Commit d56d72c6 authored by Herbert Xu's avatar Herbert Xu

KEYS: Use skcipher for big keys

This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: default avatarDavid Howells <dhowells@redhat.com>
parent 85e0687f
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
#include <keys/user-type.h> #include <keys/user-type.h>
#include <keys/big_key-type.h> #include <keys/big_key-type.h>
#include <crypto/rng.h> #include <crypto/rng.h>
#include <crypto/skcipher.h>
/* /*
* Layout of key payload words. * Layout of key payload words.
...@@ -74,7 +75,7 @@ static const char big_key_alg_name[] = "ecb(aes)"; ...@@ -74,7 +75,7 @@ static const char big_key_alg_name[] = "ecb(aes)";
* Crypto algorithms for big_key data encryption * Crypto algorithms for big_key data encryption
*/ */
static struct crypto_rng *big_key_rng; static struct crypto_rng *big_key_rng;
static struct crypto_blkcipher *big_key_blkcipher; static struct crypto_skcipher *big_key_skcipher;
/* /*
* Generate random key to encrypt big_key data * Generate random key to encrypt big_key data
...@@ -91,22 +92,26 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) ...@@ -91,22 +92,26 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key)
{ {
int ret = -EINVAL; int ret = -EINVAL;
struct scatterlist sgio; struct scatterlist sgio;
struct blkcipher_desc desc; SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher);
if (crypto_blkcipher_setkey(big_key_blkcipher, key, ENC_KEY_SIZE)) { if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) {
ret = -EAGAIN; ret = -EAGAIN;
goto error; goto error;
} }
desc.flags = 0; skcipher_request_set_tfm(req, big_key_skcipher);
desc.tfm = big_key_blkcipher; skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
sg_init_one(&sgio, data, datalen); sg_init_one(&sgio, data, datalen);
skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL);
if (op == BIG_KEY_ENC) if (op == BIG_KEY_ENC)
ret = crypto_blkcipher_encrypt(&desc, &sgio, &sgio, datalen); ret = crypto_skcipher_encrypt(req);
else else
ret = crypto_blkcipher_decrypt(&desc, &sgio, &sgio, datalen); ret = crypto_skcipher_decrypt(req);
skcipher_request_zero(req);
error: error:
return ret; return ret;
...@@ -140,7 +145,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) ...@@ -140,7 +145,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
* *
* File content is stored encrypted with randomly generated key. * File content is stored encrypted with randomly generated key.
*/ */
size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
/* prepare aligned data to encrypt */ /* prepare aligned data to encrypt */
data = kmalloc(enclen, GFP_KERNEL); data = kmalloc(enclen, GFP_KERNEL);
...@@ -288,7 +293,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen) ...@@ -288,7 +293,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
struct file *file; struct file *file;
u8 *data; u8 *data;
u8 *enckey = (u8 *)key->payload.data[big_key_data]; u8 *enckey = (u8 *)key->payload.data[big_key_data];
size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
data = kmalloc(enclen, GFP_KERNEL); data = kmalloc(enclen, GFP_KERNEL);
if (!data) if (!data)
...@@ -359,9 +364,10 @@ static int __init big_key_crypto_init(void) ...@@ -359,9 +364,10 @@ static int __init big_key_crypto_init(void)
goto error; goto error;
/* init block cipher */ /* init block cipher */
big_key_blkcipher = crypto_alloc_blkcipher(big_key_alg_name, 0, 0); big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name,
if (IS_ERR(big_key_blkcipher)) { 0, CRYPTO_ALG_ASYNC);
big_key_blkcipher = NULL; if (IS_ERR(big_key_skcipher)) {
big_key_skcipher = NULL;
ret = -EFAULT; ret = -EFAULT;
goto error; goto error;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment