提交 41fdab3d 编写于 作者: J Joy Latten 提交者: Herbert Xu

[CRYPTO] ctr: Add countersize

This patch adds countersize to CTR mode.
The template is now ctr(algo,noncesize,ivsize,countersize).

For example, ctr(aes,4,8,4) indicates the counterblock
will be composed of a salt/nonce that is 4 bytes, an iv
that is 8 bytes and the counter is 4 bytes.

When noncesize + ivsize < blocksize, CTR initializes the
last block - ivsize - noncesize portion of the block to
zero.  Otherwise the counter block is composed of the IV
(and nonce if necessary).

If noncesize + ivsize == blocksize, then this indicates that
user is passing in entire counterblock. Thus countersize
indicates the amount of bytes in counterblock to use as
the counter for incrementing. CTR will increment counter
portion by 1, and begin encryption with that value.

Note that CTR assumes the counter portion of the block that
will be incremented is stored in big endian.
Signed-off-by: NJoy Latten <latten@austin.ibm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
上级 d3e74805
...@@ -23,6 +23,7 @@ struct ctr_instance_ctx { ...@@ -23,6 +23,7 @@ struct ctr_instance_ctx {
struct crypto_spawn alg; struct crypto_spawn alg;
unsigned int noncesize; unsigned int noncesize;
unsigned int ivsize; unsigned int ivsize;
unsigned int countersize;
}; };
struct crypto_ctr_ctx { struct crypto_ctr_ctx {
...@@ -186,7 +187,6 @@ static int crypto_ctr_crypt(struct blkcipher_desc *desc, ...@@ -186,7 +187,6 @@ static int crypto_ctr_crypt(struct blkcipher_desc *desc,
unsigned long alignmask = crypto_cipher_alignmask(child); unsigned long alignmask = crypto_cipher_alignmask(child);
u8 cblk[bsize + alignmask]; u8 cblk[bsize + alignmask];
u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1); u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1);
unsigned int countersize;
int err; int err;
blkcipher_walk_init(&walk, dst, src, nbytes); blkcipher_walk_init(&walk, dst, src, nbytes);
...@@ -198,18 +198,18 @@ static int crypto_ctr_crypt(struct blkcipher_desc *desc, ...@@ -198,18 +198,18 @@ static int crypto_ctr_crypt(struct blkcipher_desc *desc,
memcpy(counterblk + ictx->noncesize, walk.iv, ictx->ivsize); memcpy(counterblk + ictx->noncesize, walk.iv, ictx->ivsize);
/* initialize counter portion of counter block */ /* initialize counter portion of counter block */
countersize = bsize - ictx->noncesize - ictx->ivsize; ctr_inc_quad(counterblk + (bsize - ictx->countersize),
ctr_inc_quad(counterblk + (bsize - countersize), countersize); ictx->countersize);
while (walk.nbytes) { while (walk.nbytes) {
if (walk.src.virt.addr == walk.dst.virt.addr) if (walk.src.virt.addr == walk.dst.virt.addr)
nbytes = crypto_ctr_crypt_inplace(&walk, child, nbytes = crypto_ctr_crypt_inplace(&walk, child,
counterblk, counterblk,
countersize); ictx->countersize);
else else
nbytes = crypto_ctr_crypt_segment(&walk, child, nbytes = crypto_ctr_crypt_segment(&walk, child,
counterblk, counterblk,
countersize); ictx->countersize);
err = blkcipher_walk_done(desc, &walk, nbytes); err = blkcipher_walk_done(desc, &walk, nbytes);
} }
...@@ -251,6 +251,7 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb) ...@@ -251,6 +251,7 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
struct ctr_instance_ctx *ictx; struct ctr_instance_ctx *ictx;
unsigned int noncesize; unsigned int noncesize;
unsigned int ivsize; unsigned int ivsize;
unsigned int countersize;
int err; int err;
err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
...@@ -270,9 +271,17 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb) ...@@ -270,9 +271,17 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
if (err) if (err)
goto out_put_alg; goto out_put_alg;
/* verify size of nonce + iv + counter */ err = crypto_attr_u32(tb[4], &countersize);
if (err)
goto out_put_alg;
/* verify size of nonce + iv + counter
* counter must be >= 4 bytes.
*/
err = -EINVAL; err = -EINVAL;
if ((noncesize + ivsize) >= alg->cra_blocksize) if (((noncesize + ivsize + countersize) < alg->cra_blocksize) ||
((noncesize + ivsize) > alg->cra_blocksize) ||
(countersize > alg->cra_blocksize) || (countersize < 4))
goto out_put_alg; goto out_put_alg;
inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL); inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
...@@ -282,20 +291,21 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb) ...@@ -282,20 +291,21 @@ static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
err = -ENAMETOOLONG; err = -ENAMETOOLONG;
if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME, if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
"ctr(%s,%u,%u)", alg->cra_name, noncesize, "ctr(%s,%u,%u,%u)", alg->cra_name, noncesize,
ivsize) >= CRYPTO_MAX_ALG_NAME) { ivsize, countersize) >= CRYPTO_MAX_ALG_NAME) {
goto err_free_inst; goto err_free_inst;
} }
if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
"ctr(%s,%u,%u)", alg->cra_driver_name, noncesize, "ctr(%s,%u,%u,%u)", alg->cra_driver_name, noncesize,
ivsize) >= CRYPTO_MAX_ALG_NAME) { ivsize, countersize) >= CRYPTO_MAX_ALG_NAME) {
goto err_free_inst; goto err_free_inst;
} }
ictx = crypto_instance_ctx(inst); ictx = crypto_instance_ctx(inst);
ictx->noncesize = noncesize; ictx->noncesize = noncesize;
ictx->ivsize = ivsize; ictx->ivsize = ivsize;
ictx->countersize = countersize;
err = crypto_init_spawn(&ictx->alg, alg, inst, err = crypto_init_spawn(&ictx->alg, alg, inst,
CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
......
...@@ -969,9 +969,9 @@ static void do_test(void) ...@@ -969,9 +969,9 @@ static void do_test(void)
AES_XTS_ENC_TEST_VECTORS); AES_XTS_ENC_TEST_VECTORS);
test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
AES_XTS_DEC_TEST_VECTORS); AES_XTS_DEC_TEST_VECTORS);
test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template, test_cipher("ctr(aes,4,8,4)", ENCRYPT, aes_ctr_enc_tv_template,
AES_CTR_ENC_TEST_VECTORS); AES_CTR_ENC_TEST_VECTORS);
test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template, test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template,
AES_CTR_DEC_TEST_VECTORS); AES_CTR_DEC_TEST_VECTORS);
//CAST5 //CAST5
...@@ -1160,9 +1160,9 @@ static void do_test(void) ...@@ -1160,9 +1160,9 @@ static void do_test(void)
AES_XTS_ENC_TEST_VECTORS); AES_XTS_ENC_TEST_VECTORS);
test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template, test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,
AES_XTS_DEC_TEST_VECTORS); AES_XTS_DEC_TEST_VECTORS);
test_cipher("ctr(aes,4,8)", ENCRYPT, aes_ctr_enc_tv_template, test_cipher("ctr(aes,4,8,4)", ENCRYPT, aes_ctr_enc_tv_template,
AES_CTR_ENC_TEST_VECTORS); AES_CTR_ENC_TEST_VECTORS);
test_cipher("ctr(aes,4,8)", DECRYPT, aes_ctr_dec_tv_template, test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template,
AES_CTR_DEC_TEST_VECTORS); AES_CTR_DEC_TEST_VECTORS);
break; break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册