Commit 9f10bc28 authored by Ovidiu Panait's avatar Ovidiu Panait Committed by Herbert Xu

crypto: sahara - fix cbc selftest failure

The kernel crypto API requires that all CBC implementations update the IV
buffer to contain the last ciphertext block.

This fixes the following cbc selftest error:
alg: skcipher: sahara-cbc-aes encryption test failed (wrong output IV) on
test vector 0, cfg="in-place (one sglist)"

Fixes: 5de88752 ("crypto: sahara - Add driver for SAHARA2 accelerator.")
Signed-off-by: default avatarOvidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 8fd18343
...@@ -148,6 +148,7 @@ struct sahara_ctx { ...@@ -148,6 +148,7 @@ struct sahara_ctx {
struct sahara_aes_reqctx { struct sahara_aes_reqctx {
unsigned long mode; unsigned long mode;
u8 iv_out[AES_BLOCK_SIZE];
struct skcipher_request fallback_req; // keep at the end struct skcipher_request fallback_req; // keep at the end
}; };
...@@ -541,8 +542,24 @@ static int sahara_hw_descriptor_create(struct sahara_dev *dev) ...@@ -541,8 +542,24 @@ static int sahara_hw_descriptor_create(struct sahara_dev *dev)
return -EINVAL; return -EINVAL;
} }
static void sahara_aes_cbc_update_iv(struct skcipher_request *req)
{
struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
struct sahara_aes_reqctx *rctx = skcipher_request_ctx(req);
unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
/* Update IV buffer to contain the last ciphertext block */
if (rctx->mode & FLAGS_ENCRYPT) {
sg_pcopy_to_buffer(req->dst, sg_nents(req->dst), req->iv,
ivsize, req->cryptlen - ivsize);
} else {
memcpy(req->iv, rctx->iv_out, ivsize);
}
}
static int sahara_aes_process(struct skcipher_request *req) static int sahara_aes_process(struct skcipher_request *req)
{ {
struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
struct sahara_dev *dev = dev_ptr; struct sahara_dev *dev = dev_ptr;
struct sahara_ctx *ctx; struct sahara_ctx *ctx;
struct sahara_aes_reqctx *rctx; struct sahara_aes_reqctx *rctx;
...@@ -564,8 +581,17 @@ static int sahara_aes_process(struct skcipher_request *req) ...@@ -564,8 +581,17 @@ static int sahara_aes_process(struct skcipher_request *req)
rctx->mode &= FLAGS_MODE_MASK; rctx->mode &= FLAGS_MODE_MASK;
dev->flags = (dev->flags & ~FLAGS_MODE_MASK) | rctx->mode; dev->flags = (dev->flags & ~FLAGS_MODE_MASK) | rctx->mode;
if ((dev->flags & FLAGS_CBC) && req->iv) if ((dev->flags & FLAGS_CBC) && req->iv) {
memcpy(dev->iv_base, req->iv, AES_KEYSIZE_128); unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
memcpy(dev->iv_base, req->iv, ivsize);
if (!(dev->flags & FLAGS_ENCRYPT)) {
sg_pcopy_to_buffer(req->src, sg_nents(req->src),
rctx->iv_out, ivsize,
req->cryptlen - ivsize);
}
}
/* assign new context to device */ /* assign new context to device */
dev->ctx = ctx; dev->ctx = ctx;
...@@ -588,6 +614,9 @@ static int sahara_aes_process(struct skcipher_request *req) ...@@ -588,6 +614,9 @@ static int sahara_aes_process(struct skcipher_request *req)
dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg,
DMA_TO_DEVICE); DMA_TO_DEVICE);
if ((dev->flags & FLAGS_CBC) && req->iv)
sahara_aes_cbc_update_iv(req);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment