Re: [PATCH] [crypto] XTS: use proper alignment v2

Stefan Hellermann <stefan@xxxxxxxxxxxxxx> · Wed, 05 Mar 2008 23:48:01 +0100

> The XTS blockmode uses a copy of the IV which is saved on the stack
> and may or may not be properly aligned. If it is not, it will break
> hardware cipher like the geode or padlock.
> This patch encrypts the IV in place so we don't have to worry about
> alignment.
> 
> Signed-off-by: Sebastian Siewior <sebastian@xxxxxxxxxxxxx>
> ---
> Herbert, I tried the small patch thing :)
> It passed tcrypt on my geode, dunno about dm-crypt & friends.
> Stefan if you could test it with dm-crypt than we have a small fix :)

Yes, this passwd my tests, too! Nice :)

Tested-by: Stefan Hellermann <stefan@xxxxxxxxxxxxxx

PS: The segfaults I got with 2.6.25-rc[1-3] are gone ... LRW is stable here.

>  crypto/xts.c |   13 ++++++-------
>  1 files changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/crypto/xts.c b/crypto/xts.c
> index 8eb08bf..d87b0f3 100644
> --- a/crypto/xts.c
> +++ b/crypto/xts.c
> @@ -77,16 +77,16 @@ static int setkey(struct crypto_tfm *parent, const u8 *key,
>  }
>  
>  struct sinfo {
> -	be128 t;
> +	be128 *t;
>  	struct crypto_tfm *tfm;
>  	void (*fn)(struct crypto_tfm *, u8 *, const u8 *);
>  };
>  
>  static inline void xts_round(struct sinfo *s, void *dst, const void *src)
>  {
> -	be128_xor(dst, &s->t, src);		/* PP <- T xor P */
> +	be128_xor(dst, s->t, src);		/* PP <- T xor P */
>  	s->fn(s->tfm, dst, dst);		/* CC <- E(Key1,PP) */
> -	be128_xor(dst, dst, &s->t);		/* C <- T xor CC */
> +	be128_xor(dst, dst, s->t);		/* C <- T xor CC */
>  }
>  
>  static int crypt(struct blkcipher_desc *d,
> @@ -101,7 +101,6 @@ static int crypt(struct blkcipher_desc *d,
>  		.tfm = crypto_cipher_tfm(ctx->child),
>  		.fn = fn
>  	};
> -	be128 *iv;
>  	u8 *wsrc;
>  	u8 *wdst;
>  
> @@ -109,20 +108,20 @@ static int crypt(struct blkcipher_desc *d,
>  	if (!w->nbytes)
>  		return err;
>  
> +	s.t = (be128 *)w->iv;
>  	avail = w->nbytes;
>  
>  	wsrc = w->src.virt.addr;
>  	wdst = w->dst.virt.addr;
>  
>  	/* calculate first value of T */
> -	iv = (be128 *)w->iv;
> -	tw(crypto_cipher_tfm(ctx->tweak), (void *)&s.t, w->iv);
> +	tw(crypto_cipher_tfm(ctx->tweak), w->iv, w->iv);
>  
>  	goto first;
>  
>  	for (;;) {
>  		do {
> -			gf128mul_x_ble(&s.t, &s.t);
> +			gf128mul_x_ble(s.t, s.t);
>  
>  first:
>  			xts_round(&s, wdst, wsrc);
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html