crypto: talitos - Do not modify req->cryptlen on decryption.

For decrypt, req->cryptlen includes the size of the authentication
part while all functions of the driver expect cryptlen to be
the size of the encrypted data.

As it is not expected to change req->cryptlen, this patch
implements local calculation of cryptlen.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 9c4a79653b ("crypto: talitos - Freescale integrated security engine (SEC) driver")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Christophe Leroy 2019-05-21 13:34:14 +00:00 committed by Herbert Xu
parent d84cc9c952
commit 7ede4c36cf
1 changed files with 17 additions and 14 deletions

View File

@ -1025,11 +1025,13 @@ static void talitos_sg_unmap(struct device *dev,
static void ipsec_esp_unmap(struct device *dev, static void ipsec_esp_unmap(struct device *dev,
struct talitos_edesc *edesc, struct talitos_edesc *edesc,
struct aead_request *areq) struct aead_request *areq, bool encrypt)
{ {
struct crypto_aead *aead = crypto_aead_reqtfm(areq); struct crypto_aead *aead = crypto_aead_reqtfm(areq);
struct talitos_ctx *ctx = crypto_aead_ctx(aead); struct talitos_ctx *ctx = crypto_aead_ctx(aead);
unsigned int ivsize = crypto_aead_ivsize(aead); unsigned int ivsize = crypto_aead_ivsize(aead);
unsigned int authsize = crypto_aead_authsize(aead);
unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP; bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP;
struct talitos_ptr *civ_ptr = &edesc->desc.ptr[is_ipsec_esp ? 2 : 3]; struct talitos_ptr *civ_ptr = &edesc->desc.ptr[is_ipsec_esp ? 2 : 3];
@ -1038,7 +1040,7 @@ static void ipsec_esp_unmap(struct device *dev,
DMA_FROM_DEVICE); DMA_FROM_DEVICE);
unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE); unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE);
talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen, talitos_sg_unmap(dev, edesc, areq->src, areq->dst, cryptlen,
areq->assoclen); areq->assoclen);
if (edesc->dma_len) if (edesc->dma_len)
@ -1049,7 +1051,7 @@ static void ipsec_esp_unmap(struct device *dev,
unsigned int dst_nents = edesc->dst_nents ? : 1; unsigned int dst_nents = edesc->dst_nents ? : 1;
sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize, sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize,
areq->assoclen + areq->cryptlen - ivsize); areq->assoclen + cryptlen - ivsize);
} }
} }
@ -1072,7 +1074,7 @@ static void ipsec_esp_encrypt_done(struct device *dev,
edesc = container_of(desc, struct talitos_edesc, desc); edesc = container_of(desc, struct talitos_edesc, desc);
ipsec_esp_unmap(dev, edesc, areq); ipsec_esp_unmap(dev, edesc, areq, true);
/* copy the generated ICV to dst */ /* copy the generated ICV to dst */
if (edesc->icv_ool) { if (edesc->icv_ool) {
@ -1108,7 +1110,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev,
edesc = container_of(desc, struct talitos_edesc, desc); edesc = container_of(desc, struct talitos_edesc, desc);
ipsec_esp_unmap(dev, edesc, req); ipsec_esp_unmap(dev, edesc, req, false);
if (!err) { if (!err) {
/* auth check */ /* auth check */
@ -1145,7 +1147,7 @@ static void ipsec_esp_decrypt_hwauth_done(struct device *dev,
edesc = container_of(desc, struct talitos_edesc, desc); edesc = container_of(desc, struct talitos_edesc, desc);
ipsec_esp_unmap(dev, edesc, req); ipsec_esp_unmap(dev, edesc, req, false);
/* check ICV auth status */ /* check ICV auth status */
if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) != if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) !=
@ -1248,6 +1250,7 @@ static int talitos_sg_map(struct device *dev, struct scatterlist *src,
* fill in and submit ipsec_esp descriptor * fill in and submit ipsec_esp descriptor
*/ */
static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
bool encrypt,
void (*callback)(struct device *dev, void (*callback)(struct device *dev,
struct talitos_desc *desc, struct talitos_desc *desc,
void *context, int error)) void *context, int error))
@ -1257,7 +1260,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
struct talitos_ctx *ctx = crypto_aead_ctx(aead); struct talitos_ctx *ctx = crypto_aead_ctx(aead);
struct device *dev = ctx->dev; struct device *dev = ctx->dev;
struct talitos_desc *desc = &edesc->desc; struct talitos_desc *desc = &edesc->desc;
unsigned int cryptlen = areq->cryptlen; unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
unsigned int ivsize = crypto_aead_ivsize(aead); unsigned int ivsize = crypto_aead_ivsize(aead);
int tbl_off = 0; int tbl_off = 0;
int sg_count, ret; int sg_count, ret;
@ -1384,7 +1387,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
ret = talitos_submit(dev, ctx->ch, desc, callback, areq); ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
if (ret != -EINPROGRESS) { if (ret != -EINPROGRESS) {
ipsec_esp_unmap(dev, edesc, areq); ipsec_esp_unmap(dev, edesc, areq, encrypt);
kfree(edesc); kfree(edesc);
} }
return ret; return ret;
@ -1502,9 +1505,10 @@ static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv,
unsigned int authsize = crypto_aead_authsize(authenc); unsigned int authsize = crypto_aead_authsize(authenc);
struct talitos_ctx *ctx = crypto_aead_ctx(authenc); struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
unsigned int ivsize = crypto_aead_ivsize(authenc); unsigned int ivsize = crypto_aead_ivsize(authenc);
unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst, return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
iv, areq->assoclen, areq->cryptlen, iv, areq->assoclen, cryptlen,
authsize, ivsize, icv_stashing, authsize, ivsize, icv_stashing,
areq->base.flags, encrypt); areq->base.flags, encrypt);
} }
@ -1523,7 +1527,7 @@ static int aead_encrypt(struct aead_request *req)
/* set encrypt */ /* set encrypt */
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT; edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
return ipsec_esp(edesc, req, ipsec_esp_encrypt_done); return ipsec_esp(edesc, req, true, ipsec_esp_encrypt_done);
} }
static int aead_decrypt(struct aead_request *req) static int aead_decrypt(struct aead_request *req)
@ -1536,8 +1540,6 @@ static int aead_decrypt(struct aead_request *req)
struct scatterlist *sg; struct scatterlist *sg;
void *icvdata; void *icvdata;
req->cryptlen -= authsize;
/* allocate extended descriptor */ /* allocate extended descriptor */
edesc = aead_edesc_alloc(req, req->iv, 1, false); edesc = aead_edesc_alloc(req, req->iv, 1, false);
if (IS_ERR(edesc)) if (IS_ERR(edesc))
@ -1554,7 +1556,8 @@ static int aead_decrypt(struct aead_request *req)
/* reset integrity check result bits */ /* reset integrity check result bits */
return ipsec_esp(edesc, req, ipsec_esp_decrypt_hwauth_done); return ipsec_esp(edesc, req, false,
ipsec_esp_decrypt_hwauth_done);
} }
/* Have to check the ICV with software */ /* Have to check the ICV with software */
@ -1571,7 +1574,7 @@ static int aead_decrypt(struct aead_request *req)
memcpy(icvdata, (char *)sg_virt(sg) + sg->length - authsize, authsize); memcpy(icvdata, (char *)sg_virt(sg) + sg->length - authsize, authsize);
return ipsec_esp(edesc, req, ipsec_esp_decrypt_swauth_done); return ipsec_esp(edesc, req, false, ipsec_esp_decrypt_swauth_done);
} }
static int ablkcipher_setkey(struct crypto_ablkcipher *cipher, static int ablkcipher_setkey(struct crypto_ablkcipher *cipher,