crypto: s390/xts-aes - invoke fallback for ciphertext stealing

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the s390 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 6 years ago ce68acbc 8ce5fac2

+4 -4

1 changed file

expand all

arch

s390

crypto

aes_s390.c

+4 -4

arch/s390/crypto/aes_s390.c

··· 512 512 unsigned long fc; 513 513 int err; 514 514 515 - err = xts_check_key(tfm, in_key, key_len); 515 + err = xts_fallback_setkey(tfm, in_key, key_len); 516 516 if (err) 517 517 return err; 518 518 ··· 529 529 /* Check if the function code is available */ 530 530 xts_ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0; 531 531 if (!xts_ctx->fc) 532 - return xts_fallback_setkey(tfm, in_key, key_len); 532 + return 0; 533 533 534 534 /* Split the XTS key into the two subkeys */ 535 535 key_len = key_len / 2; ··· 586 586 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); 587 587 struct blkcipher_walk walk; 588 588 589 - if (unlikely(!xts_ctx->fc)) 589 + if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0)) 590 590 return xts_fallback_encrypt(desc, dst, src, nbytes); 591 591 592 592 blkcipher_walk_init(&walk, dst, src, nbytes); ··· 600 600 struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); 601 601 struct blkcipher_walk walk; 602 602 603 - if (unlikely(!xts_ctx->fc)) 603 + if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0)) 604 604 return xts_fallback_decrypt(desc, dst, src, nbytes); 605 605 606 606 blkcipher_walk_init(&walk, dst, src, nbytes);