From: Eric Biggers <ebiggers@kernel.org>
To: Mike Lothian <mike@fireburn.co.uk>
Cc: rust-for-linux@vger.kernel.org, linux-crypto@vger.kernel.org,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <lossin@kernel.org>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Alice Ryhl" <aliceryhl@google.com>,
"Trevor Gross" <tmgross@umich.edu>,
"Danilo Krummrich" <dakr@kernel.org>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Yury Norov (NVIDIA)" <yury.norov@gmail.com>,
"Asahi Lina" <lina+kernel@asahilina.net>,
"Lorenzo Stoakes" <ljs@kernel.org>,
"Joel Fernandes" <joelagnelf@nvidia.com>,
"Alexandre Courbot" <acourbot@nvidia.com>,
"FUJITA Tomonori" <fujita.tomonori@gmail.com>,
"Krishna Ketan Rai" <prafulrai522@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 1/2] rust: crypto: add library AES-128 / SHA-256 / HMAC-SHA256 bindings
Date: Wed, 17 Jun 2026 17:18:12 +0000 [thread overview]
Message-ID: <20260617171812.GE785086@google.com> (raw)
In-Reply-To: <20260617150143.2152-2-mike@fireburn.co.uk>
On Wed, Jun 17, 2026 at 04:01:32PM +0100, Mike Lothian wrote:
> +/*
> + * AES-128 single-block ECB encryption: out = AES(key, in).
> + *
> + * A helper because aes_encrypt() takes a transparent union (aes_encrypt_arg)
> + * that bindgen cannot express. SHA-256 and HMAC-SHA256 are plain extern
> + * functions and are bound directly.
> + */
> +__rust_helper int
> +rust_helper_aes128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
> +{
> + struct aes_enckey enckey;
> + int ret;
> +
> + ret = aes_prepareenckey(&enckey, key, AES_KEYSIZE_128);
> + if (ret)
> + return ret;
> + aes_encrypt(&enckey, out, in);
> + memzero_explicit(&enckey, sizeof(enckey));
> + return 0;
> +}
This is kind of an anti-pattern, both in expanding the key for every
block and also exposing bare AES instead of AES modes of operation.
It's true that lib/crypto/ is missing a lot of AES modes (I'm working on
that), but AES-CMAC is there already which is one of the two you need.
- Eric
next prev parent reply other threads:[~2026-06-17 17:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 15:01 [RFC PATCH 0/2] rust: crypto: library AES-128 / SHA-256 / HMAC + RSA Mike Lothian
2026-06-17 15:01 ` [RFC PATCH 1/2] rust: crypto: add library AES-128 / SHA-256 / HMAC-SHA256 bindings Mike Lothian
2026-06-17 17:18 ` Eric Biggers [this message]
2026-06-17 15:01 ` [RFC PATCH 2/2] rust: crypto: add RSA public-key encryption via crypto_akcipher Mike Lothian
2026-06-17 17:52 ` Eric Biggers
2026-06-17 15:13 ` [RFC PATCH 0/2] rust: crypto: library AES-128 / SHA-256 / HMAC + RSA Miguel Ojeda
2026-06-17 15:19 ` Mike Lothian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617171812.GE785086@google.com \
--to=ebiggers@kernel.org \
--cc=a.hindborg@kernel.org \
--cc=acourbot@nvidia.com \
--cc=aliceryhl@google.com \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun@kernel.org \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=fujita.tomonori@gmail.com \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joelagnelf@nvidia.com \
--cc=lina+kernel@asahilina.net \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ljs@kernel.org \
--cc=lossin@kernel.org \
--cc=mike@fireburn.co.uk \
--cc=ojeda@kernel.org \
--cc=prafulrai522@gmail.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tmgross@umich.edu \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.