From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>, Jussi Kivilinna <jussi.kivilinna@iki.fi>, Ard Biesheuvel <ardb@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Maxime Coquelin <mcoquelin.stm32@gmail.com>, Alexandre Torgue <alexandre.torgue@foss.st.com>, Eric Biggers <ebiggers@kernel.org>, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com Subject: [PATCH 11/16] crypto: essiv - allow digestsize to be greater than keysize Date: Mon, 26 Sep 2022 17:36:15 +0800 [thread overview] Message-ID: <20220926093620.99898-12-tianjia.zhang@linux.alibaba.com> (raw) In-Reply-To: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> In essiv mode, the digest of the hash algorithm is used as the key to encrypt the IV. The current implementation requires that the digest size of the hash algorithm is equal to the key size, which will exclude algorithms that do not meet this situation, such as essiv(cbc(sm4),sm3), the hash result of sm3 is fixed 256 bits, and the key size of sm4 symmetric algorithm is fixed 128 bits, which makes it impossible to use essiv mode. This patch allows algorithms whose digest size is greater than key size to use esssiv mode by truncating the digest. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- crypto/essiv.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/essiv.c b/crypto/essiv.c index e33369df9034..6ee5a61bcae4 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -68,6 +68,7 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, { struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); u8 salt[HASH_MAX_DIGESTSIZE]; + unsigned int saltlen; int err; crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); @@ -86,8 +87,11 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, crypto_cipher_set_flags(tctx->essiv_cipher, crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_MASK); - return crypto_cipher_setkey(tctx->essiv_cipher, salt, - crypto_shash_digestsize(tctx->hash)); + + saltlen = min(crypto_shash_digestsize(tctx->hash), + crypto_skcipher_max_keysize(tctx->u.skcipher)); + + return crypto_cipher_setkey(tctx->essiv_cipher, salt, saltlen); } static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, @@ -418,8 +422,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, if (IS_ERR(alg)) return false; - if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || - hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) + if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize) goto out; if (ivsize != alg->cra_blocksize) -- 2.24.3 (Apple Git-128)
WARNING: multiple messages have this Message-ID (diff)
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>, Jussi Kivilinna <jussi.kivilinna@iki.fi>, Ard Biesheuvel <ardb@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Maxime Coquelin <mcoquelin.stm32@gmail.com>, Alexandre Torgue <alexandre.torgue@foss.st.com>, Eric Biggers <ebiggers@kernel.org>, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com Subject: [PATCH 11/16] crypto: essiv - allow digestsize to be greater than keysize Date: Mon, 26 Sep 2022 17:36:15 +0800 [thread overview] Message-ID: <20220926093620.99898-12-tianjia.zhang@linux.alibaba.com> (raw) In-Reply-To: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> In essiv mode, the digest of the hash algorithm is used as the key to encrypt the IV. The current implementation requires that the digest size of the hash algorithm is equal to the key size, which will exclude algorithms that do not meet this situation, such as essiv(cbc(sm4),sm3), the hash result of sm3 is fixed 256 bits, and the key size of sm4 symmetric algorithm is fixed 128 bits, which makes it impossible to use essiv mode. This patch allows algorithms whose digest size is greater than key size to use esssiv mode by truncating the digest. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> --- crypto/essiv.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/essiv.c b/crypto/essiv.c index e33369df9034..6ee5a61bcae4 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -68,6 +68,7 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, { struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); u8 salt[HASH_MAX_DIGESTSIZE]; + unsigned int saltlen; int err; crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); @@ -86,8 +87,11 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, crypto_cipher_set_flags(tctx->essiv_cipher, crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_MASK); - return crypto_cipher_setkey(tctx->essiv_cipher, salt, - crypto_shash_digestsize(tctx->hash)); + + saltlen = min(crypto_shash_digestsize(tctx->hash), + crypto_skcipher_max_keysize(tctx->u.skcipher)); + + return crypto_cipher_setkey(tctx->essiv_cipher, salt, saltlen); } static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, @@ -418,8 +422,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, if (IS_ERR(alg)) return false; - if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || - hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) + if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize) goto out; if (ivsize != alg->cra_blocksize) -- 2.24.3 (Apple Git-128) _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-09-26 9:38 UTC|newest] Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-09-26 9:36 [PATCH 00/16] Optimizing SM3 and SM4 algorithms using NEON/CE/SVE instructions Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 01/16] crypto: arm64/sm3 - raise the priority of the CE implementation Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 02/16] crypto: arm64/sm3 - add NEON assembly implementation Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 03/16] crypto: arm64/sm4 - refactor and simplify NEON implementation Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 04/16] crypto: testmgr - add SM4 cts-cbc/essiv/xts/xcbc test vectors Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 05/16] crypto: tcrypt - add SM4 cts-cbc/essiv/xts/xcbc test Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 06/16] crypto: arm64/sm4 - refactor and simplify CE implementation Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 07/16] crypto: arm64/sm4 - simplify sm4_ce_expand_key() of " Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 08/16] crypto: arm64/sm4 - export reusable CE acceleration functions Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 09/16] crypto: arm64/sm4 - add CE implementation for CTS-CBC mode Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 10/16] crypto: arm64/sm4 - add CE implementation for XTS mode Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang [this message] 2022-09-26 9:36 ` [PATCH 11/16] crypto: essiv - allow digestsize to be greater than keysize Tianjia Zhang 2022-09-26 9:36 ` [PATCH 12/16] crypto: arm64/sm4 - add CE implementation for ESSIV mode Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 13/16] crypto: arm64/sm4 - add CE implementation for cmac/xcbc/cbcmac Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 14/16] crypto: arm64/sm4 - add CE implementation for CCM mode Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 15/16] crypto: arm64/sm4 - add CE implementation for GCM mode Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 9:36 ` [PATCH 16/16] crypto: arm64/sm4 - add ARMv9 SVE cryptography acceleration implementation Tianjia Zhang 2022-09-26 9:36 ` Tianjia Zhang 2022-09-26 10:02 ` Ard Biesheuvel 2022-09-26 10:02 ` Ard Biesheuvel 2022-09-26 17:14 ` Mark Brown 2022-09-26 17:14 ` Mark Brown 2022-09-27 4:30 ` Tianjia Zhang 2022-09-27 4:30 ` Tianjia Zhang 2022-09-27 4:26 ` Tianjia Zhang 2022-09-27 4:26 ` Tianjia Zhang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220926093620.99898-12-tianjia.zhang@linux.alibaba.com \ --to=tianjia.zhang@linux.alibaba.com \ --cc=alexandre.torgue@foss.st.com \ --cc=ardb@kernel.org \ --cc=catalin.marinas@arm.com \ --cc=davem@davemloft.net \ --cc=ebiggers@kernel.org \ --cc=herbert@gondor.apana.org.au \ --cc=jussi.kivilinna@iki.fi \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-stm32@st-md-mailman.stormreply.com \ --cc=mcoquelin.stm32@gmail.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.