Skip to content

Commit e9b8d2c

Browse files
herbertxherbertx
committed
crypto: aesni - Use new IV convention
This patch converts rfc4106 to the new calling convention where the IV is now in the AD and needs to be skipped. Signed-off-by: Herbert Xu <[email protected]>
1 parent 34a1c74 commit e9b8d2c

File tree

1 file changed

+20
-36
lines changed

1 file changed

+20
-36
lines changed

arch/x86/crypto/aesni-intel_glue.c

Lines changed: 20 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -803,10 +803,7 @@ static int rfc4106_init(struct crypto_aead *aead)
803803
return PTR_ERR(cryptd_tfm);
804804

805805
*ctx = cryptd_tfm;
806-
crypto_aead_set_reqsize(
807-
aead,
808-
sizeof(struct aead_request) +
809-
crypto_aead_reqsize(&cryptd_tfm->base));
806+
crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base));
810807
return 0;
811808
}
812809

@@ -955,8 +952,8 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
955952

956953
/* Assuming we are supporting rfc4106 64-bit extended */
957954
/* sequence numbers We need to have the AAD length equal */
958-
/* to 8 or 12 bytes */
959-
if (unlikely(req->assoclen != 8 && req->assoclen != 12))
955+
/* to 16 or 20 bytes */
956+
if (unlikely(req->assoclen != 16 && req->assoclen != 20))
960957
return -EINVAL;
961958

962959
/* IV below built */
@@ -992,9 +989,9 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
992989
}
993990

994991
kernel_fpu_begin();
995-
aesni_gcm_enc_tfm(aes_ctx, dst, src, (unsigned long)req->cryptlen, iv,
996-
ctx->hash_subkey, assoc, (unsigned long)req->assoclen, dst
997-
+ ((unsigned long)req->cryptlen), auth_tag_len);
992+
aesni_gcm_enc_tfm(aes_ctx, dst, src, req->cryptlen, iv,
993+
ctx->hash_subkey, assoc, req->assoclen - 8,
994+
dst + req->cryptlen, auth_tag_len);
998995
kernel_fpu_end();
999996

1000997
/* The authTag (aka the Integrity Check Value) needs to be written
@@ -1033,12 +1030,12 @@ static int helper_rfc4106_decrypt(struct aead_request *req)
10331030
struct scatter_walk dst_sg_walk;
10341031
unsigned int i;
10351032

1036-
if (unlikely(req->assoclen != 8 && req->assoclen != 12))
1033+
if (unlikely(req->assoclen != 16 && req->assoclen != 20))
10371034
return -EINVAL;
10381035

10391036
/* Assuming we are supporting rfc4106 64-bit extended */
10401037
/* sequence numbers We need to have the AAD length */
1041-
/* equal to 8 or 12 bytes */
1038+
/* equal to 16 or 20 bytes */
10421039

10431040
tempCipherLen = (unsigned long)(req->cryptlen - auth_tag_len);
10441041
/* IV below built */
@@ -1075,8 +1072,8 @@ static int helper_rfc4106_decrypt(struct aead_request *req)
10751072

10761073
kernel_fpu_begin();
10771074
aesni_gcm_dec_tfm(aes_ctx, dst, src, tempCipherLen, iv,
1078-
ctx->hash_subkey, assoc, (unsigned long)req->assoclen,
1079-
authTag, auth_tag_len);
1075+
ctx->hash_subkey, assoc, req->assoclen - 8,
1076+
authTag, auth_tag_len);
10801077
kernel_fpu_end();
10811078

10821079
/* Compare generated tag with passed in tag. */
@@ -1105,39 +1102,25 @@ static int rfc4106_encrypt(struct aead_request *req)
11051102
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
11061103
struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
11071104
struct cryptd_aead *cryptd_tfm = *ctx;
1108-
struct aead_request *subreq = aead_request_ctx(req);
11091105

1110-
aead_request_set_tfm(subreq, irq_fpu_usable() ?
1111-
cryptd_aead_child(cryptd_tfm) :
1112-
&cryptd_tfm->base);
1106+
aead_request_set_tfm(req, irq_fpu_usable() ?
1107+
cryptd_aead_child(cryptd_tfm) :
1108+
&cryptd_tfm->base);
11131109

1114-
aead_request_set_callback(subreq, req->base.flags,
1115-
req->base.complete, req->base.data);
1116-
aead_request_set_crypt(subreq, req->src, req->dst,
1117-
req->cryptlen, req->iv);
1118-
aead_request_set_ad(subreq, req->assoclen);
1119-
1120-
return crypto_aead_encrypt(subreq);
1110+
return crypto_aead_encrypt(req);
11211111
}
11221112

11231113
static int rfc4106_decrypt(struct aead_request *req)
11241114
{
11251115
struct crypto_aead *tfm = crypto_aead_reqtfm(req);
11261116
struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
11271117
struct cryptd_aead *cryptd_tfm = *ctx;
1128-
struct aead_request *subreq = aead_request_ctx(req);
1129-
1130-
aead_request_set_tfm(subreq, irq_fpu_usable() ?
1131-
cryptd_aead_child(cryptd_tfm) :
1132-
&cryptd_tfm->base);
11331118

1134-
aead_request_set_callback(subreq, req->base.flags,
1135-
req->base.complete, req->base.data);
1136-
aead_request_set_crypt(subreq, req->src, req->dst,
1137-
req->cryptlen, req->iv);
1138-
aead_request_set_ad(subreq, req->assoclen);
1119+
aead_request_set_tfm(req, irq_fpu_usable() ?
1120+
cryptd_aead_child(cryptd_tfm) :
1121+
&cryptd_tfm->base);
11391122

1140-
return crypto_aead_decrypt(subreq);
1123+
return crypto_aead_decrypt(req);
11411124
}
11421125
#endif
11431126

@@ -1454,7 +1437,8 @@ static struct aead_alg aesni_aead_algs[] = { {
14541437
.cra_name = "rfc4106(gcm(aes))",
14551438
.cra_driver_name = "rfc4106-gcm-aesni",
14561439
.cra_priority = 400,
1457-
.cra_flags = CRYPTO_ALG_ASYNC,
1440+
.cra_flags = CRYPTO_ALG_ASYNC |
1441+
CRYPTO_ALG_AEAD_NEW,
14581442
.cra_blocksize = 1,
14591443
.cra_ctxsize = sizeof(struct cryptd_aead *),
14601444
.cra_module = THIS_MODULE,

0 commit comments

Comments
 (0)