[PATCH v4 1/8] crypto: x86/glue_helper: Add function glue macros

From: Kees Cook
Date: Mon Nov 11 2019 - 16:46:35 EST


The crypto glue performed function prototype casting to make indirect
calls to assembly routines. Instead of performing casts at the call
sites (which trips Control Flow Integrity prototype checking), create a
set of macros to either declare the prototypes to avoid the need for
casts, or build inline helpers to allow for various aliased functions.

Co-developed-by: JoÃo Moreira <joao.moreira@xxxxxxxxxxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
arch/x86/include/asm/crypto/glue_helper.h | 24 +++++++++++++++++++++++
1 file changed, 24 insertions(+)

diff --git a/arch/x86/include/asm/crypto/glue_helper.h b/arch/x86/include/asm/crypto/glue_helper.h
index 8d4a8e1226ee..2fa4968ab8e2 100644
--- a/arch/x86/include/asm/crypto/glue_helper.h
+++ b/arch/x86/include/asm/crypto/glue_helper.h
@@ -23,6 +23,30 @@ typedef void (*common_glue_xts_func_t)(void *ctx, u128 *dst, const u128 *src,
#define GLUE_CTR_FUNC_CAST(fn) ((common_glue_ctr_func_t)(fn))
#define GLUE_XTS_FUNC_CAST(fn) ((common_glue_xts_func_t)(fn))

+#define CRYPTO_FUNC(func) \
+asmlinkage void func(void *ctx, u8 *dst, const u8 *src)
+
+#define CRYPTO_FUNC_CBC(func) \
+asmlinkage void func(void *ctx, u128 *dst, const u128 *src)
+
+#define CRYPTO_FUNC_WRAP_CBC(func) \
+static inline void func ## _cbc(void *ctx, u128 *dst, const u128 *src) \
+{ func(ctx, (u8 *)dst, (u8 *)src); }
+
+#define CRYPTO_FUNC_CTR(func) \
+asmlinkage void func(void *ctx, u128 *dst, const u128 *src, le128 *iv);
+
+#define CRYPTO_FUNC_XTS(func) CRYPTO_FUNC_CTR(func)
+
+#define CRYPTO_FUNC_XOR(func) \
+asmlinkage void __ ## func(void *ctx, u8 *dst, const u8 *src, bool y); \
+asmlinkage static inline \
+void func(void *ctx, u8 *dst, const u8 *src) \
+{ __ ## func(ctx, dst, src, false); } \
+asmlinkage static inline \
+void func ## _xor(void *ctx, u8 *dst, const u8 *src) \
+{ __ ## func(ctx, dst, src, true); }
+
struct common_glue_func_entry {
unsigned int num_blocks; /* number of blocks that @fn will process */
union {
--
2.17.1