From patchwork Fri Oct 6 15:51:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Izard X-Patchwork-Id: 9989827 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 585CA6020F for ; Fri, 6 Oct 2017 15:53:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4469728DE0 for ; Fri, 6 Oct 2017 15:53:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3963128E08; Fri, 6 Oct 2017 15:53:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E49B028DFE for ; Fri, 6 Oct 2017 15:53:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=VO7z2GHalqMHzoH9GnaQ0W856RzNLK+3mIWRlqE48GU=; b=tst bLzN+js07MNj3V6Wfcf0/GVRlThZXiRwaa3/46U5EzxBYMguk3MhsfvkGr6Bu/b0CaGUve8RboG39 DXdrsogoWqJq2hYnt62pL4CcWtw5LarniDj7ZbtBeGcrf7WsuCPELHR1o+xyUOr2HhDK/IhBsFlBr LypBNYqbHHypH2FIUbu8v+mRNHYnCWgqpml/g7vDuWsQ/Xd5d/KZhU5nWjt4MgX3RzJDyQnw3Ehm3 7r1sx+OkeWhWJK/2QydSnTZij093wZCfGbflrzAPfUWh+YpdrqV+pqhU7LpF5p2iXm87+LlVmnRX2 EaXVP/BVIHOpXGs/SKstwtCkT9bIHJg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e0Uve-0007gI-Fi; Fri, 06 Oct 2017 15:52:46 +0000 Received: from mail-wr0-f193.google.com ([209.85.128.193]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e0Uua-0006fT-Nd; Fri, 06 Oct 2017 15:52:20 +0000 Received: by mail-wr0-f193.google.com with SMTP id l10so3211154wre.3; Fri, 06 Oct 2017 08:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=LptMXKGnFRpJE9xdmJKPhvfKBrLAFDMNW+WmGasfek4=; b=JTg7QXz0Yq6pIm8vmPr7T3VsOm9Prg/OLCyAkey2R4MMoWT/lFrSkEx84cKhXFrcKd I47VUrfTTNmkxbZL41YB4272RpCl9qzMMSj3bgoAX6CXWzzgNfsOFX/h8wbqa95SH+kx W4Zi5TnqPkZd/KKVjCdyy/0755LK9j4ArWkMqHwaBYW9ettjC019Z9wMzXEJehWV3X3H g2SzmbdGXohIJP5Smf2yxk3RrMoftq89XOENqarUI9K9YlDmD7xLQrXoE0YanxbRW6th xwQCIVh13SxQvZKoY/knJfw1a4T13e7PJ9aJD5AGJ/TOPEkEcuaeLOBrLw9SW239nkXe VjSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=LptMXKGnFRpJE9xdmJKPhvfKBrLAFDMNW+WmGasfek4=; b=GgRQJFrYfil67htmJyz9YQhY1TzBJYb1vmWLaOHFU9GrCj2NV5/GKkfVjXW13TA+Ru bPDekKE7ltw2BJogcNOYPjM76H9ZbAAC2iadOjHMiti1HHlYGD8kZ4pHOt4l24JrsgY8 w46fZm5dVrKeuX3uCxCJrQV0mIRy92bI/0fdgQ2MAR2CAFtEkiQf9ACj+1GraYrqxnOM ESMoUDmddo8jXnGOcIcA66+rTCBUTXAlysoWfsjKAr7u1R3tep5S9hnOVgUpm7yDmr9S oXPvTh+Wx0J5IqD0WttV7JJcCQ7jw3x2zdVzAPEwrrX8rvo7/4TCltFxbDKGy2zvc/yA agFw== X-Gm-Message-State: AMCzsaXkZsTsY7+FBSzHAV0z087GPLR/CR6AJ413TuFsZQ3pDRdBkDwr XztKf/VKmS9QzvjZ3nfBn+bfuQ== X-Google-Smtp-Source: AOwi7QApGh/eHVVCpVGakGUgYiIdAJ7ksXZyiNosVETF+DVdT7UO8CAfhzf4NMVYjaBmkBlvtiUuOg== X-Received: by 10.223.151.51 with SMTP id r48mr2519617wrb.164.1507305077921; Fri, 06 Oct 2017 08:51:17 -0700 (PDT) Received: from localhost.localdomain (146.187.3.109.rev.sfr.net. [109.3.187.146]) by smtp.gmail.com with ESMTPSA id a34sm4626961wra.64.2017.10.06.08.51.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Oct 2017 08:51:17 -0700 (PDT) From: Romain Izard To: Herbert Xu , "David S . Miller" Subject: [PATCH] crypto: atmel-aes - properly set IV after {en,de}crypt Date: Fri, 6 Oct 2017 17:51:08 +0200 Message-Id: <20171006155108.6581-1-romain.izard.pro@gmail.com> X-Mailer: git-send-email 2.11.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171006_085141_545662_075BFCF5 X-CRM114-Status: GOOD ( 11.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Gstir , Richard Weinberger , linux-kernel@vger.kernel.org, Cyrille Pitchen , linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, Nicolas Feignon , Romain Izard , linux-arm-kernel@lists.infradead.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Certain cipher modes like CTS expect the IV (req->info) of ablkcipher_request (or equivalently req->iv of skcipher_request) to contain the last ciphertext block when the {en,de}crypt operation is done. Fix this issue for the Atmel AES hardware engine. The tcrypt test case for cts(cbc(aes)) is now correctly passed. To handle the case of in-place decryption, copy the ciphertext in an intermediate buffer before decryption. Signed-off-by: Romain Izard --- drivers/crypto/atmel-aes.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 29e20c37f3a6..f22300babb45 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -156,6 +156,7 @@ struct atmel_aes_authenc_ctx { struct atmel_aes_reqctx { unsigned long mode; + u8 *backup_info; }; #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC @@ -496,6 +497,12 @@ static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err); static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) { + struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq); + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req); + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + bool enc = atmel_aes_is_encrypt(dd); + #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC atmel_aes_authenc_complete(dd, err); #endif @@ -503,6 +510,15 @@ static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) clk_disable(dd->iclk); dd->flags &= ~AES_FLAGS_BUSY; + if (enc) { + scatterwalk_map_and_copy(req->info, req->dst, + req->nbytes - ivsize, ivsize, 0); + } else if (rctx->backup_info) { + memcpy(req->info, rctx->backup_info, ivsize); + kfree(rctx->backup_info); + rctx->backup_info = NULL; + } + if (dd->is_async) dd->areq->complete(dd->areq, err); @@ -959,13 +975,25 @@ static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd) static int atmel_aes_start(struct atmel_aes_dev *dd) { struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq); + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req); + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + bool enc = atmel_aes_is_encrypt(dd); bool use_dma = (req->nbytes >= ATMEL_AES_DMA_THRESHOLD || dd->ctx->block_size != AES_BLOCK_SIZE); int err; atmel_aes_set_mode(dd, rctx); + if (!enc) { + rctx->backup_info = kzalloc(ivsize, GFP_KERNEL); + if (rctx->backup_info == NULL) + return atmel_aes_complete(dd, -ENOMEM); + + scatterwalk_map_and_copy(rctx->backup_info, req->src, + (req->nbytes - ivsize), ivsize, 0); + } + err = atmel_aes_hw_init(dd); if (err) return atmel_aes_complete(dd, err);