Message ID | 20200806163551.14395-5-andrei.botila@oss.nxp.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Herbert Xu |
Headers | show |
Series | crypto: caam - xts(aes) updates | expand |
On 8/6/2020 7:36 PM, Andrei Botila (OSS) wrote: > @@ -1790,7 +1792,9 @@ static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt) > if (!req->cryptlen) > return 0; > > - if (ctx->fallback && xts_skcipher_ivsize(req)) { > + if (ctx->fallback && (xts_skcipher_ivsize(req) || > + (ctx->cdata.keylen != 2 * AES_KEYSIZE_128 && > + ctx->cdata.keylen != 2 * AES_KEYSIZE_256))) { Let's avoid doing this check for every request. This could be achieved by moving it into the .setkey callback and setting a flag in the caam_ctx indicating if the fallback is needed or not for this tfm. Horia
Hi [This is an automated email] This commit has been processed because it contains a "Fixes:" tag fixing commit: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)"). The bot has tested the following trees: v5.8.1, v5.7.15, v5.4.58, v4.19.139, v4.14.193, v4.9.232, v4.4.232. v5.8.1: Failed to apply! Possible dependencies: 2d4d8e196706 ("crypto: caam/jr - add fallback for XTS with more than 8B IV") 528f776df67c ("crypto: qat - allow xts requests not multiple of block") a85211f36f3d ("crypto: qat - fallback for xts with 192 bit keys") b185a68710e0 ("crypto: qat - validate xts key") b8aa7dc5c753 ("crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY") da6a66853a38 ("crypto: caam - silence .setkey in case of bad key length") v5.7.15: Failed to apply! Possible dependencies: 2d4d8e196706 ("crypto: caam/jr - add fallback for XTS with more than 8B IV") 528f776df67c ("crypto: qat - allow xts requests not multiple of block") a85211f36f3d ("crypto: qat - fallback for xts with 192 bit keys") b185a68710e0 ("crypto: qat - validate xts key") b8aa7dc5c753 ("crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY") da6a66853a38 ("crypto: caam - silence .setkey in case of bad key length") v5.4.58: Failed to apply! Possible dependencies: 2d4d8e196706 ("crypto: caam/jr - add fallback for XTS with more than 8B IV") 4d370a103695 ("crypto: caam - change return code in caam_jr_enqueue function") b7f17fe28144 ("crypto: caam - refactor skcipher/aead/gcm/chachapoly {en,de}crypt functions") d53e44fe980b ("crypto: caam - refactor RSA private key _done callbacks") ee38767f152a ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") v4.19.139: Failed to apply! Possible dependencies: 0efa7579f3de ("crypto: caam - export ahash shared descriptor generation") 1b46c90c8e00 ("crypto: caam - convert top level drivers to libraries") 226853ac3ebe ("crypto: caam/qi2 - add skcipher algorithms") 8d818c105501 ("crypto: caam/qi2 - add DPAA2-CAAM driver") 94cebd9da42c ("crypto: caam - add Queue Interface v2 error codes") 96808c596580 ("crypto: caam/qi2 - add CONFIG_NETDEVICES dependency") ee38767f152a ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") v4.14.193: Failed to apply! Possible dependencies: 0efa7579f3de ("crypto: caam - export ahash shared descriptor generation") 1b46c90c8e00 ("crypto: caam - convert top level drivers to libraries") 226853ac3ebe ("crypto: caam/qi2 - add skcipher algorithms") 8d818c105501 ("crypto: caam/qi2 - add DPAA2-CAAM driver") 94cebd9da42c ("crypto: caam - add Queue Interface v2 error codes") 96808c596580 ("crypto: caam/qi2 - add CONFIG_NETDEVICES dependency") ee38767f152a ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") v4.9.232: Failed to apply! Possible dependencies: 1b008eedb0af ("crypto: caam - remove unused command from aead givencrypt") 281669dfbabe ("crypto: caam - rewrite some generic inline append cmds") 4cbe79ccb523 ("crypto: caam - improve key inlining") 62ad8b5c0964 ("crypto: cavium - Enable CPT options crypto for build") 64c9295b2320 ("crypto: caam - move append_key_aead() into init_sh_desc_key_aead()") 8cea7b66b821 ("crypto: caam - refactor encryption descriptors generation") 8d818c105501 ("crypto: caam/qi2 - add DPAA2-CAAM driver") db57656b0072 ("crypto: caam - group algorithm related params") ee38767f152a ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") v4.4.232: Failed to apply! Possible dependencies: 1b008eedb0af ("crypto: caam - remove unused command from aead givencrypt") 4cbe79ccb523 ("crypto: caam - improve key inlining") 5ba1c7b5ffc1 ("crypto: caam - fix rfc3686(ctr(aes)) IV load") 64c9295b2320 ("crypto: caam - move append_key_aead() into init_sh_desc_key_aead()") 8c419778ab57 ("crypto: caam - add support for RSA algorithm") 8cea7b66b821 ("crypto: caam - refactor encryption descriptors generation") d6e7a7d0c2c5 ("crypto: caam - Rename jump labels in ahash_setkey()") db57656b0072 ("crypto: caam - group algorithm related params") e11793f5dad8 ("crypto: caam - ensure descriptor buffers are cacheline aligned") NOTE: The patch will not be queued to stable trees until it is upstream. How should we proceed with this patch?
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index ebf4dc87ca2e..a5447ae430b0 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -57,6 +57,7 @@ #include "key_gen.h" #include "caamalg_desc.h" #include <crypto/engine.h> +#include <crypto/xts.h> #include <asm/unaligned.h> /* @@ -835,9 +836,10 @@ static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, u32 *desc; int err; - if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) { + err = xts_verify_key(skcipher, key, keylen); + if (err) { dev_dbg(jrdev, "key size mismatch\n"); - return -EINVAL; + return err; } err = crypto_skcipher_setkey(ctx->fallback, key, keylen); @@ -1790,7 +1792,9 @@ static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt) if (!req->cryptlen) return 0; - if (ctx->fallback && xts_skcipher_ivsize(req)) { + if (ctx->fallback && (xts_skcipher_ivsize(req) || + (ctx->cdata.keylen != 2 * AES_KEYSIZE_128 && + ctx->cdata.keylen != 2 * AES_KEYSIZE_256))) { struct caam_skcipher_req_ctx *rctx = skcipher_request_ctx(req); skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback);