On Thu, 6 Oct 2022 at 13:50, Nikunj A. Dadhania <nikunj@xxxxxxx> wrote: > > > > On 04/10/22 22:47, Ard Biesheuvel wrote: > > On Tue, 4 Oct 2022 at 11:51, Nikunj A. Dadhania <nikunj@xxxxxxx> wrote: > >> > >>> AES in GCM mode seems like a > >>> thing that we might be able to add to the crypto library API without > >>> much hassle (which already has a minimal implementation of AES) > >> > >> That will be great ! > >> > > > > Try this branch and see if it works for you > > > > https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=libgcm > > Thanks Ard, I had to make few changes to the api to get it working for my usecase. Excellent > The ghash is store/retrieved from the AUTHTAG field of message header as per > "Table 97. Message Header Format" in the SNP ABI document: > https://www.amd.com/system/files/TechDocs/56860.pdf > > Below are the changes I had made in my tree. > > --- > > diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h > index bab85df6df7a..838d1b4e25c3 100644 > --- a/include/crypto/gcm.h > +++ b/include/crypto/gcm.h > @@ -74,9 +74,11 @@ int gcm_setkey(struct gcm_ctx *ctx, const u8 *key, > unsigned int keysize, unsigned int authsize); > > void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, > - int src_len, const u8 *assoc, int assoc_len, const u8 *iv); > + int src_len, const u8 *assoc, int assoc_len, const u8 *iv, > + u8 *authtag); > > int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, > - int src_len, const u8 *assoc, int assoc_len, const u8 *iv); > + int src_len, const u8 *assoc, int assoc_len, const u8 *iv, > + u8 *authtag); This should really be 'const u8 *authtag'. Which means that the encrypt/decrypt path should be split somewhat differently, i.e., something like void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], u8 *authtag) { gcm_crypt(ctx, dst, src, crypt_len, assoc, assoc_len, iv, authtag, true); } int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], const u8 *authtag) { u8 tagbuf[AES_BLOCK_SIZE]; gcm_crypt(ctx, dst, src, crypt_len - ctx->authsize, assoc, assoc_len, iv, tagbuf, false); if (crypto_memneq(authtag, tagbuf, ctx->authsize)) { memzero_explicit(tagbuf, sizeof(tagbuf)); return -EBADMSG; } return 0; } I've updated my branch with these (and some other changes). Now we just need to add some comment blocks to describe the API.