Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp555463rwb; Mon, 26 Sep 2022 02:47:34 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7cqSm6i3/5vFuEh0SAIJr8H2NLfSwmVD8YXqDo2A648qsq9f1NXnTHz7xb05N53Mixy2qP X-Received: by 2002:a17:906:8a69:b0:781:7f75:2e1 with SMTP id hy9-20020a1709068a6900b007817f7502e1mr17746771ejc.24.1664185653768; Mon, 26 Sep 2022 02:47:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664185653; cv=none; d=google.com; s=arc-20160816; b=h4x77gGzK+1mmXER19+59N80K0wskWZVtLaeZ9wyjUNWfY4uFurRHE5AxcnxUdWbhb ESkShcA26V0WXqUkqKzwbbdhLGvl5/ui75acjjO96p4XO5eLhD8vOrDfqiUnzQT+J2zP 8RcF3hb8n92+PXvM3WrvL1GHf/nXw2NEqHBbFmcJwX4G83kuCVd0GxC5M5KBqT5TcPX0 hC9Tza18zCCOH4TO0b1f6zoWmfNtB6qAVAVUBRzcuXFrm6lf2RfNvv47iaW55tBJqNvZ ntjuWnEV/PPKByTi5gKMH8wdtSjl3wwIefzJLdkdoUyfkYb0AchszDolUXKkrVL7OaZ3 6chQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from; bh=HmTRQKeALm1a8/qz2YOit7Xt/vG5nsMLO0Pfj9jCVlU=; b=dPEwkR0kXfhhyzlzU6O92xhjKCAeugBYfTCg9RjwcXNrdtEE62Hu/tuoXPvi/JmK4D U4hR6XHSPM4/1guoxb6dRLm9JWLV8irGB9TxwFBxOI7g7fpDUgOZ94KmEaYxNnRTHPtM VIfUDZd2MceQVbQSlamqfFA68d1umPFT7RxFj8ppFt8rE4XIp0vAn6nXU/Lm2KWprwJQ Osg5ABm2P/mGzPnku5jg9abtNLmoEmi9qEH/qhx2vCDdCDfRDITCjYdM8RiNNJDseGuk JsThf3NTaVCHI2Av8hzMRicWshHGP5G99JMzeMQBiNXX1nLtEUNceSWc3cZsAX7Ij6N0 4l2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d1-20020a170906304100b00741a16e8562si13528362ejd.826.2022.09.26.02.47.09; Mon, 26 Sep 2022 02:47:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234711AbiIZJiZ (ORCPT + 99 others); Mon, 26 Sep 2022 05:38:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234920AbiIZJhE (ORCPT ); Mon, 26 Sep 2022 05:37:04 -0400 Received: from out30-45.freemail.mail.aliyun.com (out30-45.freemail.mail.aliyun.com [115.124.30.45]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67BDF2DABB; Mon, 26 Sep 2022 02:36:50 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046049;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---0VQkJzHP_1664185004; Received: from localhost(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0VQkJzHP_1664185004) by smtp.aliyun-inc.com; Mon, 26 Sep 2022 17:36:45 +0800 From: Tianjia Zhang To: Herbert Xu , "David S. Miller" , Jussi Kivilinna , Ard Biesheuvel , Catalin Marinas , Will Deacon , Maxime Coquelin , Alexandre Torgue , Eric Biggers , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com Subject: [PATCH 11/16] crypto: essiv - allow digestsize to be greater than keysize Date: Mon, 26 Sep 2022 17:36:15 +0800 Message-Id: <20220926093620.99898-12-tianjia.zhang@linux.alibaba.com> X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> References: <20220926093620.99898-1-tianjia.zhang@linux.alibaba.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In essiv mode, the digest of the hash algorithm is used as the key to encrypt the IV. The current implementation requires that the digest size of the hash algorithm is equal to the key size, which will exclude algorithms that do not meet this situation, such as essiv(cbc(sm4),sm3), the hash result of sm3 is fixed 256 bits, and the key size of sm4 symmetric algorithm is fixed 128 bits, which makes it impossible to use essiv mode. This patch allows algorithms whose digest size is greater than key size to use esssiv mode by truncating the digest. Signed-off-by: Tianjia Zhang --- crypto/essiv.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/essiv.c b/crypto/essiv.c index e33369df9034..6ee5a61bcae4 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -68,6 +68,7 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, { struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm); u8 salt[HASH_MAX_DIGESTSIZE]; + unsigned int saltlen; int err; crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK); @@ -86,8 +87,11 @@ static int essiv_skcipher_setkey(struct crypto_skcipher *tfm, crypto_cipher_set_flags(tctx->essiv_cipher, crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_REQ_MASK); - return crypto_cipher_setkey(tctx->essiv_cipher, salt, - crypto_shash_digestsize(tctx->hash)); + + saltlen = min(crypto_shash_digestsize(tctx->hash), + crypto_skcipher_max_keysize(tctx->u.skcipher)); + + return crypto_cipher_setkey(tctx->essiv_cipher, salt, saltlen); } static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key, @@ -418,8 +422,7 @@ static bool essiv_supported_algorithms(const char *essiv_cipher_name, if (IS_ERR(alg)) return false; - if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize || - hash_alg->digestsize > alg->cra_cipher.cia_max_keysize) + if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize) goto out; if (ivsize != alg->cra_blocksize) -- 2.24.3 (Apple Git-128)