From a3d7a69086624c9b81c3dcdaf26ff71e50f9ebb5 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 4 Dec 2011 12:53:18 +0100 Subject: [PATCH] When inplace encryption is required then enforce it rather than doing a low-performance emulation. --- .gitignore | 21 ++++++++++--------- authenc.c | 59 ++++++++++-------------------------------------------- crypto/cryptodev.h | 2 ++ 3 files changed, 24 insertions(+), 58 deletions(-) diff --git a/.gitignore b/.gitignore index 247b562..b551391 100644 --- a/.gitignore +++ b/.gitignore @@ -7,16 +7,17 @@ Module.symvers *.o *.mod.c modules.order -examples/async_cipher -examples/async_hmac -examples/async_speed -examples/cipher -examples/hmac -examples/speed -examples/sha_speed -examples/hashcrypt_speed +tests/async_cipher +tests/async_hmac +tests/async_speed +tests/cipher +tests/hmac +tests/speed +tests/sha_speed +tests/hashcrypt_speed releases scripts version.h -examples/cipher-aead -examples/fullspeed +tests/cipher-aead +tests/fullspeed +examples/aes diff --git a/authenc.c b/authenc.c index 9848e06..b41c1f8 100644 --- a/authenc.c +++ b/authenc.c @@ -223,46 +223,11 @@ static int get_userbuf_srtp(struct csession *ses, struct kernel_crypt_auth_op *k return 0; } -/* XXX: inefficient. We could use the getuserbuf, but don't bother - * for now. - */ -int copy_from_user_to_user( void* __user dst, void* __user src, int len) -{ -uint8_t *buffer; -int buffer_size = min(len, 16*1024); -int rc; - - if (len > buffer_size) { - dprintk(1, KERN_ERR, - "The provided buffer is too large\n"); - return -EINVAL; - } - - buffer = kmalloc(buffer_size, GFP_KERNEL); - if (buffer == NULL) - return -ENOMEM; - - if (unlikely(copy_from_user(buffer, src, len))) { - rc = -EFAULT; - goto out; - } - - if (unlikely(copy_to_user(dst, buffer, len))) { - rc = -EFAULT; - goto out; - } - - rc = 0; -out: - kfree(buffer); - return rc; -} - static int fill_kcaop_from_caop(struct kernel_crypt_auth_op *kcaop, struct fcrypt *fcr) { struct crypt_auth_op *caop = &kcaop->caop; struct csession *ses_ptr; - int rc; + int ret; /* this also enters ses_ptr->sem */ ses_ptr = crypto_get_session_by_sid(fcr, caop->ses); @@ -273,12 +238,10 @@ static int fill_kcaop_from_caop(struct kernel_crypt_auth_op *kcaop, struct fcryp if (caop->flags & COP_FLAG_AEAD_TLS_TYPE || caop->flags & COP_FLAG_AEAD_SRTP_TYPE) { if (caop->src != caop->dst) { - dprintk(2, KERN_ERR, - "Non-inplace encryption and decryption is not efficient\n"); - - rc = copy_from_user_to_user( caop->dst, caop->src, caop->len); - if (rc < 0) - goto out_unlock; + dprintk(1, KERN_ERR, + "Non-inplace encryption and decryption is not efficient and not implemented\n"); + ret = -EINVAL; + goto out_unlock; } } @@ -296,21 +259,21 @@ static int fill_kcaop_from_caop(struct kernel_crypt_auth_op *kcaop, struct fcryp kcaop->mm = current->mm; if (caop->iv) { - rc = copy_from_user(kcaop->iv, caop->iv, kcaop->ivlen); - if (unlikely(rc)) { + ret = copy_from_user(kcaop->iv, caop->iv, kcaop->ivlen); + if (unlikely(ret)) { dprintk(1, KERN_ERR, "error copying IV (%d bytes), copy_from_user returned %d for address %lx\n", - kcaop->ivlen, rc, (unsigned long)caop->iv); - rc = -EFAULT; + kcaop->ivlen, ret, (unsigned long)caop->iv); + ret = -EFAULT; goto out_unlock; } } - rc = 0; + ret = 0; out_unlock: crypto_put_session(ses_ptr); - return rc; + return ret; } diff --git a/crypto/cryptodev.h b/crypto/cryptodev.h index 444066a..c3de78a 100644 --- a/crypto/cryptodev.h +++ b/crypto/cryptodev.h @@ -172,6 +172,8 @@ struct crypt_auth_op { * at least a size of len + tag_size + blocksize. * tag_size: the size of the desired authentication tag or zero to use * the default mac output. + * + * Note that the padding used is the minimum padding. */ /* In SRTP mode the following are required: -- 2.11.4.GIT