| Message ID | 1563494276-3993-9-git-send-email-iuliana.prodan@nxp.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: caam - fixes for kernel v5.3 | expand |
On 7/19/2019 2:58 AM, Iuliana Prodan wrote: > Update share descriptor for rfc4106 to skip instructions in case > cryptlen is zero. If no instructions are jumped the DECO hangs and a > timeout error is thrown. > > Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> > --- > drivers/crypto/caam/caamalg_desc.c | 46 +++++++++++++++++++++++++------------- > drivers/crypto/caam/caamalg_desc.h | 2 +- > 2 files changed, 31 insertions(+), 17 deletions(-) > > diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c > index 7253183..99f419a 100644 > --- a/drivers/crypto/caam/caamalg_desc.c > +++ b/drivers/crypto/caam/caamalg_desc.c > @@ -843,13 +843,16 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); > * @ivsize: initialization vector size > * @icvsize: integrity check value (ICV) size (truncated or full) > * @is_qi: true when called from caam/qi > + * > + * Input sequence: AAD | PTXT > + * Output sequence: AAD | CTXT | ICV > + * AAD length (assoclen), which includes the IV length, is available in Math3. > */ > void cnstr_shdsc_rfc4106_encap(u32 * const desc, struct alginfo *cdata, > unsigned int ivsize, unsigned int icvsize, > const bool is_qi) > { > - u32 *key_jump_cmd; > - > + u32 *key_jump_cmd, *zero_cryptlen_jump_cmd, *skip_instructions; > init_sh_desc(desc, HDR_SHARE_SERIAL); > > /* Skip key loading if it is loaded due to sharing */ > @@ -890,26 +893,25 @@ void cnstr_shdsc_rfc4106_encap(u32 * const desc, struct alginfo *cdata, > } > > append_math_sub_imm_u32(desc, VARSEQINLEN, REG3, IMM, ivsize); > - append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); > + append_math_add(desc, VARSEQOUTLEN, REG0, REG3, CAAM_CMD_SZ); > Why is this needed? -all math registers are zero when descriptors start execution -all caam hw revisions have support for math instruction with ZERO as first operand -descriptor size stays the same > - /* Read assoc data */ > + /* Skip AAD */ > + append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); > + > + /* Read cryptlen and set this value into VARSEQOUTLEN */ > + append_math_sub(desc, VARSEQOUTLEN, SEQINLEN, REG3, CAAM_CMD_SZ); > + > + /* If cryptlen is ZERO jump to AAD command */ > + zero_cryptlen_jump_cmd = append_jump(desc, JUMP_TEST_ALL | > + JUMP_COND_MATH_Z); > + > + /* Read AAD data */ > append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | > FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); > > /* Skip IV */ > append_seq_fifo_load(desc, ivsize, FIFOLD_CLASS_SKIP); > - > - /* Will read cryptlen bytes */ > - append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); > - > - /* Workaround for erratum A-005473 (simultaneous SEQ FIFO skips) */ > - append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLD_TYPE_MSG); > - Erratum workaround is dropped without any explanation. The trigger condition (SKIPs both in input and output sequence) still exists. The descriptor should be validated on a caam with erratum not fixed (era < 6). Horia
diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 7253183..99f419a 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -843,13 +843,16 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); * @ivsize: initialization vector size * @icvsize: integrity check value (ICV) size (truncated or full) * @is_qi: true when called from caam/qi + * + * Input sequence: AAD | PTXT + * Output sequence: AAD | CTXT | ICV + * AAD length (assoclen), which includes the IV length, is available in Math3. */ void cnstr_shdsc_rfc4106_encap(u32 * const desc, struct alginfo *cdata, unsigned int ivsize, unsigned int icvsize, const bool is_qi) { - u32 *key_jump_cmd; - + u32 *key_jump_cmd, *zero_cryptlen_jump_cmd, *skip_instructions; init_sh_desc(desc, HDR_SHARE_SERIAL); /* Skip key loading if it is loaded due to sharing */ @@ -890,26 +893,25 @@ void cnstr_shdsc_rfc4106_encap(u32 * const desc, struct alginfo *cdata, } append_math_sub_imm_u32(desc, VARSEQINLEN, REG3, IMM, ivsize); - append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); + append_math_add(desc, VARSEQOUTLEN, REG0, REG3, CAAM_CMD_SZ); - /* Read assoc data */ + /* Skip AAD */ + append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); + + /* Read cryptlen and set this value into VARSEQOUTLEN */ + append_math_sub(desc, VARSEQOUTLEN, SEQINLEN, REG3, CAAM_CMD_SZ); + + /* If cryptlen is ZERO jump to AAD command */ + zero_cryptlen_jump_cmd = append_jump(desc, JUMP_TEST_ALL | + JUMP_COND_MATH_Z); + + /* Read AAD data */ append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); /* Skip IV */ append_seq_fifo_load(desc, ivsize, FIFOLD_CLASS_SKIP); - - /* Will read cryptlen bytes */ - append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); - - /* Workaround for erratum A-005473 (simultaneous SEQ FIFO skips) */ - append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLD_TYPE_MSG); - - /* Skip assoc data */ - append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); - - /* cryptlen = seqoutlen - assoclen */ - append_math_sub(desc, VARSEQOUTLEN, VARSEQINLEN, REG0, CAAM_CMD_SZ); + append_math_add(desc, VARSEQINLEN, VARSEQOUTLEN, REG0, CAAM_CMD_SZ); /* Write encrypted data */ append_seq_fifo_store(desc, 0, FIFOST_TYPE_MESSAGE_DATA | FIFOLDST_VLF); @@ -918,6 +920,18 @@ void cnstr_shdsc_rfc4106_encap(u32 * const desc, struct alginfo *cdata, append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_MSG | FIFOLD_TYPE_LAST1); + /* Jump instructions to avoid double reading of AAD */ + skip_instructions = append_jump(desc, JUMP_TEST_ALL); + + /* There is no input data, cryptlen = 0 */ + set_jump_tgt_here(desc, zero_cryptlen_jump_cmd); + + /* Read AAD */ + append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | + FIFOLD_TYPE_AAD | FIFOLD_TYPE_LAST1); + + set_jump_tgt_here(desc, skip_instructions); + /* Write ICV */ append_seq_store(desc, icvsize, LDST_CLASS_1_CCB | LDST_SRCDST_BYTE_CONTEXT); diff --git a/drivers/crypto/caam/caamalg_desc.h b/drivers/crypto/caam/caamalg_desc.h index da4a4ee..a49fb53 100644 --- a/drivers/crypto/caam/caamalg_desc.h +++ b/drivers/crypto/caam/caamalg_desc.h @@ -31,7 +31,7 @@ #define DESC_QI_GCM_DEC_LEN (DESC_GCM_DEC_LEN + 3 * CAAM_CMD_SZ) #define DESC_RFC4106_BASE (3 * CAAM_CMD_SZ) -#define DESC_RFC4106_ENC_LEN (DESC_RFC4106_BASE + 13 * CAAM_CMD_SZ) +#define DESC_RFC4106_ENC_LEN (DESC_RFC4106_BASE + 15 * CAAM_CMD_SZ) #define DESC_RFC4106_DEC_LEN (DESC_RFC4106_BASE + 13 * CAAM_CMD_SZ) #define DESC_QI_RFC4106_ENC_LEN (DESC_RFC4106_ENC_LEN + 5 * CAAM_CMD_SZ) #define DESC_QI_RFC4106_DEC_LEN (DESC_RFC4106_DEC_LEN + 5 * CAAM_CMD_SZ)
Update share descriptor for rfc4106 to skip instructions in case cryptlen is zero. If no instructions are jumped the DECO hangs and a timeout error is thrown. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> --- drivers/crypto/caam/caamalg_desc.c | 46 +++++++++++++++++++++++++------------- drivers/crypto/caam/caamalg_desc.h | 2 +- 2 files changed, 31 insertions(+), 17 deletions(-)