crypto: ccp - move to AES library for CMAC key derivation
Use the AES library instead of the cipher interface to perform the single block of AES processing involved in updating the key of the cmac(aes) hash. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
da3e7a9715
commit
6273fd7a5a
@ -30,6 +30,7 @@ config CRYPTO_DEV_CCP_CRYPTO
|
||||
select CRYPTO_BLKCIPHER
|
||||
select CRYPTO_AUTHENC
|
||||
select CRYPTO_RSA
|
||||
select CRYPTO_LIB_AES
|
||||
help
|
||||
Support for using the cryptographic API with the AMD Cryptographic
|
||||
Coprocessor. This module supports offload of SHA and AES algorithms.
|
||||
|
@ -261,6 +261,7 @@ static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
|
||||
ccp_crypto_ahash_alg(crypto_ahash_tfm(tfm));
|
||||
u64 k0_hi, k0_lo, k1_hi, k1_lo, k2_hi, k2_lo;
|
||||
u64 rb_hi = 0x00, rb_lo = 0x87;
|
||||
struct crypto_aes_ctx aes;
|
||||
__be64 *gk;
|
||||
int ret;
|
||||
|
||||
@ -284,14 +285,14 @@ static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
|
||||
ctx->u.aes.key_len = 0;
|
||||
|
||||
/* Set the key for the AES cipher used to generate the keys */
|
||||
ret = crypto_cipher_setkey(ctx->u.aes.tfm_cipher, key, key_len);
|
||||
ret = aes_expandkey(&aes, key, key_len);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
/* Encrypt a block of zeroes - use key area in context */
|
||||
memset(ctx->u.aes.key, 0, sizeof(ctx->u.aes.key));
|
||||
crypto_cipher_encrypt_one(ctx->u.aes.tfm_cipher, ctx->u.aes.key,
|
||||
ctx->u.aes.key);
|
||||
aes_encrypt(&aes, ctx->u.aes.key, ctx->u.aes.key);
|
||||
memzero_explicit(&aes, sizeof(aes));
|
||||
|
||||
/* Generate K1 and K2 */
|
||||
k0_hi = be64_to_cpu(*((__be64 *)ctx->u.aes.key));
|
||||
@ -336,32 +337,15 @@ static int ccp_aes_cmac_cra_init(struct crypto_tfm *tfm)
|
||||
{
|
||||
struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
|
||||
struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
|
||||
struct crypto_cipher *cipher_tfm;
|
||||
|
||||
ctx->complete = ccp_aes_cmac_complete;
|
||||
ctx->u.aes.key_len = 0;
|
||||
|
||||
crypto_ahash_set_reqsize(ahash, sizeof(struct ccp_aes_cmac_req_ctx));
|
||||
|
||||
cipher_tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_NEED_FALLBACK);
|
||||
if (IS_ERR(cipher_tfm)) {
|
||||
pr_warn("could not load aes cipher driver\n");
|
||||
return PTR_ERR(cipher_tfm);
|
||||
}
|
||||
ctx->u.aes.tfm_cipher = cipher_tfm;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void ccp_aes_cmac_cra_exit(struct crypto_tfm *tfm)
|
||||
{
|
||||
struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
|
||||
|
||||
if (ctx->u.aes.tfm_cipher)
|
||||
crypto_free_cipher(ctx->u.aes.tfm_cipher);
|
||||
ctx->u.aes.tfm_cipher = NULL;
|
||||
}
|
||||
|
||||
int ccp_register_aes_cmac_algs(struct list_head *head)
|
||||
{
|
||||
struct ccp_crypto_ahash_alg *ccp_alg;
|
||||
@ -401,7 +385,6 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
|
||||
base->cra_ctxsize = sizeof(struct ccp_ctx);
|
||||
base->cra_priority = CCP_CRA_PRIORITY;
|
||||
base->cra_init = ccp_aes_cmac_cra_init;
|
||||
base->cra_exit = ccp_aes_cmac_cra_exit;
|
||||
base->cra_module = THIS_MODULE;
|
||||
|
||||
ret = crypto_register_ahash(alg);
|
||||
|
@ -87,9 +87,6 @@ struct ccp_aes_ctx {
|
||||
/* Fallback cipher for XTS with unsupported unit sizes */
|
||||
struct crypto_sync_skcipher *tfm_skcipher;
|
||||
|
||||
/* Cipher used to generate CMAC K1/K2 keys */
|
||||
struct crypto_cipher *tfm_cipher;
|
||||
|
||||
enum ccp_engine engine;
|
||||
enum ccp_aes_type type;
|
||||
enum ccp_aes_mode mode;
|
||||
|
Loading…
Reference in New Issue
Block a user