40
40
#define AESNI_ALIGN 16
41
41
#define AESNI_ALIGN_ATTR __attribute__ ((__aligned__(AESNI_ALIGN)))
42
42
#define AES_BLOCK_MASK (~(AES_BLOCK_SIZE - 1))
43
- #define RFC4106_HASH_SUBKEY_SIZE 16
44
43
#define AESNI_ALIGN_EXTRA ((AESNI_ALIGN - 1) & ~(CRYPTO_MINALIGN - 1))
45
44
#define CRYPTO_AES_CTX_SIZE (sizeof(struct crypto_aes_ctx) + AESNI_ALIGN_EXTRA)
46
45
#define XTS_AES_CTX_SIZE (sizeof(struct aesni_xts_ctx) + AESNI_ALIGN_EXTRA)
@@ -590,23 +589,12 @@ static int xctr_crypt(struct skcipher_request *req)
590
589
return err ;
591
590
}
592
591
593
- static int
594
- rfc4106_set_hash_subkey ( u8 * hash_subkey , const u8 * key , unsigned int key_len )
592
+ static int aes_gcm_derive_hash_subkey ( const struct crypto_aes_ctx * aes_key ,
593
+ u8 hash_subkey [ AES_BLOCK_SIZE ] )
595
594
{
596
- struct crypto_aes_ctx ctx ;
597
- int ret ;
595
+ static const u8 zeroes [AES_BLOCK_SIZE ];
598
596
599
- ret = aes_expandkey (& ctx , key , key_len );
600
- if (ret )
601
- return ret ;
602
-
603
- /* Clear the data in the hash sub key container to zero.*/
604
- /* We want to cipher all zeros to create the hash sub key. */
605
- memset (hash_subkey , 0 , RFC4106_HASH_SUBKEY_SIZE );
606
-
607
- aes_encrypt (& ctx , hash_subkey , hash_subkey );
608
-
609
- memzero_explicit (& ctx , sizeof (ctx ));
597
+ aes_encrypt (aes_key , hash_subkey , zeroes );
610
598
return 0 ;
611
599
}
612
600
@@ -624,7 +612,8 @@ static int common_rfc4106_set_key(struct crypto_aead *aead, const u8 *key,
624
612
memcpy (ctx -> nonce , key + key_len , sizeof (ctx -> nonce ));
625
613
626
614
return aes_set_key_common (& ctx -> aes_key_expanded , key , key_len ) ?:
627
- rfc4106_set_hash_subkey (ctx -> hash_subkey , key , key_len );
615
+ aes_gcm_derive_hash_subkey (& ctx -> aes_key_expanded ,
616
+ ctx -> hash_subkey );
628
617
}
629
618
630
619
/* This is the Integrity Check Value (aka the authentication tag) length and can
@@ -1327,7 +1316,8 @@ static int generic_gcmaes_set_key(struct crypto_aead *aead, const u8 *key,
1327
1316
struct generic_gcmaes_ctx * ctx = generic_gcmaes_ctx_get (aead );
1328
1317
1329
1318
return aes_set_key_common (& ctx -> aes_key_expanded , key , key_len ) ?:
1330
- rfc4106_set_hash_subkey (ctx -> hash_subkey , key , key_len );
1319
+ aes_gcm_derive_hash_subkey (& ctx -> aes_key_expanded ,
1320
+ ctx -> hash_subkey );
1331
1321
}
1332
1322
1333
1323
static int generic_gcmaes_encrypt (struct aead_request * req )
0 commit comments