From 19cb3c9dff96da86d81907ef503ddf93b7ad562c Mon Sep 17 00:00:00 2001 From: Daniel Kestrel Date: Mon, 31 May 2021 14:43:08 +0200 Subject: [PATCH] ltq-deu: fix cryptomgr test errors for des When running cryptomgr tests against the driver, there are several occurences of different errors for setkey of des and des3-ede algorithms. Those key checks are already implemented in the kernels des implementation, so this is added as dependency and the kernel methods are called. It also required adding the kernels des/des3 context definitions to the des_ctx internal structure to be able to call the kernel methods. Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x; expected_error=-22. Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0, actual_error=-22. Renamed des_ctx internal structure and des_encrypt/des_decrypt methods because they are already defined in the kernel module. Fixed wrong DES_xxx constant definitions in crypto_alg definition for ifxdeu_des3_ede_alg. Fixed method comment errors. Signed-off-by: Daniel Kestrel --- package/kernel/lantiq/ltq-deu/Makefile | 2 +- .../kernel/lantiq/ltq-deu/src/ifxmips_des.c | 87 ++++++++++++------- 2 files changed, 58 insertions(+), 31 deletions(-) diff --git a/package/kernel/lantiq/ltq-deu/Makefile b/package/kernel/lantiq/ltq-deu/Makefile index e5a7d0d86f..8ac37f5d2d 100644 --- a/package/kernel/lantiq/ltq-deu/Makefile +++ b/package/kernel/lantiq/ltq-deu/Makefile @@ -21,7 +21,7 @@ define KernelPackage/ltq-deu-template TITLE:=deu driver for $(1) URL:=http://www.lantiq.com/ VARIANT:=$(1) - DEPENDS:=@TARGET_lantiq_$(2) +kmod-crypto-manager @LINUX_5_4 + DEPENDS:=@TARGET_lantiq_$(2) +kmod-crypto-manager +kmod-crypto-des @LINUX_5_4 FILES:=$(PKG_BUILD_DIR)/ltq_deu_$(1).ko AUTOLOAD:=$(call AutoProbe,ltq_deu_$(1)) endef diff --git a/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c b/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c index 6b24e0f4b4..a223e8ec38 100644 --- a/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c +++ b/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include "ifxmips_deu.h" @@ -106,11 +107,13 @@ void des_dma_memory_copy(u32 *outcopy, u32 *out_dma, u8 *out_arg, int nbytes); void ifx_deu_des (void *ctx_arg, u8 *out_arg, const u8 *in_arg, u8 *iv_arg, u32 nbytes, int encdec, int mode); -struct des_ctx { +struct ifx_deu_des_ctx { int controlr_M; int key_length; u8 iv[DES_BLOCK_SIZE]; u32 expkey[DES3_EDE_EXPKEY_WORDS]; + struct des_ctx des_context; + struct des3_ede_ctx des3_ede_context; }; extern int disable_multiblock; @@ -127,20 +130,32 @@ extern int disable_deudma; int des_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) { - struct des_ctx *dctx = crypto_tfm_ctx(tfm); + struct ifx_deu_des_ctx *dctx = crypto_tfm_ctx(tfm); + int err; //printk("setkey in %s\n", __FILE__); + err = des_expand_key(&dctx->des_context, key, keylen); + if (err == -ENOKEY) { + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) + err = -EINVAL; + else + err = 0; + } + dctx->controlr_M = 0; // des dctx->key_length = keylen; memcpy ((u8 *) (dctx->expkey), key, keylen); - return 0; + if (err) + memset(dctx, 0, sizeof(*dctx)); + + return err; } -/*! \fn int des_set_key (struct crypto_skcipher *tfm, const uint8_t *in_key, unsigned int key_len) +/*! \fn int des_setkey_skcipher (struct crypto_skcipher *tfm, const uint8_t *in_key, unsigned int key_len) * \ingroup IFX_AES_FUNCTIONS * \brief sets the AES keys for skcipher * \param tfm linux crypto skcipher @@ -170,7 +185,7 @@ void ifx_deu_des (void *ctx_arg, u8 *out_arg, const u8 *in_arg, u8 *iv_arg, u32 nbytes, int encdec, int mode) { volatile struct des_t *des = (struct des_t *) DES_3DES_START; - struct des_ctx *dctx = ctx_arg; + struct ifx_deu_des_ctx *dctx = ctx_arg; u32 *key = dctx->expkey; unsigned long flag; @@ -360,31 +375,31 @@ void ifx_deu_des_ctr (void *ctx, uint8_t *dst, const uint8_t *src, ifx_deu_des (ctx, dst, src, iv, nbytes, encdec, 4); } -/*! \fn void des_encrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in) +/*! \fn void ifx_deu_des_encrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in) * \ingroup IFX_DES_FUNCTIONS * \brief encrypt DES_BLOCK_SIZE of data * \param tfm linux crypto algo transform * \param out output bytestream * \param in input bytestream */ -void des_encrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in) +void ifx_deu_des_encrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in) { - struct des_ctx *ctx = crypto_tfm_ctx(tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(tfm); ifx_deu_des (ctx, out, in, NULL, DES_BLOCK_SIZE, CRYPTO_DIR_ENCRYPT, 0); } -/*! \fn void des_decrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in) +/*! \fn void ifx_deu_des_decrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in) * \ingroup IFX_DES_FUNCTIONS * \brief encrypt DES_BLOCK_SIZE of data * \param tfm linux crypto algo transform * \param out output bytestream * \param in input bytestream */ -void des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in) +void ifx_deu_des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in) { - struct des_ctx *ctx = crypto_tfm_ctx(tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(tfm); ifx_deu_des (ctx, out, in, NULL, DES_BLOCK_SIZE, CRYPTO_DIR_DECRYPT, 0); } @@ -413,16 +428,28 @@ void des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in) int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) { - struct des_ctx *dctx = crypto_tfm_ctx(tfm); + struct ifx_deu_des_ctx *dctx = crypto_tfm_ctx(tfm); + int err; //printk("setkey in %s\n", __FILE__); + err = des3_ede_expand_key(&dctx->des3_ede_context, key, keylen); + if (err == -ENOKEY) { + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) + err = -EINVAL; + else + err = 0; + } + dctx->controlr_M = keylen / 8 + 1; // 3DES EDE1 / EDE2 / EDE3 Mode dctx->key_length = keylen; memcpy ((u8 *) (dctx->expkey), key, keylen); - return 0; + if (err) + memset(dctx, 0, sizeof(*dctx)); + + return err; } /*! \fn int des3_ede_setkey_skcipher(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) @@ -447,7 +474,7 @@ struct crypto_alg ifxdeu_des_alg = { .cra_priority = 300, .cra_flags = CRYPTO_ALG_TYPE_CIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, .cra_blocksize = DES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct des_ctx), + .cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .cra_module = THIS_MODULE, .cra_alignmask = 3, .cra_list = LIST_HEAD_INIT(ifxdeu_des_alg.cra_list), @@ -455,8 +482,8 @@ struct crypto_alg ifxdeu_des_alg = { .cia_min_keysize = DES_KEY_SIZE, .cia_max_keysize = DES_KEY_SIZE, .cia_setkey = des_setkey, - .cia_encrypt = des_encrypt, - .cia_decrypt = des_decrypt } } + .cia_encrypt = ifx_deu_des_encrypt, + .cia_decrypt = ifx_deu_des_decrypt } } }; /* @@ -467,17 +494,17 @@ struct crypto_alg ifxdeu_des3_ede_alg = { .cra_driver_name = "ifxdeu-des3_ede", .cra_priority = 300, .cra_flags = CRYPTO_ALG_TYPE_CIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, - .cra_blocksize = DES_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct des_ctx), + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .cra_module = THIS_MODULE, .cra_alignmask = 3, .cra_list = LIST_HEAD_INIT(ifxdeu_des3_ede_alg.cra_list), .cra_u = { .cipher = { - .cia_min_keysize = DES_KEY_SIZE, - .cia_max_keysize = DES_KEY_SIZE, + .cia_min_keysize = DES3_EDE_KEY_SIZE, + .cia_max_keysize = DES3_EDE_KEY_SIZE, .cia_setkey = des3_ede_setkey, - .cia_encrypt = des_encrypt, - .cia_decrypt = des_decrypt } } + .cia_encrypt = ifx_deu_des_encrypt, + .cia_decrypt = ifx_deu_des_decrypt } } }; /*! \fn int ecb_des_encrypt(struct skcipher_req *req) @@ -488,7 +515,7 @@ struct crypto_alg ifxdeu_des3_ede_alg = { */ int ecb_des_encrypt(struct skcipher_request *req) { - struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); struct skcipher_walk walk; int err; unsigned int enc_bytes, nbytes; @@ -514,7 +541,7 @@ int ecb_des_encrypt(struct skcipher_request *req) */ int ecb_des_decrypt(struct skcipher_request *req) { - struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); struct skcipher_walk walk; int err; unsigned int dec_bytes, nbytes; @@ -542,7 +569,7 @@ struct skcipher_alg ifxdeu_ecb_des_alg = { .base.cra_priority = 400, .base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, .base.cra_blocksize = DES_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct des_ctx), + .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .base.cra_module = THIS_MODULE, .base.cra_list = LIST_HEAD_INIT(ifxdeu_ecb_des_alg.base.cra_list), .min_keysize = DES_KEY_SIZE, @@ -561,7 +588,7 @@ struct skcipher_alg ifxdeu_ecb_des3_ede_alg = { .base.cra_priority = 400, .base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, .base.cra_blocksize = DES3_EDE_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct des_ctx), + .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .base.cra_module = THIS_MODULE, .base.cra_list = LIST_HEAD_INIT(ifxdeu_ecb_des3_ede_alg.base.cra_list), .min_keysize = DES3_EDE_KEY_SIZE, @@ -579,7 +606,7 @@ struct skcipher_alg ifxdeu_ecb_des3_ede_alg = { */ int cbc_des_encrypt(struct skcipher_request *req) { - struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); struct skcipher_walk walk; int err; unsigned int enc_bytes, nbytes; @@ -607,7 +634,7 @@ int cbc_des_encrypt(struct skcipher_request *req) */ int cbc_des_decrypt(struct skcipher_request *req) { - struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); + struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm); struct skcipher_walk walk; int err; unsigned int dec_bytes, nbytes; @@ -636,7 +663,7 @@ struct skcipher_alg ifxdeu_cbc_des_alg = { .base.cra_priority = 400, .base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, .base.cra_blocksize = DES_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct des_ctx), + .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .base.cra_module = THIS_MODULE, .base.cra_list = LIST_HEAD_INIT(ifxdeu_cbc_des_alg.base.cra_list), .min_keysize = DES_KEY_SIZE, @@ -656,7 +683,7 @@ struct skcipher_alg ifxdeu_cbc_des3_ede_alg = { .base.cra_priority = 400, .base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY, .base.cra_blocksize = DES3_EDE_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct des_ctx), + .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx), .base.cra_module = THIS_MODULE, .base.cra_list = LIST_HEAD_INIT(ifxdeu_cbc_des3_ede_alg.base.cra_list), .min_keysize = DES3_EDE_KEY_SIZE, -- 2.30.2