_len, params);
+	if (ret)
+		goto out;
+
+	ret = crypto_kpp_set_secret(tfm, packed_key, packed_key_len);
+
+out:
+	kfree(packed_key);
+	return ret;
+}
+
+static int kpp_ecdh_set_privkey(struct crypto_kpp *tfm, const u8 *key,
+				unsigned int keylen)
+{
+	struct ecdh params = {
+		.curve_id = 0,
+		.key = key,
+		.key_size = keylen,
+	};
+
+	return kpp_ecdh_set_secret(tfm, &params);
+}
+
+static int kpp_setprivkey(void *private, const u8 *key, unsigned int keylen)
+{
+	struct kpp_tfm *kpp = private;
+	struct crypto_kpp *tfm = kpp->kpp;
+	int err;
+
+	if (kpp->has_params == KPP_NO_PARAMS)
+		return -ENOKEY;
+
+	/* The DH code cannot generate private keys. ECDH can do that */
+	if ((!key || !keylen) && (kpp->has_params == KPP_DH_PARAMS)) {
+		kpp->has_key = false;
+		return -EOPNOTSUPP;
+	}
+
+	switch (kpp->has_params) {
+	case KPP_DH_PARAMS:
+		err = kpp_dh_set_privkey(tfm, key, keylen);
+		break;
+	case KPP_ECDH_PARAMS:
+		err = kpp_ecdh_set_privkey(tfm, key, keylen);
+		break;
+	default:
+		err = -EFAULT;
+	}
+
+	kpp->has_key = !err;
+
+	/* Return the maximum size of the kpp operation. */
+	if (!err)
+		err = crypto_kpp_maxsize(tfm);
+
+	return err;
+}
+
+static int kpp_dh_setparams_pkcs3(void *private, const u8 *params,
+				  unsigned int paramslen)
+{
+	struct kpp_tfm *kpp = private;
+	struct crypto_kpp *tfm = kpp->kpp;
+	int err;
+
+	/* If parameters were already set, disallow setting them again. */
+	if (kpp->has_params != KPP_NO_PARAMS)
+		return -EINVAL;
+
+	err = crypto_kpp_set_params(tfm, params, paramslen);
+	if (!err) {
+		kpp->has_params = KPP_DH_PARAMS;
+		/* Return the maximum size of the kpp operation. */
+		err = crypto_kpp_maxsize(tfm);
+	} else
+		kpp->has_params = KPP_NO_PARAMS;
+
+	return err;
+}
+
+static int kpp_ecdh_setcurve(void *private, const u8 *curveid,
+			     unsigned int curveidlen)
+{
+	struct kpp_tfm *kpp = private;
+	struct crypto_kpp *tfm = kpp->kpp;
+	int err;
+	struct ecdh params = {
+		.key = NULL,
+		.key_size = 0,
+	};
+
+	/* If parameters were already set, disallow setting them again. */
+	if (kpp->has_params != KPP_NO_PARAMS)
+		return -EINVAL;
+
+	if (curveidlen != sizeof(unsigned long))
+		return -EINVAL;
+
+	err = kstrtou16(curveid, 10, &params.curve_id);
+	if (err)
+		return err;
+
+	err = kpp_ecdh_set_secret(tfm, &params);
+	if (!err) {
+		kpp->has_params = KPP_ECDH_PARAMS;
+		/* Return the maximum size of the kpp operation. */
+		err = crypto_kpp_maxsize(tfm);
+	} else
+		kpp->has_params = KPP_NO_PARAMS;
+
+	return err;
+}
+
+static void kpp_sock_destruct(struct sock *sk)
+{
+	struct alg_sock *ask = alg_sk(sk);
+	struct af_alg_ctx *ctx = ask->private;
+
+	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
+	sock_kfree_s(sk, ctx, ctx->len);
+	af_alg_release_parent(sk);
+}
+
+static int kpp_accept_parent_nokey(void *private, struct sock *sk)
+{
+	struct af_alg_ctx *ctx;
+	struct alg_sock *ask = alg_sk(sk);
+	unsigned int len = sizeof(*ctx);
+
+	ctx = sock_kmalloc(sk, len, GFP_KERNEL);
+	if (!ctx)
+		return -ENOMEM;
+
+	INIT_LIST_HEAD(&ctx->tsgl_list);
+	ctx->len = len;
+	ctx->used = 0;
+	ctx->rcvused = 0;
+	ctx->more = 0;
+	ctx->merge = 0;
+	ctx->op = 0;
+	af_alg_init_completion(&ctx->completion);
+
+	ask->private = ctx;
+
+	sk->sk_destruct = kpp_sock_destruct;
+
+	return 0;
+}
+
+static int kpp_accept_parent(void *private, struct sock *sk)
+{
+	struct kpp_tfm *tfm = private;
+
+	if (!tfm->has_key || (tfm->has_params == KPP_NO_PARAMS))
+		return -ENOKEY;
+
+	return kpp_accept_parent_nokey(private, sk);
+}
+
+static const struct af_alg_type algif_type_kpp = {
+	.bind		=	kpp_bind,
+	.release	=	kpp_release,
+	.setkey		=	kpp_setprivkey,
+	.setpubkey	=	NULL,
+	.dhparams	=	kpp_dh_setparams_pkcs3,
+	.ecdhcurve	=	kpp_ecdh_setcurve,
+	.setauthsize	=	NULL,
+	.accept		=	kpp_accept_parent,
+	.accept_nokey	=	kpp_accept_parent_nokey,
+	.ops		=	&algif_kpp_ops,
+	.ops_nokey	=	&algif_kpp_ops_nokey,
+	.name		=	"kpp",
+	.owner		=	THIS_MODULE
+};
+
+static int __init algif_kpp_init(void)
+{
+	return af_alg_register_type(&algif_type_kpp);
+}
+
+static void __exit algif_kpp_exit(void)
+{
+	int err = af_alg_unregister_type(&algif_type_kpp);
+
+	BUG_ON(err);
+}
+
+module_init(algif_kpp_init);
+module_exit(algif_kpp_exit);
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Stephan Mueller <smueller@chronox.de>");
+MODULE_DESCRIPTION("Key protocol primitives kernel crypto API user space interface");
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index a2d7edb38d19..a953e708b4fb 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -23,6 +23,7 @@
 #include <crypto/aead.h>
 #include <crypto/skcipher.h>
 #include <crypto/akcipher.h>
+#include <crypto/kpp.h>
 
 #define ALG_MAX_PAGES			16
 
@@ -123,6 +124,7 @@ struct af_alg_async_req {
 		struct aead_request aead_req;
 		struct skcipher_request skcipher_req;
 		struct akcipher_request akcipher_req;
+		struct kpp_request kpp_req;
 	} cra_u;
 
 	/* req ctx trails this struct */
-- 
2.13.5