]>
Commit | Line | Data |
---|---|---|
a4b7cc35 GKH |
1 | From 25baaf8e2c93197d063b372ef7b62f2767c7ac0b Mon Sep 17 00:00:00 2001 |
2 | From: Christian Lamparter <chunkeey@gmail.com> | |
3 | Date: Mon, 22 Apr 2019 13:25:58 +0200 | |
4 | Subject: crypto: crypto4xx - fix ctr-aes missing output IV | |
5 | ||
6 | From: Christian Lamparter <chunkeey@gmail.com> | |
7 | ||
8 | commit 25baaf8e2c93197d063b372ef7b62f2767c7ac0b upstream. | |
9 | ||
10 | Commit 8efd972ef96a ("crypto: testmgr - support checking skcipher output IV") | |
11 | caused the crypto4xx driver to produce the following error: | |
12 | ||
13 | | ctr-aes-ppc4xx encryption test failed (wrong output IV) | |
14 | | on test vector 0, cfg="in-place" | |
15 | ||
16 | This patch fixes this by reworking the crypto4xx_setkey_aes() | |
17 | function to: | |
18 | ||
19 | - not save the iv for ECB (as per 18.2.38 CRYP0_SA_CMD_0: | |
20 | "This bit mut be cleared for DES ECB mode or AES ECB mode, | |
21 | when no IV is used.") | |
22 | ||
23 | - instruct the hardware to save the generated IV for all | |
24 | other modes of operations that have IV and then supply | |
25 | it back to the callee in pretty much the same way as we | |
26 | do it for cbc-aes already. | |
27 | ||
28 | - make it clear that the DIR_(IN|OUT)BOUND is the important | |
29 | bit that tells the hardware to encrypt or decrypt the data. | |
30 | (this is cosmetic - but it hopefully prevents me from | |
31 | getting confused again). | |
32 | ||
33 | - don't load any bogus hash when we don't use any hash | |
34 | operation to begin with. | |
35 | ||
36 | Cc: stable@vger.kernel.org | |
37 | Fixes: f2a13e7cba9e ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads") | |
38 | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> | |
39 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | |
40 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
41 | ||
42 | --- | |
43 | drivers/crypto/amcc/crypto4xx_alg.c | 12 +++++++++--- | |
44 | 1 file changed, 9 insertions(+), 3 deletions(-) | |
45 | ||
46 | --- a/drivers/crypto/amcc/crypto4xx_alg.c | |
47 | +++ b/drivers/crypto/amcc/crypto4xx_alg.c | |
48 | @@ -141,9 +141,10 @@ static int crypto4xx_setkey_aes(struct c | |
49 | /* Setup SA */ | |
50 | sa = ctx->sa_in; | |
51 | ||
52 | - set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_CBC ? | |
53 | - SA_SAVE_IV : SA_NOT_SAVE_IV), | |
54 | - SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, | |
55 | + set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, (cm == CRYPTO_MODE_ECB ? | |
56 | + SA_NOT_SAVE_IV : SA_SAVE_IV), | |
57 | + SA_NOT_LOAD_HASH, (cm == CRYPTO_MODE_ECB ? | |
58 | + SA_LOAD_IV_FROM_SA : SA_LOAD_IV_FROM_STATE), | |
59 | SA_NO_HEADER_PROC, SA_HASH_ALG_NULL, | |
60 | SA_CIPHER_ALG_AES, SA_PAD_TYPE_ZERO, | |
61 | SA_OP_GROUP_BASIC, SA_OPCODE_DECRYPT, | |
62 | @@ -162,6 +163,11 @@ static int crypto4xx_setkey_aes(struct c | |
63 | memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4); | |
64 | sa = ctx->sa_out; | |
65 | sa->sa_command_0.bf.dir = DIR_OUTBOUND; | |
66 | + /* | |
67 | + * SA_OPCODE_ENCRYPT is the same value as SA_OPCODE_DECRYPT. | |
68 | + * it's the DIR_(IN|OUT)BOUND that matters | |
69 | + */ | |
70 | + sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT; | |
71 | ||
72 | return 0; | |
73 | } |