From 3e4a2f5aa2d3cfe3ff51edca9ea3dd0da504c905 Mon Sep 17 00:00:00 2001 From: Michael Frommberger Date: Thu, 21 Mar 2019 14:44:30 +0100 Subject: [PATCH 1/4] fixed bug in caam driver: don't copy iv for ecb(aes) (IV chaining) --- drivers/crypto/caam/caamalg.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 8cef9ad08c2b68..1c2373211e6cd4 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -2075,17 +2075,13 @@ static void ablkcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, * The crypto API expects us to set the IV (req->info) to the last * ciphertext block. This is used e.g. by the CTS mode. */ - scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, - ivsize, 0); + if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, + ivcopy, 0); + } kfree(edesc); - /* Pass IV along for cbc */ - if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) == OP_ALG_AAI_CBC) { - scatterwalk_map_and_copy(req->info, req->dst, - req->nbytes - bsize, ivcopy, 0); - } - ablkcipher_request_complete(req, err); } @@ -2095,7 +2091,10 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, struct ablkcipher_request *req = context; struct ablkcipher_edesc *edesc; struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); + struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher); + int bsize = crypto_ablkcipher_blocksize(ablkcipher); int ivsize = crypto_ablkcipher_ivsize(ablkcipher); + size_t ivcopy = min_t(size_t, bsize, ivsize); #ifdef DEBUG dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); @@ -2121,8 +2120,10 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, * The crypto API expects us to set the IV (req->info) to the last * ciphertext block. */ - scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, - ivsize, 0); + if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, + icopy, 0); + } kfree(edesc); From a654b27508b54b08d1d0560a587617b3f1470c13 Mon Sep 17 00:00:00 2001 From: Michael Frommberger Date: Thu, 21 Mar 2019 14:45:03 +0100 Subject: [PATCH 2/4] Added regression test for decrypting ext4 filesystem with CAAM using ecb(aes) --- crypto/tcrypt.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 2a07341aca462a..c557721e38b57b 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -856,12 +856,11 @@ static int test_acipher_cycles(struct skcipher_request *req, int enc, static void test_skcipher_speed(const char *algo, int enc, unsigned int secs, struct cipher_speed_template *template, - unsigned int tcount, u8 *keysize, bool async) + unsigned int tcount, u8 *keysize, bool async, char *iv) { unsigned int ret, i, j, k, iv_len; struct tcrypt_result tresult; const char *key; - char iv[128]; struct skcipher_request *req; struct crypto_skcipher *tfm; const char *e; @@ -953,8 +952,8 @@ static void test_skcipher_speed(const char *algo, int enc, unsigned int secs, } iv_len = crypto_skcipher_ivsize(tfm); - if (iv_len) - memset(&iv, 0xff, iv_len); + if (iv && iv_len) + memset(iv, 0xff, iv_len); skcipher_request_set_crypt(req, sg, sg, *b_size, iv); @@ -986,16 +985,18 @@ static void test_acipher_speed(const char *algo, int enc, unsigned int secs, struct cipher_speed_template *template, unsigned int tcount, u8 *keysize) { + char iv[128]; return test_skcipher_speed(algo, enc, secs, template, tcount, keysize, - true); + true, iv); } static void test_cipher_speed(const char *algo, int enc, unsigned int secs, struct cipher_speed_template *template, unsigned int tcount, u8 *keysize) { + char iv[128]; return test_skcipher_speed(algo, enc, secs, template, tcount, keysize, - false); + false, iv); } static void test_available(void) @@ -2039,6 +2040,13 @@ static int do_test(const char *alg, u32 type, u32 mask, int m) speed_template_8_32); break; + case 900: + test_skcipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0, + speed_template_16_24_32, true, NULL); + test_skcipher_speed("ecb(aes)", DECRYPT, sec, NULL, 0, + speed_template_16_24_32, true, NULL); + break; + case 1000: test_available(); break; From 431ab4a4bd9eca50056a8956b9c2de02b26c8b2b Mon Sep 17 00:00:00 2001 From: Michael Frommberger Date: Thu, 21 Mar 2019 19:50:58 +0100 Subject: [PATCH 3/4] fixed typo --- drivers/crypto/caam/caamalg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 1c2373211e6cd4..2a734d4844b998 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -2122,7 +2122,7 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, */ if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, - icopy, 0); + ivcopy, 0); } kfree(edesc); From 446db30c55963f4eaf5852f01eac2c53f7681ca1 Mon Sep 17 00:00:00 2001 From: Michael Frommberger Date: Fri, 22 Mar 2019 10:44:25 +0100 Subject: [PATCH 4/4] Fixed indentation. --- crypto/tcrypt.c | 2 +- drivers/crypto/caam/caamalg.c | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index c557721e38b57b..95933f4ea6318a 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -856,7 +856,7 @@ static int test_acipher_cycles(struct skcipher_request *req, int enc, static void test_skcipher_speed(const char *algo, int enc, unsigned int secs, struct cipher_speed_template *template, - unsigned int tcount, u8 *keysize, bool async, char *iv) + unsigned int tcount, u8 *keysize, bool async, char *iv) { unsigned int ret, i, j, k, iv_len; struct tcrypt_result tresult; diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 2a734d4844b998..e5894e8f444929 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -2076,9 +2076,9 @@ static void ablkcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, * ciphertext block. This is used e.g. by the CTS mode. */ if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { - scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, - ivcopy, 0); - } + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, + ivcopy, 0); + } kfree(edesc); @@ -2120,10 +2120,10 @@ static void ablkcipher_decrypt_done(struct device *jrdev, u32 *desc, u32 err, * The crypto API expects us to set the IV (req->info) to the last * ciphertext block. */ - if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { - scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, - ivcopy, 0); - } + if ((ctx->class1_alg_type & OP_ALG_AAI_MASK) != OP_ALG_AAI_ECB) { + scatterwalk_map_and_copy(req->info, req->src, req->nbytes - ivsize, + ivcopy, 0); + } kfree(edesc);