diff options
Diffstat (limited to 'fs/ecryptfs/crypto.c')
| -rw-r--r-- | fs/ecryptfs/crypto.c | 206 |
1 files changed, 110 insertions, 96 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index ed35a9712fa1..136175a69332 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
| @@ -94,25 +94,53 @@ static int ecryptfs_calculate_md5(char *dst, | |||
| 94 | struct ecryptfs_crypt_stat *crypt_stat, | 94 | struct ecryptfs_crypt_stat *crypt_stat, |
| 95 | char *src, int len) | 95 | char *src, int len) |
| 96 | { | 96 | { |
| 97 | int rc = 0; | ||
| 98 | struct scatterlist sg; | 97 | struct scatterlist sg; |
| 98 | struct hash_desc desc = { | ||
| 99 | .tfm = crypt_stat->hash_tfm, | ||
| 100 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
| 101 | }; | ||
| 102 | int rc = 0; | ||
| 99 | 103 | ||
| 100 | mutex_lock(&crypt_stat->cs_md5_tfm_mutex); | 104 | mutex_lock(&crypt_stat->cs_hash_tfm_mutex); |
| 101 | sg_init_one(&sg, (u8 *)src, len); | 105 | sg_init_one(&sg, (u8 *)src, len); |
| 102 | if (!crypt_stat->md5_tfm) { | 106 | if (!desc.tfm) { |
| 103 | crypt_stat->md5_tfm = | 107 | desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, |
| 104 | crypto_alloc_tfm("md5", CRYPTO_TFM_REQ_MAY_SLEEP); | 108 | CRYPTO_ALG_ASYNC); |
| 105 | if (!crypt_stat->md5_tfm) { | 109 | if (IS_ERR(desc.tfm)) { |
| 106 | rc = -ENOMEM; | 110 | rc = PTR_ERR(desc.tfm); |
| 107 | ecryptfs_printk(KERN_ERR, "Error attempting to " | 111 | ecryptfs_printk(KERN_ERR, "Error attempting to " |
| 108 | "allocate crypto context\n"); | 112 | "allocate crypto context; rc = [%d]\n", |
| 113 | rc); | ||
| 109 | goto out; | 114 | goto out; |
| 110 | } | 115 | } |
| 116 | crypt_stat->hash_tfm = desc.tfm; | ||
| 111 | } | 117 | } |
| 112 | crypto_digest_init(crypt_stat->md5_tfm); | 118 | crypto_hash_init(&desc); |
| 113 | crypto_digest_update(crypt_stat->md5_tfm, &sg, 1); | 119 | crypto_hash_update(&desc, &sg, len); |
| 114 | crypto_digest_final(crypt_stat->md5_tfm, dst); | 120 | crypto_hash_final(&desc, dst); |
| 115 | mutex_unlock(&crypt_stat->cs_md5_tfm_mutex); | 121 | mutex_unlock(&crypt_stat->cs_hash_tfm_mutex); |
| 122 | out: | ||
| 123 | return rc; | ||
| 124 | } | ||
| 125 | |||
| 126 | int ecryptfs_crypto_api_algify_cipher_name(char **algified_name, | ||
| 127 | char *cipher_name, | ||
| 128 | char *chaining_modifier) | ||
| 129 | { | ||
| 130 | int cipher_name_len = strlen(cipher_name); | ||
| 131 | int chaining_modifier_len = strlen(chaining_modifier); | ||
| 132 | int algified_name_len; | ||
| 133 | int rc; | ||
| 134 | |||
| 135 | algified_name_len = (chaining_modifier_len + cipher_name_len + 3); | ||
| 136 | (*algified_name) = kmalloc(algified_name_len, GFP_KERNEL); | ||
| 137 | if (!(*algified_name)) { | ||
| 138 | rc = -ENOMEM; | ||
| 139 | goto out; | ||
| 140 | } | ||
| 141 | snprintf((*algified_name), algified_name_len, "%s(%s)", | ||
| 142 | chaining_modifier, cipher_name); | ||
| 143 | rc = 0; | ||
| 116 | out: | 144 | out: |
| 117 | return rc; | 145 | return rc; |
| 118 | } | 146 | } |
| @@ -178,7 +206,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | |||
| 178 | memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); | 206 | memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); |
| 179 | mutex_init(&crypt_stat->cs_mutex); | 207 | mutex_init(&crypt_stat->cs_mutex); |
| 180 | mutex_init(&crypt_stat->cs_tfm_mutex); | 208 | mutex_init(&crypt_stat->cs_tfm_mutex); |
| 181 | mutex_init(&crypt_stat->cs_md5_tfm_mutex); | 209 | mutex_init(&crypt_stat->cs_hash_tfm_mutex); |
| 182 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); | 210 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); |
| 183 | } | 211 | } |
| 184 | 212 | ||
| @@ -191,9 +219,9 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | |||
| 191 | void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | 219 | void ecryptfs_destruct_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) |
| 192 | { | 220 | { |
| 193 | if (crypt_stat->tfm) | 221 | if (crypt_stat->tfm) |
| 194 | crypto_free_tfm(crypt_stat->tfm); | 222 | crypto_free_blkcipher(crypt_stat->tfm); |
| 195 | if (crypt_stat->md5_tfm) | 223 | if (crypt_stat->hash_tfm) |
| 196 | crypto_free_tfm(crypt_stat->md5_tfm); | 224 | crypto_free_hash(crypt_stat->hash_tfm); |
| 197 | memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); | 225 | memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); |
| 198 | } | 226 | } |
| 199 | 227 | ||
| @@ -203,7 +231,7 @@ void ecryptfs_destruct_mount_crypt_stat( | |||
| 203 | if (mount_crypt_stat->global_auth_tok_key) | 231 | if (mount_crypt_stat->global_auth_tok_key) |
| 204 | key_put(mount_crypt_stat->global_auth_tok_key); | 232 | key_put(mount_crypt_stat->global_auth_tok_key); |
| 205 | if (mount_crypt_stat->global_key_tfm) | 233 | if (mount_crypt_stat->global_key_tfm) |
| 206 | crypto_free_tfm(mount_crypt_stat->global_key_tfm); | 234 | crypto_free_blkcipher(mount_crypt_stat->global_key_tfm); |
| 207 | memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); | 235 | memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); |
| 208 | } | 236 | } |
| 209 | 237 | ||
| @@ -269,6 +297,11 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 269 | struct scatterlist *src_sg, int size, | 297 | struct scatterlist *src_sg, int size, |
| 270 | unsigned char *iv) | 298 | unsigned char *iv) |
| 271 | { | 299 | { |
| 300 | struct blkcipher_desc desc = { | ||
| 301 | .tfm = crypt_stat->tfm, | ||
| 302 | .info = iv, | ||
| 303 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
| 304 | }; | ||
| 272 | int rc = 0; | 305 | int rc = 0; |
| 273 | 306 | ||
| 274 | BUG_ON(!crypt_stat || !crypt_stat->tfm | 307 | BUG_ON(!crypt_stat || !crypt_stat->tfm |
| @@ -282,8 +315,8 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 282 | } | 315 | } |
| 283 | /* Consider doing this once, when the file is opened */ | 316 | /* Consider doing this once, when the file is opened */ |
| 284 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 317 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
| 285 | rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, | 318 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, |
| 286 | crypt_stat->key_size); | 319 | crypt_stat->key_size); |
| 287 | if (rc) { | 320 | if (rc) { |
| 288 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", | 321 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", |
| 289 | rc); | 322 | rc); |
| @@ -292,7 +325,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 292 | goto out; | 325 | goto out; |
| 293 | } | 326 | } |
| 294 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); | 327 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size); |
| 295 | crypto_cipher_encrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, iv); | 328 | crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size); |
| 296 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 329 | mutex_unlock(&crypt_stat->cs_tfm_mutex); |
| 297 | out: | 330 | out: |
| 298 | return rc; | 331 | return rc; |
| @@ -675,12 +708,17 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 675 | struct scatterlist *src_sg, int size, | 708 | struct scatterlist *src_sg, int size, |
| 676 | unsigned char *iv) | 709 | unsigned char *iv) |
| 677 | { | 710 | { |
| 711 | struct blkcipher_desc desc = { | ||
| 712 | .tfm = crypt_stat->tfm, | ||
| 713 | .info = iv, | ||
| 714 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | ||
| 715 | }; | ||
| 678 | int rc = 0; | 716 | int rc = 0; |
| 679 | 717 | ||
| 680 | /* Consider doing this once, when the file is opened */ | 718 | /* Consider doing this once, when the file is opened */ |
| 681 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 719 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
| 682 | rc = crypto_cipher_setkey(crypt_stat->tfm, crypt_stat->key, | 720 | rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, |
| 683 | crypt_stat->key_size); | 721 | crypt_stat->key_size); |
| 684 | if (rc) { | 722 | if (rc) { |
| 685 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", | 723 | ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n", |
| 686 | rc); | 724 | rc); |
| @@ -689,8 +727,7 @@ static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 689 | goto out; | 727 | goto out; |
| 690 | } | 728 | } |
| 691 | ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); | 729 | ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size); |
| 692 | rc = crypto_cipher_decrypt_iv(crypt_stat->tfm, dest_sg, src_sg, size, | 730 | rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size); |
| 693 | iv); | ||
| 694 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 731 | mutex_unlock(&crypt_stat->cs_tfm_mutex); |
| 695 | if (rc) { | 732 | if (rc) { |
| 696 | ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", | 733 | ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n", |
| @@ -759,6 +796,7 @@ ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 759 | */ | 796 | */ |
| 760 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) | 797 | int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) |
| 761 | { | 798 | { |
| 799 | char *full_alg_name; | ||
| 762 | int rc = -EINVAL; | 800 | int rc = -EINVAL; |
| 763 | 801 | ||
| 764 | if (!crypt_stat->cipher) { | 802 | if (!crypt_stat->cipher) { |
| @@ -775,16 +813,24 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) | |||
| 775 | goto out; | 813 | goto out; |
| 776 | } | 814 | } |
| 777 | mutex_lock(&crypt_stat->cs_tfm_mutex); | 815 | mutex_lock(&crypt_stat->cs_tfm_mutex); |
| 778 | crypt_stat->tfm = crypto_alloc_tfm(crypt_stat->cipher, | 816 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, |
| 779 | ECRYPTFS_DEFAULT_CHAINING_MODE | 817 | crypt_stat->cipher, "cbc"); |
| 780 | | CRYPTO_TFM_REQ_WEAK_KEY); | 818 | if (rc) |
| 781 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | 819 | goto out; |
| 820 | crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0, | ||
| 821 | CRYPTO_ALG_ASYNC); | ||
| 822 | kfree(full_alg_name); | ||
| 782 | if (!crypt_stat->tfm) { | 823 | if (!crypt_stat->tfm) { |
| 783 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " | 824 | ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): " |
| 784 | "Error initializing cipher [%s]\n", | 825 | "Error initializing cipher [%s]\n", |
| 785 | crypt_stat->cipher); | 826 | crypt_stat->cipher); |
| 827 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | ||
| 786 | goto out; | 828 | goto out; |
| 787 | } | 829 | } |
| 830 | crypto_blkcipher_set_flags(crypt_stat->tfm, | ||
| 831 | (ECRYPTFS_DEFAULT_CHAINING_MODE | ||
| 832 | | CRYPTO_TFM_REQ_WEAK_KEY)); | ||
| 833 | mutex_unlock(&crypt_stat->cs_tfm_mutex); | ||
| 788 | rc = 0; | 834 | rc = 0; |
| 789 | out: | 835 | out: |
| 790 | return rc; | 836 | return rc; |
| @@ -1145,28 +1191,28 @@ int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code) | |||
| 1145 | int ecryptfs_read_header_region(char *data, struct dentry *dentry, | 1191 | int ecryptfs_read_header_region(char *data, struct dentry *dentry, |
| 1146 | struct vfsmount *mnt) | 1192 | struct vfsmount *mnt) |
| 1147 | { | 1193 | { |
| 1148 | struct file *file; | 1194 | struct file *lower_file; |
| 1149 | mm_segment_t oldfs; | 1195 | mm_segment_t oldfs; |
| 1150 | int rc; | 1196 | int rc; |
| 1151 | 1197 | ||
| 1152 | mnt = mntget(mnt); | 1198 | if ((rc = ecryptfs_open_lower_file(&lower_file, dentry, mnt, |
| 1153 | file = dentry_open(dentry, mnt, O_RDONLY); | 1199 | O_RDONLY))) { |
| 1154 | if (IS_ERR(file)) { | 1200 | printk(KERN_ERR |
| 1155 | ecryptfs_printk(KERN_DEBUG, "Error opening file to " | 1201 | "Error opening lower_file to read header region\n"); |
| 1156 | "read header region\n"); | ||
| 1157 | mntput(mnt); | ||
| 1158 | rc = PTR_ERR(file); | ||
| 1159 | goto out; | 1202 | goto out; |
| 1160 | } | 1203 | } |
| 1161 | file->f_pos = 0; | 1204 | lower_file->f_pos = 0; |
| 1162 | oldfs = get_fs(); | 1205 | oldfs = get_fs(); |
| 1163 | set_fs(get_ds()); | 1206 | set_fs(get_ds()); |
| 1164 | /* For releases 0.1 and 0.2, all of the header information | 1207 | /* For releases 0.1 and 0.2, all of the header information |
| 1165 | * fits in the first data extent-sized region. */ | 1208 | * fits in the first data extent-sized region. */ |
| 1166 | rc = file->f_op->read(file, (char __user *)data, | 1209 | rc = lower_file->f_op->read(lower_file, (char __user *)data, |
| 1167 | ECRYPTFS_DEFAULT_EXTENT_SIZE, &file->f_pos); | 1210 | ECRYPTFS_DEFAULT_EXTENT_SIZE, &lower_file->f_pos); |
| 1168 | set_fs(oldfs); | 1211 | set_fs(oldfs); |
| 1169 | fput(file); | 1212 | if ((rc = ecryptfs_close_lower_file(lower_file))) { |
| 1213 | printk(KERN_ERR "Error closing lower_file\n"); | ||
| 1214 | goto out; | ||
| 1215 | } | ||
| 1170 | rc = 0; | 1216 | rc = 0; |
| 1171 | out: | 1217 | out: |
| 1172 | return rc; | 1218 | return rc; |
| @@ -1573,84 +1619,52 @@ out: | |||
| 1573 | 1619 | ||
| 1574 | /** | 1620 | /** |
| 1575 | * ecryptfs_process_cipher - Perform cipher initialization. | 1621 | * ecryptfs_process_cipher - Perform cipher initialization. |
| 1576 | * @tfm: Crypto context set by this function | ||
| 1577 | * @key_tfm: Crypto context for key material, set by this function | 1622 | * @key_tfm: Crypto context for key material, set by this function |
| 1578 | * @cipher_name: Name of the cipher. | 1623 | * @cipher_name: Name of the cipher |
| 1579 | * @key_size: Size of the key in bytes. | 1624 | * @key_size: Size of the key in bytes |
| 1580 | * | 1625 | * |
| 1581 | * Returns zero on success. Any crypto_tfm structs allocated here | 1626 | * Returns zero on success. Any crypto_tfm structs allocated here |
| 1582 | * should be released by other functions, such as on a superblock put | 1627 | * should be released by other functions, such as on a superblock put |
| 1583 | * event, regardless of whether this function succeeds for fails. | 1628 | * event, regardless of whether this function succeeds for fails. |
| 1584 | */ | 1629 | */ |
| 1585 | int | 1630 | int |
| 1586 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 1631 | ecryptfs_process_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name, |
| 1587 | char *cipher_name, size_t key_size) | 1632 | size_t *key_size) |
| 1588 | { | 1633 | { |
| 1589 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | 1634 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; |
| 1635 | char *full_alg_name; | ||
| 1590 | int rc; | 1636 | int rc; |
| 1591 | 1637 | ||
| 1592 | *tfm = *key_tfm = NULL; | 1638 | *key_tfm = NULL; |
| 1593 | if (key_size > ECRYPTFS_MAX_KEY_BYTES) { | 1639 | if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { |
| 1594 | rc = -EINVAL; | 1640 | rc = -EINVAL; |
| 1595 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " | 1641 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " |
| 1596 | "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); | 1642 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); |
| 1597 | goto out; | 1643 | goto out; |
| 1598 | } | 1644 | } |
| 1599 | *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE | 1645 | rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name, |
| 1600 | | CRYPTO_TFM_REQ_WEAK_KEY)); | 1646 | "ecb"); |
| 1601 | if (!(*tfm)) { | 1647 | if (rc) |
| 1602 | rc = -EINVAL; | ||
| 1603 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | ||
| 1604 | "[%s]\n", cipher_name); | ||
| 1605 | goto out; | 1648 | goto out; |
| 1606 | } | 1649 | *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); |
| 1607 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); | 1650 | kfree(full_alg_name); |
| 1608 | if (!(*key_tfm)) { | 1651 | if (IS_ERR(*key_tfm)) { |
| 1609 | rc = -EINVAL; | 1652 | rc = PTR_ERR(*key_tfm); |
| 1610 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | 1653 | printk(KERN_ERR "Unable to allocate crypto cipher with name " |
| 1611 | "[%s]\n", cipher_name); | 1654 | "[%s]; rc = [%d]\n", cipher_name, rc); |
| 1612 | goto out; | ||
| 1613 | } | ||
| 1614 | if (key_size < crypto_tfm_alg_min_keysize(*tfm)) { | ||
| 1615 | rc = -EINVAL; | ||
| 1616 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | ||
| 1617 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1618 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
| 1619 | goto out; | ||
| 1620 | } | ||
| 1621 | if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) { | ||
| 1622 | rc = -EINVAL; | ||
| 1623 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | ||
| 1624 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1625 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
| 1626 | goto out; | 1655 | goto out; |
| 1627 | } | 1656 | } |
| 1628 | if (key_size > crypto_tfm_alg_max_keysize(*tfm)) { | 1657 | crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); |
| 1629 | rc = -EINVAL; | 1658 | if (*key_size == 0) { |
| 1630 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | 1659 | struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); |
| 1631 | "supported by cipher [%s] is [%d]\n", key_size, | 1660 | |
| 1632 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | 1661 | *key_size = alg->max_keysize; |
| 1633 | goto out; | ||
| 1634 | } | ||
| 1635 | if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) { | ||
| 1636 | rc = -EINVAL; | ||
| 1637 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
| 1638 | "supported by cipher [%s] is [%d]\n", key_size, | ||
| 1639 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
| 1640 | goto out; | ||
| 1641 | } | ||
| 1642 | get_random_bytes(dummy_key, key_size); | ||
| 1643 | rc = crypto_cipher_setkey(*tfm, dummy_key, key_size); | ||
| 1644 | if (rc) { | ||
| 1645 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | ||
| 1646 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | ||
| 1647 | rc = -EINVAL; | ||
| 1648 | goto out; | ||
| 1649 | } | 1662 | } |
| 1650 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size); | 1663 | get_random_bytes(dummy_key, *key_size); |
| 1664 | rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); | ||
| 1651 | if (rc) { | 1665 | if (rc) { |
| 1652 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | 1666 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " |
| 1653 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | 1667 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); |
| 1654 | rc = -EINVAL; | 1668 | rc = -EINVAL; |
| 1655 | goto out; | 1669 | goto out; |
| 1656 | } | 1670 | } |