Commit e9b8d2c2 authored by Herbert Xu's avatar Herbert Xu

crypto: aesni - Use new IV convention

This patch converts rfc4106 to the new calling convention where
the IV is now in the AD and needs to be skipped.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 34a1c740
...@@ -803,10 +803,7 @@ static int rfc4106_init(struct crypto_aead *aead) ...@@ -803,10 +803,7 @@ static int rfc4106_init(struct crypto_aead *aead)
return PTR_ERR(cryptd_tfm); return PTR_ERR(cryptd_tfm);
*ctx = cryptd_tfm; *ctx = cryptd_tfm;
crypto_aead_set_reqsize( crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base));
aead,
sizeof(struct aead_request) +
crypto_aead_reqsize(&cryptd_tfm->base));
return 0; return 0;
} }
...@@ -955,8 +952,8 @@ static int helper_rfc4106_encrypt(struct aead_request *req) ...@@ -955,8 +952,8 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
/* Assuming we are supporting rfc4106 64-bit extended */ /* Assuming we are supporting rfc4106 64-bit extended */
/* sequence numbers We need to have the AAD length equal */ /* sequence numbers We need to have the AAD length equal */
/* to 8 or 12 bytes */ /* to 16 or 20 bytes */
if (unlikely(req->assoclen != 8 && req->assoclen != 12)) if (unlikely(req->assoclen != 16 && req->assoclen != 20))
return -EINVAL; return -EINVAL;
/* IV below built */ /* IV below built */
...@@ -992,9 +989,9 @@ static int helper_rfc4106_encrypt(struct aead_request *req) ...@@ -992,9 +989,9 @@ static int helper_rfc4106_encrypt(struct aead_request *req)
} }
kernel_fpu_begin(); kernel_fpu_begin();
aesni_gcm_enc_tfm(aes_ctx, dst, src, (unsigned long)req->cryptlen, iv, aesni_gcm_enc_tfm(aes_ctx, dst, src, req->cryptlen, iv,
ctx->hash_subkey, assoc, (unsigned long)req->assoclen, dst ctx->hash_subkey, assoc, req->assoclen - 8,
+ ((unsigned long)req->cryptlen), auth_tag_len); dst + req->cryptlen, auth_tag_len);
kernel_fpu_end(); kernel_fpu_end();
/* The authTag (aka the Integrity Check Value) needs to be written /* The authTag (aka the Integrity Check Value) needs to be written
...@@ -1033,12 +1030,12 @@ static int helper_rfc4106_decrypt(struct aead_request *req) ...@@ -1033,12 +1030,12 @@ static int helper_rfc4106_decrypt(struct aead_request *req)
struct scatter_walk dst_sg_walk; struct scatter_walk dst_sg_walk;
unsigned int i; unsigned int i;
if (unlikely(req->assoclen != 8 && req->assoclen != 12)) if (unlikely(req->assoclen != 16 && req->assoclen != 20))
return -EINVAL; return -EINVAL;
/* Assuming we are supporting rfc4106 64-bit extended */ /* Assuming we are supporting rfc4106 64-bit extended */
/* sequence numbers We need to have the AAD length */ /* sequence numbers We need to have the AAD length */
/* equal to 8 or 12 bytes */ /* equal to 16 or 20 bytes */
tempCipherLen = (unsigned long)(req->cryptlen - auth_tag_len); tempCipherLen = (unsigned long)(req->cryptlen - auth_tag_len);
/* IV below built */ /* IV below built */
...@@ -1075,7 +1072,7 @@ static int helper_rfc4106_decrypt(struct aead_request *req) ...@@ -1075,7 +1072,7 @@ static int helper_rfc4106_decrypt(struct aead_request *req)
kernel_fpu_begin(); kernel_fpu_begin();
aesni_gcm_dec_tfm(aes_ctx, dst, src, tempCipherLen, iv, aesni_gcm_dec_tfm(aes_ctx, dst, src, tempCipherLen, iv,
ctx->hash_subkey, assoc, (unsigned long)req->assoclen, ctx->hash_subkey, assoc, req->assoclen - 8,
authTag, auth_tag_len); authTag, auth_tag_len);
kernel_fpu_end(); kernel_fpu_end();
...@@ -1105,19 +1102,12 @@ static int rfc4106_encrypt(struct aead_request *req) ...@@ -1105,19 +1102,12 @@ static int rfc4106_encrypt(struct aead_request *req)
struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct crypto_aead *tfm = crypto_aead_reqtfm(req);
struct cryptd_aead **ctx = crypto_aead_ctx(tfm); struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
struct cryptd_aead *cryptd_tfm = *ctx; struct cryptd_aead *cryptd_tfm = *ctx;
struct aead_request *subreq = aead_request_ctx(req);
aead_request_set_tfm(subreq, irq_fpu_usable() ? aead_request_set_tfm(req, irq_fpu_usable() ?
cryptd_aead_child(cryptd_tfm) : cryptd_aead_child(cryptd_tfm) :
&cryptd_tfm->base); &cryptd_tfm->base);
aead_request_set_callback(subreq, req->base.flags, return crypto_aead_encrypt(req);
req->base.complete, req->base.data);
aead_request_set_crypt(subreq, req->src, req->dst,
req->cryptlen, req->iv);
aead_request_set_ad(subreq, req->assoclen);
return crypto_aead_encrypt(subreq);
} }
static int rfc4106_decrypt(struct aead_request *req) static int rfc4106_decrypt(struct aead_request *req)
...@@ -1125,19 +1115,12 @@ static int rfc4106_decrypt(struct aead_request *req) ...@@ -1125,19 +1115,12 @@ static int rfc4106_decrypt(struct aead_request *req)
struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct crypto_aead *tfm = crypto_aead_reqtfm(req);
struct cryptd_aead **ctx = crypto_aead_ctx(tfm); struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
struct cryptd_aead *cryptd_tfm = *ctx; struct cryptd_aead *cryptd_tfm = *ctx;
struct aead_request *subreq = aead_request_ctx(req);
aead_request_set_tfm(subreq, irq_fpu_usable() ? aead_request_set_tfm(req, irq_fpu_usable() ?
cryptd_aead_child(cryptd_tfm) : cryptd_aead_child(cryptd_tfm) :
&cryptd_tfm->base); &cryptd_tfm->base);
aead_request_set_callback(subreq, req->base.flags, return crypto_aead_decrypt(req);
req->base.complete, req->base.data);
aead_request_set_crypt(subreq, req->src, req->dst,
req->cryptlen, req->iv);
aead_request_set_ad(subreq, req->assoclen);
return crypto_aead_decrypt(subreq);
} }
#endif #endif
...@@ -1454,7 +1437,8 @@ static struct aead_alg aesni_aead_algs[] = { { ...@@ -1454,7 +1437,8 @@ static struct aead_alg aesni_aead_algs[] = { {
.cra_name = "rfc4106(gcm(aes))", .cra_name = "rfc4106(gcm(aes))",
.cra_driver_name = "rfc4106-gcm-aesni", .cra_driver_name = "rfc4106-gcm-aesni",
.cra_priority = 400, .cra_priority = 400,
.cra_flags = CRYPTO_ALG_ASYNC, .cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_AEAD_NEW,
.cra_blocksize = 1, .cra_blocksize = 1,
.cra_ctxsize = sizeof(struct cryptd_aead *), .cra_ctxsize = sizeof(struct cryptd_aead *),
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment