diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2016-06-22 10:13:53 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2016-06-24 09:24:58 -0400 |
| commit | d56d72c6a0612be14ccb455c92886d2cb102c2ab (patch) | |
| tree | 0dea06d84ab963b1f7de92e3f03366780884a01b /security/keys | |
| parent | 85e0687f8fac9032681b163a17f806b52205922e (diff) | |
KEYS: Use skcipher for big keys
This patch replaces use of the obsolete blkcipher with skcipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/big_key.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 9e443fccad4c..c0b3030b5634 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c | |||
| @@ -18,6 +18,7 @@ | |||
| 18 | #include <keys/user-type.h> | 18 | #include <keys/user-type.h> |
| 19 | #include <keys/big_key-type.h> | 19 | #include <keys/big_key-type.h> |
| 20 | #include <crypto/rng.h> | 20 | #include <crypto/rng.h> |
| 21 | #include <crypto/skcipher.h> | ||
| 21 | 22 | ||
| 22 | /* | 23 | /* |
| 23 | * Layout of key payload words. | 24 | * Layout of key payload words. |
| @@ -74,7 +75,7 @@ static const char big_key_alg_name[] = "ecb(aes)"; | |||
| 74 | * Crypto algorithms for big_key data encryption | 75 | * Crypto algorithms for big_key data encryption |
| 75 | */ | 76 | */ |
| 76 | static struct crypto_rng *big_key_rng; | 77 | static struct crypto_rng *big_key_rng; |
| 77 | static struct crypto_blkcipher *big_key_blkcipher; | 78 | static struct crypto_skcipher *big_key_skcipher; |
| 78 | 79 | ||
| 79 | /* | 80 | /* |
| 80 | * Generate random key to encrypt big_key data | 81 | * Generate random key to encrypt big_key data |
| @@ -91,22 +92,26 @@ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key) | |||
| 91 | { | 92 | { |
| 92 | int ret = -EINVAL; | 93 | int ret = -EINVAL; |
| 93 | struct scatterlist sgio; | 94 | struct scatterlist sgio; |
| 94 | struct blkcipher_desc desc; | 95 | SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher); |
| 95 | 96 | ||
| 96 | if (crypto_blkcipher_setkey(big_key_blkcipher, key, ENC_KEY_SIZE)) { | 97 | if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) { |
| 97 | ret = -EAGAIN; | 98 | ret = -EAGAIN; |
| 98 | goto error; | 99 | goto error; |
| 99 | } | 100 | } |
| 100 | 101 | ||
| 101 | desc.flags = 0; | 102 | skcipher_request_set_tfm(req, big_key_skcipher); |
| 102 | desc.tfm = big_key_blkcipher; | 103 | skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, |
| 104 | NULL, NULL); | ||
| 103 | 105 | ||
| 104 | sg_init_one(&sgio, data, datalen); | 106 | sg_init_one(&sgio, data, datalen); |
| 107 | skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL); | ||
| 105 | 108 | ||
| 106 | if (op == BIG_KEY_ENC) | 109 | if (op == BIG_KEY_ENC) |
| 107 | ret = crypto_blkcipher_encrypt(&desc, &sgio, &sgio, datalen); | 110 | ret = crypto_skcipher_encrypt(req); |
| 108 | else | 111 | else |
| 109 | ret = crypto_blkcipher_decrypt(&desc, &sgio, &sgio, datalen); | 112 | ret = crypto_skcipher_decrypt(req); |
| 113 | |||
| 114 | skcipher_request_zero(req); | ||
| 110 | 115 | ||
| 111 | error: | 116 | error: |
| 112 | return ret; | 117 | return ret; |
| @@ -140,7 +145,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) | |||
| 140 | * | 145 | * |
| 141 | * File content is stored encrypted with randomly generated key. | 146 | * File content is stored encrypted with randomly generated key. |
| 142 | */ | 147 | */ |
| 143 | size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); | 148 | size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); |
| 144 | 149 | ||
| 145 | /* prepare aligned data to encrypt */ | 150 | /* prepare aligned data to encrypt */ |
| 146 | data = kmalloc(enclen, GFP_KERNEL); | 151 | data = kmalloc(enclen, GFP_KERNEL); |
| @@ -288,7 +293,7 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen) | |||
| 288 | struct file *file; | 293 | struct file *file; |
| 289 | u8 *data; | 294 | u8 *data; |
| 290 | u8 *enckey = (u8 *)key->payload.data[big_key_data]; | 295 | u8 *enckey = (u8 *)key->payload.data[big_key_data]; |
| 291 | size_t enclen = ALIGN(datalen, crypto_blkcipher_blocksize(big_key_blkcipher)); | 296 | size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher)); |
| 292 | 297 | ||
| 293 | data = kmalloc(enclen, GFP_KERNEL); | 298 | data = kmalloc(enclen, GFP_KERNEL); |
| 294 | if (!data) | 299 | if (!data) |
| @@ -359,9 +364,10 @@ static int __init big_key_crypto_init(void) | |||
| 359 | goto error; | 364 | goto error; |
| 360 | 365 | ||
| 361 | /* init block cipher */ | 366 | /* init block cipher */ |
| 362 | big_key_blkcipher = crypto_alloc_blkcipher(big_key_alg_name, 0, 0); | 367 | big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name, |
| 363 | if (IS_ERR(big_key_blkcipher)) { | 368 | 0, CRYPTO_ALG_ASYNC); |
| 364 | big_key_blkcipher = NULL; | 369 | if (IS_ERR(big_key_skcipher)) { |
| 370 | big_key_skcipher = NULL; | ||
| 365 | ret = -EFAULT; | 371 | ret = -EFAULT; |
| 366 | goto error; | 372 | goto error; |
| 367 | } | 373 | } |