diff options
| author | Eric Biggers <ebiggers@google.com> | 2018-01-03 14:16:25 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-01-12 07:03:14 -0500 |
| commit | a16e772e664b9a261424107784804cffc8894977 (patch) | |
| tree | cbabf3942fc04a559bd98385333ddeaa173f3136 /crypto/poly1305_generic.c | |
| parent | fa59b92d299f2787e6bae1ff078ee0982e80211f (diff) | |
crypto: poly1305 - remove ->setkey() method
Since Poly1305 requires a nonce per invocation, the Linux kernel
implementations of Poly1305 don't use the crypto API's keying mechanism
and instead expect the key and nonce as the first 32 bytes of the data.
But ->setkey() is still defined as a stub returning an error code. This
prevents Poly1305 from being used through AF_ALG and will also break it
completely once we start enforcing that all crypto API users (not just
AF_ALG) call ->setkey() if present.
Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL.
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/poly1305_generic.c')
| -rw-r--r-- | crypto/poly1305_generic.c | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c index d92617aeb783..b7a3a0613a30 100644 --- a/crypto/poly1305_generic.c +++ b/crypto/poly1305_generic.c | |||
| @@ -47,17 +47,6 @@ int crypto_poly1305_init(struct shash_desc *desc) | |||
| 47 | } | 47 | } |
| 48 | EXPORT_SYMBOL_GPL(crypto_poly1305_init); | 48 | EXPORT_SYMBOL_GPL(crypto_poly1305_init); |
| 49 | 49 | ||
| 50 | int crypto_poly1305_setkey(struct crypto_shash *tfm, | ||
| 51 | const u8 *key, unsigned int keylen) | ||
| 52 | { | ||
| 53 | /* Poly1305 requires a unique key for each tag, which implies that | ||
| 54 | * we can't set it on the tfm that gets accessed by multiple users | ||
| 55 | * simultaneously. Instead we expect the key as the first 32 bytes in | ||
| 56 | * the update() call. */ | ||
| 57 | return -ENOTSUPP; | ||
| 58 | } | ||
| 59 | EXPORT_SYMBOL_GPL(crypto_poly1305_setkey); | ||
| 60 | |||
| 61 | static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key) | 50 | static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key) |
| 62 | { | 51 | { |
| 63 | /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ | 52 | /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ |
| @@ -76,6 +65,11 @@ static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key) | |||
| 76 | dctx->s[3] = get_unaligned_le32(key + 12); | 65 | dctx->s[3] = get_unaligned_le32(key + 12); |
| 77 | } | 66 | } |
| 78 | 67 | ||
| 68 | /* | ||
| 69 | * Poly1305 requires a unique key for each tag, which implies that we can't set | ||
| 70 | * it on the tfm that gets accessed by multiple users simultaneously. Instead we | ||
| 71 | * expect the key as the first 32 bytes in the update() call. | ||
| 72 | */ | ||
| 79 | unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx, | 73 | unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx, |
| 80 | const u8 *src, unsigned int srclen) | 74 | const u8 *src, unsigned int srclen) |
| 81 | { | 75 | { |
| @@ -280,7 +274,6 @@ static struct shash_alg poly1305_alg = { | |||
| 280 | .init = crypto_poly1305_init, | 274 | .init = crypto_poly1305_init, |
| 281 | .update = crypto_poly1305_update, | 275 | .update = crypto_poly1305_update, |
| 282 | .final = crypto_poly1305_final, | 276 | .final = crypto_poly1305_final, |
| 283 | .setkey = crypto_poly1305_setkey, | ||
| 284 | .descsize = sizeof(struct poly1305_desc_ctx), | 277 | .descsize = sizeof(struct poly1305_desc_ctx), |
| 285 | .base = { | 278 | .base = { |
| 286 | .cra_name = "poly1305", | 279 | .cra_name = "poly1305", |