Commit 03e520dc authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Greg Kroah-Hartman

crypto: geode-aes - switch to skcipher for cbc(aes) fallback

commit 504582e8 upstream.

Commit 79c65d17 ("crypto: cbc - Convert to skcipher") updated
the generic CBC template wrapper from a blkcipher to a skcipher algo,
to get away from the deprecated blkcipher interface. However, as a side
effect, drivers that instantiate CBC transforms using the blkcipher as
a fallback no longer work, since skciphers can wrap blkciphers but not
the other way around. This broke the geode-aes driver.

So let's fix it by moving to the sync skcipher interface when allocating
the fallback. At the same time, align with the generic API for ECB and
CBC by rejecting inputs that are not a multiple of the AES block size.

Fixes: 79c65d17 ("crypto: cbc - Convert to skcipher")
Cc: <stable@vger.kernel.org> # v4.20+ ONLY
Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: default avatarFlorian Bezdeka <florian@bezdeka.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarFlorian Bezdeka <florian@bezdeka.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 8d9aa36c
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <crypto/algapi.h> #include <crypto/algapi.h>
#include <crypto/aes.h> #include <crypto/aes.h>
#include <crypto/skcipher.h>
#include <linux/io.h> #include <linux/io.h>
#include <linux/delay.h> #include <linux/delay.h>
...@@ -170,13 +171,15 @@ static int geode_setkey_blk(struct crypto_tfm *tfm, const u8 *key, ...@@ -170,13 +171,15 @@ static int geode_setkey_blk(struct crypto_tfm *tfm, const u8 *key,
/* /*
* The requested key size is not supported by HW, do a fallback * The requested key size is not supported by HW, do a fallback
*/ */
op->fallback.blk->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; crypto_skcipher_clear_flags(op->fallback.blk, CRYPTO_TFM_REQ_MASK);
op->fallback.blk->base.crt_flags |= (tfm->crt_flags & CRYPTO_TFM_REQ_MASK); crypto_skcipher_set_flags(op->fallback.blk,
tfm->crt_flags & CRYPTO_TFM_REQ_MASK);
ret = crypto_blkcipher_setkey(op->fallback.blk, key, len); ret = crypto_skcipher_setkey(op->fallback.blk, key, len);
if (ret) { if (ret) {
tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK;
tfm->crt_flags |= (op->fallback.blk->base.crt_flags & CRYPTO_TFM_RES_MASK); tfm->crt_flags |= crypto_skcipher_get_flags(op->fallback.blk) &
CRYPTO_TFM_RES_MASK;
} }
return ret; return ret;
} }
...@@ -185,33 +188,28 @@ static int fallback_blk_dec(struct blkcipher_desc *desc, ...@@ -185,33 +188,28 @@ static int fallback_blk_dec(struct blkcipher_desc *desc,
struct scatterlist *dst, struct scatterlist *src, struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes) unsigned int nbytes)
{ {
unsigned int ret;
struct crypto_blkcipher *tfm;
struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm); struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk);
tfm = desc->tfm; skcipher_request_set_tfm(req, op->fallback.blk);
desc->tfm = op->fallback.blk; skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
ret = crypto_blkcipher_decrypt_iv(desc, dst, src, nbytes);
desc->tfm = tfm; return crypto_skcipher_decrypt(req);
return ret;
} }
static int fallback_blk_enc(struct blkcipher_desc *desc, static int fallback_blk_enc(struct blkcipher_desc *desc,
struct scatterlist *dst, struct scatterlist *src, struct scatterlist *dst, struct scatterlist *src,
unsigned int nbytes) unsigned int nbytes)
{ {
unsigned int ret;
struct crypto_blkcipher *tfm;
struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm); struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm);
SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk);
tfm = desc->tfm; skcipher_request_set_tfm(req, op->fallback.blk);
desc->tfm = op->fallback.blk; skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, src, dst, nbytes, desc->info);
ret = crypto_blkcipher_encrypt_iv(desc, dst, src, nbytes);
desc->tfm = tfm; return crypto_skcipher_encrypt(req);
return ret;
} }
static void static void
...@@ -311,6 +309,9 @@ geode_cbc_decrypt(struct blkcipher_desc *desc, ...@@ -311,6 +309,9 @@ geode_cbc_decrypt(struct blkcipher_desc *desc,
struct blkcipher_walk walk; struct blkcipher_walk walk;
int err, ret; int err, ret;
if (nbytes % AES_BLOCK_SIZE)
return -EINVAL;
if (unlikely(op->keylen != AES_KEYSIZE_128)) if (unlikely(op->keylen != AES_KEYSIZE_128))
return fallback_blk_dec(desc, dst, src, nbytes); return fallback_blk_dec(desc, dst, src, nbytes);
...@@ -343,6 +344,9 @@ geode_cbc_encrypt(struct blkcipher_desc *desc, ...@@ -343,6 +344,9 @@ geode_cbc_encrypt(struct blkcipher_desc *desc,
struct blkcipher_walk walk; struct blkcipher_walk walk;
int err, ret; int err, ret;
if (nbytes % AES_BLOCK_SIZE)
return -EINVAL;
if (unlikely(op->keylen != AES_KEYSIZE_128)) if (unlikely(op->keylen != AES_KEYSIZE_128))
return fallback_blk_enc(desc, dst, src, nbytes); return fallback_blk_enc(desc, dst, src, nbytes);
...@@ -370,8 +374,9 @@ static int fallback_init_blk(struct crypto_tfm *tfm) ...@@ -370,8 +374,9 @@ static int fallback_init_blk(struct crypto_tfm *tfm)
const char *name = crypto_tfm_alg_name(tfm); const char *name = crypto_tfm_alg_name(tfm);
struct geode_aes_op *op = crypto_tfm_ctx(tfm); struct geode_aes_op *op = crypto_tfm_ctx(tfm);
op->fallback.blk = crypto_alloc_blkcipher(name, 0, op->fallback.blk = crypto_alloc_skcipher(name, 0,
CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK);
if (IS_ERR(op->fallback.blk)) { if (IS_ERR(op->fallback.blk)) {
printk(KERN_ERR "Error allocating fallback algo %s\n", name); printk(KERN_ERR "Error allocating fallback algo %s\n", name);
...@@ -385,7 +390,7 @@ static void fallback_exit_blk(struct crypto_tfm *tfm) ...@@ -385,7 +390,7 @@ static void fallback_exit_blk(struct crypto_tfm *tfm)
{ {
struct geode_aes_op *op = crypto_tfm_ctx(tfm); struct geode_aes_op *op = crypto_tfm_ctx(tfm);
crypto_free_blkcipher(op->fallback.blk); crypto_free_skcipher(op->fallback.blk);
op->fallback.blk = NULL; op->fallback.blk = NULL;
} }
...@@ -424,6 +429,9 @@ geode_ecb_decrypt(struct blkcipher_desc *desc, ...@@ -424,6 +429,9 @@ geode_ecb_decrypt(struct blkcipher_desc *desc,
struct blkcipher_walk walk; struct blkcipher_walk walk;
int err, ret; int err, ret;
if (nbytes % AES_BLOCK_SIZE)
return -EINVAL;
if (unlikely(op->keylen != AES_KEYSIZE_128)) if (unlikely(op->keylen != AES_KEYSIZE_128))
return fallback_blk_dec(desc, dst, src, nbytes); return fallback_blk_dec(desc, dst, src, nbytes);
...@@ -454,6 +462,9 @@ geode_ecb_encrypt(struct blkcipher_desc *desc, ...@@ -454,6 +462,9 @@ geode_ecb_encrypt(struct blkcipher_desc *desc,
struct blkcipher_walk walk; struct blkcipher_walk walk;
int err, ret; int err, ret;
if (nbytes % AES_BLOCK_SIZE)
return -EINVAL;
if (unlikely(op->keylen != AES_KEYSIZE_128)) if (unlikely(op->keylen != AES_KEYSIZE_128))
return fallback_blk_enc(desc, dst, src, nbytes); return fallback_blk_enc(desc, dst, src, nbytes);
......
...@@ -64,7 +64,7 @@ struct geode_aes_op { ...@@ -64,7 +64,7 @@ struct geode_aes_op {
u8 *iv; u8 *iv;
union { union {
struct crypto_blkcipher *blk; struct crypto_skcipher *blk;
struct crypto_cipher *cip; struct crypto_cipher *cip;
} fallback; } fallback;
u32 keylen; u32 keylen;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment