summaryrefslogtreecommitdiff
path: root/include/crypto
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-06-14 07:34:13 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2016-06-15 17:07:53 +0800
commit355912852115cd8aa4ad02c25182ae615ce925fb (patch)
treef25c7201d6538cebae6a4d5ded1998a2164717de /include/crypto
parente123be16120df6cdda4e1811a49326125f0aa4dd (diff)
downloadlwn-355912852115cd8aa4ad02c25182ae615ce925fb.tar.gz
lwn-355912852115cd8aa4ad02c25182ae615ce925fb.zip
crypto: drbg - use CTR AES instead of ECB AES
The CTR DRBG derives its random data from the CTR that is encrypted with AES. This patch now changes the CTR DRBG implementation such that the CTR AES mode is employed. This allows the use of steamlined CTR AES implementation such as ctr-aes-aesni. Unfortunately there are the following subtile changes we need to apply when using the CTR AES mode: - the CTR mode increments the counter after the cipher operation, but the CTR DRBG requires the increment before the cipher op. Hence, the crypto_inc is applied to the counter (drbg->V) once it is recalculated. - the CTR mode wants to encrypt data, but the CTR DRBG is interested in the encrypted counter only. The full CTR mode is the XOR of the encrypted counter with the plaintext data. To access the encrypted counter, the patch uses a NULL data vector as plaintext to be "encrypted". Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/drbg.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
index d961b2b16f55..b2fe15d1ceba 100644
--- a/include/crypto/drbg.h
+++ b/include/crypto/drbg.h
@@ -43,6 +43,7 @@
#include <linux/random.h>
#include <linux/scatterlist.h>
#include <crypto/hash.h>
+#include <crypto/skcipher.h>
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/slab.h>
@@ -115,6 +116,14 @@ struct drbg_state {
/* some memory the DRBG can use for its operation */
unsigned char *scratchpad;
void *priv_data; /* Cipher handle */
+
+ struct crypto_skcipher *ctr_handle; /* CTR mode cipher handle */
+ struct skcipher_request *ctr_req; /* CTR mode request handle */
+ __u8 *ctr_null_value_buf; /* CTR mode unaligned buffer */
+ __u8 *ctr_null_value; /* CTR mode aligned zero buf */
+ struct completion ctr_completion; /* CTR mode async handler */
+ int ctr_async_err; /* CTR mode async error */
+
bool seeded; /* DRBG fully seeded? */
bool pr; /* Prediction resistance enabled? */
struct work_struct seed_work; /* asynchronous seeding support */