git.ipfire.org Git - thirdparty/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Wed, 18 Feb 2026 21:34:48 +0000 (13:34 -0800)
committer	Eric Biggers <ebiggers@kernel.org>
	Mon, 9 Mar 2026 20:27:20 +0000 (13:27 -0700)
commit	7137cbf2b5c9feb6302d6da116eab2047c5f05d2
tree	da70e02b140b63ab82f90c0f393077b4713cce30	tree \| snapshot
parent	309a7e514da7d53e05b5d053594f6aabb0d382b5	commit \| diff

crypto: aes - Add cmac, xcbc, and cbcmac algorithms using library

Update the "aes" module to implement "cmac(aes)", "xcbc(aes)", and
"cbcmac(aes)" algorithms using the corresponding library functions, and
register these with the crypto_shash API.  Each algorithm is included
only if the corresponding existing kconfig option is enabled.

This allows the architecture-optimized implementations of these
algorithms to continue to be accessible via the crypto_shash API once
they are migrated into the library.

For "xcbc(aes)", I also fixed the bug where AES key lengths other than
128 bits were allowed, so that this bug didn't have to be implemented in
the library.  The AES-XCBC-MAC specification (RFC 3566) is clear that
key lengths other than 128 bits MUST NOT be supported.  AES-XCBC-MAC
derives a 128-bit subkey internally, so the nonstandard support for
longer AES keys didn't really work: AES-128 was still used internally.

In the unlikely event that someone is actually relying on the broken and
nonstandard support for longer AES-XCBC-MAC keys, we can fairly easily
reintroduce it.  But it seems unnecessary: the only user of "xcbc(aes)"
seems to be IPsec, which uses 128-bit keys with it.

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260218213501.136844-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>

crypto/Kconfig		diff \| blob \| blame \| history
crypto/aes.c		diff \| blob \| blame \| history
crypto/testmgr.c		diff \| blob \| blame \| history
drivers/crypto/starfive/jh7110-aes.c		diff \| blob \| blame \| history