diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2026-02-18 13:34:48 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@kernel.org> | 2026-03-09 13:27:20 -0700 |
| commit | 7137cbf2b5c9feb6302d6da116eab2047c5f05d2 (patch) | |
| tree | da70e02b140b63ab82f90c0f393077b4713cce30 /crypto/Kconfig | |
| parent | 309a7e514da7d53e05b5d053594f6aabb0d382b5 (diff) | |
crypto: aes - Add cmac, xcbc, and cbcmac algorithms using library
Update the "aes" module to implement "cmac(aes)", "xcbc(aes)", and
"cbcmac(aes)" algorithms using the corresponding library functions, and
register these with the crypto_shash API. Each algorithm is included
only if the corresponding existing kconfig option is enabled.
This allows the architecture-optimized implementations of these
algorithms to continue to be accessible via the crypto_shash API once
they are migrated into the library.
For "xcbc(aes)", I also fixed the bug where AES key lengths other than
128 bits were allowed, so that this bug didn't have to be implemented in
the library. The AES-XCBC-MAC specification (RFC 3566) is clear that
key lengths other than 128 bits MUST NOT be supported. AES-XCBC-MAC
derives a 128-bit subkey internally, so the nonstandard support for
longer AES keys didn't really work: AES-128 was still used internally.
In the unlikely event that someone is actually relying on the broken and
nonstandard support for longer AES-XCBC-MAC keys, we can fairly easily
reintroduce it. But it seems unnecessary: the only user of "xcbc(aes)"
seems to be IPsec, which uses 128-bit keys with it.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20260218213501.136844-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Diffstat (limited to 'crypto/Kconfig')
| -rw-r--r-- | crypto/Kconfig | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index b4bb85e8e226..c977d40f906d 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -361,6 +361,8 @@ config CRYPTO_AES tristate "AES (Advanced Encryption Standard)" select CRYPTO_ALGAPI select CRYPTO_LIB_AES + select CRYPTO_LIB_AES_CBC_MACS if CRYPTO_CMAC || CRYPTO_XCBC || CRYPTO_CCM + select CRYPTO_HASH if CRYPTO_CMAC || CRYPTO_XCBC || CRYPTO_CCM help AES cipher algorithms (Rijndael)(FIPS-197, ISO/IEC 18033-3) |
