Linux cryptographic layer development
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Thomas Huth <thuth@redhat.com>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support
Date: Mon, 13 Jul 2026 19:37:57 -0400	[thread overview]
Message-ID: <20260713233757.GA24654@quark> (raw)
In-Reply-To: <2bbc6563-3328-4153-97fb-2d0a10ceefaf@redhat.com>

On Thu, Jul 09, 2026 at 03:06:03PM +0200, Thomas Huth wrote:
> On 07/07/2026 07.34, Eric Biggers wrote:
> > Add support for AES-CBC and AES-CBC-CTS to the crypto library.
> > 
> > These will be used to provide streamlined implementations of the
> > "cbc(aes)" and "cts(cbc(aes))" crypto_skcipher algorithms.  Most users
> > of these crypto_skcipher algorithms will also be able to switch to the
> > library, which as usual will be simpler and faster, e.g.:
> > 
> >      - block/blk-crypto-fallback.c (for AES-128-CBC-ESSIV)
> >      - fs/crypto/crypto.c (for AES-128-CBC-ESSIV)
> >      - fs/crypto/fname.c (for AES-256-CTS and AES-128-CBC)
> >      - kernel/bpf/crypto.c
> >      - net/ceph/crypto.c
> >      - security/keys/encrypted-keys/encrypted.c
> > 
> > As usual, the architecture-optimized AES-CBC and AES-CBC-CTS code will
> > be migrated into the library as well (using the hooks provided in this
> > commit), eliminating lots of repetitive boilerplate code.
> > 
> > Initial test coverage is provided by the crypto_skcipher support added
> > in a later commit.  I'm planning a KUnit test suite as well.
> > 
> > Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> > ---
> >   .../crypto/libcrypto-unauth-encryption.rst    |   7 +
> >   include/crypto/aes-cbc.h                      |  77 ++++++++
> >   lib/crypto/Kconfig                            |   6 +
> >   lib/crypto/aes.c                              | 174 ++++++++++++++++++
> >   lib/crypto/tests/Kconfig                      |   1 +
> >   5 files changed, 265 insertions(+)
> >   create mode 100644 include/crypto/aes-cbc.h
> ...
> > +void aes_cbc_cts_decrypt(u8 *dst, const u8 *src, size_t len,
> > +			 u8 iv[AES_BLOCK_SIZE], const struct aes_key *key)
> > +{
> > +	/* Offset to P[n] and C[n] (last plaintext and ciphertext block) */
> > +	size_t pn_offset = round_down(len - 1, AES_BLOCK_SIZE);
> > +	/* Length of P[n] and C[n], 1 <= pn_len <= AES_BLOCK_SIZE */
> > +	size_t pn_len = len - pn_offset;
> > +	u8 *pad;
> > +
> > +	if (WARN_ON_ONCE(len < AES_BLOCK_SIZE))
> > +		return;
> > +
> > +	if (len == AES_BLOCK_SIZE) {
> > +		aes_cbc_decrypt(dst, src, len, iv, key);
> > +		return;
> > +	}
> > +	if (likely(aes_cbc_cts_decrypt_arch(dst, src, len, iv, key)))
> > +		return;
> > +
> > +	/* Compute P[0]..P[n - 2]. */
> > +	aes_cbc_decrypt(dst, src, pn_offset - AES_BLOCK_SIZE, iv, key);
> > +
> > +	/* Compute P[n] and P[n - 1], considering that src may equal dst. */
> > +	pad = &dst[pn_offset - AES_BLOCK_SIZE];
> > +	aes_decrypt(key, pad, &src[pn_offset - AES_BLOCK_SIZE]);
> > +	crypto_xor_cpy(&dst[pn_offset], &src[pn_offset], pad,
> > +		       pn_len); /* P[n] */
> > +	crypto_xor(pad, &dst[pn_offset], pn_len);
> 
> Took me a while to understand why you'd use the above xor instead of a
> memcpy(pad, &src[pn_offset], pn_len) here, but that's because src and dst
> might point to the same buffer, right?
> 
> Anyway, patch looks good to me, so:
> 
> Reviewed-by: Thomas Huth <thuth@redhat.com>

Yes, the write to &dst[pn_offset] can overwrite &src[pn_offset].

- Eric

  reply	other threads:[~2026-07-13 23:37 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07  5:34 [PATCH 00/33] Library APIs for AES encryption modes Eric Biggers
2026-07-07  5:34 ` [PATCH 01/33] crypto: xts - Split out __xts_verify_key() helper Eric Biggers
2026-07-07 13:20   ` Thomas Huth
2026-07-07  5:34 ` [PATCH 02/33] lib/crypto: aes: Add ECB support Eric Biggers
2026-07-07 13:59   ` Thomas Huth
2026-07-07 19:22     ` Eric Biggers
2026-07-08  5:29       ` Thomas Huth
2026-07-07  5:34 ` [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support Eric Biggers
2026-07-09 13:06   ` Thomas Huth
2026-07-13 23:37     ` Eric Biggers [this message]
2026-07-07  5:34 ` [PATCH 04/33] lib/crypto: aes: Add CTR and XCTR support Eric Biggers
2026-07-13  8:39   ` Thomas Huth
2026-07-13 23:54     ` Eric Biggers
2026-07-14  4:53       ` Thomas Huth
2026-07-07  5:34 ` [PATCH 05/33] lib/crypto: aes: Add XTS support Eric Biggers
2026-07-13 12:15   ` Thomas Huth
2026-07-14  0:23     ` Eric Biggers
2026-07-07  5:34 ` [PATCH 06/33] lib/crypto: aes: Add GCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 07/33] lib/crypto: aes: Add CCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 08/33] crypto: aes - Add ECB support using library Eric Biggers
2026-07-07  5:34 ` [PATCH 09/33] crypto: aes - Add CBC and CBC-CTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 10/33] crypto: aes - Add CTR and XCTR " Eric Biggers
2026-07-07  5:34 ` [PATCH 11/33] crypto: aes - Add XTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 12/33] crypto: aes - Add GCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 13/33] crypto: aes - Add CCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 14/33] x86/sev: Use new AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 15/33] lib/crypto: aesgcm: Remove old " Eric Biggers
2026-07-07  5:34 ` [PATCH 16/33] crypto: aes - Remove AES-CBC-MAC support Eric Biggers
2026-07-07  5:34 ` [PATCH 17/33] lib/crypto: aes: Remove aes_cbcmac_* functions Eric Biggers
2026-07-07  5:34 ` [PATCH 18/33] fscrypt: Use aes_ecb_encrypt() for v1 key derivation Eric Biggers
2026-07-07  5:34 ` [PATCH 19/33] KEYS: encrypted: Use AES-CBC library instead of crypto_skcipher Eric Biggers
2026-07-07  5:34 ` [PATCH 20/33] KEYS: trusted: dcp: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07  5:34 ` [PATCH 21/33] libceph: Use AES-CBC library in ceph_aes_crypt() Eric Biggers
2026-07-07  5:34 ` [PATCH 22/33] libceph: Reimplement messenger v2 encryption using AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 23/33] wifi: mac80211: Use AES-CTR library in fils_aead.c Eric Biggers
2026-07-07  5:34 ` [PATCH 24/33] wifi: mac80211: Use AES-GCM library for GMAC suite Eric Biggers
2026-07-07  5:34 ` [PATCH 25/33] wifi: mac80211: Use crypto libraries for GCMP and CCMP suites Eric Biggers
2026-07-07  5:34 ` [PATCH 26/33] macsec: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07  5:34 ` [PATCH 27/33] wifi: ipw2x00: Use AES-CCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 28/33] mac802154: Use AES-CCM and AES-CTR libraries Eric Biggers
2026-07-07  5:34 ` [PATCH 29/33] bpf: crypto: Use AES-CBC and AES-ECB libraries Eric Biggers
2026-07-07 15:01   ` Vadim Fedorenko
2026-07-07 18:20     ` Eric Biggers
2026-07-07 22:50       ` Vadim Fedorenko
2026-07-07 23:16         ` Eric Biggers
2026-07-08 11:47           ` Vadim Fedorenko
2026-07-09 15:47             ` Eric Biggers
2026-07-09 16:46               ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 30/33] bpf: crypto: Add AES-GCM support Eric Biggers
2026-07-07 15:02   ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 31/33] smb: client: Use AES-GCM and AES-CCM libraries Eric Biggers
2026-07-07  5:35 ` [PATCH 32/33] ksmbd: " Eric Biggers
2026-07-07 10:51   ` Namjae Jeon
2026-07-07  5:35 ` [PATCH 33/33] net: tipc: Use AES-GCM library instead of crypto_aead Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260713233757.GA24654@quark \
    --to=ebiggers@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox