target/linux/apm821xx/patches-4.14/021-0005-crypto-crypto4xx-perform-aead-icv-check-in-the-drive.patch

   1 From 5b3856d1d98e6f6a58b70c1c0d7da3fb5f042e9c Mon Sep 17 00:00:00 2001
   2 From: Christian Lamparter <chunkeey@gmail.com>
   3 Date: Thu, 21 Dec 2017 16:00:01 +0100
   4 Subject: [PATCH 5/6] crypto: crypto4xx - perform aead icv check in the driver
   5
   6 The ccm-aes-ppc4xx now fails one of testmgr's expected
   7 failure test cases as such:
   8
   9 alg: aead: decryption failed on test 10 for ccm-aes-ppc4xx: ret was 0, expected -EBADMSG
  10
  11 Upon closer inspection, it turned out that the hardware's
  12 crypto flags that would indicate an authentification failure
  13 are not set by the hardware. The original vendor source from
  14 which this was ported does not have any special code or notes
  15 about why this would happen or if there are any WAs.
  16
  17 Hence, this patch converts the aead_done callback handler to
  18 perform the icv check in the driver. And this fixes the false
  19 negative and the ccm-aes-ppc4xx passes the selftests once again.
  20
  21 |name         : ccm(aes)
  22 |driver       : ccm-aes-ppc4xx
  23 |module       : crypto4xx
  24 |priority     : 300
  25 |refcnt       : 1
  26 |selftest     : passed
  27 |internal     : no
  28 |type         : aead
  29 |async        : yes
  30 |blocksize    : 1
  31 |ivsize       : 16
  32 |maxauthsize  : 16
  33 |geniv        : <none>
  34
  35 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  36 ---
  37  drivers/crypto/amcc/crypto4xx_alg.c  |  6 +---
  38  drivers/crypto/amcc/crypto4xx_core.c | 54 ++++++++++++++++++------------------
  39  2 files changed, 28 insertions(+), 32 deletions(-)
  40
  41 --- a/drivers/crypto/amcc/crypto4xx_alg.c
  42 +++ b/drivers/crypto/amcc/crypto4xx_alg.c
  43 @@ -257,10 +257,6 @@ static inline bool crypto4xx_aead_need_f
  44         if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3))
  45                 return true;
  46
  47 -       /* CCM - fix CBC MAC mismatch in special case */
  48 -       if (is_ccm && decrypt && !req->assoclen)
  49 -               return true;
  50 -
  51         return false;
  52  }
  53
  54 @@ -331,7 +327,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp
  55         sa = (struct dynamic_sa_ctl *) ctx->sa_in;
  56         sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2);
  57
  58 -       set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV,
  59 +       set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV,
  60                                  SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
  61                                  SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC,
  62                                  SA_CIPHER_ALG_AES,
  63 --- a/drivers/crypto/amcc/crypto4xx_core.c
  64 +++ b/drivers/crypto/amcc/crypto4xx_core.c
  65 @@ -582,15 +582,14 @@ static void crypto4xx_aead_done(struct c
  66                                 struct pd_uinfo *pd_uinfo,
  67                                 struct ce_pd *pd)
  68  {
  69 -       struct aead_request *aead_req;
  70 -       struct crypto4xx_ctx *ctx;
  71 +       struct aead_request *aead_req = container_of(pd_uinfo->async_req,
  72 +               struct aead_request, base);
  73         struct scatterlist *dst = pd_uinfo->dest_va;
  74 +       size_t cp_len = crypto_aead_authsize(
  75 +               crypto_aead_reqtfm(aead_req));
  76 +       u32 icv[cp_len];
  77         int err = 0;
  78
  79 -       aead_req = container_of(pd_uinfo->async_req, struct aead_request,
  80 -                               base);
  81 -       ctx  = crypto_tfm_ctx(aead_req->base.tfm);
  82 -
  83         if (pd_uinfo->using_sd) {
  84                 crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo,
  85                                           pd->pd_ctl_len.bf.pkt_len,
  86 @@ -602,38 +601,39 @@ static void crypto4xx_aead_done(struct c
  87
  88         if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) {
  89                 /* append icv at the end */
  90 -               size_t cp_len = crypto_aead_authsize(
  91 -                       crypto_aead_reqtfm(aead_req));
  92 -               u32 icv[cp_len];
  93 -
  94                 crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest,
  95                                            cp_len);
  96
  97                 scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen,
  98                                          cp_len, 1);
  99 +       } else {
 100 +               /* check icv at the end */
 101 +               scatterwalk_map_and_copy(icv, aead_req->src,
 102 +                       aead_req->assoclen + aead_req->cryptlen -
 103 +                       cp_len, cp_len, 0);
 104 +
 105 +               crypto4xx_memcpy_from_le32(icv, icv, cp_len);
 106 +
 107 +               if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len))
 108 +                       err = -EBADMSG;
 109         }
 110
 111         crypto4xx_ret_sg_desc(dev, pd_uinfo);
 112
 113         if (pd->pd_ctl.bf.status & 0xff) {
 114 -               if (pd->pd_ctl.bf.status & 0x1) {
 115 -                       /* authentication error */
 116 -                       err = -EBADMSG;
 117 -               } else {
 118 -                       if (!__ratelimit(&dev->aead_ratelimit)) {
 119 -                               if (pd->pd_ctl.bf.status & 2)
 120 -                                       pr_err("pad fail error\n");
 121 -                               if (pd->pd_ctl.bf.status & 4)
 122 -                                       pr_err("seqnum fail\n");
 123 -                               if (pd->pd_ctl.bf.status & 8)
 124 -                                       pr_err("error _notify\n");
 125 -                               pr_err("aead return err status = 0x%02x\n",
 126 -                                       pd->pd_ctl.bf.status & 0xff);
 127 -                               pr_err("pd pad_ctl = 0x%08x\n",
 128 -                                       pd->pd_ctl.bf.pd_pad_ctl);
 129 -                       }
 130 -                       err = -EINVAL;
 131 +               if (!__ratelimit(&dev->aead_ratelimit)) {
 132 +                       if (pd->pd_ctl.bf.status & 2)
 133 +                               pr_err("pad fail error\n");
 134 +                       if (pd->pd_ctl.bf.status & 4)
 135 +                               pr_err("seqnum fail\n");
 136 +                       if (pd->pd_ctl.bf.status & 8)
 137 +                               pr_err("error _notify\n");
 138 +                       pr_err("aead return err status = 0x%02x\n",
 139 +                               pd->pd_ctl.bf.status & 0xff);
 140 +                       pr_err("pd pad_ctl = 0x%08x\n",
 141 +                               pd->pd_ctl.bf.pd_pad_ctl);
 142                 }
 143 +               err = -EINVAL;
 144         }
 145
 146         if (pd_uinfo->state & PD_ENTRY_BUSY)