releases/4.14.40/crypto-talitos-fix-ipsec-cipher-in-length.patch

   1 From 2b1227301a8e4729409694e323b72c064c47cb6b Mon Sep 17 00:00:00 2001
   2 From: LEROY Christophe <christophe.leroy@c-s.fr>
   3 Date: Thu, 22 Mar 2018 10:57:01 +0100
   4 Subject: crypto: talitos - fix IPsec cipher in length
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 From: LEROY Christophe <christophe.leroy@c-s.fr>
  10
  11 commit 2b1227301a8e4729409694e323b72c064c47cb6b upstream.
  12
  13 For SEC 2.x+, cipher in length must contain only the ciphertext length.
  14 In case of using hardware ICV checking, the ICV length is provided via
  15 the "extent" field of the descriptor pointer.
  16
  17 Cc: <stable@vger.kernel.org> # 4.8+
  18 Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU")
  19 Reported-by: Horia Geantă <horia.geanta@nxp.com>
  20 Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
  21 Tested-by: Horia Geantă <horia.geanta@nxp.com>
  22 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  23 [backported to 4.9.y, 4.14.y]
  24 Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
  25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26
  27 ---
  28  drivers/crypto/talitos.c |   41 +++++++++++++++++++++--------------------
  29  1 file changed, 21 insertions(+), 20 deletions(-)
  30
  31 --- a/drivers/crypto/talitos.c
  32 +++ b/drivers/crypto/talitos.c
  33 @@ -1116,10 +1116,10 @@ next:
  34         return count;
  35  }
  36
  37 -int talitos_sg_map(struct device *dev, struct scatterlist *src,
  38 -                  unsigned int len, struct talitos_edesc *edesc,
  39 -                  struct talitos_ptr *ptr,
  40 -                  int sg_count, unsigned int offset, int tbl_off)
  41 +static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src,
  42 +                             unsigned int len, struct talitos_edesc *edesc,
  43 +                             struct talitos_ptr *ptr, int sg_count,
  44 +                             unsigned int offset, int tbl_off, int elen)
  45  {
  46         struct talitos_private *priv = dev_get_drvdata(dev);
  47         bool is_sec1 = has_ftr_sec1(priv);
  48 @@ -1130,7 +1130,7 @@ int talitos_sg_map(struct device *dev, s
  49         }
  50
  51         to_talitos_ptr_len(ptr, len, is_sec1);
  52 -       to_talitos_ptr_ext_set(ptr, 0, is_sec1);
  53 +       to_talitos_ptr_ext_set(ptr, elen, is_sec1);
  54
  55         if (sg_count == 1) {
  56                 to_talitos_ptr(ptr, sg_dma_address(src) + offset, is_sec1);
  57 @@ -1140,7 +1140,7 @@ int talitos_sg_map(struct device *dev, s
  58                 to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, is_sec1);
  59                 return sg_count;
  60         }
  61 -       sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len,
  62 +       sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen,
  63                                          &edesc->link_tbl[tbl_off]);
  64         if (sg_count == 1) {
  65                 /* Only one segment now, so no link tbl needed*/
  66 @@ -1154,6 +1154,15 @@ int talitos_sg_map(struct device *dev, s
  67         return sg_count;
  68  }
  69
  70 +static int talitos_sg_map(struct device *dev, struct scatterlist *src,
  71 +                         unsigned int len, struct talitos_edesc *edesc,
  72 +                         struct talitos_ptr *ptr, int sg_count,
  73 +                         unsigned int offset, int tbl_off)
  74 +{
  75 +       return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset,
  76 +                                 tbl_off, 0);
  77 +}
  78 +
  79  /*
  80   * fill in and submit ipsec_esp descriptor
  81   */
  82 @@ -1171,7 +1180,7 @@ static int ipsec_esp(struct talitos_edes
  83         unsigned int ivsize = crypto_aead_ivsize(aead);
  84         int tbl_off = 0;
  85         int sg_count, ret;
  86 -       int sg_link_tbl_len;
  87 +       int elen = 0;
  88         bool sync_needed = false;
  89         struct talitos_private *priv = dev_get_drvdata(dev);
  90         bool is_sec1 = has_ftr_sec1(priv);
  91 @@ -1225,20 +1234,12 @@ static int ipsec_esp(struct talitos_edes
  92          * extent is bytes of HMAC postpended to ciphertext,
  93          * typically 12 for ipsec
  94          */
  95 -       to_talitos_ptr_len(&desc->ptr[4], cryptlen, is_sec1);
  96 -       to_talitos_ptr_ext_set(&desc->ptr[4], 0, is_sec1);
  97 -
  98 -       sg_link_tbl_len = cryptlen;
  99 -
 100 -       if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) {
 101 -               to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1);
 102 -
 103 -               if (edesc->desc.hdr & DESC_HDR_MODE1_MDEU_CICV)
 104 -                       sg_link_tbl_len += authsize;
 105 -       }
 106 +       if ((desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) &&
 107 +           (desc->hdr & DESC_HDR_MODE1_MDEU_CICV))
 108 +               elen = authsize;
 109
 110 -       ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc,
 111 -                            &desc->ptr[4], sg_count, areq->assoclen, tbl_off);
 112 +       ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
 113 +                                sg_count, areq->assoclen, tbl_off, elen);
 114
 115         if (ret > 1) {
 116                 tbl_off += ret;