Re: [PATCH] crypto: vmx - convert to skcipher API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Biggers <ebiggers@xxxxxxxxxx> writes:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> Convert the VMX implementations of AES-CBC, AES-CTR, and AES-XTS from
> the deprecated "blkcipher" API to the "skcipher" API.
>
> As part of this, I moved the skcipher_request for the fallback algorithm
> off the stack and into the request context of the parent algorithm.
>
> I tested this in a PowerPC VM with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y.

I booted it a few times on a Power9 bare metal machine with
panic_on_fail=1 and fuzz_iterations=400, no issues.

Tested-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>

cheers

> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
>  drivers/crypto/vmx/aes_cbc.c   | 183 ++++++++++++---------------------
>  drivers/crypto/vmx/aes_ctr.c   | 165 +++++++++++++----------------
>  drivers/crypto/vmx/aes_xts.c   | 175 ++++++++++++++-----------------
>  drivers/crypto/vmx/aesp8-ppc.h |   2 -
>  drivers/crypto/vmx/vmx.c       |  72 +++++++------
>  5 files changed, 252 insertions(+), 345 deletions(-)
>
> diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c
> index dae8af3c46dce..92e75a05d6a9e 100644
> --- a/drivers/crypto/vmx/aes_cbc.c
> +++ b/drivers/crypto/vmx/aes_cbc.c
> @@ -7,64 +7,52 @@
>   * Author: Marcelo Henrique Cerri <mhcerri@xxxxxxxxxx>
>   */
>  
> -#include <linux/types.h>
> -#include <linux/err.h>
> -#include <linux/crypto.h>
> -#include <linux/delay.h>
>  #include <asm/simd.h>
>  #include <asm/switch_to.h>
>  #include <crypto/aes.h>
>  #include <crypto/internal/simd.h>
> -#include <crypto/scatterwalk.h>
> -#include <crypto/skcipher.h>
> +#include <crypto/internal/skcipher.h>
>  
>  #include "aesp8-ppc.h"
>  
>  struct p8_aes_cbc_ctx {
> -	struct crypto_sync_skcipher *fallback;
> +	struct crypto_skcipher *fallback;
>  	struct aes_key enc_key;
>  	struct aes_key dec_key;
>  };
>  
> -static int p8_aes_cbc_init(struct crypto_tfm *tfm)
> +static int p8_aes_cbc_init(struct crypto_skcipher *tfm)
>  {
> -	const char *alg = crypto_tfm_alg_name(tfm);
> -	struct crypto_sync_skcipher *fallback;
> -	struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> -	fallback = crypto_alloc_sync_skcipher(alg, 0,
> -					      CRYPTO_ALG_NEED_FALLBACK);
> +	struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct crypto_skcipher *fallback;
>  
> +	fallback = crypto_alloc_skcipher("cbc(aes)", 0,
> +					 CRYPTO_ALG_NEED_FALLBACK |
> +					 CRYPTO_ALG_ASYNC);
>  	if (IS_ERR(fallback)) {
> -		printk(KERN_ERR
> -		       "Failed to allocate transformation for '%s': %ld\n",
> -		       alg, PTR_ERR(fallback));
> +		pr_err("Failed to allocate cbc(aes) fallback: %ld\n",
> +		       PTR_ERR(fallback));
>  		return PTR_ERR(fallback);
>  	}
>  
> -	crypto_sync_skcipher_set_flags(
> -		fallback,
> -		crypto_skcipher_get_flags((struct crypto_skcipher *)tfm));
> +	crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
> +				    crypto_skcipher_reqsize(fallback));
>  	ctx->fallback = fallback;
> -
>  	return 0;
>  }
>  
> -static void p8_aes_cbc_exit(struct crypto_tfm *tfm)
> +static void p8_aes_cbc_exit(struct crypto_skcipher *tfm)
>  {
> -	struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
> +	struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
>  
> -	if (ctx->fallback) {
> -		crypto_free_sync_skcipher(ctx->fallback);
> -		ctx->fallback = NULL;
> -	}
> +	crypto_free_skcipher(ctx->fallback);
>  }
>  
> -static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key,
> +static int p8_aes_cbc_setkey(struct crypto_skcipher *tfm, const u8 *key,
>  			     unsigned int keylen)
>  {
> +	struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
>  	int ret;
> -	struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm);
>  
>  	preempt_disable();
>  	pagefault_disable();
> @@ -75,108 +63,71 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key,
>  	pagefault_enable();
>  	preempt_enable();
>  
> -	ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
> +	ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen);
>  
>  	return ret ? -EINVAL : 0;
>  }
>  
> -static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc,
> -			      struct scatterlist *dst,
> -			      struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_cbc_crypt(struct skcipher_request *req, int enc)
>  {
> +	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> +	const struct p8_aes_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct skcipher_walk walk;
> +	unsigned int nbytes;
>  	int ret;
> -	struct blkcipher_walk walk;
> -	struct p8_aes_cbc_ctx *ctx =
> -		crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
>  
>  	if (!crypto_simd_usable()) {
> -		SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
> -		skcipher_request_set_sync_tfm(req, ctx->fallback);
> -		skcipher_request_set_callback(req, desc->flags, NULL, NULL);
> -		skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> -		ret = crypto_skcipher_encrypt(req);
> -		skcipher_request_zero(req);
> -	} else {
> -		blkcipher_walk_init(&walk, dst, src, nbytes);
> -		ret = blkcipher_walk_virt(desc, &walk);
> -		while ((nbytes = walk.nbytes)) {
> -			preempt_disable();
> -			pagefault_disable();
> -			enable_kernel_vsx();
> -			aes_p8_cbc_encrypt(walk.src.virt.addr,
> -					   walk.dst.virt.addr,
> -					   nbytes & AES_BLOCK_MASK,
> -					   &ctx->enc_key, walk.iv, 1);
> -			disable_kernel_vsx();
> -			pagefault_enable();
> -			preempt_enable();
> -
> -			nbytes &= AES_BLOCK_SIZE - 1;
> -			ret = blkcipher_walk_done(desc, &walk, nbytes);
> -		}
> +		struct skcipher_request *subreq = skcipher_request_ctx(req);
> +
> +		*subreq = *req;
> +		skcipher_request_set_tfm(subreq, ctx->fallback);
> +		return enc ? crypto_skcipher_encrypt(subreq) :
> +			     crypto_skcipher_decrypt(subreq);
>  	}
>  
> +	ret = skcipher_walk_virt(&walk, req, false);
> +	while ((nbytes = walk.nbytes) != 0) {
> +		preempt_disable();
> +		pagefault_disable();
> +		enable_kernel_vsx();
> +		aes_p8_cbc_encrypt(walk.src.virt.addr,
> +				   walk.dst.virt.addr,
> +				   round_down(nbytes, AES_BLOCK_SIZE),
> +				   enc ? &ctx->enc_key : &ctx->dec_key,
> +				   walk.iv, enc);
> +		disable_kernel_vsx();
> +		pagefault_enable();
> +		preempt_enable();
> +
> +		ret = skcipher_walk_done(&walk, nbytes % AES_BLOCK_SIZE);
> +	}
>  	return ret;
>  }
>  
> -static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc,
> -			      struct scatterlist *dst,
> -			      struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_cbc_encrypt(struct skcipher_request *req)
>  {
> -	int ret;
> -	struct blkcipher_walk walk;
> -	struct p8_aes_cbc_ctx *ctx =
> -		crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
> -
> -	if (!crypto_simd_usable()) {
> -		SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
> -		skcipher_request_set_sync_tfm(req, ctx->fallback);
> -		skcipher_request_set_callback(req, desc->flags, NULL, NULL);
> -		skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> -		ret = crypto_skcipher_decrypt(req);
> -		skcipher_request_zero(req);
> -	} else {
> -		blkcipher_walk_init(&walk, dst, src, nbytes);
> -		ret = blkcipher_walk_virt(desc, &walk);
> -		while ((nbytes = walk.nbytes)) {
> -			preempt_disable();
> -			pagefault_disable();
> -			enable_kernel_vsx();
> -			aes_p8_cbc_encrypt(walk.src.virt.addr,
> -					   walk.dst.virt.addr,
> -					   nbytes & AES_BLOCK_MASK,
> -					   &ctx->dec_key, walk.iv, 0);
> -			disable_kernel_vsx();
> -			pagefault_enable();
> -			preempt_enable();
> -
> -			nbytes &= AES_BLOCK_SIZE - 1;
> -			ret = blkcipher_walk_done(desc, &walk, nbytes);
> -		}
> -	}
> -
> -	return ret;
> +	return p8_aes_cbc_crypt(req, 1);
>  }
>  
> +static int p8_aes_cbc_decrypt(struct skcipher_request *req)
> +{
> +	return p8_aes_cbc_crypt(req, 0);
> +}
>  
> -struct crypto_alg p8_aes_cbc_alg = {
> -	.cra_name = "cbc(aes)",
> -	.cra_driver_name = "p8_aes_cbc",
> -	.cra_module = THIS_MODULE,
> -	.cra_priority = 2000,
> -	.cra_type = &crypto_blkcipher_type,
> -	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | CRYPTO_ALG_NEED_FALLBACK,
> -	.cra_alignmask = 0,
> -	.cra_blocksize = AES_BLOCK_SIZE,
> -	.cra_ctxsize = sizeof(struct p8_aes_cbc_ctx),
> -	.cra_init = p8_aes_cbc_init,
> -	.cra_exit = p8_aes_cbc_exit,
> -	.cra_blkcipher = {
> -			  .ivsize = AES_BLOCK_SIZE,
> -			  .min_keysize = AES_MIN_KEY_SIZE,
> -			  .max_keysize = AES_MAX_KEY_SIZE,
> -			  .setkey = p8_aes_cbc_setkey,
> -			  .encrypt = p8_aes_cbc_encrypt,
> -			  .decrypt = p8_aes_cbc_decrypt,
> -	},
> +struct skcipher_alg p8_aes_cbc_alg = {
> +	.base.cra_name = "cbc(aes)",
> +	.base.cra_driver_name = "p8_aes_cbc",
> +	.base.cra_module = THIS_MODULE,
> +	.base.cra_priority = 2000,
> +	.base.cra_flags = CRYPTO_ALG_NEED_FALLBACK,
> +	.base.cra_blocksize = AES_BLOCK_SIZE,
> +	.base.cra_ctxsize = sizeof(struct p8_aes_cbc_ctx),
> +	.setkey = p8_aes_cbc_setkey,
> +	.encrypt = p8_aes_cbc_encrypt,
> +	.decrypt = p8_aes_cbc_decrypt,
> +	.init = p8_aes_cbc_init,
> +	.exit = p8_aes_cbc_exit,
> +	.min_keysize = AES_MIN_KEY_SIZE,
> +	.max_keysize = AES_MAX_KEY_SIZE,
> +	.ivsize = AES_BLOCK_SIZE,
>  };
> diff --git a/drivers/crypto/vmx/aes_ctr.c b/drivers/crypto/vmx/aes_ctr.c
> index dc31101178446..c4d2809a5d9ee 100644
> --- a/drivers/crypto/vmx/aes_ctr.c
> +++ b/drivers/crypto/vmx/aes_ctr.c
> @@ -7,62 +7,51 @@
>   * Author: Marcelo Henrique Cerri <mhcerri@xxxxxxxxxx>
>   */
>  
> -#include <linux/types.h>
> -#include <linux/err.h>
> -#include <linux/crypto.h>
> -#include <linux/delay.h>
>  #include <asm/simd.h>
>  #include <asm/switch_to.h>
>  #include <crypto/aes.h>
>  #include <crypto/internal/simd.h>
> -#include <crypto/scatterwalk.h>
> -#include <crypto/skcipher.h>
> +#include <crypto/internal/skcipher.h>
>  
>  #include "aesp8-ppc.h"
>  
>  struct p8_aes_ctr_ctx {
> -	struct crypto_sync_skcipher *fallback;
> +	struct crypto_skcipher *fallback;
>  	struct aes_key enc_key;
>  };
>  
> -static int p8_aes_ctr_init(struct crypto_tfm *tfm)
> +static int p8_aes_ctr_init(struct crypto_skcipher *tfm)
>  {
> -	const char *alg = crypto_tfm_alg_name(tfm);
> -	struct crypto_sync_skcipher *fallback;
> -	struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
> +	struct p8_aes_ctr_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct crypto_skcipher *fallback;
>  
> -	fallback = crypto_alloc_sync_skcipher(alg, 0,
> -					      CRYPTO_ALG_NEED_FALLBACK);
> +	fallback = crypto_alloc_skcipher("ctr(aes)", 0,
> +					 CRYPTO_ALG_NEED_FALLBACK |
> +					 CRYPTO_ALG_ASYNC);
>  	if (IS_ERR(fallback)) {
> -		printk(KERN_ERR
> -		       "Failed to allocate transformation for '%s': %ld\n",
> -		       alg, PTR_ERR(fallback));
> +		pr_err("Failed to allocate ctr(aes) fallback: %ld\n",
> +		       PTR_ERR(fallback));
>  		return PTR_ERR(fallback);
>  	}
>  
> -	crypto_sync_skcipher_set_flags(
> -		fallback,
> -		crypto_skcipher_get_flags((struct crypto_skcipher *)tfm));
> +	crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
> +				    crypto_skcipher_reqsize(fallback));
>  	ctx->fallback = fallback;
> -
>  	return 0;
>  }
>  
> -static void p8_aes_ctr_exit(struct crypto_tfm *tfm)
> +static void p8_aes_ctr_exit(struct crypto_skcipher *tfm)
>  {
> -	struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
> +	struct p8_aes_ctr_ctx *ctx = crypto_skcipher_ctx(tfm);
>  
> -	if (ctx->fallback) {
> -		crypto_free_sync_skcipher(ctx->fallback);
> -		ctx->fallback = NULL;
> -	}
> +	crypto_free_skcipher(ctx->fallback);
>  }
>  
> -static int p8_aes_ctr_setkey(struct crypto_tfm *tfm, const u8 *key,
> +static int p8_aes_ctr_setkey(struct crypto_skcipher *tfm, const u8 *key,
>  			     unsigned int keylen)
>  {
> +	struct p8_aes_ctr_ctx *ctx = crypto_skcipher_ctx(tfm);
>  	int ret;
> -	struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
>  
>  	preempt_disable();
>  	pagefault_disable();
> @@ -72,13 +61,13 @@ static int p8_aes_ctr_setkey(struct crypto_tfm *tfm, const u8 *key,
>  	pagefault_enable();
>  	preempt_enable();
>  
> -	ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
> +	ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen);
>  
>  	return ret ? -EINVAL : 0;
>  }
>  
> -static void p8_aes_ctr_final(struct p8_aes_ctr_ctx *ctx,
> -			     struct blkcipher_walk *walk)
> +static void p8_aes_ctr_final(const struct p8_aes_ctr_ctx *ctx,
> +			     struct skcipher_walk *walk)
>  {
>  	u8 *ctrblk = walk->iv;
>  	u8 keystream[AES_BLOCK_SIZE];
> @@ -98,77 +87,63 @@ static void p8_aes_ctr_final(struct p8_aes_ctr_ctx *ctx,
>  	crypto_inc(ctrblk, AES_BLOCK_SIZE);
>  }
>  
> -static int p8_aes_ctr_crypt(struct blkcipher_desc *desc,
> -			    struct scatterlist *dst,
> -			    struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_ctr_crypt(struct skcipher_request *req)
>  {
> +	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> +	const struct p8_aes_ctr_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct skcipher_walk walk;
> +	unsigned int nbytes;
>  	int ret;
> -	u64 inc;
> -	struct blkcipher_walk walk;
> -	struct p8_aes_ctr_ctx *ctx =
> -		crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
>  
>  	if (!crypto_simd_usable()) {
> -		SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
> -		skcipher_request_set_sync_tfm(req, ctx->fallback);
> -		skcipher_request_set_callback(req, desc->flags, NULL, NULL);
> -		skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> -		ret = crypto_skcipher_encrypt(req);
> -		skcipher_request_zero(req);
> -	} else {
> -		blkcipher_walk_init(&walk, dst, src, nbytes);
> -		ret = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE);
> -		while ((nbytes = walk.nbytes) >= AES_BLOCK_SIZE) {
> -			preempt_disable();
> -			pagefault_disable();
> -			enable_kernel_vsx();
> -			aes_p8_ctr32_encrypt_blocks(walk.src.virt.addr,
> -						    walk.dst.virt.addr,
> -						    (nbytes &
> -						     AES_BLOCK_MASK) /
> -						    AES_BLOCK_SIZE,
> -						    &ctx->enc_key,
> -						    walk.iv);
> -			disable_kernel_vsx();
> -			pagefault_enable();
> -			preempt_enable();
> -
> -			/* We need to update IV mostly for last bytes/round */
> -			inc = (nbytes & AES_BLOCK_MASK) / AES_BLOCK_SIZE;
> -			if (inc > 0)
> -				while (inc--)
> -					crypto_inc(walk.iv, AES_BLOCK_SIZE);
> -
> -			nbytes &= AES_BLOCK_SIZE - 1;
> -			ret = blkcipher_walk_done(desc, &walk, nbytes);
> -		}
> -		if (walk.nbytes) {
> -			p8_aes_ctr_final(ctx, &walk);
> -			ret = blkcipher_walk_done(desc, &walk, 0);
> -		}
> +		struct skcipher_request *subreq = skcipher_request_ctx(req);
> +
> +		*subreq = *req;
> +		skcipher_request_set_tfm(subreq, ctx->fallback);
> +		return crypto_skcipher_encrypt(subreq);
>  	}
>  
> +	ret = skcipher_walk_virt(&walk, req, false);
> +	while ((nbytes = walk.nbytes) >= AES_BLOCK_SIZE) {
> +		preempt_disable();
> +		pagefault_disable();
> +		enable_kernel_vsx();
> +		aes_p8_ctr32_encrypt_blocks(walk.src.virt.addr,
> +					    walk.dst.virt.addr,
> +					    nbytes / AES_BLOCK_SIZE,
> +					    &ctx->enc_key, walk.iv);
> +		disable_kernel_vsx();
> +		pagefault_enable();
> +		preempt_enable();
> +
> +		do {
> +			crypto_inc(walk.iv, AES_BLOCK_SIZE);
> +		} while ((nbytes -= AES_BLOCK_SIZE) >= AES_BLOCK_SIZE);
> +
> +		ret = skcipher_walk_done(&walk, nbytes);
> +	}
> +	if (nbytes) {
> +		p8_aes_ctr_final(ctx, &walk);
> +		ret = skcipher_walk_done(&walk, 0);
> +	}
>  	return ret;
>  }
>  
> -struct crypto_alg p8_aes_ctr_alg = {
> -	.cra_name = "ctr(aes)",
> -	.cra_driver_name = "p8_aes_ctr",
> -	.cra_module = THIS_MODULE,
> -	.cra_priority = 2000,
> -	.cra_type = &crypto_blkcipher_type,
> -	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | CRYPTO_ALG_NEED_FALLBACK,
> -	.cra_alignmask = 0,
> -	.cra_blocksize = 1,
> -	.cra_ctxsize = sizeof(struct p8_aes_ctr_ctx),
> -	.cra_init = p8_aes_ctr_init,
> -	.cra_exit = p8_aes_ctr_exit,
> -	.cra_blkcipher = {
> -			  .ivsize = AES_BLOCK_SIZE,
> -			  .min_keysize = AES_MIN_KEY_SIZE,
> -			  .max_keysize = AES_MAX_KEY_SIZE,
> -			  .setkey = p8_aes_ctr_setkey,
> -			  .encrypt = p8_aes_ctr_crypt,
> -			  .decrypt = p8_aes_ctr_crypt,
> -	},
> +struct skcipher_alg p8_aes_ctr_alg = {
> +	.base.cra_name = "ctr(aes)",
> +	.base.cra_driver_name = "p8_aes_ctr",
> +	.base.cra_module = THIS_MODULE,
> +	.base.cra_priority = 2000,
> +	.base.cra_flags = CRYPTO_ALG_NEED_FALLBACK,
> +	.base.cra_blocksize = 1,
> +	.base.cra_ctxsize = sizeof(struct p8_aes_ctr_ctx),
> +	.setkey = p8_aes_ctr_setkey,
> +	.encrypt = p8_aes_ctr_crypt,
> +	.decrypt = p8_aes_ctr_crypt,
> +	.init = p8_aes_ctr_init,
> +	.exit = p8_aes_ctr_exit,
> +	.min_keysize = AES_MIN_KEY_SIZE,
> +	.max_keysize = AES_MAX_KEY_SIZE,
> +	.ivsize = AES_BLOCK_SIZE,
> +	.chunksize = AES_BLOCK_SIZE,
>  };
> diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c
> index aee1339f134ec..965d8e03321cd 100644
> --- a/drivers/crypto/vmx/aes_xts.c
> +++ b/drivers/crypto/vmx/aes_xts.c
> @@ -7,67 +7,56 @@
>   * Author: Leonidas S. Barbosa <leosilva@xxxxxxxxxxxxxxxxxx>
>   */
>  
> -#include <linux/types.h>
> -#include <linux/err.h>
> -#include <linux/crypto.h>
> -#include <linux/delay.h>
>  #include <asm/simd.h>
>  #include <asm/switch_to.h>
>  #include <crypto/aes.h>
>  #include <crypto/internal/simd.h>
> -#include <crypto/scatterwalk.h>
> +#include <crypto/internal/skcipher.h>
>  #include <crypto/xts.h>
> -#include <crypto/skcipher.h>
>  
>  #include "aesp8-ppc.h"
>  
>  struct p8_aes_xts_ctx {
> -	struct crypto_sync_skcipher *fallback;
> +	struct crypto_skcipher *fallback;
>  	struct aes_key enc_key;
>  	struct aes_key dec_key;
>  	struct aes_key tweak_key;
>  };
>  
> -static int p8_aes_xts_init(struct crypto_tfm *tfm)
> +static int p8_aes_xts_init(struct crypto_skcipher *tfm)
>  {
> -	const char *alg = crypto_tfm_alg_name(tfm);
> -	struct crypto_sync_skcipher *fallback;
> -	struct p8_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm);
> +	struct p8_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct crypto_skcipher *fallback;
>  
> -	fallback = crypto_alloc_sync_skcipher(alg, 0,
> -					      CRYPTO_ALG_NEED_FALLBACK);
> +	fallback = crypto_alloc_skcipher("xts(aes)", 0,
> +					 CRYPTO_ALG_NEED_FALLBACK |
> +					 CRYPTO_ALG_ASYNC);
>  	if (IS_ERR(fallback)) {
> -		printk(KERN_ERR
> -			"Failed to allocate transformation for '%s': %ld\n",
> -			alg, PTR_ERR(fallback));
> +		pr_err("Failed to allocate xts(aes) fallback: %ld\n",
> +		       PTR_ERR(fallback));
>  		return PTR_ERR(fallback);
>  	}
>  
> -	crypto_sync_skcipher_set_flags(
> -		fallback,
> -		crypto_skcipher_get_flags((struct crypto_skcipher *)tfm));
> +	crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
> +				    crypto_skcipher_reqsize(fallback));
>  	ctx->fallback = fallback;
> -
>  	return 0;
>  }
>  
> -static void p8_aes_xts_exit(struct crypto_tfm *tfm)
> +static void p8_aes_xts_exit(struct crypto_skcipher *tfm)
>  {
> -	struct p8_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm);
> +	struct p8_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
>  
> -	if (ctx->fallback) {
> -		crypto_free_sync_skcipher(ctx->fallback);
> -		ctx->fallback = NULL;
> -	}
> +	crypto_free_skcipher(ctx->fallback);
>  }
>  
> -static int p8_aes_xts_setkey(struct crypto_tfm *tfm, const u8 *key,
> +static int p8_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
>  			     unsigned int keylen)
>  {
> +	struct p8_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
>  	int ret;
> -	struct p8_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm);
>  
> -	ret = xts_check_key(tfm, key, keylen);
> +	ret = xts_verify_key(tfm, key, keylen);
>  	if (ret)
>  		return ret;
>  
> @@ -81,100 +70,90 @@ static int p8_aes_xts_setkey(struct crypto_tfm *tfm, const u8 *key,
>  	pagefault_enable();
>  	preempt_enable();
>  
> -	ret |= crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
> +	ret |= crypto_skcipher_setkey(ctx->fallback, key, keylen);
>  
>  	return ret ? -EINVAL : 0;
>  }
>  
> -static int p8_aes_xts_crypt(struct blkcipher_desc *desc,
> -			    struct scatterlist *dst,
> -			    struct scatterlist *src,
> -			    unsigned int nbytes, int enc)
> +static int p8_aes_xts_crypt(struct skcipher_request *req, int enc)
>  {
> -	int ret;
> +	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> +	const struct p8_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct skcipher_walk walk;
> +	unsigned int nbytes;
>  	u8 tweak[AES_BLOCK_SIZE];
> -	u8 *iv;
> -	struct blkcipher_walk walk;
> -	struct p8_aes_xts_ctx *ctx =
> -		crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
> +	int ret;
>  
>  	if (!crypto_simd_usable()) {
> -		SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback);
> -		skcipher_request_set_sync_tfm(req, ctx->fallback);
> -		skcipher_request_set_callback(req, desc->flags, NULL, NULL);
> -		skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
> -		ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req);
> -		skcipher_request_zero(req);
> -	} else {
> -		blkcipher_walk_init(&walk, dst, src, nbytes);
> +		struct skcipher_request *subreq = skcipher_request_ctx(req);
> +
> +		*subreq = *req;
> +		skcipher_request_set_tfm(subreq, ctx->fallback);
> +		return enc ? crypto_skcipher_encrypt(subreq) :
> +			     crypto_skcipher_decrypt(subreq);
> +	}
> +
> +	ret = skcipher_walk_virt(&walk, req, false);
> +	if (ret)
> +		return ret;
> +
> +	preempt_disable();
> +	pagefault_disable();
> +	enable_kernel_vsx();
>  
> -		ret = blkcipher_walk_virt(desc, &walk);
> +	aes_p8_encrypt(walk.iv, tweak, &ctx->tweak_key);
> +
> +	disable_kernel_vsx();
> +	pagefault_enable();
> +	preempt_enable();
>  
> +	while ((nbytes = walk.nbytes) != 0) {
>  		preempt_disable();
>  		pagefault_disable();
>  		enable_kernel_vsx();
> -
> -		iv = walk.iv;
> -		memset(tweak, 0, AES_BLOCK_SIZE);
> -		aes_p8_encrypt(iv, tweak, &ctx->tweak_key);
> -
> +		if (enc)
> +			aes_p8_xts_encrypt(walk.src.virt.addr,
> +					   walk.dst.virt.addr,
> +					   round_down(nbytes, AES_BLOCK_SIZE),
> +					   &ctx->enc_key, NULL, tweak);
> +		else
> +			aes_p8_xts_decrypt(walk.src.virt.addr,
> +					   walk.dst.virt.addr,
> +					   round_down(nbytes, AES_BLOCK_SIZE),
> +					   &ctx->dec_key, NULL, tweak);
>  		disable_kernel_vsx();
>  		pagefault_enable();
>  		preempt_enable();
>  
> -		while ((nbytes = walk.nbytes)) {
> -			preempt_disable();
> -			pagefault_disable();
> -			enable_kernel_vsx();
> -			if (enc)
> -				aes_p8_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr,
> -						nbytes & AES_BLOCK_MASK, &ctx->enc_key, NULL, tweak);
> -			else
> -				aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr,
> -						nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak);
> -			disable_kernel_vsx();
> -			pagefault_enable();
> -			preempt_enable();
> -
> -			nbytes &= AES_BLOCK_SIZE - 1;
> -			ret = blkcipher_walk_done(desc, &walk, nbytes);
> -		}
> +		ret = skcipher_walk_done(&walk, nbytes % AES_BLOCK_SIZE);
>  	}
>  	return ret;
>  }
>  
> -static int p8_aes_xts_encrypt(struct blkcipher_desc *desc,
> -			      struct scatterlist *dst,
> -			      struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_xts_encrypt(struct skcipher_request *req)
>  {
> -	return p8_aes_xts_crypt(desc, dst, src, nbytes, 1);
> +	return p8_aes_xts_crypt(req, 1);
>  }
>  
> -static int p8_aes_xts_decrypt(struct blkcipher_desc *desc,
> -			      struct scatterlist *dst,
> -			      struct scatterlist *src, unsigned int nbytes)
> +static int p8_aes_xts_decrypt(struct skcipher_request *req)
>  {
> -	return p8_aes_xts_crypt(desc, dst, src, nbytes, 0);
> +	return p8_aes_xts_crypt(req, 0);
>  }
>  
> -struct crypto_alg p8_aes_xts_alg = {
> -	.cra_name = "xts(aes)",
> -	.cra_driver_name = "p8_aes_xts",
> -	.cra_module = THIS_MODULE,
> -	.cra_priority = 2000,
> -	.cra_type = &crypto_blkcipher_type,
> -	.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER | CRYPTO_ALG_NEED_FALLBACK,
> -	.cra_alignmask = 0,
> -	.cra_blocksize = AES_BLOCK_SIZE,
> -	.cra_ctxsize = sizeof(struct p8_aes_xts_ctx),
> -	.cra_init = p8_aes_xts_init,
> -	.cra_exit = p8_aes_xts_exit,
> -	.cra_blkcipher = {
> -			.ivsize = AES_BLOCK_SIZE,
> -			.min_keysize = 2 * AES_MIN_KEY_SIZE,
> -			.max_keysize = 2 * AES_MAX_KEY_SIZE,
> -			.setkey	 = p8_aes_xts_setkey,
> -			.encrypt = p8_aes_xts_encrypt,
> -			.decrypt = p8_aes_xts_decrypt,
> -	}
> +struct skcipher_alg p8_aes_xts_alg = {
> +	.base.cra_name = "xts(aes)",
> +	.base.cra_driver_name = "p8_aes_xts",
> +	.base.cra_module = THIS_MODULE,
> +	.base.cra_priority = 2000,
> +	.base.cra_flags = CRYPTO_ALG_NEED_FALLBACK,
> +	.base.cra_blocksize = AES_BLOCK_SIZE,
> +	.base.cra_ctxsize = sizeof(struct p8_aes_xts_ctx),
> +	.setkey = p8_aes_xts_setkey,
> +	.encrypt = p8_aes_xts_encrypt,
> +	.decrypt = p8_aes_xts_decrypt,
> +	.init = p8_aes_xts_init,
> +	.exit = p8_aes_xts_exit,
> +	.min_keysize = 2 * AES_MIN_KEY_SIZE,
> +	.max_keysize = 2 * AES_MAX_KEY_SIZE,
> +	.ivsize = AES_BLOCK_SIZE,
>  };
> diff --git a/drivers/crypto/vmx/aesp8-ppc.h b/drivers/crypto/vmx/aesp8-ppc.h
> index 349646b73754f..01774a4d26a25 100644
> --- a/drivers/crypto/vmx/aesp8-ppc.h
> +++ b/drivers/crypto/vmx/aesp8-ppc.h
> @@ -2,8 +2,6 @@
>  #include <linux/types.h>
>  #include <crypto/aes.h>
>  
> -#define AES_BLOCK_MASK  (~(AES_BLOCK_SIZE-1))
> -
>  struct aes_key {
>  	u8 key[AES_MAX_KEYLENGTH];
>  	int rounds;
> diff --git a/drivers/crypto/vmx/vmx.c b/drivers/crypto/vmx/vmx.c
> index abd89c2bcec4d..eff03fdf964f2 100644
> --- a/drivers/crypto/vmx/vmx.c
> +++ b/drivers/crypto/vmx/vmx.c
> @@ -15,54 +15,58 @@
>  #include <linux/crypto.h>
>  #include <asm/cputable.h>
>  #include <crypto/internal/hash.h>
> +#include <crypto/internal/skcipher.h>
>  
>  extern struct shash_alg p8_ghash_alg;
>  extern struct crypto_alg p8_aes_alg;
> -extern struct crypto_alg p8_aes_cbc_alg;
> -extern struct crypto_alg p8_aes_ctr_alg;
> -extern struct crypto_alg p8_aes_xts_alg;
> -static struct crypto_alg *algs[] = {
> -	&p8_aes_alg,
> -	&p8_aes_cbc_alg,
> -	&p8_aes_ctr_alg,
> -	&p8_aes_xts_alg,
> -	NULL,
> -};
> +extern struct skcipher_alg p8_aes_cbc_alg;
> +extern struct skcipher_alg p8_aes_ctr_alg;
> +extern struct skcipher_alg p8_aes_xts_alg;
>  
>  static int __init p8_init(void)
>  {
> -	int ret = 0;
> -	struct crypto_alg **alg_it;
> +	int ret;
>  
> -	for (alg_it = algs; *alg_it; alg_it++) {
> -		ret = crypto_register_alg(*alg_it);
> -		printk(KERN_INFO "crypto_register_alg '%s' = %d\n",
> -		       (*alg_it)->cra_name, ret);
> -		if (ret) {
> -			for (alg_it--; alg_it >= algs; alg_it--)
> -				crypto_unregister_alg(*alg_it);
> -			break;
> -		}
> -	}
> +	ret = crypto_register_shash(&p8_ghash_alg);
>  	if (ret)
> -		return ret;
> +		goto err;
>  
> -	ret = crypto_register_shash(&p8_ghash_alg);
> -	if (ret) {
> -		for (alg_it = algs; *alg_it; alg_it++)
> -			crypto_unregister_alg(*alg_it);
> -	}
> +	ret = crypto_register_alg(&p8_aes_alg);
> +	if (ret)
> +		goto err_unregister_ghash;
> +
> +	ret = crypto_register_skcipher(&p8_aes_cbc_alg);
> +	if (ret)
> +		goto err_unregister_aes;
> +
> +	ret = crypto_register_skcipher(&p8_aes_ctr_alg);
> +	if (ret)
> +		goto err_unregister_aes_cbc;
> +
> +	ret = crypto_register_skcipher(&p8_aes_xts_alg);
> +	if (ret)
> +		goto err_unregister_aes_ctr;
> +
> +	return 0;
> +
> +err_unregister_aes_ctr:
> +	crypto_unregister_skcipher(&p8_aes_ctr_alg);
> +err_unregister_aes_cbc:
> +	crypto_unregister_skcipher(&p8_aes_cbc_alg);
> +err_unregister_aes:
> +	crypto_unregister_alg(&p8_aes_alg);
> +err_unregister_ghash:
> +	crypto_unregister_shash(&p8_ghash_alg);
> +err:
>  	return ret;
>  }
>  
>  static void __exit p8_exit(void)
>  {
> -	struct crypto_alg **alg_it;
> -
> -	for (alg_it = algs; *alg_it; alg_it++) {
> -		printk(KERN_INFO "Removing '%s'\n", (*alg_it)->cra_name);
> -		crypto_unregister_alg(*alg_it);
> -	}
> +	crypto_unregister_skcipher(&p8_aes_xts_alg);
> +	crypto_unregister_skcipher(&p8_aes_ctr_alg);
> +	crypto_unregister_skcipher(&p8_aes_cbc_alg);
> +	crypto_unregister_alg(&p8_aes_alg);
>  	crypto_unregister_shash(&p8_ghash_alg);
>  }
>  
> -- 
> 2.21.0.1020.gf2820cf01a-goog



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux