From patchwork Tue Oct 31 15:25:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Romain Izard X-Patchwork-Id: 10034769 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0B4B7602B9 for ; Tue, 31 Oct 2017 15:26:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EF67F28B89 for ; Tue, 31 Oct 2017 15:26:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E464628ABC; Tue, 31 Oct 2017 15:26:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 69E4D28630 for ; Tue, 31 Oct 2017 15:26:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=bNV1aQ9iIIDJ3PszTSrvANCbUzcdm/YXZMraLlsN9Fk=; b=dsBqZOonPe0jDYi8NqKyxt+PjP zaZHl6pyl9LneAFJ7NGL2MYAqR7b6xqkSw1fgGjgPPFjXsZdBSyIoZ4nV784iKgAayumExcb+0hEf 6PQ+0b8PQvNZZ/ftn/A/bpiVwX1Rytco4Y/XN+kDZ/TkNxEa3/UqXR5VEDz14OR7+0Kyc6EmDCxY1 N0C2p2vCNkmq0LJ1NCbIEWp6HlWNr0QzJVhXj6UM+I+op8V9jW/si4Pd3F2cqhHB0x9WYsPUZSYBP RzW2MsBkOCAodsxlnNs+dTk4xK3D3QwgdVAPelNtVoWdh/udk3WmEzZJcqg4LJMh8V1j5wrvtPzlm 3MbfwvqA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e9YRE-0005wH-LL; Tue, 31 Oct 2017 15:26:48 +0000 Received: from mail-wr0-x241.google.com ([2a00:1450:400c:c0c::241]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e9YQl-0005Tr-Hg for linux-arm-kernel@lists.infradead.org; Tue, 31 Oct 2017 15:26:21 +0000 Received: by mail-wr0-x241.google.com with SMTP id u40so16275862wrf.10 for ; Tue, 31 Oct 2017 08:25:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QfK7LPC8onZKGEPxs9yCTWg+lLSLFxga5NdpPLx/DtM=; b=hnOtszsqf/5BgfK13FXEEiJvq1Cpt1WveCLzzDmwdnW/cosL0rhNAVtz9CR/zxHgcM mymwFYSfDVpyXIeaSH5QAvVI3jj543uKQjglcMb7YB29IGLYL79PU2008sscwcWKkhBx z8nn/NwRYxUPy/0GYUVDDAV525PCJ2s8qD5DpKB0SwM91IAYCFevI7xSo94l9ApWMQI/ o6QAfwywzAkQgLMkTs1i5pBH7jdEh6MduXNyuFKyPsd7fagg8McaqjQyzmRQWCLXkwcl Bi8dXRdtRiFB3jDDVcAEsbDlbESuUG8HzzrL0Xb3u5b86pyqbSN6IziOdh8MLAIw+qLW CXiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QfK7LPC8onZKGEPxs9yCTWg+lLSLFxga5NdpPLx/DtM=; b=lEVN9WdepgB517Fmln8PMPzh2NxpM9bYhv8G4c2SPL/zhn74+dhExJtIpwqarY39oY VugAVSZYGWcNQh50fyjcFi9F3fPmb9eDf/9ap1QtBxp2UG6IBbhyFdlYXXJ61rqfkTO2 XB4VPoIow9feQImmnZ9hTuapp5UDGMfoM1sLaGUPFbknliefrFKvoIgiCgWD8rwIMlY3 bNGer7Ury/C13cUTSc7QPYzkJmSI5jlPBQQFnL6tEuBFzdX5V7lSzQEvjPktcGIJ0fVL lBpAD4ZoL2p+eP9ag03BSmI/cI/IjYR1/1ndngsiOq4tEJL6dbW0gxI0h3YZRDRy3dMF iUqA== X-Gm-Message-State: AMCzsaWPUkm6JgltC4uNC4Y/YXiPtUiITOBdn035eaWmkflqwlpsCD+z nGxksLdJe3XlvQUqsEVRmkg= X-Google-Smtp-Source: ABhQp+QjQpGnH02dDSoRKyD2xV0qv5oKE6CK04vNCoklWUkf+z1itbWsJyjsnyN42iG27qlZY54+BA== X-Received: by 10.223.154.70 with SMTP id z64mr1913469wrb.220.1509463557430; Tue, 31 Oct 2017 08:25:57 -0700 (PDT) Received: from localhost.localdomain (146.187.3.109.rev.sfr.net. [109.3.187.146]) by smtp.gmail.com with ESMTPSA id p23sm3764358wrb.76.2017.10.31.08.25.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 31 Oct 2017 08:25:56 -0700 (PDT) From: Romain Izard To: Herbert Xu , "David S . Miller" , Tudor Ambarus Subject: [PATCH 1/2] crypto: atmel-aes - properly set IV after {en,de}crypt Date: Tue, 31 Oct 2017 16:25:23 +0100 Message-Id: <20171031152524.25216-2-romain.izard.pro@gmail.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20171031152524.25216-1-romain.izard.pro@gmail.com> References: <20171031152524.25216-1-romain.izard.pro@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171031_082619_746949_36A9A508 X-CRM114-Status: GOOD ( 14.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kernel@vger.kernel.org, Romain Izard , linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Certain cipher modes like CTS expect the IV (req->info) of ablkcipher_request (or equivalently req->iv of skcipher_request) to contain the last ciphertext block when the {en,de}crypt operation is done. Fix this issue for the Atmel AES hardware engine. The tcrypt test case for cts(cbc(aes)) is now correctly passed. In the case of in-place decryption, copy the ciphertext in an intermediate buffer before decryption. Signed-off-by: Romain Izard --- drivers/crypto/atmel-aes.c | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c index 29e20c37f3a6..53432ab97d7e 100644 --- a/drivers/crypto/atmel-aes.c +++ b/drivers/crypto/atmel-aes.c @@ -110,6 +110,7 @@ struct atmel_aes_base_ctx { int keylen; u32 key[AES_KEYSIZE_256 / sizeof(u32)]; u16 block_size; + bool is_aead; }; struct atmel_aes_ctx { @@ -156,6 +157,7 @@ struct atmel_aes_authenc_ctx { struct atmel_aes_reqctx { unsigned long mode; + u32 lastc[AES_BLOCK_SIZE / sizeof(u32)]; }; #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC @@ -497,12 +499,34 @@ static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err); static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) { #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC - atmel_aes_authenc_complete(dd, err); + if (dd->ctx->is_aead) + atmel_aes_authenc_complete(dd, err); #endif clk_disable(dd->iclk); dd->flags &= ~AES_FLAGS_BUSY; + if (!dd->ctx->is_aead) { + struct ablkcipher_request *req = + ablkcipher_request_cast(dd->areq); + struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req); + struct crypto_ablkcipher *ablkcipher = + crypto_ablkcipher_reqtfm(req); + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + + if (rctx->mode & AES_FLAGS_ENCRYPT) { + scatterwalk_map_and_copy(req->info, req->dst, + req->nbytes - ivsize, ivsize, 0); + } else { + if (req->src == req->dst) { + memcpy(req->info, rctx->lastc, ivsize); + } else { + scatterwalk_map_and_copy(req->info, req->src, + req->nbytes - ivsize, ivsize, 0); + } + } + } + if (dd->is_async) dd->areq->complete(dd->areq, err); @@ -1071,11 +1095,11 @@ static int atmel_aes_ctr_start(struct atmel_aes_dev *dd) static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode) { - struct atmel_aes_base_ctx *ctx; + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + struct atmel_aes_base_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); struct atmel_aes_reqctx *rctx; struct atmel_aes_dev *dd; - ctx = crypto_ablkcipher_ctx(crypto_ablkcipher_reqtfm(req)); switch (mode & AES_FLAGS_OPMODE_MASK) { case AES_FLAGS_CFB8: ctx->block_size = CFB8_BLOCK_SIZE; @@ -1097,6 +1121,7 @@ static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode) ctx->block_size = AES_BLOCK_SIZE; break; } + ctx->is_aead = false; dd = atmel_aes_find_dev(ctx); if (!dd) @@ -1105,6 +1130,13 @@ static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode) rctx = ablkcipher_request_ctx(req); rctx->mode = mode; + if (!(mode & AES_FLAGS_ENCRYPT) && (req->src == req->dst)) { + int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + + scatterwalk_map_and_copy(rctx->lastc, req->src, + (req->nbytes - ivsize), ivsize, 0); + } + return atmel_aes_handle_queue(dd, &req->base); } @@ -1739,6 +1771,7 @@ static int atmel_aes_gcm_crypt(struct aead_request *req, ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); ctx->block_size = AES_BLOCK_SIZE; + ctx->is_aead = true; dd = atmel_aes_find_dev(ctx); if (!dd) @@ -2223,6 +2256,7 @@ static int atmel_aes_authenc_crypt(struct aead_request *req, rctx->base.mode = mode; ctx->block_size = AES_BLOCK_SIZE; + ctx->is_aead = true; dd = atmel_aes_find_dev(ctx); if (!dd)