Re: Early init for few crypto modules for Secure Guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 6 Oct 2022 at 13:50, Nikunj A. Dadhania <nikunj@xxxxxxx> wrote:
>
>
>
> On 04/10/22 22:47, Ard Biesheuvel wrote:
> > On Tue, 4 Oct 2022 at 11:51, Nikunj A. Dadhania <nikunj@xxxxxxx> wrote:
> >>
> >>> AES in GCM mode seems like a
> >>> thing that we might be able to add to the crypto library API without
> >>> much hassle (which already has a minimal implementation of AES)
> >>
> >> That will be great !
> >>
> >
> > Try this branch and see if it works for you
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=libgcm
>
> Thanks Ard, I had to make few changes to the api to get it working for my usecase.

Excellent

> The ghash is store/retrieved from the AUTHTAG field of message header as per
> "Table 97. Message Header Format" in the SNP ABI document:
> https://www.amd.com/system/files/TechDocs/56860.pdf
>
> Below are the changes I had made in my tree.
>
> ---
>
> diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
> index bab85df6df7a..838d1b4e25c3 100644
> --- a/include/crypto/gcm.h
> +++ b/include/crypto/gcm.h
> @@ -74,9 +74,11 @@ int gcm_setkey(struct gcm_ctx *ctx, const u8 *key,
>                unsigned int keysize, unsigned int authsize);
>
>  void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src,
> -                int src_len, const u8 *assoc, int assoc_len, const u8 *iv);
> +                int src_len, const u8 *assoc, int assoc_len, const u8 *iv,
> +                u8 *authtag);
>
>  int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src,
> -               int src_len, const u8 *assoc, int assoc_len, const u8 *iv);
> +               int src_len, const u8 *assoc, int assoc_len, const u8 *iv,
> +               u8 *authtag);

This should really be 'const u8 *authtag'. Which means that the
encrypt/decrypt path should be split somewhat differently, i.e.,
something like

void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src,
                 int crypt_len, const u8 *assoc, int assoc_len,
                 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag)
{
        gcm_crypt(ctx, dst, src, crypt_len, assoc, assoc_len, iv, authtag,
                  true);
}

int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src,
                int crypt_len, const u8 *assoc, int assoc_len,
                const u8 iv[GCM_AES_IV_SIZE], const u8 *authtag)
{
        u8 tagbuf[AES_BLOCK_SIZE];

        gcm_crypt(ctx, dst, src, crypt_len - ctx->authsize, assoc, assoc_len,
                  iv, tagbuf, false);
        if (crypto_memneq(authtag, tagbuf, ctx->authsize)) {
                memzero_explicit(tagbuf, sizeof(tagbuf));
                return -EBADMSG;
        }
        return 0;
}

I've updated my branch with these (and some other changes). Now we
just need  to add some comment blocks to describe the API.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux