[thirdparty/kernel/stable-queue.git] / releases / 4.19.45 / crypto-crypto4xx-fix-ctr-aes-missing-output-iv.patch

From 25baaf8e2c93197d063b372ef7b62f2767c7ac0b Mon Sep 17 00:00:00 2001
From: Christian Lamparter <chunkeey@gmail.com>
Date: Mon, 22 Apr 2019 13:25:58 +0200
Subject: crypto: crypto4xx - fix ctr-aes missing output IV

From: Christian Lamparter <chunkeey@gmail.com>

commit 25baaf8e2c93197d063b372ef7b62f2767c7ac0b upstream.

Commit 8efd972ef96a ("crypto: testmgr - support checking skcipher output IV")
caused the crypto4xx driver to produce the following error:

| ctr-aes-ppc4xx encryption test failed (wrong output IV)
| on test vector 0, cfg="in-place"

This patch fixes this by reworking the crypto4xx_setkey_aes()
function to:

 - not save the iv for ECB (as per 18.2.38 CRYP0_SA_CMD_0:
   "This bit mut be cleared for DES ECB mode or AES ECB mode,
   when no IV is used.")

 - instruct the hardware to save the generated IV for all
   other modes of operations that have IV and then supply
   it back to the callee in pretty much the same way as we
   do it for cbc-aes already.

 - make it clear that the DIR_(IN|OUT)BOUND is the important
   bit that tells the hardware to encrypt or decrypt the data.
   (this is cosmetic - but it hopefully prevents me from
    getting confused again).

 - don't load any bogus hash when we don't use any hash
   operation to begin with.

Cc: stable@vger.kernel.org
Fixes: f2a13e7cba9e ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/amcc/crypto4xx_alg.c |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

--- a/drivers/crypto/amcc/crypto4xx_alg.c
+++ b/drivers/crypto/amcc/crypto4xx_alg.c
@@ -141,9 +141,10 @@ static int crypto4xx_setkey_aes(struct c
 	/* Setup SA */
 	sa = ctx->sa_in;
 
-	set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ?
-				 SA_SAVE_IV : SA_NOT_SAVE_IV),
-				 SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
+	set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_ECB ?
+				 SA_NOT_SAVE_IV : SA_SAVE_IV),
+				 SA_NOT_LOAD_HASH, (cm == CRYPTO_MODE_ECB ?
+				 SA_LOAD_IV_FROM_SA : SA_LOAD_IV_FROM_STATE),
 				 SA_NO_HEADER_PROC, SA_HASH_ALG_NULL,
 				 SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO,
 				 SA_OP_GROUP_BASIC, SA_OPCODE_DECRYPT,
@@ -162,6 +163,11 @@ static int crypto4xx_setkey_aes(struct c
 	memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4);
 	sa = ctx->sa_out;
 	sa->sa_command_0.bf.dir = DIR_OUTBOUND;
+	/*
+	 * SA_OPCODE_ENCRYPT is the same value as SA_OPCODE_DECRYPT.
+	 * it's the DIR_(IN|OUT)BOUND that matters
+	 */
+	sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT;
 
 	return 0;
 }
Commit	Line	Data
a4b7cc35 GKH	1	From 25baaf8e2c93197d063b372ef7b62f2767c7ac0b Mon Sep 17 00:00:00 2001
	2	From: Christian Lamparter <chunkeey@gmail.com>
	3	Date: Mon, 22 Apr 2019 13:25:58 +0200
	4	Subject: crypto: crypto4xx - fix ctr-aes missing output IV
	5
	6	From: Christian Lamparter <chunkeey@gmail.com>
	7
	8	commit 25baaf8e2c93197d063b372ef7b62f2767c7ac0b upstream.
	9
	10	Commit 8efd972ef96a ("crypto: testmgr - support checking skcipher output IV")
	11	caused the crypto4xx driver to produce the following error:
	12
	13	\| ctr-aes-ppc4xx encryption test failed (wrong output IV)
	14	\| on test vector 0, cfg="in-place"
	15
	16	This patch fixes this by reworking the crypto4xx_setkey_aes()
	17	function to:
	18
	19	- not save the iv for ECB (as per 18.2.38 CRYP0_SA_CMD_0:
	20	"This bit mut be cleared for DES ECB mode or AES ECB mode,
	21	when no IV is used.")
	22
	23	- instruct the hardware to save the generated IV for all
	24	other modes of operations that have IV and then supply
	25	it back to the callee in pretty much the same way as we
	26	do it for cbc-aes already.
	27
	28	- make it clear that the DIR_(IN\|OUT)BOUND is the important
	29	bit that tells the hardware to encrypt or decrypt the data.
	30	(this is cosmetic - but it hopefully prevents me from
	31	getting confused again).
	32
	33	- don't load any bogus hash when we don't use any hash
	34	operation to begin with.
	35
	36	Cc: stable@vger.kernel.org
	37	Fixes: f2a13e7cba9e ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
	38	Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
	39	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
	40	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	41
	42	---
	43	drivers/crypto/amcc/crypto4xx_alg.c \| 12 +++++++++---
	44	1 file changed, 9 insertions(+), 3 deletions(-)
	45
	46	--- a/drivers/crypto/amcc/crypto4xx_alg.c
	47	+++ b/drivers/crypto/amcc/crypto4xx_alg.c
	48	@@ -141,9 +141,10 @@ static int crypto4xx_setkey_aes(struct c
	49	/* Setup SA */
	50	sa = ctx->sa_in;
	51
	52	- set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ?
	53	- SA_SAVE_IV : SA_NOT_SAVE_IV),
	54	- SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
	55	+ set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_ECB ?
	56	+ SA_NOT_SAVE_IV : SA_SAVE_IV),
	57	+ SA_NOT_LOAD_HASH, (cm == CRYPTO_MODE_ECB ?
	58	+ SA_LOAD_IV_FROM_SA : SA_LOAD_IV_FROM_STATE),
	59	SA_NO_HEADER_PROC, SA_HASH_ALG_NULL,
	60	SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO,
	61	SA_OP_GROUP_BASIC, SA_OPCODE_DECRYPT,
	62	@@ -162,6 +163,11 @@ static int crypto4xx_setkey_aes(struct c
	63	memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4);
	64	sa = ctx->sa_out;
65	sa->sa_command_0.bf.dir = DIR_OUTBOUND;
66	+ /*
67	+ * SA_OPCODE_ENCRYPT is the same value as SA_OPCODE_DECRYPT.
68	+ * it's the DIR_(IN\|OUT)BOUND that matters
69	+ */
70	+ sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT;
71
72	return 0;
73	}