2019-05-29 22:17:58 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0-only */
|
2014-06-26 00:28:57 +08:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2010-2014, The Linux Foundation. All rights reserved.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _CIPHER_H_
|
|
|
|
#define _CIPHER_H_
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
#include "core.h"
|
|
|
|
|
|
|
|
#define QCE_MAX_KEY_SIZE 64
|
|
|
|
|
|
|
|
struct qce_cipher_ctx {
|
|
|
|
u8 enc_key[QCE_MAX_KEY_SIZE];
|
|
|
|
unsigned int enc_keylen;
|
crypto: qce - permit asynchronous skcipher as fallback
Even though the qce driver implements asynchronous versions of ecb(aes),
cbc(aes)and xts(aes), the fallbacks it allocates are required to be
synchronous. Given that SIMD based software implementations are usually
asynchronous as well, even though they rarely complete asynchronously
(this typically only happens in cases where the request was made from
softirq context, while SIMD was already in use in the task context that
it interrupted), these implementations are disregarded, and either the
generic C version or another table based version implemented in assembler
is selected instead.
Since falling back to synchronous AES is not only a performance issue, but
potentially a security issue as well (due to the fact that table based AES
is not time invariant), let's fix this, by allocating an ordinary skcipher
as the fallback, and invoke it with the completion routine that was given
to the outer request.
While at it, remove the pointless memset() from qce_skcipher_init(), and
remove the call to it qce_skcipher_init_fallback().
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-07 14:32:01 +08:00
|
|
|
struct crypto_skcipher *fallback;
|
2014-06-26 00:28:57 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* struct qce_cipher_reqctx - holds private cipher objects per request
|
|
|
|
* @flags: operation flags
|
|
|
|
* @iv: pointer to the IV
|
|
|
|
* @ivsize: IV size
|
|
|
|
* @src_nents: source entries
|
|
|
|
* @dst_nents: destination entries
|
|
|
|
* @result_sg: scatterlist used for result buffer
|
|
|
|
* @dst_tbl: destination sg table
|
|
|
|
* @dst_sg: destination sg pointer table beginning
|
|
|
|
* @src_tbl: source sg table
|
|
|
|
* @src_sg: source sg pointer table beginning;
|
|
|
|
* @cryptlen: crypto length
|
|
|
|
*/
|
|
|
|
struct qce_cipher_reqctx {
|
|
|
|
unsigned long flags;
|
|
|
|
u8 *iv;
|
|
|
|
unsigned int ivsize;
|
|
|
|
int src_nents;
|
|
|
|
int dst_nents;
|
|
|
|
struct scatterlist result_sg;
|
|
|
|
struct sg_table dst_tbl;
|
|
|
|
struct scatterlist *dst_sg;
|
|
|
|
struct scatterlist *src_sg;
|
|
|
|
unsigned int cryptlen;
|
crypto: qce - permit asynchronous skcipher as fallback
Even though the qce driver implements asynchronous versions of ecb(aes),
cbc(aes)and xts(aes), the fallbacks it allocates are required to be
synchronous. Given that SIMD based software implementations are usually
asynchronous as well, even though they rarely complete asynchronously
(this typically only happens in cases where the request was made from
softirq context, while SIMD was already in use in the task context that
it interrupted), these implementations are disregarded, and either the
generic C version or another table based version implemented in assembler
is selected instead.
Since falling back to synchronous AES is not only a performance issue, but
potentially a security issue as well (due to the fact that table based AES
is not time invariant), let's fix this, by allocating an ordinary skcipher
as the fallback, and invoke it with the completion routine that was given
to the outer request.
While at it, remove the pointless memset() from qce_skcipher_init(), and
remove the call to it qce_skcipher_init_fallback().
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-07-07 14:32:01 +08:00
|
|
|
struct skcipher_request fallback_req; // keep at the end
|
2014-06-26 00:28:57 +08:00
|
|
|
};
|
|
|
|
|
2019-11-10 01:09:45 +08:00
|
|
|
static inline struct qce_alg_template *to_cipher_tmpl(struct crypto_skcipher *tfm)
|
2014-06-26 00:28:57 +08:00
|
|
|
{
|
2019-11-10 01:09:45 +08:00
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
|
|
|
return container_of(alg, struct qce_alg_template, alg.skcipher);
|
2014-06-26 00:28:57 +08:00
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:45 +08:00
|
|
|
extern const struct qce_algo_ops skcipher_ops;
|
2014-06-26 00:28:57 +08:00
|
|
|
|
|
|
|
#endif /* _CIPHER_H_ */
|