tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in vmx ghash fix.
+158
-197
+1
-1
arch/arm/crypto/aes-ce-glue.c
+1
-1
arch/arm/crypto/aes-ce-glue.c
···
284
284
err = blkcipher_walk_done(desc, &walk,
285
285
walk.nbytes % AES_BLOCK_SIZE);
286
286
}
287
-
if (nbytes) {
287
+
if (walk.nbytes % AES_BLOCK_SIZE) {
288
288
u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
289
289
u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
290
290
u8 __aligned(8) tail[AES_BLOCK_SIZE];
+1
-1
arch/arm64/crypto/aes-glue.c
+1
-1
arch/arm64/crypto/aes-glue.c
···
216
216
err = blkcipher_walk_done(desc, &walk,
217
217
walk.nbytes % AES_BLOCK_SIZE);
218
218
}
219
-
if (nbytes) {
219
+
if (walk.nbytes % AES_BLOCK_SIZE) {
220
220
u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;
221
221
u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;
222
222
u8 __aligned(8) tail[AES_BLOCK_SIZE];
+2
-2
arch/x86/crypto/sha256-mb/sha256_mb.c
+2
-2
arch/x86/crypto/sha256-mb/sha256_mb.c
···
485
485
486
486
req = cast_mcryptd_ctx_to_req(req_ctx);
487
487
if (irqs_disabled())
488
-
rctx->complete(&req->base, ret);
488
+
req_ctx->complete(&req->base, ret);
489
489
else {
490
490
local_bh_disable();
491
-
rctx->complete(&req->base, ret);
491
+
req_ctx->complete(&req->base, ret);
492
492
local_bh_enable();
493
493
}
494
494
}
+4
-3
arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
+4
-3
arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
···
265
265
vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
266
266
vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
267
267
vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
268
-
movl _args_digest+4*32(state, idx, 4), tmp2_w
268
+
vmovd _args_digest(state , idx, 4) , %xmm0
269
269
vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1
270
270
vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1
271
271
vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1
272
272
273
-
vmovdqu %xmm0, _result_digest(job_rax)
274
-
movl tmp2_w, _result_digest+1*16(job_rax)
273
+
vmovdqu %xmm0, _result_digest(job_rax)
274
+
offset = (_result_digest + 1*16)
275
+
vmovdqu %xmm1, offset(job_rax)
275
276
276
277
pop %rbx
277
278
+2
-2
arch/x86/crypto/sha512-mb/sha512_mb.c
+2
-2
arch/x86/crypto/sha512-mb/sha512_mb.c
···
497
497
498
498
req = cast_mcryptd_ctx_to_req(req_ctx);
499
499
if (irqs_disabled())
500
-
rctx->complete(&req->base, ret);
500
+
req_ctx->complete(&req->base, ret);
501
501
else {
502
502
local_bh_disable();
503
-
rctx->complete(&req->base, ret);
503
+
req_ctx->complete(&req->base, ret);
504
504
local_bh_enable();
505
505
}
506
506
}
+2
-1
crypto/blkcipher.c
+2
-1
crypto/blkcipher.c
···
233
233
return blkcipher_walk_done(desc, walk, -EINVAL);
234
234
}
235
235
236
+
bsize = min(walk->walk_blocksize, n);
237
+
236
238
walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
237
239
BLKCIPHER_WALK_DIFF);
238
240
if (!scatterwalk_aligned(&walk->in, walk->alignmask) ||
···
247
245
}
248
246
}
249
247
250
-
bsize = min(walk->walk_blocksize, n);
251
248
n = scatterwalk_clamp(&walk->in, n);
252
249
n = scatterwalk_clamp(&walk->out, n);
253
250
+9
-3
crypto/cryptd.c
+9
-3
crypto/cryptd.c
···
631
631
632
632
static int cryptd_hash_import(struct ahash_request *req, const void *in)
633
633
{
634
-
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
634
+
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
635
+
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
636
+
struct shash_desc *desc = cryptd_shash_desc(req);
635
637
636
-
return crypto_shash_import(&rctx->desc, in);
638
+
desc->tfm = ctx->child;
639
+
desc->flags = req->base.flags;
640
+
641
+
return crypto_shash_import(desc, in);
637
642
}
638
643
639
644
static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
···
738
733
rctx = aead_request_ctx(req);
739
734
compl = rctx->complete;
740
735
736
+
tfm = crypto_aead_reqtfm(req);
737
+
741
738
if (unlikely(err == -EINPROGRESS))
742
739
goto out;
743
740
aead_request_set_tfm(req, child);
744
741
err = crypt( req );
745
742
746
743
out:
747
-
tfm = crypto_aead_reqtfm(req);
748
744
ctx = crypto_aead_ctx(tfm);
749
745
refcnt = atomic_read(&ctx->refcnt);
750
746
+25
-92
crypto/echainiv.c
+25
-92
crypto/echainiv.c
···
1
1
/*
2
2
* echainiv: Encrypted Chain IV Generator
3
3
*
4
-
* This generator generates an IV based on a sequence number by xoring it
5
-
* with a salt and then encrypting it with the same key as used to encrypt
4
+
* This generator generates an IV based on a sequence number by multiplying
5
+
* it with a salt and then encrypting it with the same key as used to encrypt
6
6
* the plain text. This algorithm requires that the block size be equal
7
7
* to the IV size. It is mainly useful for CBC.
8
8
*
···
24
24
#include <linux/err.h>
25
25
#include <linux/init.h>
26
26
#include <linux/kernel.h>
27
-
#include <linux/mm.h>
28
27
#include <linux/module.h>
29
-
#include <linux/percpu.h>
30
-
#include <linux/spinlock.h>
28
+
#include <linux/slab.h>
31
29
#include <linux/string.h>
32
-
33
-
#define MAX_IV_SIZE 16
34
-
35
-
static DEFINE_PER_CPU(u32 [MAX_IV_SIZE / sizeof(u32)], echainiv_iv);
36
-
37
-
/* We don't care if we get preempted and read/write IVs from the next CPU. */
38
-
static void echainiv_read_iv(u8 *dst, unsigned size)
39
-
{
40
-
u32 *a = (u32 *)dst;
41
-
u32 __percpu *b = echainiv_iv;
42
-
43
-
for (; size >= 4; size -= 4) {
44
-
*a++ = this_cpu_read(*b);
45
-
b++;
46
-
}
47
-
}
48
-
49
-
static void echainiv_write_iv(const u8 *src, unsigned size)
50
-
{
51
-
const u32 *a = (const u32 *)src;
52
-
u32 __percpu *b = echainiv_iv;
53
-
54
-
for (; size >= 4; size -= 4) {
55
-
this_cpu_write(*b, *a);
56
-
a++;
57
-
b++;
58
-
}
59
-
}
60
-
61
-
static void echainiv_encrypt_complete2(struct aead_request *req, int err)
62
-
{
63
-
struct aead_request *subreq = aead_request_ctx(req);
64
-
struct crypto_aead *geniv;
65
-
unsigned int ivsize;
66
-
67
-
if (err == -EINPROGRESS)
68
-
return;
69
-
70
-
if (err)
71
-
goto out;
72
-
73
-
geniv = crypto_aead_reqtfm(req);
74
-
ivsize = crypto_aead_ivsize(geniv);
75
-
76
-
echainiv_write_iv(subreq->iv, ivsize);
77
-
78
-
if (req->iv != subreq->iv)
79
-
memcpy(req->iv, subreq->iv, ivsize);
80
-
81
-
out:
82
-
if (req->iv != subreq->iv)
83
-
kzfree(subreq->iv);
84
-
}
85
-
86
-
static void echainiv_encrypt_complete(struct crypto_async_request *base,
87
-
int err)
88
-
{
89
-
struct aead_request *req = base->data;
90
-
91
-
echainiv_encrypt_complete2(req, err);
92
-
aead_request_complete(req, err);
93
-
}
94
30
95
31
static int echainiv_encrypt(struct aead_request *req)
96
32
{
97
33
struct crypto_aead *geniv = crypto_aead_reqtfm(req);
98
34
struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
99
35
struct aead_request *subreq = aead_request_ctx(req);
100
-
crypto_completion_t compl;
101
-
void *data;
36
+
__be64 nseqno;
37
+
u64 seqno;
102
38
u8 *info;
103
39
unsigned int ivsize = crypto_aead_ivsize(geniv);
104
40
int err;
···
44
108
45
109
aead_request_set_tfm(subreq, ctx->child);
46
110
47
-
compl = echainiv_encrypt_complete;
48
-
data = req;
49
111
info = req->iv;
50
112
51
113
if (req->src != req->dst) {
···
61
127
return err;
62
128
}
63
129
64
-
if (unlikely(!IS_ALIGNED((unsigned long)info,
65
-
crypto_aead_alignmask(geniv) + 1))) {
66
-
info = kmalloc(ivsize, req->base.flags &
67
-
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
68
-
GFP_ATOMIC);
69
-
if (!info)
70
-
return -ENOMEM;
71
-
72
-
memcpy(info, req->iv, ivsize);
73
-
}
74
-
75
-
aead_request_set_callback(subreq, req->base.flags, compl, data);
130
+
aead_request_set_callback(subreq, req->base.flags,
131
+
req->base.complete, req->base.data);
76
132
aead_request_set_crypt(subreq, req->dst, req->dst,
77
133
req->cryptlen, info);
78
134
aead_request_set_ad(subreq, req->assoclen);
79
135
80
-
crypto_xor(info, ctx->salt, ivsize);
81
-
scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
82
-
echainiv_read_iv(info, ivsize);
136
+
memcpy(&nseqno, info + ivsize - 8, 8);
137
+
seqno = be64_to_cpu(nseqno);
138
+
memset(info, 0, ivsize);
83
139
84
-
err = crypto_aead_encrypt(subreq);
85
-
echainiv_encrypt_complete2(req, err);
86
-
return err;
140
+
scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
141
+
142
+
do {
143
+
u64 a;
144
+
145
+
memcpy(&a, ctx->salt + ivsize - 8, 8);
146
+
147
+
a |= 1;
148
+
a *= seqno;
149
+
150
+
memcpy(info + ivsize - 8, &a, 8);
151
+
} while ((ivsize -= 8));
152
+
153
+
return crypto_aead_encrypt(subreq);
87
154
}
88
155
89
156
static int echainiv_decrypt(struct aead_request *req)
···
131
196
alg = crypto_spawn_aead_alg(spawn);
132
197
133
198
err = -EINVAL;
134
-
if (inst->alg.ivsize & (sizeof(u32) - 1) ||
135
-
inst->alg.ivsize > MAX_IV_SIZE)
199
+
if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize)
136
200
goto free_inst;
137
201
138
202
inst->alg.encrypt = echainiv_encrypt;
···
140
206
inst->alg.init = aead_init_geniv;
141
207
inst->alg.exit = aead_exit_geniv;
142
208
143
-
inst->alg.base.cra_alignmask |= __alignof__(u32) - 1;
144
209
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
145
210
inst->alg.base.cra_ctxsize += inst->alg.ivsize;
146
211
+1
-12
crypto/ghash-generic.c
+1
-12
crypto/ghash-generic.c
···
14
14
15
15
#include <crypto/algapi.h>
16
16
#include <crypto/gf128mul.h>
17
+
#include <crypto/ghash.h>
17
18
#include <crypto/internal/hash.h>
18
19
#include <linux/crypto.h>
19
20
#include <linux/init.h>
20
21
#include <linux/kernel.h>
21
22
#include <linux/module.h>
22
-
23
-
#define GHASH_BLOCK_SIZE 16
24
-
#define GHASH_DIGEST_SIZE 16
25
-
26
-
struct ghash_ctx {
27
-
struct gf128mul_4k *gf128;
28
-
};
29
-
30
-
struct ghash_desc_ctx {
31
-
u8 buffer[GHASH_BLOCK_SIZE];
32
-
u32 bytes;
33
-
};
34
23
35
24
static int ghash_init(struct shash_desc *desc)
36
25
{
+24
-17
crypto/rsa-pkcs1pad.c
+24
-17
crypto/rsa-pkcs1pad.c
···
298
298
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
299
299
struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
300
300
struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
301
+
unsigned int dst_len;
301
302
unsigned int pos;
302
-
303
-
if (err == -EOVERFLOW)
304
-
/* Decrypted value had no leading 0 byte */
305
-
err = -EINVAL;
303
+
u8 *out_buf;
306
304
307
305
if (err)
308
306
goto done;
309
307
310
-
if (req_ctx->child_req.dst_len != ctx->key_size - 1) {
311
-
err = -EINVAL;
308
+
err = -EINVAL;
309
+
dst_len = req_ctx->child_req.dst_len;
310
+
if (dst_len < ctx->key_size - 1)
312
311
goto done;
312
+
313
+
out_buf = req_ctx->out_buf;
314
+
if (dst_len == ctx->key_size) {
315
+
if (out_buf[0] != 0x00)
316
+
/* Decrypted value had no leading 0 byte */
317
+
goto done;
318
+
319
+
dst_len--;
320
+
out_buf++;
313
321
}
314
322
315
-
if (req_ctx->out_buf[0] != 0x02) {
316
-
err = -EINVAL;
323
+
if (out_buf[0] != 0x02)
317
324
goto done;
318
-
}
319
-
for (pos = 1; pos < req_ctx->child_req.dst_len; pos++)
320
-
if (req_ctx->out_buf[pos] == 0x00)
325
+
326
+
for (pos = 1; pos < dst_len; pos++)
327
+
if (out_buf[pos] == 0x00)
321
328
break;
322
-
if (pos < 9 || pos == req_ctx->child_req.dst_len) {
323
-
err = -EINVAL;
329
+
if (pos < 9 || pos == dst_len)
324
330
goto done;
325
-
}
326
331
pos++;
327
332
328
-
if (req->dst_len < req_ctx->child_req.dst_len - pos)
333
+
err = 0;
334
+
335
+
if (req->dst_len < dst_len - pos)
329
336
err = -EOVERFLOW;
330
-
req->dst_len = req_ctx->child_req.dst_len - pos;
337
+
req->dst_len = dst_len - pos;
331
338
332
339
if (!err)
333
340
sg_copy_from_buffer(req->dst,
334
341
sg_nents_for_len(req->dst, req->dst_len),
335
-
req_ctx->out_buf + pos, req->dst_len);
342
+
out_buf + pos, req->dst_len);
336
343
337
344
done:
338
345
kzfree(req_ctx->out_buf);
+1
-1
drivers/char/hw_random/Kconfig
+1
-1
drivers/char/hw_random/Kconfig
+37
-40
drivers/crypto/caam/caamalg.c
+37
-40
drivers/crypto/caam/caamalg.c
···
592
592
593
593
/* Read and write assoclen bytes */
594
594
append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ);
595
-
append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
595
+
if (alg->caam.geniv)
596
+
append_math_add_imm_u32(desc, VARSEQOUTLEN, REG3, IMM, ivsize);
597
+
else
598
+
append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ);
596
599
597
600
/* Skip assoc data */
598
601
append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF);
···
603
600
/* read assoc before reading payload */
604
601
append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS2 | FIFOLD_TYPE_MSG |
605
602
KEY_VLF);
603
+
604
+
if (alg->caam.geniv) {
605
+
append_seq_load(desc, ivsize, LDST_CLASS_1_CCB |
606
+
LDST_SRCDST_BYTE_CONTEXT |
607
+
(ctx1_iv_off << LDST_OFFSET_SHIFT));
608
+
append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO |
609
+
(ctx1_iv_off << MOVE_OFFSET_SHIFT) | ivsize);
610
+
}
606
611
607
612
/* Load Counter into CONTEXT1 reg */
608
613
if (is_rfc3686)
···
2195
2184
2196
2185
init_aead_job(req, edesc, all_contig, encrypt);
2197
2186
2198
-
if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
2187
+
if (ivsize && ((is_rfc3686 && encrypt) || !alg->caam.geniv))
2199
2188
append_load_as_imm(desc, req->iv, ivsize,
2200
2189
LDST_CLASS_1_CCB |
2201
2190
LDST_SRCDST_BYTE_CONTEXT |
···
2587
2576
}
2588
2577
2589
2578
return ret;
2590
-
}
2591
-
2592
-
static int aead_givdecrypt(struct aead_request *req)
2593
-
{
2594
-
struct crypto_aead *aead = crypto_aead_reqtfm(req);
2595
-
unsigned int ivsize = crypto_aead_ivsize(aead);
2596
-
2597
-
if (req->cryptlen < ivsize)
2598
-
return -EINVAL;
2599
-
2600
-
req->cryptlen -= ivsize;
2601
-
req->assoclen += ivsize;
2602
-
2603
-
return aead_decrypt(req);
2604
2579
}
2605
2580
2606
2581
/*
···
3248
3251
.setkey = aead_setkey,
3249
3252
.setauthsize = aead_setauthsize,
3250
3253
.encrypt = aead_encrypt,
3251
-
.decrypt = aead_givdecrypt,
3254
+
.decrypt = aead_decrypt,
3252
3255
.ivsize = AES_BLOCK_SIZE,
3253
3256
.maxauthsize = MD5_DIGEST_SIZE,
3254
3257
},
···
3294
3297
.setkey = aead_setkey,
3295
3298
.setauthsize = aead_setauthsize,
3296
3299
.encrypt = aead_encrypt,
3297
-
.decrypt = aead_givdecrypt,
3300
+
.decrypt = aead_decrypt,
3298
3301
.ivsize = AES_BLOCK_SIZE,
3299
3302
.maxauthsize = SHA1_DIGEST_SIZE,
3300
3303
},
···
3340
3343
.setkey = aead_setkey,
3341
3344
.setauthsize = aead_setauthsize,
3342
3345
.encrypt = aead_encrypt,
3343
-
.decrypt = aead_givdecrypt,
3346
+
.decrypt = aead_decrypt,
3344
3347
.ivsize = AES_BLOCK_SIZE,
3345
3348
.maxauthsize = SHA224_DIGEST_SIZE,
3346
3349
},
···
3386
3389
.setkey = aead_setkey,
3387
3390
.setauthsize = aead_setauthsize,
3388
3391
.encrypt = aead_encrypt,
3389
-
.decrypt = aead_givdecrypt,
3392
+
.decrypt = aead_decrypt,
3390
3393
.ivsize = AES_BLOCK_SIZE,
3391
3394
.maxauthsize = SHA256_DIGEST_SIZE,
3392
3395
},
···
3432
3435
.setkey = aead_setkey,
3433
3436
.setauthsize = aead_setauthsize,
3434
3437
.encrypt = aead_encrypt,
3435
-
.decrypt = aead_givdecrypt,
3438
+
.decrypt = aead_decrypt,
3436
3439
.ivsize = AES_BLOCK_SIZE,
3437
3440
.maxauthsize = SHA384_DIGEST_SIZE,
3438
3441
},
···
3478
3481
.setkey = aead_setkey,
3479
3482
.setauthsize = aead_setauthsize,
3480
3483
.encrypt = aead_encrypt,
3481
-
.decrypt = aead_givdecrypt,
3484
+
.decrypt = aead_decrypt,
3482
3485
.ivsize = AES_BLOCK_SIZE,
3483
3486
.maxauthsize = SHA512_DIGEST_SIZE,
3484
3487
},
···
3524
3527
.setkey = aead_setkey,
3525
3528
.setauthsize = aead_setauthsize,
3526
3529
.encrypt = aead_encrypt,
3527
-
.decrypt = aead_givdecrypt,
3530
+
.decrypt = aead_decrypt,
3528
3531
.ivsize = DES3_EDE_BLOCK_SIZE,
3529
3532
.maxauthsize = MD5_DIGEST_SIZE,
3530
3533
},
···
3572
3575
.setkey = aead_setkey,
3573
3576
.setauthsize = aead_setauthsize,
3574
3577
.encrypt = aead_encrypt,
3575
-
.decrypt = aead_givdecrypt,
3578
+
.decrypt = aead_decrypt,
3576
3579
.ivsize = DES3_EDE_BLOCK_SIZE,
3577
3580
.maxauthsize = SHA1_DIGEST_SIZE,
3578
3581
},
···
3620
3623
.setkey = aead_setkey,
3621
3624
.setauthsize = aead_setauthsize,
3622
3625
.encrypt = aead_encrypt,
3623
-
.decrypt = aead_givdecrypt,
3626
+
.decrypt = aead_decrypt,
3624
3627
.ivsize = DES3_EDE_BLOCK_SIZE,
3625
3628
.maxauthsize = SHA224_DIGEST_SIZE,
3626
3629
},
···
3668
3671
.setkey = aead_setkey,
3669
3672
.setauthsize = aead_setauthsize,
3670
3673
.encrypt = aead_encrypt,
3671
-
.decrypt = aead_givdecrypt,
3674
+
.decrypt = aead_decrypt,
3672
3675
.ivsize = DES3_EDE_BLOCK_SIZE,
3673
3676
.maxauthsize = SHA256_DIGEST_SIZE,
3674
3677
},
···
3716
3719
.setkey = aead_setkey,
3717
3720
.setauthsize = aead_setauthsize,
3718
3721
.encrypt = aead_encrypt,
3719
-
.decrypt = aead_givdecrypt,
3722
+
.decrypt = aead_decrypt,
3720
3723
.ivsize = DES3_EDE_BLOCK_SIZE,
3721
3724
.maxauthsize = SHA384_DIGEST_SIZE,
3722
3725
},
···
3764
3767
.setkey = aead_setkey,
3765
3768
.setauthsize = aead_setauthsize,
3766
3769
.encrypt = aead_encrypt,
3767
-
.decrypt = aead_givdecrypt,
3770
+
.decrypt = aead_decrypt,
3768
3771
.ivsize = DES3_EDE_BLOCK_SIZE,
3769
3772
.maxauthsize = SHA512_DIGEST_SIZE,
3770
3773
},
···
3810
3813
.setkey = aead_setkey,
3811
3814
.setauthsize = aead_setauthsize,
3812
3815
.encrypt = aead_encrypt,
3813
-
.decrypt = aead_givdecrypt,
3816
+
.decrypt = aead_decrypt,
3814
3817
.ivsize = DES_BLOCK_SIZE,
3815
3818
.maxauthsize = MD5_DIGEST_SIZE,
3816
3819
},
···
3856
3859
.setkey = aead_setkey,
3857
3860
.setauthsize = aead_setauthsize,
3858
3861
.encrypt = aead_encrypt,
3859
-
.decrypt = aead_givdecrypt,
3862
+
.decrypt = aead_decrypt,
3860
3863
.ivsize = DES_BLOCK_SIZE,
3861
3864
.maxauthsize = SHA1_DIGEST_SIZE,
3862
3865
},
···
3902
3905
.setkey = aead_setkey,
3903
3906
.setauthsize = aead_setauthsize,
3904
3907
.encrypt = aead_encrypt,
3905
-
.decrypt = aead_givdecrypt,
3908
+
.decrypt = aead_decrypt,
3906
3909
.ivsize = DES_BLOCK_SIZE,
3907
3910
.maxauthsize = SHA224_DIGEST_SIZE,
3908
3911
},
···
3948
3951
.setkey = aead_setkey,
3949
3952
.setauthsize = aead_setauthsize,
3950
3953
.encrypt = aead_encrypt,
3951
-
.decrypt = aead_givdecrypt,
3954
+
.decrypt = aead_decrypt,
3952
3955
.ivsize = DES_BLOCK_SIZE,
3953
3956
.maxauthsize = SHA256_DIGEST_SIZE,
3954
3957
},
···
3994
3997
.setkey = aead_setkey,
3995
3998
.setauthsize = aead_setauthsize,
3996
3999
.encrypt = aead_encrypt,
3997
-
.decrypt = aead_givdecrypt,
4000
+
.decrypt = aead_decrypt,
3998
4001
.ivsize = DES_BLOCK_SIZE,
3999
4002
.maxauthsize = SHA384_DIGEST_SIZE,
4000
4003
},
···
4040
4043
.setkey = aead_setkey,
4041
4044
.setauthsize = aead_setauthsize,
4042
4045
.encrypt = aead_encrypt,
4043
-
.decrypt = aead_givdecrypt,
4046
+
.decrypt = aead_decrypt,
4044
4047
.ivsize = DES_BLOCK_SIZE,
4045
4048
.maxauthsize = SHA512_DIGEST_SIZE,
4046
4049
},
···
4089
4092
.setkey = aead_setkey,
4090
4093
.setauthsize = aead_setauthsize,
4091
4094
.encrypt = aead_encrypt,
4092
-
.decrypt = aead_givdecrypt,
4095
+
.decrypt = aead_decrypt,
4093
4096
.ivsize = CTR_RFC3686_IV_SIZE,
4094
4097
.maxauthsize = MD5_DIGEST_SIZE,
4095
4098
},
···
4140
4143
.setkey = aead_setkey,
4141
4144
.setauthsize = aead_setauthsize,
4142
4145
.encrypt = aead_encrypt,
4143
-
.decrypt = aead_givdecrypt,
4146
+
.decrypt = aead_decrypt,
4144
4147
.ivsize = CTR_RFC3686_IV_SIZE,
4145
4148
.maxauthsize = SHA1_DIGEST_SIZE,
4146
4149
},
···
4191
4194
.setkey = aead_setkey,
4192
4195
.setauthsize = aead_setauthsize,
4193
4196
.encrypt = aead_encrypt,
4194
-
.decrypt = aead_givdecrypt,
4197
+
.decrypt = aead_decrypt,
4195
4198
.ivsize = CTR_RFC3686_IV_SIZE,
4196
4199
.maxauthsize = SHA224_DIGEST_SIZE,
4197
4200
},
···
4242
4245
.setkey = aead_setkey,
4243
4246
.setauthsize = aead_setauthsize,
4244
4247
.encrypt = aead_encrypt,
4245
-
.decrypt = aead_givdecrypt,
4248
+
.decrypt = aead_decrypt,
4246
4249
.ivsize = CTR_RFC3686_IV_SIZE,
4247
4250
.maxauthsize = SHA256_DIGEST_SIZE,
4248
4251
},
···
4293
4296
.setkey = aead_setkey,
4294
4297
.setauthsize = aead_setauthsize,
4295
4298
.encrypt = aead_encrypt,
4296
-
.decrypt = aead_givdecrypt,
4299
+
.decrypt = aead_decrypt,
4297
4300
.ivsize = CTR_RFC3686_IV_SIZE,
4298
4301
.maxauthsize = SHA384_DIGEST_SIZE,
4299
4302
},
···
4344
4347
.setkey = aead_setkey,
4345
4348
.setauthsize = aead_setauthsize,
4346
4349
.encrypt = aead_encrypt,
4347
-
.decrypt = aead_givdecrypt,
4350
+
.decrypt = aead_decrypt,
4348
4351
.ivsize = CTR_RFC3686_IV_SIZE,
4349
4352
.maxauthsize = SHA512_DIGEST_SIZE,
4350
4353
},
+2
-2
drivers/crypto/qat/qat_common/qat_algs.c
+2
-2
drivers/crypto/qat/qat_common/qat_algs.c
···
1260
1260
.setkey = qat_alg_ablkcipher_xts_setkey,
1261
1261
.decrypt = qat_alg_ablkcipher_decrypt,
1262
1262
.encrypt = qat_alg_ablkcipher_encrypt,
1263
-
.min_keysize = AES_MIN_KEY_SIZE,
1264
-
.max_keysize = AES_MAX_KEY_SIZE,
1263
+
.min_keysize = 2 * AES_MIN_KEY_SIZE,
1264
+
.max_keysize = 2 * AES_MAX_KEY_SIZE,
1265
1265
.ivsize = AES_BLOCK_SIZE,
1266
1266
},
1267
1267
},
+1
-1
drivers/crypto/vmx/aes_xts.c
+1
-1
drivers/crypto/vmx/aes_xts.c
+16
-15
drivers/crypto/vmx/ghash.c
+16
-15
drivers/crypto/vmx/ghash.c
···
26
26
#include <linux/hardirq.h>
27
27
#include <asm/switch_to.h>
28
28
#include <crypto/aes.h>
29
+
#include <crypto/ghash.h>
29
30
#include <crypto/scatterwalk.h>
30
31
#include <crypto/internal/hash.h>
31
32
#include <crypto/b128ops.h>
32
33
33
34
#define IN_INTERRUPT in_interrupt()
34
-
35
-
#define GHASH_BLOCK_SIZE (16)
36
-
#define GHASH_DIGEST_SIZE (16)
37
-
#define GHASH_KEY_LEN (16)
38
35
39
36
void gcm_init_p8(u128 htable[16], const u64 Xi[2]);
40
37
void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]);
···
52
55
53
56
static int p8_ghash_init_tfm(struct crypto_tfm *tfm)
54
57
{
55
-
const char *alg;
58
+
const char *alg = "ghash-generic";
56
59
struct crypto_shash *fallback;
57
60
struct crypto_shash *shash_tfm = __crypto_shash_cast(tfm);
58
61
struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm);
59
-
60
-
if (!(alg = crypto_tfm_alg_name(tfm))) {
61
-
printk(KERN_ERR "Failed to get algorithm name.\n");
62
-
return -ENOENT;
63
-
}
64
62
65
63
fallback = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);
66
64
if (IS_ERR(fallback)) {
···
70
78
crypto_shash_set_flags(fallback,
71
79
crypto_shash_get_flags((struct crypto_shash
72
80
*) tfm));
73
-
ctx->fallback = fallback;
74
81
75
-
shash_tfm->descsize = sizeof(struct p8_ghash_desc_ctx)
76
-
+ crypto_shash_descsize(fallback);
82
+
/* Check if the descsize defined in the algorithm is still enough. */
83
+
if (shash_tfm->descsize < sizeof(struct p8_ghash_desc_ctx)
84
+
+ crypto_shash_descsize(fallback)) {
85
+
printk(KERN_ERR
86
+
"Desc size of the fallback implementation (%s) does not match the expected value: %lu vs %u\n",
87
+
alg,
88
+
shash_tfm->descsize - sizeof(struct p8_ghash_desc_ctx),
89
+
crypto_shash_descsize(fallback));
90
+
return -EINVAL;
91
+
}
92
+
ctx->fallback = fallback;
77
93
78
94
return 0;
79
95
}
···
113
113
{
114
114
struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm));
115
115
116
-
if (keylen != GHASH_KEY_LEN)
116
+
if (keylen != GHASH_BLOCK_SIZE)
117
117
return -EINVAL;
118
118
119
119
preempt_disable();
···
211
211
.update = p8_ghash_update,
212
212
.final = p8_ghash_final,
213
213
.setkey = p8_ghash_setkey,
214
-
.descsize = sizeof(struct p8_ghash_desc_ctx),
214
+
.descsize = sizeof(struct p8_ghash_desc_ctx)
215
+
+ sizeof(struct ghash_desc_ctx),
215
216
.base = {
216
217
.cra_name = "ghash",
217
218
.cra_driver_name = "p8_ghash",
+23
include/crypto/ghash.h
+23
include/crypto/ghash.h
···
1
+
/*
2
+
* Common values for GHASH algorithms
3
+
*/
4
+
5
+
#ifndef __CRYPTO_GHASH_H__
6
+
#define __CRYPTO_GHASH_H__
7
+
8
+
#include <linux/types.h>
9
+
#include <crypto/gf128mul.h>
10
+
11
+
#define GHASH_BLOCK_SIZE 16
12
+
#define GHASH_DIGEST_SIZE 16
13
+
14
+
struct ghash_ctx {
15
+
struct gf128mul_4k *gf128;
16
+
};
17
+
18
+
struct ghash_desc_ctx {
19
+
u8 buffer[GHASH_BLOCK_SIZE];
20
+
u32 bytes;
21
+
};
22
+
23
+
#endif
+7
-4
security/keys/encrypted-keys/encrypted.c
+7
-4
security/keys/encrypted-keys/encrypted.c
···
29
29
#include <linux/rcupdate.h>
30
30
#include <linux/scatterlist.h>
31
31
#include <linux/ctype.h>
32
+
#include <crypto/aes.h>
32
33
#include <crypto/hash.h>
33
34
#include <crypto/sha.h>
34
35
#include <crypto/skcipher.h>
···
479
478
struct crypto_skcipher *tfm;
480
479
struct skcipher_request *req;
481
480
unsigned int encrypted_datalen;
481
+
u8 iv[AES_BLOCK_SIZE];
482
482
unsigned int padlen;
483
483
char pad[16];
484
484
int ret;
···
502
500
sg_init_table(sg_out, 1);
503
501
sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
504
502
505
-
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
506
-
epayload->iv);
503
+
memcpy(iv, epayload->iv, sizeof(iv));
504
+
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
507
505
ret = crypto_skcipher_encrypt(req);
508
506
tfm = crypto_skcipher_reqtfm(req);
509
507
skcipher_request_free(req);
···
583
581
struct crypto_skcipher *tfm;
584
582
struct skcipher_request *req;
585
583
unsigned int encrypted_datalen;
584
+
u8 iv[AES_BLOCK_SIZE];
586
585
char pad[16];
587
586
int ret;
588
587
···
602
599
epayload->decrypted_datalen);
603
600
sg_set_buf(&sg_out[1], pad, sizeof pad);
604
601
605
-
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
606
-
epayload->iv);
602
+
memcpy(iv, epayload->iv, sizeof(iv));
603
+
skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen, iv);
607
604
ret = crypto_skcipher_decrypt(req);
608
605
tfm = crypto_skcipher_reqtfm(req);
609
606
skcipher_request_free(req);