diff options
| author | Sebastian Siewior <sebastian@breakpoint.cc> | 2008-03-06 05:56:19 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2008-03-06 05:56:19 -0500 |
| commit | 6212f2c7f70c591efb0d9f3d50ad29112392fee2 (patch) | |
| tree | bfd2394ae9e7e930e704357d6a9ff307cf10b6cb /crypto/xts.c | |
| parent | bc97f19dc8be1f181f33b4368542c72498f3562a (diff) | |
[CRYPTO] xts: Use proper alignment
The XTS blockmode uses a copy of the IV which is saved on the stack
and may or may not be properly aligned. If it is not, it will break
hardware cipher like the geode or padlock.
This patch encrypts the IV in place so we don't have to worry about
alignment.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Tested-by: Stefan Hellermann <stefan@the2masters.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/xts.c')
| -rw-r--r-- | crypto/xts.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/crypto/xts.c b/crypto/xts.c index 8eb08bfaf7c0..d87b0f3102c3 100644 --- a/crypto/xts.c +++ b/crypto/xts.c | |||
| @@ -77,16 +77,16 @@ static int setkey(struct crypto_tfm *parent, const u8 *key, | |||
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | struct sinfo { | 79 | struct sinfo { |
| 80 | be128 t; | 80 | be128 *t; |
| 81 | struct crypto_tfm *tfm; | 81 | struct crypto_tfm *tfm; |
| 82 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *); | 82 | void (*fn)(struct crypto_tfm *, u8 *, const u8 *); |
| 83 | }; | 83 | }; |
| 84 | 84 | ||
| 85 | static inline void xts_round(struct sinfo *s, void *dst, const void *src) | 85 | static inline void xts_round(struct sinfo *s, void *dst, const void *src) |
| 86 | { | 86 | { |
| 87 | be128_xor(dst, &s->t, src); /* PP <- T xor P */ | 87 | be128_xor(dst, s->t, src); /* PP <- T xor P */ |
| 88 | s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ | 88 | s->fn(s->tfm, dst, dst); /* CC <- E(Key1,PP) */ |
| 89 | be128_xor(dst, dst, &s->t); /* C <- T xor CC */ | 89 | be128_xor(dst, dst, s->t); /* C <- T xor CC */ |
| 90 | } | 90 | } |
| 91 | 91 | ||
| 92 | static int crypt(struct blkcipher_desc *d, | 92 | static int crypt(struct blkcipher_desc *d, |
| @@ -101,7 +101,6 @@ static int crypt(struct blkcipher_desc *d, | |||
| 101 | .tfm = crypto_cipher_tfm(ctx->child), | 101 | .tfm = crypto_cipher_tfm(ctx->child), |
| 102 | .fn = fn | 102 | .fn = fn |
| 103 | }; | 103 | }; |
| 104 | be128 *iv; | ||
| 105 | u8 *wsrc; | 104 | u8 *wsrc; |
| 106 | u8 *wdst; | 105 | u8 *wdst; |
| 107 | 106 | ||
| @@ -109,20 +108,20 @@ static int crypt(struct blkcipher_desc *d, | |||
| 109 | if (!w->nbytes) | 108 | if (!w->nbytes) |
| 110 | return err; | 109 | return err; |
| 111 | 110 | ||
| 111 | s.t = (be128 *)w->iv; | ||
| 112 | avail = w->nbytes; | 112 | avail = w->nbytes; |
| 113 | 113 | ||
| 114 | wsrc = w->src.virt.addr; | 114 | wsrc = w->src.virt.addr; |
| 115 | wdst = w->dst.virt.addr; | 115 | wdst = w->dst.virt.addr; |
| 116 | 116 | ||
| 117 | /* calculate first value of T */ | 117 | /* calculate first value of T */ |
| 118 | iv = (be128 *)w->iv; | 118 | tw(crypto_cipher_tfm(ctx->tweak), w->iv, w->iv); |
| 119 | tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv); | ||
| 120 | 119 | ||
| 121 | goto first; | 120 | goto first; |
| 122 | 121 | ||
| 123 | for (;;) { | 122 | for (;;) { |
| 124 | do { | 123 | do { |
| 125 | gf128mul_x_ble(&s.t, &s.t); | 124 | gf128mul_x_ble(s.t, s.t); |
| 126 | 125 | ||
| 127 | first: | 126 | first: |
| 128 | xts_round(&s, wdst, wsrc); | 127 | xts_round(&s, wdst, wsrc); |