Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: sahara - fix cbc selftest failure

The kernel crypto API requires that all CBC implementations update the IV
buffer to contain the last ciphertext block.

This fixes the following cbc selftest error:
alg: skcipher: sahara-cbc-aes encryption test failed (wrong output IV) on
test vector 0, cfg="in-place (one sglist)"

Fixes: 5de8875281e1 ("crypto: sahara - Add driver for SAHARA2 accelerator.")
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ovidiu Panait and committed by
Herbert Xu
9f10bc28 8fd18343

+31 -2
+31 -2
drivers/crypto/sahara.c
··· 148 148 149 149 struct sahara_aes_reqctx { 150 150 unsigned long mode; 151 + u8 iv_out[AES_BLOCK_SIZE]; 151 152 struct skcipher_request fallback_req; // keep at the end 152 153 }; 153 154 ··· 542 541 return -EINVAL; 543 542 } 544 543 544 + static void sahara_aes_cbc_update_iv(struct skcipher_request *req) 545 + { 546 + struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 547 + struct sahara_aes_reqctx *rctx = skcipher_request_ctx(req); 548 + unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 549 + 550 + /* Update IV buffer to contain the last ciphertext block */ 551 + if (rctx->mode & FLAGS_ENCRYPT) { 552 + sg_pcopy_to_buffer(req->dst, sg_nents(req->dst), req->iv, 553 + ivsize, req->cryptlen - ivsize); 554 + } else { 555 + memcpy(req->iv, rctx->iv_out, ivsize); 556 + } 557 + } 558 + 545 559 static int sahara_aes_process(struct skcipher_request *req) 546 560 { 561 + struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); 547 562 struct sahara_dev *dev = dev_ptr; 548 563 struct sahara_ctx *ctx; 549 564 struct sahara_aes_reqctx *rctx; ··· 581 564 rctx->mode &= FLAGS_MODE_MASK; 582 565 dev->flags = (dev->flags & ~FLAGS_MODE_MASK) | rctx->mode; 583 566 584 - if ((dev->flags & FLAGS_CBC) && req->iv) 585 - memcpy(dev->iv_base, req->iv, AES_KEYSIZE_128); 567 + if ((dev->flags & FLAGS_CBC) && req->iv) { 568 + unsigned int ivsize = crypto_skcipher_ivsize(skcipher); 569 + 570 + memcpy(dev->iv_base, req->iv, ivsize); 571 + 572 + if (!(dev->flags & FLAGS_ENCRYPT)) { 573 + sg_pcopy_to_buffer(req->src, sg_nents(req->src), 574 + rctx->iv_out, ivsize, 575 + req->cryptlen - ivsize); 576 + } 577 + } 586 578 587 579 /* assign new context to device */ 588 580 dev->ctx = ctx; ··· 613 587 DMA_FROM_DEVICE); 614 588 dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 615 589 DMA_TO_DEVICE); 590 + 591 + if ((dev->flags & FLAGS_CBC) && req->iv) 592 + sahara_aes_cbc_update_iv(req); 616 593 617 594 return 0; 618 595 }