Re: [PATCH] crypto: xts - Add support for Cipher Text Stealing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/08/2019 17:13, Pascal Van Leeuwen wrote:
>>>> Seems there is no mistake in your code, it is some bug in aesni_intel implementation.
>>>> If I disable this module, it works as expected (with aes generic and aes_i586).
>>>>
>>> That's odd though, considering there is a dedicated xts-aes-ni implementation,
>>> i.e. I would not expect that to end up at the generic xts wrapper at all?
>>
>> Note it is 32bit system, AESNI XTS is under #ifdef CONFIG_X86_64 so it is not used.
>>
> Ok, so I guess no one bothered to make an optimized XTS version for i386.
> I quickly browsed through the code - took me a while to realise the assembly is
> "backwards" compared to the original Intel definition :-) - but I did not spot
> anything obvious :-(
> 
>> I guess it only ECB part ...

Mystery solved, the skcipher subreq must be te last member in the struct.
(Some comments in Adiantum code mentions it too, so I do not think it
just hides the corruption after the struct. Seems like another magic requirement
in crypto API :-)

This chunk is enough to fix it for me:

--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -33,8 +33,8 @@ struct xts_instance_ctx {
 
 struct rctx {
        le128 t, tcur;
-       struct skcipher_request subreq;
        int rem_bytes, is_encrypt;
+       struct skcipher_request subreq;
 };

While at it, shouldn't be is_encrypt bool?

Thanks,
Milan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux