tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ext4: Use skcipher
This patch replaces uses of ablkcipher with skcipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+47
-53
+11
-13
fs/ext4/crypto.c
+11
-13
fs/ext4/crypto.c
···
18
18
* Special Publication 800-38E and IEEE P1619/D16.
19
19
*/
20
20
21
-
#include <crypto/hash.h>
22
-
#include <crypto/sha.h>
21
+
#include <crypto/skcipher.h>
23
22
#include <keys/user-type.h>
24
23
#include <keys/encrypted-type.h>
25
-
#include <linux/crypto.h>
26
24
#include <linux/ecryptfs.h>
27
25
#include <linux/gfp.h>
28
26
#include <linux/kernel.h>
···
259
261
260
262
{
261
263
u8 xts_tweak[EXT4_XTS_TWEAK_SIZE];
262
-
struct ablkcipher_request *req = NULL;
264
+
struct skcipher_request *req = NULL;
263
265
DECLARE_EXT4_COMPLETION_RESULT(ecr);
264
266
struct scatterlist dst, src;
265
267
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
266
-
struct crypto_ablkcipher *tfm = ci->ci_ctfm;
268
+
struct crypto_skcipher *tfm = ci->ci_ctfm;
267
269
int res = 0;
268
270
269
-
req = ablkcipher_request_alloc(tfm, GFP_NOFS);
271
+
req = skcipher_request_alloc(tfm, GFP_NOFS);
270
272
if (!req) {
271
273
printk_ratelimited(KERN_ERR
272
274
"%s: crypto_request_alloc() failed\n",
273
275
__func__);
274
276
return -ENOMEM;
275
277
}
276
-
ablkcipher_request_set_callback(
278
+
skcipher_request_set_callback(
277
279
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
278
280
ext4_crypt_complete, &ecr);
279
281
···
286
288
sg_set_page(&dst, dest_page, PAGE_CACHE_SIZE, 0);
287
289
sg_init_table(&src, 1);
288
290
sg_set_page(&src, src_page, PAGE_CACHE_SIZE, 0);
289
-
ablkcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
290
-
xts_tweak);
291
+
skcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
292
+
xts_tweak);
291
293
if (rw == EXT4_DECRYPT)
292
-
res = crypto_ablkcipher_decrypt(req);
294
+
res = crypto_skcipher_decrypt(req);
293
295
else
294
-
res = crypto_ablkcipher_encrypt(req);
296
+
res = crypto_skcipher_encrypt(req);
295
297
if (res == -EINPROGRESS || res == -EBUSY) {
296
298
wait_for_completion(&ecr.completion);
297
299
res = ecr.res;
298
300
}
299
-
ablkcipher_request_free(req);
301
+
skcipher_request_free(req);
300
302
if (res) {
301
303
printk_ratelimited(
302
304
KERN_ERR
303
-
"%s: crypto_ablkcipher_encrypt() returned %d\n",
305
+
"%s: crypto_skcipher_encrypt() returned %d\n",
304
306
__func__, res);
305
307
return res;
306
308
}
+15
-17
fs/ext4/crypto_fname.c
+15
-17
fs/ext4/crypto_fname.c
···
11
11
*
12
12
*/
13
13
14
-
#include <crypto/hash.h>
15
-
#include <crypto/sha.h>
14
+
#include <crypto/skcipher.h>
16
15
#include <keys/encrypted-type.h>
17
16
#include <keys/user-type.h>
18
-
#include <linux/crypto.h>
19
17
#include <linux/gfp.h>
20
18
#include <linux/kernel.h>
21
19
#include <linux/key.h>
···
63
65
struct ext4_str *oname)
64
66
{
65
67
u32 ciphertext_len;
66
-
struct ablkcipher_request *req = NULL;
68
+
struct skcipher_request *req = NULL;
67
69
DECLARE_EXT4_COMPLETION_RESULT(ecr);
68
70
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
69
-
struct crypto_ablkcipher *tfm = ci->ci_ctfm;
71
+
struct crypto_skcipher *tfm = ci->ci_ctfm;
70
72
int res = 0;
71
73
char iv[EXT4_CRYPTO_BLOCK_SIZE];
72
74
struct scatterlist src_sg, dst_sg;
···
93
95
}
94
96
95
97
/* Allocate request */
96
-
req = ablkcipher_request_alloc(tfm, GFP_NOFS);
98
+
req = skcipher_request_alloc(tfm, GFP_NOFS);
97
99
if (!req) {
98
100
printk_ratelimited(
99
101
KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
100
102
kfree(alloc_buf);
101
103
return -ENOMEM;
102
104
}
103
-
ablkcipher_request_set_callback(req,
105
+
skcipher_request_set_callback(req,
104
106
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
105
107
ext4_dir_crypt_complete, &ecr);
106
108
···
115
117
/* Create encryption request */
116
118
sg_init_one(&src_sg, workbuf, ciphertext_len);
117
119
sg_init_one(&dst_sg, oname->name, ciphertext_len);
118
-
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
119
-
res = crypto_ablkcipher_encrypt(req);
120
+
skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
121
+
res = crypto_skcipher_encrypt(req);
120
122
if (res == -EINPROGRESS || res == -EBUSY) {
121
123
wait_for_completion(&ecr.completion);
122
124
res = ecr.res;
123
125
}
124
126
kfree(alloc_buf);
125
-
ablkcipher_request_free(req);
127
+
skcipher_request_free(req);
126
128
if (res < 0) {
127
129
printk_ratelimited(
128
130
KERN_ERR "%s: Error (error code %d)\n", __func__, res);
···
143
145
struct ext4_str *oname)
144
146
{
145
147
struct ext4_str tmp_in[2], tmp_out[1];
146
-
struct ablkcipher_request *req = NULL;
148
+
struct skcipher_request *req = NULL;
147
149
DECLARE_EXT4_COMPLETION_RESULT(ecr);
148
150
struct scatterlist src_sg, dst_sg;
149
151
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
150
-
struct crypto_ablkcipher *tfm = ci->ci_ctfm;
152
+
struct crypto_skcipher *tfm = ci->ci_ctfm;
151
153
int res = 0;
152
154
char iv[EXT4_CRYPTO_BLOCK_SIZE];
153
155
unsigned lim = max_name_len(inode);
···
160
162
tmp_out[0].name = oname->name;
161
163
162
164
/* Allocate request */
163
-
req = ablkcipher_request_alloc(tfm, GFP_NOFS);
165
+
req = skcipher_request_alloc(tfm, GFP_NOFS);
164
166
if (!req) {
165
167
printk_ratelimited(
166
168
KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
167
169
return -ENOMEM;
168
170
}
169
-
ablkcipher_request_set_callback(req,
171
+
skcipher_request_set_callback(req,
170
172
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
171
173
ext4_dir_crypt_complete, &ecr);
172
174
···
176
178
/* Create encryption request */
177
179
sg_init_one(&src_sg, iname->name, iname->len);
178
180
sg_init_one(&dst_sg, oname->name, oname->len);
179
-
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
180
-
res = crypto_ablkcipher_decrypt(req);
181
+
skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
182
+
res = crypto_skcipher_decrypt(req);
181
183
if (res == -EINPROGRESS || res == -EBUSY) {
182
184
wait_for_completion(&ecr.completion);
183
185
res = ecr.res;
184
186
}
185
-
ablkcipher_request_free(req);
187
+
skcipher_request_free(req);
186
188
if (res < 0) {
187
189
printk_ratelimited(
188
190
KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n",
+20
-22
fs/ext4/crypto_key.c
+20
-22
fs/ext4/crypto_key.c
···
8
8
* Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
9
9
*/
10
10
11
+
#include <crypto/skcipher.h>
11
12
#include <keys/encrypted-type.h>
12
13
#include <keys/user-type.h>
13
14
#include <linux/random.h>
···
42
41
char derived_key[EXT4_AES_256_XTS_KEY_SIZE])
43
42
{
44
43
int res = 0;
45
-
struct ablkcipher_request *req = NULL;
44
+
struct skcipher_request *req = NULL;
46
45
DECLARE_EXT4_COMPLETION_RESULT(ecr);
47
46
struct scatterlist src_sg, dst_sg;
48
-
struct crypto_ablkcipher *tfm = crypto_alloc_ablkcipher("ecb(aes)", 0,
49
-
0);
47
+
struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);
50
48
51
49
if (IS_ERR(tfm)) {
52
50
res = PTR_ERR(tfm);
53
51
tfm = NULL;
54
52
goto out;
55
53
}
56
-
crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
57
-
req = ablkcipher_request_alloc(tfm, GFP_NOFS);
54
+
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
55
+
req = skcipher_request_alloc(tfm, GFP_NOFS);
58
56
if (!req) {
59
57
res = -ENOMEM;
60
58
goto out;
61
59
}
62
-
ablkcipher_request_set_callback(req,
60
+
skcipher_request_set_callback(req,
63
61
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
64
62
derive_crypt_complete, &ecr);
65
-
res = crypto_ablkcipher_setkey(tfm, deriving_key,
66
-
EXT4_AES_128_ECB_KEY_SIZE);
63
+
res = crypto_skcipher_setkey(tfm, deriving_key,
64
+
EXT4_AES_128_ECB_KEY_SIZE);
67
65
if (res < 0)
68
66
goto out;
69
67
sg_init_one(&src_sg, source_key, EXT4_AES_256_XTS_KEY_SIZE);
70
68
sg_init_one(&dst_sg, derived_key, EXT4_AES_256_XTS_KEY_SIZE);
71
-
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg,
72
-
EXT4_AES_256_XTS_KEY_SIZE, NULL);
73
-
res = crypto_ablkcipher_encrypt(req);
69
+
skcipher_request_set_crypt(req, &src_sg, &dst_sg,
70
+
EXT4_AES_256_XTS_KEY_SIZE, NULL);
71
+
res = crypto_skcipher_encrypt(req);
74
72
if (res == -EINPROGRESS || res == -EBUSY) {
75
73
wait_for_completion(&ecr.completion);
76
74
res = ecr.res;
77
75
}
78
76
79
77
out:
80
-
if (req)
81
-
ablkcipher_request_free(req);
82
-
if (tfm)
83
-
crypto_free_ablkcipher(tfm);
78
+
skcipher_request_free(req);
79
+
crypto_free_skcipher(tfm);
84
80
return res;
85
81
}
86
82
···
88
90
89
91
if (ci->ci_keyring_key)
90
92
key_put(ci->ci_keyring_key);
91
-
crypto_free_ablkcipher(ci->ci_ctfm);
93
+
crypto_free_skcipher(ci->ci_ctfm);
92
94
kmem_cache_free(ext4_crypt_info_cachep, ci);
93
95
}
94
96
···
120
122
struct ext4_encryption_context ctx;
121
123
const struct user_key_payload *ukp;
122
124
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
123
-
struct crypto_ablkcipher *ctfm;
125
+
struct crypto_skcipher *ctfm;
124
126
const char *cipher_str;
125
127
char raw_key[EXT4_MAX_KEY_SIZE];
126
128
char mode;
···
235
237
if (res)
236
238
goto out;
237
239
got_key:
238
-
ctfm = crypto_alloc_ablkcipher(cipher_str, 0, 0);
240
+
ctfm = crypto_alloc_skcipher(cipher_str, 0, 0);
239
241
if (!ctfm || IS_ERR(ctfm)) {
240
242
res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
241
243
printk(KERN_DEBUG
···
244
246
goto out;
245
247
}
246
248
crypt_info->ci_ctfm = ctfm;
247
-
crypto_ablkcipher_clear_flags(ctfm, ~0);
248
-
crypto_tfm_set_flags(crypto_ablkcipher_tfm(ctfm),
249
+
crypto_skcipher_clear_flags(ctfm, ~0);
250
+
crypto_tfm_set_flags(crypto_skcipher_tfm(ctfm),
249
251
CRYPTO_TFM_REQ_WEAK_KEY);
250
-
res = crypto_ablkcipher_setkey(ctfm, raw_key,
251
-
ext4_encryption_key_size(mode));
252
+
res = crypto_skcipher_setkey(ctfm, raw_key,
253
+
ext4_encryption_key_size(mode));
252
254
if (res)
253
255
goto out;
254
256
memzero_explicit(raw_key, sizeof(raw_key));