Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[CRYPTO] xts: Use proper alignment
The XTS blockmode uses a copy of the IV which is saved on the stack
and may or may not be properly aligned. If it is not, it will break
hardware cipher like the geode or padlock.
This patch encrypts the IV in place so we don't have to worry about
alignment.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Tested-by: Stefan Hellermann <stefan@the2masters.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by Sebastian Siewior and committed by Herbert Xu 6212f2c7 bc97f19d
+6
-7
crypto/xts.c
+6
-7
crypto/xts.c
···
77
77
}
78
78
79
79
struct sinfo {
80
-
be128 t;
80
+
be128 *t;
81
81
struct crypto_tfm *tfm;
82
82
void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
83
83
};
84
84
85
85
static inline void xts_round(struct sinfo *s, void *dst, const void *src)
86
86
{
87
-
be128_xor(dst, &s->t, src); /* PP <- T xor P */
87
+
be128_xor(dst, s->t, src); /* PP <- T xor P */
88
88
s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */
89
-
be128_xor(dst, dst, &s->t); /* C <- T xor CC */
89
+
be128_xor(dst, dst, s->t); /* C <- T xor CC */
90
90
}
91
91
92
92
static int crypt(struct blkcipher_desc *d,
···
101
101
.tfm = crypto_cipher_tfm(ctx->child),
102
102
.fn = fn
103
103
};
104
-
be128 *iv;
105
104
u8 *wsrc;
106
105
u8 *wdst;
107
106
···
108
109
if (!w->nbytes)
109
110
return err;
110
111
112
+
s.t = (be128 *)w->iv;
111
113
avail = w->nbytes;
112
114
113
115
wsrc = w->src.virt.addr;
114
116
wdst = w->dst.virt.addr;
115
117
116
118
/* calculate first value of T */
117
-
iv = (be128 *)w->iv;
118
-
tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
119
+
tw(crypto_cipher_tfm(ctx->tweak), w->iv, w->iv);
119
120
120
121
goto first;
121
122
122
123
for (;;) {
123
124
do {
124
-
gf128mul_x_ble(&s.t, &s.t);
125
+
gf128mul_x_ble(s.t, s.t);
125
126
126
127
first:
127
128
xts_round(&s, wdst, wsrc);