Commit c3917fd9 authored by Herbert Xu's avatar Herbert Xu

KEYS: Use skcipher

This patch replaces uses of blkcipher with skcipher.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 608fb34c
...@@ -28,11 +28,10 @@ ...@@ -28,11 +28,10 @@
#include <linux/random.h> #include <linux/random.h>
#include <linux/rcupdate.h> #include <linux/rcupdate.h>
#include <linux/scatterlist.h> #include <linux/scatterlist.h>
#include <linux/crypto.h>
#include <linux/ctype.h> #include <linux/ctype.h>
#include <crypto/hash.h> #include <crypto/hash.h>
#include <crypto/sha.h> #include <crypto/sha.h>
#include <crypto/aes.h> #include <crypto/skcipher.h>
#include "encrypted.h" #include "encrypted.h"
#include "ecryptfs_format.h" #include "ecryptfs_format.h"
...@@ -85,17 +84,17 @@ static const match_table_t key_tokens = { ...@@ -85,17 +84,17 @@ static const match_table_t key_tokens = {
static int aes_get_sizes(void) static int aes_get_sizes(void)
{ {
struct crypto_blkcipher *tfm; struct crypto_skcipher *tfm;
tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to alloc_cipher (%ld)\n", pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
PTR_ERR(tfm)); PTR_ERR(tfm));
return PTR_ERR(tfm); return PTR_ERR(tfm);
} }
ivsize = crypto_blkcipher_ivsize(tfm); ivsize = crypto_skcipher_ivsize(tfm);
blksize = crypto_blkcipher_blocksize(tfm); blksize = crypto_skcipher_blocksize(tfm);
crypto_free_blkcipher(tfm); crypto_free_skcipher(tfm);
return 0; return 0;
} }
...@@ -401,28 +400,37 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, ...@@ -401,28 +400,37 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,
return ret; return ret;
} }
static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, static struct skcipher_request *init_skcipher_req(const u8 *key,
unsigned int key_len, const u8 *iv, unsigned int key_len)
unsigned int ivsize)
{ {
struct skcipher_request *req;
struct crypto_skcipher *tfm;
int ret; int ret;
desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(desc->tfm)) { if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to load %s transform (%ld)\n", pr_err("encrypted_key: failed to load %s transform (%ld)\n",
blkcipher_alg, PTR_ERR(desc->tfm)); blkcipher_alg, PTR_ERR(tfm));
return PTR_ERR(desc->tfm); return ERR_CAST(tfm);
} }
desc->flags = 0;
ret = crypto_blkcipher_setkey(desc->tfm, key, key_len); ret = crypto_skcipher_setkey(tfm, key, key_len);
if (ret < 0) { if (ret < 0) {
pr_err("encrypted_key: failed to setkey (%d)\n", ret); pr_err("encrypted_key: failed to setkey (%d)\n", ret);
crypto_free_blkcipher(desc->tfm); crypto_free_skcipher(tfm);
return ret; return ERR_PTR(ret);
} }
crypto_blkcipher_set_iv(desc->tfm, iv, ivsize);
return 0; req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
pr_err("encrypted_key: failed to allocate request for %s\n",
blkcipher_alg);
crypto_free_skcipher(tfm);
return ERR_PTR(-ENOMEM);
}
skcipher_request_set_callback(req, 0, NULL, NULL);
return req;
} }
static struct key *request_master_key(struct encrypted_key_payload *epayload, static struct key *request_master_key(struct encrypted_key_payload *epayload,
...@@ -467,7 +475,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ...@@ -467,7 +475,8 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
{ {
struct scatterlist sg_in[2]; struct scatterlist sg_in[2];
struct scatterlist sg_out[1]; struct scatterlist sg_out[1];
struct blkcipher_desc desc; struct crypto_skcipher *tfm;
struct skcipher_request *req;
unsigned int encrypted_datalen; unsigned int encrypted_datalen;
unsigned int padlen; unsigned int padlen;
char pad[16]; char pad[16];
...@@ -476,9 +485,9 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ...@@ -476,9 +485,9 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
padlen = encrypted_datalen - epayload->decrypted_datalen; padlen = encrypted_datalen - epayload->decrypted_datalen;
ret = init_blkcipher_desc(&desc, derived_key, derived_keylen, req = init_skcipher_req(derived_key, derived_keylen);
epayload->iv, ivsize); ret = PTR_ERR(req);
if (ret < 0) if (IS_ERR(req))
goto out; goto out;
dump_decrypted_data(epayload); dump_decrypted_data(epayload);
...@@ -491,8 +500,12 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ...@@ -491,8 +500,12 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
sg_init_table(sg_out, 1); sg_init_table(sg_out, 1);
sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen); sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, encrypted_datalen); skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
crypto_free_blkcipher(desc.tfm); epayload->iv);
ret = crypto_skcipher_encrypt(req);
tfm = crypto_skcipher_reqtfm(req);
skcipher_request_free(req);
crypto_free_skcipher(tfm);
if (ret < 0) if (ret < 0)
pr_err("encrypted_key: failed to encrypt (%d)\n", ret); pr_err("encrypted_key: failed to encrypt (%d)\n", ret);
else else
...@@ -565,15 +578,16 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload, ...@@ -565,15 +578,16 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
{ {
struct scatterlist sg_in[1]; struct scatterlist sg_in[1];
struct scatterlist sg_out[2]; struct scatterlist sg_out[2];
struct blkcipher_desc desc; struct crypto_skcipher *tfm;
struct skcipher_request *req;
unsigned int encrypted_datalen; unsigned int encrypted_datalen;
char pad[16]; char pad[16];
int ret; int ret;
encrypted_datalen = roundup(epayload->decrypted_datalen, blksize); encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
ret = init_blkcipher_desc(&desc, derived_key, derived_keylen, req = init_skcipher_req(derived_key, derived_keylen);
epayload->iv, ivsize); ret = PTR_ERR(req);
if (ret < 0) if (IS_ERR(req))
goto out; goto out;
dump_encrypted_data(epayload, encrypted_datalen); dump_encrypted_data(epayload, encrypted_datalen);
...@@ -585,8 +599,12 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload, ...@@ -585,8 +599,12 @@ static int derived_key_decrypt(struct encrypted_key_payload *epayload,
epayload->decrypted_datalen); epayload->decrypted_datalen);
sg_set_buf(&sg_out[1], pad, sizeof pad); sg_set_buf(&sg_out[1], pad, sizeof pad);
ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, encrypted_datalen); skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
crypto_free_blkcipher(desc.tfm); epayload->iv);
ret = crypto_skcipher_decrypt(req);
tfm = crypto_skcipher_reqtfm(req);
skcipher_request_free(req);
crypto_free_skcipher(tfm);
if (ret < 0) if (ret < 0)
goto out; goto out;
dump_decrypted_data(epayload); dump_decrypted_data(epayload);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment