Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in vmx ghash fix.
This commit is contained in:
Herbert Xu
@@ -233,6 +233,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
|
||||
return blkcipher_walk_done(desc, walk, -EINVAL);
|
||||
}
|
||||
|
||||
bsize = min(walk->walk_blocksize, n);
|
||||
|
||||
walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
|
||||
BLKCIPHER_WALK_DIFF);
|
||||
if (!scatterwalk_aligned(&walk->in, walk->alignmask) ||
|
||||
@@ -245,7 +247,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
|
||||
}
|
||||
}
|
||||
|
||||
bsize = min(walk->walk_blocksize, n);
|
||||
n = scatterwalk_clamp(&walk->in, n);
|
||||
n = scatterwalk_clamp(&walk->out, n);
|
||||
|
||||
|
||||
@@ -631,9 +631,14 @@ static int cryptd_hash_export(struct ahash_request *req, void *out)
|
||||
|
||||
static int cryptd_hash_import(struct ahash_request *req, const void *in)
|
||||
{
|
||||
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
|
||||
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
||||
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
|
||||
struct shash_desc *desc = cryptd_shash_desc(req);
|
||||
|
||||
return crypto_shash_import(&rctx->desc, in);
|
||||
desc->tfm = ctx->child;
|
||||
desc->flags = req->base.flags;
|
||||
|
||||
return crypto_shash_import(desc, in);
|
||||
}
|
||||
|
||||
static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
|
||||
@@ -733,13 +738,14 @@ static void cryptd_aead_crypt(struct aead_request *req,
|
||||
rctx = aead_request_ctx(req);
|
||||
compl = rctx->complete;
|
||||
|
||||
tfm = crypto_aead_reqtfm(req);
|
||||
|
||||
if (unlikely(err == -EINPROGRESS))
|
||||
goto out;
|
||||
aead_request_set_tfm(req, child);
|
||||
err = crypt( req );
|
||||
|
||||
out:
|
||||
tfm = crypto_aead_reqtfm(req);
|
||||
ctx = crypto_aead_ctx(tfm);
|
||||
refcnt = atomic_read(&ctx->refcnt);
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/*
|
||||
* echainiv: Encrypted Chain IV Generator
|
||||
*
|
||||
* This generator generates an IV based on a sequence number by xoring it
|
||||
* with a salt and then encrypting it with the same key as used to encrypt
|
||||
* This generator generates an IV based on a sequence number by multiplying
|
||||
* it with a salt and then encrypting it with the same key as used to encrypt
|
||||
* the plain text. This algorithm requires that the block size be equal
|
||||
* to the IV size. It is mainly useful for CBC.
|
||||
*
|
||||
@@ -24,81 +24,17 @@
|
||||
#include <linux/err.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/percpu.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/string.h>
|
||||
|
||||
#define MAX_IV_SIZE 16
|
||||
|
||||
static DEFINE_PER_CPU(u32 [MAX_IV_SIZE / sizeof(u32)], echainiv_iv);
|
||||
|
||||
/* We don't care if we get preempted and read/write IVs from the next CPU. */
|
||||
static void echainiv_read_iv(u8 *dst, unsigned size)
|
||||
{
|
||||
u32 *a = (u32 *)dst;
|
||||
u32 __percpu *b = echainiv_iv;
|
||||
|
||||
for (; size >= 4; size -= 4) {
|
||||
*a++ = this_cpu_read(*b);
|
||||
b++;
|
||||
}
|
||||
}
|
||||
|
||||
static void echainiv_write_iv(const u8 *src, unsigned size)
|
||||
{
|
||||
const u32 *a = (const u32 *)src;
|
||||
u32 __percpu *b = echainiv_iv;
|
||||
|
||||
for (; size >= 4; size -= 4) {
|
||||
this_cpu_write(*b, *a);
|
||||
a++;
|
||||
b++;
|
||||
}
|
||||
}
|
||||
|
||||
static void echainiv_encrypt_complete2(struct aead_request *req, int err)
|
||||
{
|
||||
struct aead_request *subreq = aead_request_ctx(req);
|
||||
struct crypto_aead *geniv;
|
||||
unsigned int ivsize;
|
||||
|
||||
if (err == -EINPROGRESS)
|
||||
return;
|
||||
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
geniv = crypto_aead_reqtfm(req);
|
||||
ivsize = crypto_aead_ivsize(geniv);
|
||||
|
||||
echainiv_write_iv(subreq->iv, ivsize);
|
||||
|
||||
if (req->iv != subreq->iv)
|
||||
memcpy(req->iv, subreq->iv, ivsize);
|
||||
|
||||
out:
|
||||
if (req->iv != subreq->iv)
|
||||
kzfree(subreq->iv);
|
||||
}
|
||||
|
||||
static void echainiv_encrypt_complete(struct crypto_async_request *base,
|
||||
int err)
|
||||
{
|
||||
struct aead_request *req = base->data;
|
||||
|
||||
echainiv_encrypt_complete2(req, err);
|
||||
aead_request_complete(req, err);
|
||||
}
|
||||
|
||||
static int echainiv_encrypt(struct aead_request *req)
|
||||
{
|
||||
struct crypto_aead *geniv = crypto_aead_reqtfm(req);
|
||||
struct aead_geniv_ctx *ctx = crypto_aead_ctx(geniv);
|
||||
struct aead_request *subreq = aead_request_ctx(req);
|
||||
crypto_completion_t compl;
|
||||
void *data;
|
||||
__be64 nseqno;
|
||||
u64 seqno;
|
||||
u8 *info;
|
||||
unsigned int ivsize = crypto_aead_ivsize(geniv);
|
||||
int err;
|
||||
@@ -108,8 +44,6 @@ static int echainiv_encrypt(struct aead_request *req)
|
||||
|
||||
aead_request_set_tfm(subreq, ctx->child);
|
||||
|
||||
compl = echainiv_encrypt_complete;
|
||||
data = req;
|
||||
info = req->iv;
|
||||
|
||||
if (req->src != req->dst) {
|
||||
@@ -127,29 +61,30 @@ static int echainiv_encrypt(struct aead_request *req)
|
||||
return err;
|
||||
}
|
||||
|
||||
if (unlikely(!IS_ALIGNED((unsigned long)info,
|
||||
crypto_aead_alignmask(geniv) + 1))) {
|
||||
info = kmalloc(ivsize, req->base.flags &
|
||||
CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
|
||||
GFP_ATOMIC);
|
||||
if (!info)
|
||||
return -ENOMEM;
|
||||
|
||||
memcpy(info, req->iv, ivsize);
|
||||
}
|
||||
|
||||
aead_request_set_callback(subreq, req->base.flags, compl, data);
|
||||
aead_request_set_callback(subreq, req->base.flags,
|
||||
req->base.complete, req->base.data);
|
||||
aead_request_set_crypt(subreq, req->dst, req->dst,
|
||||
req->cryptlen, info);
|
||||
aead_request_set_ad(subreq, req->assoclen);
|
||||
|
||||
crypto_xor(info, ctx->salt, ivsize);
|
||||
scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
|
||||
echainiv_read_iv(info, ivsize);
|
||||
memcpy(&nseqno, info + ivsize - 8, 8);
|
||||
seqno = be64_to_cpu(nseqno);
|
||||
memset(info, 0, ivsize);
|
||||
|
||||
err = crypto_aead_encrypt(subreq);
|
||||
echainiv_encrypt_complete2(req, err);
|
||||
return err;
|
||||
scatterwalk_map_and_copy(info, req->dst, req->assoclen, ivsize, 1);
|
||||
|
||||
do {
|
||||
u64 a;
|
||||
|
||||
memcpy(&a, ctx->salt + ivsize - 8, 8);
|
||||
|
||||
a |= 1;
|
||||
a *= seqno;
|
||||
|
||||
memcpy(info + ivsize - 8, &a, 8);
|
||||
} while ((ivsize -= 8));
|
||||
|
||||
return crypto_aead_encrypt(subreq);
|
||||
}
|
||||
|
||||
static int echainiv_decrypt(struct aead_request *req)
|
||||
@@ -196,8 +131,7 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
|
||||
alg = crypto_spawn_aead_alg(spawn);
|
||||
|
||||
err = -EINVAL;
|
||||
if (inst->alg.ivsize & (sizeof(u32) - 1) ||
|
||||
inst->alg.ivsize > MAX_IV_SIZE)
|
||||
if (inst->alg.ivsize & (sizeof(u64) - 1) || !inst->alg.ivsize)
|
||||
goto free_inst;
|
||||
|
||||
inst->alg.encrypt = echainiv_encrypt;
|
||||
@@ -206,7 +140,6 @@ static int echainiv_aead_create(struct crypto_template *tmpl,
|
||||
inst->alg.init = aead_init_geniv;
|
||||
inst->alg.exit = aead_exit_geniv;
|
||||
|
||||
inst->alg.base.cra_alignmask |= __alignof__(u32) - 1;
|
||||
inst->alg.base.cra_ctxsize = sizeof(struct aead_geniv_ctx);
|
||||
inst->alg.base.cra_ctxsize += inst->alg.ivsize;
|
||||
|
||||
|
||||
@@ -14,24 +14,13 @@
|
||||
|
||||
#include <crypto/algapi.h>
|
||||
#include <crypto/gf128mul.h>
|
||||
#include <crypto/ghash.h>
|
||||
#include <crypto/internal/hash.h>
|
||||
#include <linux/crypto.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
|
||||
#define GHASH_BLOCK_SIZE 16
|
||||
#define GHASH_DIGEST_SIZE 16
|
||||
|
||||
struct ghash_ctx {
|
||||
struct gf128mul_4k *gf128;
|
||||
};
|
||||
|
||||
struct ghash_desc_ctx {
|
||||
u8 buffer[GHASH_BLOCK_SIZE];
|
||||
u32 bytes;
|
||||
};
|
||||
|
||||
static int ghash_init(struct shash_desc *desc)
|
||||
{
|
||||
struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
|
||||
|
||||
@@ -298,41 +298,48 @@ static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
|
||||
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
|
||||
struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
|
||||
struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
|
||||
unsigned int dst_len;
|
||||
unsigned int pos;
|
||||
|
||||
if (err == -EOVERFLOW)
|
||||
/* Decrypted value had no leading 0 byte */
|
||||
err = -EINVAL;
|
||||
u8 *out_buf;
|
||||
|
||||
if (err)
|
||||
goto done;
|
||||
|
||||
if (req_ctx->child_req.dst_len != ctx->key_size - 1) {
|
||||
err = -EINVAL;
|
||||
err = -EINVAL;
|
||||
dst_len = req_ctx->child_req.dst_len;
|
||||
if (dst_len < ctx->key_size - 1)
|
||||
goto done;
|
||||
|
||||
out_buf = req_ctx->out_buf;
|
||||
if (dst_len == ctx->key_size) {
|
||||
if (out_buf[0] != 0x00)
|
||||
/* Decrypted value had no leading 0 byte */
|
||||
goto done;
|
||||
|
||||
dst_len--;
|
||||
out_buf++;
|
||||
}
|
||||
|
||||
if (req_ctx->out_buf[0] != 0x02) {
|
||||
err = -EINVAL;
|
||||
if (out_buf[0] != 0x02)
|
||||
goto done;
|
||||
}
|
||||
for (pos = 1; pos < req_ctx->child_req.dst_len; pos++)
|
||||
if (req_ctx->out_buf[pos] == 0x00)
|
||||
|
||||
for (pos = 1; pos < dst_len; pos++)
|
||||
if (out_buf[pos] == 0x00)
|
||||
break;
|
||||
if (pos < 9 || pos == req_ctx->child_req.dst_len) {
|
||||
err = -EINVAL;
|
||||
if (pos < 9 || pos == dst_len)
|
||||
goto done;
|
||||
}
|
||||
pos++;
|
||||
|
||||
if (req->dst_len < req_ctx->child_req.dst_len - pos)
|
||||
err = 0;
|
||||
|
||||
if (req->dst_len < dst_len - pos)
|
||||
err = -EOVERFLOW;
|
||||
req->dst_len = req_ctx->child_req.dst_len - pos;
|
||||
req->dst_len = dst_len - pos;
|
||||
|
||||
if (!err)
|
||||
sg_copy_from_buffer(req->dst,
|
||||
sg_nents_for_len(req->dst, req->dst_len),
|
||||
req_ctx->out_buf + pos, req->dst_len);
|
||||
out_buf + pos, req->dst_len);
|
||||
|
||||
done:
|
||||
kzfree(req_ctx->out_buf);
|
||||
|
||||
Reference in New Issue
Block a user