From patchwork Mon Sep 26 09:36:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tianjia.zhang" X-Patchwork-Id: 12988491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 945A0C07E9D for ; Mon, 26 Sep 2022 09:43:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=s/Y/MGWpDr8ISFu3YwKJKFD7qN4XJs8agpoPUdPG8CI=; b=vZ20mPq7vbCNLY dKlf5rTGw4Ytuo2ka0L9jDQMjI7Qy7NOWLIVKsujETbiQHZai42hxZVP/vOoiS+Iyw40DY9pztFir h167v1yzVeA7UJMq/wHP3aAQ/VOOWX+YKtMHjILZfcbV5NJrunT+k4z9Hb8OFZdXu1V6/nwtD8U61 83NVd6Lp0TBIudiV/667Rxx3GXVt/c2hSSop+SKKzduWCHs843tIf/Ig+iw5XFHlJfKrIXJaDqXYr ucqWvqLRHvpaPZwqLkxWpprgvUbSJlITLLmB0bKQQ0GVIFEP5ndQT0BxSOa9QwNUm0t2htxrpeCuP xEKBMr3de3jGbQarQNsQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ockcv-003jZP-1K; Mon, 26 Sep 2022 09:42:13 +0000 Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ockXh-003gqO-2B for linux-arm-kernel@lists.infradead.org; Mon, 26 Sep 2022 09:36:56 +0000 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046049;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---0VQkJzHP_1664185004; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0VQkJzHP_1664185004) by smtp.aliyun-inc.com; Mon, 26 Sep 2022 17:36:45 +0800 From: Tianjia Zhang To: Herbert Xu , "David S. Miller" , Jussi Kivilinna , Ard Biesheuvel , Catalin Marinas , Will Deacon , Maxime Coquelin , Alexandre Torgue , Eric Biggers , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com Subject: [PATCH 11/16] crypto: essiv - allow digestsize to be greater than keysize Date: Mon, 26 Sep 2022 17:36:15 +0800 Message-Id: <20220926093620.99898-12-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> References: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220926_023649_341963_73FCEB0F X-CRM114-Status: GOOD ( 11.17 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In essiv mode, the digest of the hash algorithm is used as the key to encrypt the IV. The current implementation requires that the digest size of the hash algorithm is equal to the key size, which will exclude algorithms that do not meet this situation, such as essiv(cbc(sm4),sm3), the hash result of sm3 is fixed 256 bits, and the key size of sm4 symmetric algorithm is fixed 128 bits, which makes it impossible to use essiv mode. This patch allows algorithms whose digest size is greater than key size to use esssiv mode by truncating the digest. Signed-off-by: Tianjia Zhang --- crypto/essiv.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/essiv.c b/crypto/essiv.c index e33369df9034..6ee5a61bcae4 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -68,6 +68,7 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, { struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); u8 salt[HASH_MAX_DIGESTSIZE]; + unsigned int saltlen; int err; crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); @@ -86,8 +87,11 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, crypto_cipher_set_flags(tctx->essiv_cipher, crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_MASK); - return crypto_cipher_setkey(tctx->essiv_cipher, salt, - crypto_shash_digestsize(tctx->hash)); + + saltlen = min(crypto_shash_digestsize(tctx->hash), + crypto_skcipher_max_keysize(tctx->u.skcipher)); + + return crypto_cipher_setkey(tctx->essiv_cipher, salt, saltlen); } static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, @@ -418,8 +422,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, if (IS_ERR(alg)) return false; - if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || - hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) + if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize) goto out; if (ivsize != alg->cra_blocksize)