From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AEB6C48BD7 for ; Thu, 27 Jun 2019 07:04:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D21AA205C9 for ; Thu, 27 Jun 2019 07:04:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OPVkj5o0"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="vbR3WYhU" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D21AA205C9 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=J0/t6hdoqFdNe4nM7TFoiqdhHxWtYnDlYMPGpH4FMoA=; b=OPVkj5o0ffFpqS aHPcRP9IS+PhEJ5hNmExPbDER3QIKu6u+3xO1z6z8T37UXOdBb87GkPEmYYYlf+F5BUsv5xl30Uia bn1fCNuIfklpuxdKf4LSRztacqHoS09iLJaLAI3SmeTVSni80GqvJa54rb9o0xZIS3XIhX9bRxd6A NK3JucBlQgidFW8/NqHCqTQbUPXILK+sGmFu9Bohc3SpQ8f0Grxff6oVy8a2kM9nGDMBrCF+rkPmP rmd/c6ho9anL+cbuyLxo7hq8DZBlu/hV8/d9c4oBH+xGpT6wUCajpI9IMoPC59+Tvrmhov8k3HOY1 0jzwmh1Qz188RdVnHSgg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hgOSL-0006Cw-IO; Thu, 27 Jun 2019 07:04:29 +0000 Received: from mail-io1-xd41.google.com ([2607:f8b0:4864:20::d41]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hgOSI-0006Cc-FT for linux-arm-kernel@lists.infradead.org; Thu, 27 Jun 2019 07:04:28 +0000 Received: by mail-io1-xd41.google.com with SMTP id h6so2491851ioh.3 for ; Thu, 27 Jun 2019 00:04:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AZmkg14rhmcX5Dvn99I9Bdojb+GxN0kaY+JY2CKjAGo=; b=vbR3WYhUS9HeIiQnXzqMjOMfF59F2nBROJQUUfNES1Cd8B0fbpsjXssBRAwBd4OJWb UCpNtnUJlqgzQGSq6iTYX6coyVr/A4iw4si1tGeljV3UibLsB4dpN7hiG8JSFpTgw/O+ Ud4ifzxOXHzXuDDLlYp0GOuHO2/CPZtQf8hCGmP+qIwKsbIcgxDo4T4DVrrwnLutmHVl zbqqUHgT1TnteK5e0ksflhMCgTp2MLDb4JZtBvfrENyu4SEt1xhsANAccIFeIhkB6a94 XykjByBhbk34K9b33OPIQG+ZGnUDzklMMdD3fqmUXLson+2cL1cBzrus+P0MH0xC1eSY scug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AZmkg14rhmcX5Dvn99I9Bdojb+GxN0kaY+JY2CKjAGo=; b=hTcPlK/PXDK4QWcMIPH5l+xIfBdCZ5RkFaDKMRlXH+X8tvcVQ2eUUWc0WuwV0fF7cR bkB59UvubhxCvRObdwq7LSPDHxYdzaemvQsBSsmqEAL1jUD4LUMng+jatnab/5m5SKXQ 8+ncgvC6aSL0Zl+f2lHgjPNYjmR1UR9JMkPllN4nMQKRbnd4dMSnkUEexjcdcbQDwIqD peGzd/B3qYyIQ497famUx3hTz3Y3NxnKbIEsNbdV02X+OrmCwO4k7RaKiQhjl6uniCo1 kouUfCPqShDuTxZBw4bdkbchcg9d5yRrFaGh2I1kGh3JgKGJxViyGhWA82hw22lvgctn ocwg== X-Gm-Message-State: APjAAAWGKHUndVmzIEE7TGqmGaEvsfDMal0/xwrjpjlI6FZ/xhLpzmZg tgcRKBHpGORto1OmHoBvhbF03X+48QaBLS52ZKYT9w== X-Google-Smtp-Source: APXvYqyQ8lEGEOe574tAaBoj1hNDqt9LhwaGLmd8WzETW0ivzLxr8aw/A+Me4o6JpnjnyIzfoRf+ZGTv19sNDODhzm8= X-Received: by 2002:a6b:7312:: with SMTP id e18mr2631988ioh.156.1561619065452; Thu, 27 Jun 2019 00:04:25 -0700 (PDT) MIME-Version: 1.0 References: <20190626204047.32131-1-ard.biesheuvel@linaro.org> <20190626204047.32131-2-ard.biesheuvel@linaro.org> In-Reply-To: <20190626204047.32131-2-ard.biesheuvel@linaro.org> From: Ard Biesheuvel Date: Thu, 27 Jun 2019 09:04:10 +0200 Message-ID: Subject: Re: [PATCH v5 1/7] crypto: essiv - create wrapper template for ESSIV generation To: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190627_000426_530151_73DA0E6E X-CRM114-Status: GOOD ( 22.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Herbert Xu , Eric Biggers , linux-fscrypt@vger.kernel.org, Gilad Ben-Yossef , device-mapper development , Milan Broz , linux-arm-kernel Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, 26 Jun 2019 at 22:40, Ard Biesheuvel wrote: > > Implement a template that wraps a (skcipher,cipher,shash) or > (aead,cipher,shash) tuple so that we can consolidate the ESSIV handling > in fscrypt and dm-crypt and move it into the crypto API. This will result > in better test coverage, and will allow future changes to make the bare > cipher interface internal to the crypto subsystem, in order to increase > robustness of the API against misuse. > > Signed-off-by: Ard Biesheuvel > --- > crypto/Kconfig | 4 + > crypto/Makefile | 1 + > crypto/essiv.c | 636 ++++++++++++++++++++ > 3 files changed, 641 insertions(+) > ... > diff --git a/crypto/essiv.c b/crypto/essiv.c > new file mode 100644 > index 000000000000..fddf6dcc3823 > --- /dev/null > +++ b/crypto/essiv.c > @@ -0,0 +1,636 @@ ... > +static void essiv_aead_done(struct crypto_async_request *areq, int err) > +{ > + struct aead_request *req = areq->data; > + struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); > + > + if (rctx->iv) > + kfree(rctx->iv); > + aead_request_complete(req, err); > +} > + > +static int essiv_aead_crypt(struct aead_request *req, bool enc) > +{ > + gfp_t gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL > + : GFP_ATOMIC; > + struct crypto_aead *tfm = crypto_aead_reqtfm(req); > + const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm); > + struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); > + struct aead_request *subreq = &rctx->aead_req; > + struct scatterlist *sg; > + int err; > + > + crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv); > + > + /* > + * dm-crypt embeds the sector number and the IV in the AAD region, so > + * we have to copy the converted IV into the source scatterlist before > + * we pass it on. If the source and destination scatterlist pointers > + * are the same, we just update the IV copy in the AAD region in-place. > + * However, if they are different, the caller is not expecting us to > + * modify the memory described by the source scatterlist, and so we have > + * to do this little dance to create a new scatterlist that backs the > + * IV slot in the AAD region with a scratch buffer that we can freely > + * modify. > + */ > + rctx->iv = NULL; > + if (req->src != req->dst) { > + int ivsize = crypto_aead_ivsize(tfm); > + int ssize = req->assoclen - ivsize; > + u8 *iv; > + > + if (ssize < 0 || sg_nents_for_len(req->src, ssize) != 1) > + return -EINVAL; > + > + if (enc) { > + rctx->iv = iv = kmemdup(req->iv, ivsize, gfp); This allocation is not really needed - I'll enlarge the request ctx struct instead so I can incorporate it as an anonymous member. > + if (!iv) > + return -ENOMEM; > + } else { > + /* > + * On the decrypt path, the ahash executes before the > + * skcipher gets a chance to clobber req->iv with its > + * output IV, so just map the buffer directly. > + */ > + iv = req->iv; > + } > + > + sg_init_table(rctx->sg, 4); > + sg_set_page(rctx->sg, sg_page(req->src), ssize, req->src->offset); > + sg_set_buf(rctx->sg + 1, iv, ivsize); > + sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen); > + if (sg != rctx->sg + 2) > + sg_chain(rctx->sg, 3, sg); > + sg = rctx->sg; > + } else { > + scatterwalk_map_and_copy(req->iv, req->dst, > + req->assoclen - crypto_aead_ivsize(tfm), > + crypto_aead_ivsize(tfm), 1); > + sg = req->src; > + } > + > + aead_request_set_tfm(subreq, tctx->u.aead); > + aead_request_set_ad(subreq, req->assoclen); > + aead_request_set_callback(subreq, aead_request_flags(req), > + essiv_aead_done, req); > + aead_request_set_crypt(subreq, sg, req->dst, req->cryptlen, req->iv); > + > + err = enc ? crypto_aead_encrypt(subreq) : > + crypto_aead_decrypt(subreq); > + > + if (rctx->iv && err != -EINPROGRESS) > + kfree(rctx->iv); > + > + return err; > +} > + ... _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel