diff mbox series

[1/2] crypto: atmel-tdes - Set the IV after {en,de}crypt

Message ID 20191115134854.30190-1-tudor.ambarus@microchip.com (mailing list archive)
State Mainlined
Commit 61b0dd664fa1873501297efbb12e5684aff074d4
Headers show
Series [1/2] crypto: atmel-tdes - Set the IV after {en,de}crypt | expand

Commit Message

Tudor Ambarus Nov. 15, 2019, 1:49 p.m. UTC
From: Tudor Ambarus <tudor.ambarus@microchip.com>

The req->iv of the skcipher_request is expected to contain the
last ciphertext block when the {en,de}crypt operation is done.
In case of in-place decryption, copy the ciphertext in an
intermediate buffer before decryption.

This fixes the following tcrypt tests:
alg: skcipher: atmel-cbc-des encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
00000000: fe dc ba 98 76 54 32 10
alg: skcipher: atmel-cbc-tdes encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
00000000: 7d 33 88 93 0f 93 b2 42

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
---
 drivers/crypto/atmel-tdes.c | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

Comments

Herbert Xu Nov. 22, 2019, 11:09 a.m. UTC | #1
On Fri, Nov 15, 2019 at 01:49:06PM +0000, Tudor.Ambarus@microchip.com wrote:
> From: Tudor Ambarus <tudor.ambarus@microchip.com>
> 
> The req->iv of the skcipher_request is expected to contain the
> last ciphertext block when the {en,de}crypt operation is done.
> In case of in-place decryption, copy the ciphertext in an
> intermediate buffer before decryption.
> 
> This fixes the following tcrypt tests:
> alg: skcipher: atmel-cbc-des encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> 00000000: fe dc ba 98 76 54 32 10
> alg: skcipher: atmel-cbc-tdes encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> 00000000: 7d 33 88 93 0f 93 b2 42
> 
> Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
> ---
>  drivers/crypto/atmel-tdes.c | 40 ++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 38 insertions(+), 2 deletions(-)

All applied.  Thanks.
Tudor Ambarus Nov. 27, 2019, 4:56 p.m. UTC | #2
On 11/15/19 3:49 PM, Tudor Ambarus - M18064 wrote:
>  static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
>  {
>  	struct skcipher_request *req = dd->req;
> @@ -580,6 +605,8 @@ static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
>  
>  	dd->flags &= ~TDES_FLAGS_BUSY;
>  
> +	atmel_tdes_set_iv_as_last_ciphertext_block(dd);

ECB mode does not use an IV, I should probably exclude the update of IV for the
ECB mode. v2 will follow.

> +
>  	req->base.complete(&req->base, err);
>  }
Herbert Xu Nov. 28, 2019, 2:33 a.m. UTC | #3
On Wed, Nov 27, 2019 at 04:56:37PM +0000, Tudor.Ambarus@microchip.com wrote:
> 
> 
> On 11/15/19 3:49 PM, Tudor Ambarus - M18064 wrote:
> >  static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
> >  {
> >  	struct skcipher_request *req = dd->req;
> > @@ -580,6 +605,8 @@ static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
> >  
> >  	dd->flags &= ~TDES_FLAGS_BUSY;
> >  
> > +	atmel_tdes_set_iv_as_last_ciphertext_block(dd);
> 
> ECB mode does not use an IV, I should probably exclude the update of IV for the
> ECB mode. v2 will follow.

Please send an incremental patch as this one has already been
applied.

Thanks,
diff mbox series

Patch

diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
index bb7c0a387c04..0c1f79b30fc1 100644
--- a/drivers/crypto/atmel-tdes.c
+++ b/drivers/crypto/atmel-tdes.c
@@ -81,6 +81,7 @@  struct atmel_tdes_ctx {
 
 struct atmel_tdes_reqctx {
 	unsigned long mode;
+	u8 lastc[DES_BLOCK_SIZE];
 };
 
 struct atmel_tdes_dma {
@@ -572,6 +573,30 @@  static int atmel_tdes_crypt_start(struct atmel_tdes_dev *dd)
 	return err;
 }
 
+static void
+atmel_tdes_set_iv_as_last_ciphertext_block(struct atmel_tdes_dev *dd)
+{
+	struct skcipher_request *req = dd->req;
+	struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
+	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+	unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+	if (req->cryptlen < ivsize)
+		return;
+
+	if (rctx->mode & TDES_FLAGS_ENCRYPT) {
+		scatterwalk_map_and_copy(req->iv, req->dst,
+					 req->cryptlen - ivsize, ivsize, 0);
+	} else {
+		if (req->src == req->dst)
+			memcpy(req->iv, rctx->lastc, ivsize);
+		else
+			scatterwalk_map_and_copy(req->iv, req->src,
+						 req->cryptlen - ivsize,
+						 ivsize, 0);
+	}
+}
+
 static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
 {
 	struct skcipher_request *req = dd->req;
@@ -580,6 +605,8 @@  static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
 
 	dd->flags &= ~TDES_FLAGS_BUSY;
 
+	atmel_tdes_set_iv_as_last_ciphertext_block(dd);
+
 	req->base.complete(&req->base, err);
 }
 
@@ -668,8 +695,8 @@  static int atmel_tdes_crypt_dma_stop(struct atmel_tdes_dev *dd)
 
 static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
 {
-	struct atmel_tdes_ctx *ctx = crypto_skcipher_ctx(
-			crypto_skcipher_reqtfm(req));
+	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+	struct atmel_tdes_ctx *ctx = crypto_skcipher_ctx(skcipher);
 	struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
 
 	if (mode & TDES_FLAGS_CFB8) {
@@ -700,6 +727,15 @@  static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
 
 	rctx->mode = mode;
 
+	if (!(mode & TDES_FLAGS_ENCRYPT) && req->src == req->dst) {
+		unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+		if (req->cryptlen >= ivsize)
+			scatterwalk_map_and_copy(rctx->lastc, req->src,
+						 req->cryptlen - ivsize,
+						 ivsize, 0);
+	}
+
 	return atmel_tdes_handle_queue(ctx->dd, req);
 }