Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce68acbc authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Herbert Xu
Browse files

crypto: s390/xts-aes - invoke fallback for ciphertext stealing 



For correctness and compliance with the XTS-AES specification, we are
adding support for ciphertext stealing to XTS implementations, even
though no use cases are known that will be enabled by this.

Since the s390 implementation already has a fallback skcipher standby
for other purposes, let's use it for this purpose as well. If ciphertext
stealing use cases ever become a bottleneck, we can always revisit this.

Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 8ce5fac2

arch/s390/crypto/aes_s390.c

+4 −4
Original line number Diff line number Diff line
@@ -512,7 +512,7 @@ static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 
	unsigned long fc;

	int err;



	err = xts_check_key(tfm, in_key, key_len);

	err = xts_fallback_setkey(tfm, in_key, key_len);

	if (err)

		return err;
@@ -529,7 +529,7 @@ static int xts_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, 
	/* Check if the function code is available */

	xts_ctx->fc = (fc && cpacf_test_func(&km_functions, fc)) ? fc : 0;

	if (!xts_ctx->fc)

		return xts_fallback_setkey(tfm, in_key, key_len);

		return 0;



	/* Split the XTS key into the two subkeys */

	key_len = key_len / 2;
@@ -586,7 +586,7 @@ static int xts_aes_encrypt(struct blkcipher_desc *desc, 
	struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;



	if (unlikely(!xts_ctx->fc))

	if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0))

		return xts_fallback_encrypt(desc, dst, src, nbytes);



	blkcipher_walk_init(&walk, dst, src, nbytes);
@@ -600,7 +600,7 @@ static int xts_aes_decrypt(struct blkcipher_desc *desc, 
	struct s390_xts_ctx *xts_ctx = crypto_blkcipher_ctx(desc->tfm);

	struct blkcipher_walk walk;



	if (unlikely(!xts_ctx->fc))

	if (unlikely(!xts_ctx->fc || (nbytes % XTS_BLOCKSIZE) != 0))

		return xts_fallback_decrypt(desc, dst, src, nbytes);



	blkcipher_walk_init(&walk, dst, src, nbytes);