#
7cfc2ab3 |
| 21-Feb-2024 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: lskcipher - Copy IV in lskcipher glue code always
The lskcipher glue code for skcipher needs to copy the IV every time rather than only on the first and last request. Otherwise those algori
crypto: lskcipher - Copy IV in lskcipher glue code always
The lskcipher glue code for skcipher needs to copy the IV every time rather than only on the first and last request. Otherwise those algorithms that use IV to perform chaining may break, e.g., CBC.
This is because crypto_skcipher_import/export do not include the IV as part of the saved state.
Reported-by: syzbot+b90b904ef6bdfdafec1d@syzkaller.appspotmail.com Fixes: 662ea18d089b ("crypto: skcipher - Make use of internal state") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
37c6fc32 |
| 21-Dec-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: skcipher - Pass statesize for simple lskcipher instances
When ecb is used to wrap an lskcipher, the statesize isn't set correctly. Fix this by making the simple instance creator set the sta
crypto: skcipher - Pass statesize for simple lskcipher instances
When ecb is used to wrap an lskcipher, the statesize isn't set correctly. Fix this by making the simple instance creator set the statesize.
Reported-by: syzbot+8ffb0839a24e9c6bfa76@syzkaller.appspotmail.com Reported-by: Edward Adam Davis <eadavis@qq.com> Fixes: 662ea18d089b ("crypto: skcipher - Make use of internal state") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
662ea18d |
| 28-Nov-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: skcipher - Make use of internal state
This patch adds code to the skcipher/lskcipher API to make use of the internal state if present. In particular, the skcipher lskcipher wrapper will all
crypto: skcipher - Make use of internal state
This patch adds code to the skcipher/lskcipher API to make use of the internal state if present. In particular, the skcipher lskcipher wrapper will allocate a buffer for the IV/state and feed that to the underlying lskcipher algorithm.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
0ae4dcc1 |
| 27-Nov-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: skcipher - Add internal state support
Unlike chaining modes such as CBC, stream ciphers other than CTR usually hold an internal state that must be preserved if the operation is to be done pi
crypto: skcipher - Add internal state support
Unlike chaining modes such as CBC, stream ciphers other than CTR usually hold an internal state that must be preserved if the operation is to be done piecemeal. This has not been represented in the API, resulting in the inability to split up stream cipher operations.
This patch adds the basic representation of an internal state to skcipher and lskcipher. In the interest of backwards compatibility, the default has been set such that existing users are assumed to be operating in one go as opposed to piecemeal.
With the new API, each lskcipher/skcipher algorithm has a new attribute called statesize. For skcipher, this is the size of the buffer that can be exported or imported similar to ahash. For lskcipher, instead of providing a buffer of ivsize, the user now has to provide a buffer of ivsize + statesize.
Each skcipher operation is assumed to be final as they are now, but this may be overridden with a request flag. When the override occurs, the user may then export the partial state and reimport it later.
For lskcipher operations this is reversed. All operations are not final and the state will be exported unless the FINAL bit is set. However, the CONT bit still has to be set for the state to be used.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
7ec0a09d |
| 13-Oct-2023 |
Eric Biggers <ebiggers@google.com> |
crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_T
crypto: skcipher - fix weak key check for lskciphers
When an algorithm of the new "lskcipher" type is exposed through the "skcipher" API, calls to crypto_skcipher_setkey() don't pass on the CRYPTO_TFM_REQ_FORBID_WEAK_KEYS flag to the lskcipher. This causes self-test failures for ecb(des), as weak keys are not rejected anymore. Fix this.
Fixes: 31865c4c4db2 ("crypto: skcipher - Add lskcipher") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
87d6621c |
| 12-Oct-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: lskcipher - Return EINVAL when ecb_name fails sanity checks
Set the error value to -EINVAL instead of zero when the underlying name (within "ecb()") fails basic sanity checks.
Fixes: 8aee5d
crypto: lskcipher - Return EINVAL when ecb_name fails sanity checks
Set the error value to -EINVAL instead of zero when the underlying name (within "ecb()") fails basic sanity checks.
Fixes: 8aee5d4ebd11 ("crypto: lskcipher - Add compatibility wrapper around ECB") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/r/202310111323.ZjK7bzjw-lkp@intel.com/ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
8aee5d4e |
| 14-Sep-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: lskcipher - Add compatibility wrapper around ECB
As an aid to the transition from cipher algorithm implementations to lskcipher, add a temporary wrapper when creating simple lskcipher templa
crypto: lskcipher - Add compatibility wrapper around ECB
As an aid to the transition from cipher algorithm implementations to lskcipher, add a temporary wrapper when creating simple lskcipher templates by using ecb(X) instead of X if an lskcipher implementation of X cannot be found.
This can be reverted once all cipher implementations have switched over to lskcipher.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
31865c4c |
| 14-Sep-2023 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: skcipher - Add lskcipher
Add a new API type lskcipher designed for taking straight kernel pointers instead of SG lists. Its relationship to skcipher will be analogous to that between shash
crypto: skcipher - Add lskcipher
Add a new API type lskcipher designed for taking straight kernel pointers instead of SG lists. Its relationship to skcipher will be analogous to that between shash and ahash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|