The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 17/33] lib/crypto: aes: Remove aes_cbcmac_* functions
Date: Mon,  6 Jul 2026 22:34:47 -0700	[thread overview]
Message-ID: <20260707053503.209874-18-ebiggers@kernel.org> (raw)
In-Reply-To: <20260707053503.209874-1-ebiggers@kernel.org>

The aes_cbcmac_* functions are no longer used, except by their KUnit
test, since their functionality was folded directly into the AES-CCM
library code.  Remove them.

Note that the aes_cmac_* and aes_xcbcmac_* functions remain unchanged.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 include/crypto/aes-cbc-macs.h         | 22 +--------
 lib/crypto/aes.c                      | 43 -----------------
 lib/crypto/tests/aes_cbc_macs_kunit.c | 68 +--------------------------
 3 files changed, 2 insertions(+), 131 deletions(-)

diff --git a/include/crypto/aes-cbc-macs.h b/include/crypto/aes-cbc-macs.h
index e61df108b926..95bbb8603420 100644
--- a/include/crypto/aes-cbc-macs.h
+++ b/include/crypto/aes-cbc-macs.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 /*
- * Support for AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC
+ * Support for AES-CMAC and AES-XCBC-MAC
  *
  * Copyright 2026 Google LLC
  */
@@ -131,24 +131,4 @@ static inline void aes_cmac(const struct aes_cmac_key *key, const u8 *data,
 	aes_cmac_final(&ctx, out);
 }
 
-/*
- * AES-CBC-MAC support.  This is provided only for use by the implementation of
- * AES-CCM.  It should have no other users.  Warning: unlike AES-CMAC and
- * AES-XCBC-MAC, AES-CBC-MAC isn't a secure MAC for variable-length messages.
- */
-struct aes_cbcmac_ctx {
-	const struct aes_enckey *key;
-	size_t partial_len;
-	u8 h[AES_BLOCK_SIZE];
-};
-static inline void aes_cbcmac_init(struct aes_cbcmac_ctx *ctx,
-				   const struct aes_enckey *key)
-{
-	*ctx = (struct aes_cbcmac_ctx){ .key = key };
-}
-void aes_cbcmac_update(struct aes_cbcmac_ctx *ctx, const u8 *data,
-		       size_t data_len);
-void aes_cbcmac_final(struct aes_cbcmac_ctx *ctx,
-		      u8 out[at_least AES_BLOCK_SIZE]);
-
 #endif /* _CRYPTO_AES_CBC_MACS_H */
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index 1a1b32e41ac1..aeefd55eacaa 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -674,49 +674,6 @@ void aes_cmac_final(struct aes_cmac_ctx *ctx, u8 out[AES_BLOCK_SIZE])
 }
 EXPORT_SYMBOL_GPL(aes_cmac_final);
 
-void aes_cbcmac_update(struct aes_cbcmac_ctx *ctx, const u8 *data,
-		       size_t data_len)
-{
-	bool enc_before = false;
-	size_t nblocks;
-
-	if (ctx->partial_len) {
-		size_t l = min(data_len, AES_BLOCK_SIZE - ctx->partial_len);
-
-		crypto_xor(&ctx->h[ctx->partial_len], data, l);
-		data += l;
-		data_len -= l;
-		ctx->partial_len += l;
-		if (ctx->partial_len < AES_BLOCK_SIZE)
-			return;
-		enc_before = true;
-	}
-
-	nblocks = data_len / AES_BLOCK_SIZE;
-	data_len %= AES_BLOCK_SIZE;
-	if (nblocks == 0) {
-		if (enc_before)
-			aes_encrypt(ctx->key, ctx->h, ctx->h);
-	} else {
-		aes_cbcmac_blocks(ctx->h, ctx->key, data, nblocks, enc_before,
-				  /* enc_after= */ true);
-		data += nblocks * AES_BLOCK_SIZE;
-	}
-	crypto_xor(ctx->h, data, data_len);
-	ctx->partial_len = data_len;
-}
-EXPORT_SYMBOL_NS_GPL(aes_cbcmac_update, "CRYPTO_INTERNAL");
-
-void aes_cbcmac_final(struct aes_cbcmac_ctx *ctx, u8 out[AES_BLOCK_SIZE])
-{
-	if (ctx->partial_len)
-		aes_encrypt(ctx->key, out, ctx->h);
-	else
-		memcpy(out, ctx->h, AES_BLOCK_SIZE);
-	memzero_explicit(ctx, sizeof(*ctx));
-}
-EXPORT_SYMBOL_NS_GPL(aes_cbcmac_final, "CRYPTO_INTERNAL");
-
 /*
  * FIPS cryptographic algorithm self-test for AES-CMAC.  As per the FIPS 140-3
  * Implementation Guidance, a cryptographic algorithm self-test for at least one
diff --git a/lib/crypto/tests/aes_cbc_macs_kunit.c b/lib/crypto/tests/aes_cbc_macs_kunit.c
index ae3745212f03..97a4594895c2 100644
--- a/lib/crypto/tests/aes_cbc_macs_kunit.c
+++ b/lib/crypto/tests/aes_cbc_macs_kunit.c
@@ -141,75 +141,10 @@ static void test_aes_xcbcmac_rfc3566(struct kunit *test)
 	KUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac, AES_BLOCK_SIZE);
 }
 
-static void test_aes_cbcmac_rfc3610(struct kunit *test)
-{
-	/*
-	 * The following AES-CBC-MAC test vector is extracted from RFC 3610
-	 * Packet Vector #11.  It required some rearrangement to get the actual
-	 * input to AES-CBC-MAC from the values given.
-	 */
-	static const u8 raw_key[AES_KEYSIZE_128] = {
-		0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-		0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-	};
-	const size_t unpadded_data_len = 52;
-	static const u8 data[64] = {
-		/* clang-format off */
-		/* CCM header */
-		0x61, 0x00, 0x00, 0x00, 0x0d, 0x0c, 0x0b, 0x0a,
-		0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x14,
-		/* CCM additional authentication blocks */
-		0x00, 0x0c, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
-		0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x00, 0x00,
-		/* CCM message blocks */
-		0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
-		0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
-		0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		/* clang-format on */
-	};
-	static const u8 expected_mac[AES_BLOCK_SIZE] = {
-		0x6b, 0x5e, 0x24, 0x34, 0x12, 0xcc, 0xc2, 0xad,
-		0x6f, 0x1b, 0x11, 0xc3, 0xa1, 0xa9, 0xd8, 0xbc,
-	};
-	struct aes_enckey key;
-	struct aes_cbcmac_ctx ctx;
-	u8 actual_mac[AES_BLOCK_SIZE];
-	int err;
-
-	err = aes_prepareenckey(&key, raw_key, sizeof(raw_key));
-	KUNIT_ASSERT_EQ(test, err, 0);
-
-	/*
-	 * Trailing zeroes should not affect the CBC-MAC value, up to the next
-	 * AES block boundary.
-	 */
-	for (size_t data_len = unpadded_data_len; data_len <= sizeof(data);
-	     data_len++) {
-		aes_cbcmac_init(&ctx, &key);
-		aes_cbcmac_update(&ctx, data, data_len);
-		aes_cbcmac_final(&ctx, actual_mac);
-		KUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac,
-				   AES_BLOCK_SIZE);
-
-		/* Incremental computations should produce the same result. */
-		for (size_t part1_len = 0; part1_len <= data_len; part1_len++) {
-			aes_cbcmac_init(&ctx, &key);
-			aes_cbcmac_update(&ctx, data, part1_len);
-			aes_cbcmac_update(&ctx, &data[part1_len],
-					  data_len - part1_len);
-			aes_cbcmac_final(&ctx, actual_mac);
-			KUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac,
-					   AES_BLOCK_SIZE);
-		}
-	}
-}
-
 static struct kunit_case aes_cbc_macs_test_cases[] = {
 	HASH_KUNIT_CASES,
 	KUNIT_CASE(test_aes_cmac_rfc4493),
 	KUNIT_CASE(test_aes_xcbcmac_rfc3566),
-	KUNIT_CASE(test_aes_cbcmac_rfc3610),
 	KUNIT_CASE(benchmark_hash),
 	{},
 };
@@ -222,7 +157,6 @@ static struct kunit_suite aes_cbc_macs_test_suite = {
 };
 kunit_test_suite(aes_cbc_macs_test_suite);
 
-MODULE_DESCRIPTION(
-	"KUnit tests and benchmark for AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC");
+MODULE_DESCRIPTION("KUnit tests and benchmark for AES-CMAC and AES-XCBC-MAC");
 MODULE_IMPORT_NS("CRYPTO_INTERNAL");
 MODULE_LICENSE("GPL");
-- 
2.54.0


  parent reply	other threads:[~2026-07-07  5:37 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-07  5:34 [PATCH 00/33] Library APIs for AES encryption modes Eric Biggers
2026-07-07  5:34 ` [PATCH 01/33] crypto: xts - Split out __xts_verify_key() helper Eric Biggers
2026-07-07 13:20   ` Thomas Huth
2026-07-07  5:34 ` [PATCH 02/33] lib/crypto: aes: Add ECB support Eric Biggers
2026-07-07 13:59   ` Thomas Huth
2026-07-07 19:22     ` Eric Biggers
2026-07-08  5:29       ` Thomas Huth
2026-07-07  5:34 ` [PATCH 03/33] lib/crypto: aes: Add CBC and CBC-CTS support Eric Biggers
2026-07-07  5:34 ` [PATCH 04/33] lib/crypto: aes: Add CTR and XCTR support Eric Biggers
2026-07-07  5:34 ` [PATCH 05/33] lib/crypto: aes: Add XTS support Eric Biggers
2026-07-07  5:34 ` [PATCH 06/33] lib/crypto: aes: Add GCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 07/33] lib/crypto: aes: Add CCM support Eric Biggers
2026-07-07  5:34 ` [PATCH 08/33] crypto: aes - Add ECB support using library Eric Biggers
2026-07-07  5:34 ` [PATCH 09/33] crypto: aes - Add CBC and CBC-CTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 10/33] crypto: aes - Add CTR and XCTR " Eric Biggers
2026-07-07  5:34 ` [PATCH 11/33] crypto: aes - Add XTS " Eric Biggers
2026-07-07  5:34 ` [PATCH 12/33] crypto: aes - Add GCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 13/33] crypto: aes - Add CCM " Eric Biggers
2026-07-07  5:34 ` [PATCH 14/33] x86/sev: Use new AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 15/33] lib/crypto: aesgcm: Remove old " Eric Biggers
2026-07-07  5:34 ` [PATCH 16/33] crypto: aes - Remove AES-CBC-MAC support Eric Biggers
2026-07-07  5:34 ` Eric Biggers [this message]
2026-07-07  5:34 ` [PATCH 18/33] fscrypt: Use aes_ecb_encrypt() for v1 key derivation Eric Biggers
2026-07-07  5:34 ` [PATCH 19/33] KEYS: encrypted: Use AES-CBC library instead of crypto_skcipher Eric Biggers
2026-07-07  5:34 ` [PATCH 20/33] KEYS: trusted: dcp: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07  5:34 ` [PATCH 21/33] libceph: Use AES-CBC library in ceph_aes_crypt() Eric Biggers
2026-07-07  5:34 ` [PATCH 22/33] libceph: Reimplement messenger v2 encryption using AES-GCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 23/33] wifi: mac80211: Use AES-CTR library in fils_aead.c Eric Biggers
2026-07-07  5:34 ` [PATCH 24/33] wifi: mac80211: Use AES-GCM library for GMAC suite Eric Biggers
2026-07-07  5:34 ` [PATCH 25/33] wifi: mac80211: Use crypto libraries for GCMP and CCMP suites Eric Biggers
2026-07-07  5:34 ` [PATCH 26/33] macsec: Use AES-GCM library instead of crypto_aead Eric Biggers
2026-07-07  5:34 ` [PATCH 27/33] wifi: ipw2x00: Use AES-CCM library Eric Biggers
2026-07-07  5:34 ` [PATCH 28/33] mac802154: Use AES-CCM and AES-CTR libraries Eric Biggers
2026-07-07  5:34 ` [PATCH 29/33] bpf: crypto: Use AES-CBC and AES-ECB libraries Eric Biggers
2026-07-07 15:01   ` Vadim Fedorenko
2026-07-07 18:20     ` Eric Biggers
2026-07-07 22:50       ` Vadim Fedorenko
2026-07-07 23:16         ` Eric Biggers
2026-07-08 11:47           ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 30/33] bpf: crypto: Add AES-GCM support Eric Biggers
2026-07-07 15:02   ` Vadim Fedorenko
2026-07-07  5:35 ` [PATCH 31/33] smb: client: Use AES-GCM and AES-CCM libraries Eric Biggers
2026-07-07  5:35 ` [PATCH 32/33] ksmbd: " Eric Biggers
2026-07-07 10:51   ` Namjae Jeon
2026-07-07  5:35 ` [PATCH 33/33] net: tipc: Use AES-GCM library instead of crypto_aead Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260707053503.209874-18-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox