From patchwork Fri Aug 16 12:35:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 171475 Delivered-To: patch@linaro.org Received: by 2002:a92:d204:0:0:0:0:0 with SMTP id y4csp814841ily; Fri, 16 Aug 2019 05:35:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqxwMiizZJpSVWmoztjtf5j6/wb3s0E7RW9Vj6X5fhyWFWz32w4qL2QUpTTW1Af5TYoM4RGn X-Received: by 2002:a65:6448:: with SMTP id s8mr7614456pgv.223.1565958958697; Fri, 16 Aug 2019 05:35:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565958958; cv=none; d=google.com; s=arc-20160816; b=svXh4Lem5NeBu63pzGrDxlM7KolFHlx9Enz5UkJz7F2TiWXWCNiquAN4WasWFPyNJN OqrHhhpokBhGBgx2p6kQ/mFtFCZu/jzpZyDJ4tv9GfYdow7oKx/90sT74b7ocl2w4F45 vEVtWF0hiZFGvZ8hp3edh09355V8uLSzr9GJ5mbaR1hcBzJ/sYJvzcC8rgufA8MlVOvM 4/sMhZtJjvTi2KEaVNNJ6gw0zqEzmiRqrH1ekQWT8Et/cx+S2JpjeFtqnR22MEgPZQ7I bcqBaab5CDbtHOzDl4AFI6G8HyYY2mYGuCpefKK5/xGL0uWtnmoNdS9kHOzIDAPPhriU k5gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=KwGTj9MadW2uA0xPCMC6ymqxz6VCNxTyOA8nd35Nmhw=; b=mrVkBsy2usCxnsxi5grCJxY83Zwi8fbYEPgFVU5gHaeGZa4QrFzBu9bse8glBBoIpp tCnBqq64OfAJH0kCvH0vtgODTo4MxJON8QGm71UDPFkKCtomwP6H94Sf6eF4Tu1YFsAi 5zylQn804HRXXZ5MEfDyTH+oGHg6wueo9wTVo/TSV+kMw0FPeXfil126V52hzhauk/GV 7I/rn3qFQ737XV+StZW0yAYFt9qMWdP/KOoHMygPfzQ146dQMJ0wzl91mR2UVggW+2Mi bEnwdPZv75j+cTfM5C1yv/w96itYCh7geSVSDAk/e6pYb0j94iM7XAGT3uzhC6uZ6HyD ugBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="G2N/p4oN"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y13si3759003pgp.339.2019.08.16.05.35.58; Fri, 16 Aug 2019 05:35:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="G2N/p4oN"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726981AbfHPMf5 (ORCPT + 3 others); Fri, 16 Aug 2019 08:35:57 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:38176 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727194AbfHPMf5 (ORCPT ); Fri, 16 Aug 2019 08:35:57 -0400 Received: by mail-wm1-f65.google.com with SMTP id m125so3946465wmm.3 for ; Fri, 16 Aug 2019 05:35:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=KwGTj9MadW2uA0xPCMC6ymqxz6VCNxTyOA8nd35Nmhw=; b=G2N/p4oNYSX6WLzGsJakUi/5/XgFJwLKRg+H0yInBrVM2nkFfdOnO4Sx5s7Fk+gt+i TXVl2hd890+fbbTtcL6wZn2bXmG/h/evEim9nlO3K8N8PC3+2DG66FLb7uytohKZeBJv nnCPESUKDDEX3DVKDkhHQzmLgJUTelAOVMKqlRHdnY6KVb1ZMo2bx9IMpkfOlY9y8A8N HDIfSDDkrJt9/zZKlgVDFVHuZmQTqabhOGEsifXkrh1+aDmDx/ciLawbkzz8dFqcmV2B b8Fa2hGOsgKY0NLtPiI0jMVbMXCt/Xe/vDl0aTJP0eaFxBIeCcWnkeCrrkSg56GVcHcL 0tPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=KwGTj9MadW2uA0xPCMC6ymqxz6VCNxTyOA8nd35Nmhw=; b=Q9C/n+H7YeEfUX3p0YHnmqWoRhzzZTthZWV9md8YZ2MBttk75dink5B6T3CmvBcRve LPp1Ra7S7A31wg9tt4ChOW4DLPFIaQIzJ9Q8ZrP1Z2yVWQyXWDl8MzMLbrgex7YOBWUz 8bmD3P0jdMTFRZXSTdp5s+oy1ir/wQuJ241RDvkAf2TmqCe4y6HoqfiulE7If6qw0V+A Zm95jYI0KiaAW355U6xLgozmwuUKvLo0FH5idC4U3SRdM8NbNOMo8jR1+2gJVeRL8i1Q L28FXwB0eCKAidSLvbZ8f4SSzt9YgBpygul6RL57geLKNotjJNtx0qdbmPgJJtKmeeeM uUGA== X-Gm-Message-State: APjAAAXhXt9CnhHcE05lcAtxws7HBYS97mnwcSJgtoxJUe+ztubkcpqK mYf5ABb0AHcVX6G5imtEU/bpJSMCeRSQZWgp X-Received: by 2002:a1c:a957:: with SMTP id s84mr7308060wme.65.1565958955178; Fri, 16 Aug 2019 05:35:55 -0700 (PDT) Received: from localhost.localdomain ([2a02:587:a407:da00:f1b5:e68c:5f7f:79e7]) by smtp.gmail.com with ESMTPSA id o17sm4427187wrx.60.2019.08.16.05.35.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2019 05:35:54 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, linux-s390@vger.kernel.org, Ard Biesheuvel Subject: [PATCH] crypto: s390/xts-aes - invoke fallback for ciphertext stealing Date: Fri, 16 Aug 2019 15:35:45 +0300 Message-Id: <20190816123545.22848-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org For correctness and compliance with the XTS-AES specification, we are adding support for ciphertext stealing to XTS implementations, even though no use cases are known that will be enabled by this. Since the s390 implementation already has a fallback skcipher standby for other purposes, let's use it for this purpose as well. If ciphertext stealing use cases ever become a bottleneck, we can always revisit this. Signed-off-by: Ard Biesheuvel --- arch/s390/crypto/aes_s390.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.17.1 diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index dc0f72dd6e03..a34faadc757e 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -512,7 +512,7 @@ static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, unsigned long fc; int err; - err = xts_check_key(tfm, in_key, key_len); + err = xts_fallback_setkey(tfm, in_key, key_len); if (err) return err; @@ -529,7 +529,7 @@ static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, /* Check if the function code is available */ xts_ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0; if (!xts_ctx->fc) - return xts_fallback_setkey(tfm, in_key, key_len); + return 0; /* Split the XTS key into the two subkeys */ key_len = key_len / 2; @@ -586,7 +586,7 @@ static int xts_aes_encrypt(struct blkcipher_desc *desc, struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); struct blkcipher_walk walk; - if (unlikely(!xts_ctx->fc)) + if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0)) return xts_fallback_encrypt(desc, dst, src, nbytes); blkcipher_walk_init(&walk, dst, src, nbytes); @@ -600,7 +600,7 @@ static int xts_aes_decrypt(struct blkcipher_desc *desc, struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm); struct blkcipher_walk walk; - if (unlikely(!xts_ctx->fc)) + if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0)) return xts_fallback_decrypt(desc, dst, src, nbytes); blkcipher_walk_init(&walk, dst, src, nbytes);