From: Ilya Dryomov <idryomov@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
netdev <netdev@vger.kernel.org>,
devel@driverdev.osuosl.org, dm-devel@redhat.com,
linux-wireless@vger.kernel.org, linux-cifs@vger.kernel.org,
ecryptfs@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-nfs@vger.kernel.org, keyrings@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
Ceph Development <ceph-devel@vger.kernel.org>,
linux-wpan@vger.kernel.org, linux-afs@lists.infradead.org,
Lars Ellenberg <drbd-dev@lists.linbit.com>,
open-iscsi@googlegroups.com
Subject: Re: [PATCH 16/26] libceph: Use skcipher
Date: Mon, 25 Jan 2016 17:18:47 +0100 [thread overview]
Message-ID: <CAOi1vP9jmMYHR21UeAO175susZ5V74vcXyoxwayBVSTFHxjhBQ@mail.gmail.com> (raw)
In-Reply-To: <E1aNKYy-0008E6-GI@gondolin.me.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 509 bytes --]
On Sun, Jan 24, 2016 at 2:18 PM, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> This patch replaces uses of blkcipher with skcipher.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> ---
>
> net/ceph/crypto.c | 97 +++++++++++++++++++++++++++++++-----------------------
> 1 file changed, 56 insertions(+), 41 deletions(-)
Could you get rid of ivsize instead of assigning to it - see the
attached diff?
Otherwise:
Acked-by: Ilya Dryomov <idryomov@gmail.com>
Thanks,
Ilya
[-- Attachment #2: skcipher-ivsize.diff --]
[-- Type: text/plain, Size: 7703 bytes --]
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 42e8649c6e79..db2847ac5f12 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -4,7 +4,8 @@
#include <linux/err.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
-#include <crypto/hash.h>
+#include <crypto/aes.h>
+#include <crypto/skcipher.h>
#include <linux/key-type.h>
#include <keys/ceph-type.h>
@@ -79,9 +80,9 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
return 0;
}
-static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void)
+static struct crypto_skcipher *ceph_crypto_alloc_cipher(void)
{
- return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+ return crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
}
static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
@@ -162,11 +163,10 @@ static int ceph_aes_encrypt(const void *key, int key_len,
{
struct scatterlist sg_in[2], prealloc_sg;
struct sg_table sg_out;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
- void *iv;
- int ivsize;
+ char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - (src_len & 0x0f));
char pad[16];
@@ -184,10 +184,13 @@ static int ceph_aes_encrypt(const void *key, int key_len,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
- memcpy(iv, aes_iv, ivsize);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
+ memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+ src_len + zero_padding, iv);
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -197,8 +200,8 @@ static int ceph_aes_encrypt(const void *key, int key_len,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
- ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
- src_len + zero_padding);
+ ret = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt failed %d\n", ret);
goto out_sg;
@@ -211,7 +214,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
out_sg:
teardown_sgtable(&sg_out);
out_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
return ret;
}
@@ -222,11 +225,10 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
{
struct scatterlist sg_in[3], prealloc_sg;
struct sg_table sg_out;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
- void *iv;
- int ivsize;
+ char iv[AES_BLOCK_SIZE];
size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
char pad[16];
@@ -245,10 +247,13 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
- memcpy(iv, aes_iv, ivsize);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
+ memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+ src1_len + src2_len + zero_padding, iv);
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -260,8 +265,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
- ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
- src1_len + src2_len + zero_padding);
+ ret = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt2 failed %d\n", ret);
goto out_sg;
@@ -274,7 +279,7 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst,
out_sg:
teardown_sgtable(&sg_out);
out_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
return ret;
}
@@ -284,11 +289,10 @@ static int ceph_aes_decrypt(const void *key, int key_len,
{
struct sg_table sg_in;
struct scatterlist sg_out[2], prealloc_sg;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
char pad[16];
- void *iv;
- int ivsize;
+ char iv[AES_BLOCK_SIZE];
int ret;
int last_byte;
@@ -302,10 +306,13 @@ static int ceph_aes_decrypt(const void *key, int key_len,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
- memcpy(iv, aes_iv, ivsize);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
+ memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in.sgl, sg_out,
+ src_len, iv);
/*
print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -313,7 +320,8 @@ static int ceph_aes_decrypt(const void *key, int key_len,
print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
src, src_len, 1);
*/
- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
+ ret = crypto_skcipher_decrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_decrypt failed %d\n", ret);
goto out_sg;
@@ -338,7 +346,7 @@ static int ceph_aes_decrypt(const void *key, int key_len,
out_sg:
teardown_sgtable(&sg_in);
out_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
return ret;
}
@@ -349,11 +357,10 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
{
struct sg_table sg_in;
struct scatterlist sg_out[3], prealloc_sg;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
char pad[16];
- void *iv;
- int ivsize;
+ char iv[AES_BLOCK_SIZE];
int ret;
int last_byte;
@@ -368,10 +375,13 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
- memcpy(iv, aes_iv, ivsize);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
+ memcpy(iv, aes_iv, AES_BLOCK_SIZE);
+
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in.sgl, sg_out,
+ src_len, iv);
/*
print_hex_dump(KERN_ERR, "dec key: ", DUMP_PREFIX_NONE, 16, 1,
@@ -379,7 +389,8 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1,
src, src_len, 1);
*/
- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len);
+ ret = crypto_skcipher_decrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_decrypt failed %d\n", ret);
goto out_sg;
@@ -415,7 +426,7 @@ static int ceph_aes_decrypt2(const void *key, int key_len,
out_sg:
teardown_sgtable(&sg_in);
out_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
return ret;
}
next prev parent reply other threads:[~2016-01-25 16:18 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-24 13:10 [PATCH 0/26] crypto: Use skcipher and ahash/shash where possible Herbert Xu
2016-01-24 13:16 ` [PATCH 1/26] block: cryptoloop - Use new skcipher interface Herbert Xu
2016-01-24 13:37 ` kbuild test robot
2016-01-24 13:39 ` Herbert Xu
2016-01-24 13:16 ` [PATCH 2/26] ppp_mppe: Use skcipher and ahash Herbert Xu
2016-01-24 13:16 ` [PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash Herbert Xu
2016-01-24 20:00 ` Greg KH
2016-01-24 13:16 ` [PATCH 4/26] dm crypt: Use skcipher and ahash Herbert Xu
2016-01-24 13:43 ` kbuild test robot
2016-01-24 13:16 ` [PATCH 5/26] orinoco: Use ahash Herbert Xu
2016-01-24 13:16 ` [PATCH 6/26] staging: rtl8192u: Use skcipher and ahash Herbert Xu
2016-01-24 20:00 ` Greg KH
2016-01-24 13:17 ` [PATCH 7/26] wusb: Use skcipher Herbert Xu
2016-01-24 13:38 ` kbuild test robot
2016-01-24 13:17 ` [PATCH 8/26] cifs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 9/26] eCryptfs: Use skcipher and shash Herbert Xu
2016-01-24 13:38 ` kbuild test robot
2016-01-24 13:17 ` [PATCH 10/26] ext4: Use skcipher Herbert Xu
2016-01-24 13:17 ` [PATCH 11/26] f2fs: " Herbert Xu
2016-01-24 13:17 ` [PATCH 12/26] sunrpc: Use skcipher and ahash/shash Herbert Xu
2016-01-24 13:18 ` [PATCH 13/26] lib80211: Use skcipher and ahash Herbert Xu
2016-01-24 13:18 ` [PATCH 14/26] KEYS: Use skcipher Herbert Xu
2016-01-24 13:18 ` [PATCH 15/26] Bluetooth: Use skcipher and hash Herbert Xu
2016-01-24 13:35 ` kbuild test robot
2016-01-25 6:48 ` Marcel Holtmann
2016-01-24 13:18 ` [PATCH 16/26] libceph: Use skcipher Herbert Xu
2016-01-25 16:18 ` Ilya Dryomov [this message]
2016-01-26 10:54 ` Herbert Xu
2016-01-26 11:29 ` Ilya Dryomov
2016-01-26 11:33 ` Herbert Xu
2016-01-24 13:18 ` [PATCH 17/26] mac802154: " Herbert Xu
2016-01-26 16:55 ` Stefan Schmidt
2016-01-24 13:19 ` [PATCH 18/26] rxrpc: " Herbert Xu
2016-01-24 13:19 ` [PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms Herbert Xu
2016-01-24 13:42 ` kbuild test robot
2016-01-25 6:02 ` David Miller
2016-01-24 13:19 ` [PATCH 20/26] drbd: Use shash and ahash Herbert Xu
2016-01-24 13:19 ` [PATCH 21/26] nfc: s3fwrn5: Use shash Herbert Xu
2016-01-24 13:48 ` kbuild test robot
2016-01-24 13:19 ` [PATCH 22/26] iscsi_tcp: Use ahash Herbert Xu
2016-01-25 19:50 ` [dm-devel] " Mike Christie
2016-01-24 13:19 ` [PATCH 23/26] iscsi-target: Use shash and ahash Herbert Xu
2016-01-24 13:20 ` [PATCH 24/26] nfsd: Use shash Herbert Xu
2016-01-24 13:51 ` kbuild test robot
2016-01-24 13:20 ` [PATCH 25/26] sctp: " Herbert Xu
2016-01-25 6:02 ` David Miller
2016-01-24 13:20 ` [PATCH 26/26] tcp: Use ahash Herbert Xu
2016-01-25 6:01 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOi1vP9jmMYHR21UeAO175susZ5V74vcXyoxwayBVSTFHxjhBQ@mail.gmail.com \
--to=idryomov@gmail.com \
--cc=ceph-devel@vger.kernel.org \
--cc=devel@driverdev.osuosl.org \
--cc=dm-devel@redhat.com \
--cc=drbd-dev@lists.linbit.com \
--cc=ecryptfs@vger.kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=open-iscsi@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).