[CRYPTO] Update IV correctly for Padlock CBC encryption

Wed, 06 Jul 2005 19:08:17 -0700 

tree 85697704c53e0905d1b83a4ec3525cf20ca53455
parent 915e8561d559abba1b81934e31e54a3f850fa7bf
author Herbert Xu <[EMAIL PROTECTED]> Thu, 07 Jul 2005 03:54:09 -0700
committer David S. Miller <[EMAIL PROTECTED]> Thu, 07 Jul 2005 03:54:09 -0700

[CRYPTO] Update IV correctly for Padlock CBC encryption

When the Padlock does CBC encryption, the memory pointed to by EAX is
not updated at all.  Instead, it updates the value of EAX by pointing
it to the last block in the output.  Therefore to maintain the correct
semantics we need to copy the IV.

Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>

 drivers/crypto/padlock-aes.c |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c
--- a/drivers/crypto/padlock-aes.c
+++ b/drivers/crypto/padlock-aes.c
@@ -400,8 +400,8 @@ static inline void padlock_xcrypt_ecb(co
                      : "d"(control_word), "b"(key), "c"(count));
 }
 
-static inline void padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key,
-                                     u8 *iv, void *control_word, u32 count)
+static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key,
+                                    u8 *iv, void *control_word, u32 count)
 {
        /* Enforce key reload. */
        asm volatile ("pushfl; popfl");
@@ -409,6 +409,7 @@ static inline void padlock_xcrypt_cbc(co
        asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"
                      : "+S" (input), "+D" (output), "+a" (iv)
                      : "d" (control_word), "b" (key), "c" (count));
+       return iv;
 }
 
 static void
@@ -447,8 +448,12 @@ static unsigned int aes_encrypt_cbc(cons
                                    const u8 *in, unsigned int nbytes)
 {
        struct aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(desc->tfm));
-       padlock_xcrypt_cbc(in, out, ctx->E, desc->info, &ctx->cword.encrypt,
-                          nbytes / AES_BLOCK_SIZE);
+       u8 *iv;
+
+       iv = padlock_xcrypt_cbc(in, out, ctx->E, desc->info,
+                               &ctx->cword.encrypt, nbytes / AES_BLOCK_SIZE);
+       memcpy(desc->info, iv, AES_BLOCK_SIZE);
+
        return nbytes & ~(AES_BLOCK_SIZE - 1);
 }
 
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to