Commit 50b6544e authored by Herbert Xu's avatar Herbert Xu

[CRYPTO] cbc: Require block size to be a power of 2

All common block ciphers have a block size that's a power of 2.  In fact,
all of our block ciphers obey this rule.

If we require this then CBC can be optimised to avoid an expensive divide
on in-place decryption.

I've also changed the saving of the first IV in the in-place decryption
case to the last IV because that lets us use walk->iv (which is already
aligned) for the xor operation where alignment is required.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 3c7f076d
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#include <linux/err.h> #include <linux/err.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/log2.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/scatterlist.h> #include <linux/scatterlist.h>
#include <linux/slab.h> #include <linux/slab.h>
...@@ -143,17 +144,13 @@ static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc, ...@@ -143,17 +144,13 @@ static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc,
void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
crypto_cipher_alg(tfm)->cia_decrypt; crypto_cipher_alg(tfm)->cia_decrypt;
int bsize = crypto_cipher_blocksize(tfm); int bsize = crypto_cipher_blocksize(tfm);
unsigned long alignmask = crypto_cipher_alignmask(tfm);
unsigned int nbytes = walk->nbytes; unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr; u8 *src = walk->src.virt.addr;
u8 stack[bsize + alignmask]; u8 last_iv[bsize];
u8 *first_iv = (u8 *)ALIGN((unsigned long)stack, alignmask + 1);
memcpy(first_iv, walk->iv, bsize);
/* Start of the last block. */ /* Start of the last block. */
src += nbytes - nbytes % bsize - bsize; src += nbytes - (nbytes & (bsize - 1)) - bsize;
memcpy(walk->iv, src, bsize); memcpy(last_iv, src, bsize);
for (;;) { for (;;) {
fn(crypto_cipher_tfm(tfm), src, src); fn(crypto_cipher_tfm(tfm), src, src);
...@@ -163,7 +160,8 @@ static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc, ...@@ -163,7 +160,8 @@ static int crypto_cbc_decrypt_inplace(struct blkcipher_desc *desc,
src -= bsize; src -= bsize;
} }
crypto_xor(src, first_iv, bsize); crypto_xor(src, walk->iv, bsize);
memcpy(walk->iv, last_iv, bsize);
return nbytes; return nbytes;
} }
...@@ -228,6 +226,10 @@ static struct crypto_instance *crypto_cbc_alloc(struct rtattr **tb) ...@@ -228,6 +226,10 @@ static struct crypto_instance *crypto_cbc_alloc(struct rtattr **tb)
if (IS_ERR(alg)) if (IS_ERR(alg))
return ERR_PTR(PTR_ERR(alg)); return ERR_PTR(PTR_ERR(alg));
inst = ERR_PTR(-EINVAL);
if (!is_power_of_2(alg->cra_blocksize))
goto out_put_alg;
inst = crypto_alloc_instance("cbc", alg); inst = crypto_alloc_instance("cbc", alg);
if (IS_ERR(inst)) if (IS_ERR(inst))
goto out_put_alg; goto out_put_alg;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment