From patchwork Fri Oct  6 15:51:08 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Romain Izard <romain.izard.pro@gmail.com>
X-Patchwork-Id: 822498
Return-Path: 
 <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;
	helo=bombadil.infradead.org;
	envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="XuPYNCi9";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="JTg7QXz0"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[65.50.211.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3y7vKW1PHdz9s3w
	for <incoming@patchwork.ozlabs.org>;
	Sat,  7 Oct 2017 02:52:31 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:
	Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=H6PremDGfgj5TUU2pTe+MMMlhMNFhxXNXJ/SvbM0eSA=;
	b=XuP
	YNCi93o62wsIj9LYHU6cIxVwVXNOBGdE7hQu5bEohfETXGZ6qNbLOskdt8K7JqgIos9UGqwFwDrU3
	F6CHyLTAJT2Bxp+nOtTzl5jGvWIEq3b5CtQQbgcLZH1DU2duSrwPeV+GdUHQV2JZptrbHOJZPhVw5
	hWV11PhsgZ3bVZzN/c17XAw0+Xe1+PbErDRMIC8SOYLh/YBRnORb0No49rAF1EwwTdug92k/8nmVA
	jfczBJvgfrZwwZGPTDDfpb62EkuTls/x3gkFdEuoJcwOVZEuRLWS5WxSS27gFkfjQa6hNF8DcWuJP
	NVpUKfTzx6D3KPn2QsY7fuXiCvOZrww==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))
	id 1e0UvH-0007SZ-AY; Fri, 06 Oct 2017 15:52:23 +0000
Received: from mail-wr0-f193.google.com ([209.85.128.193])
	by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))
	id 1e0Uua-0006fT-Nd; Fri, 06 Oct 2017 15:52:20 +0000
Received: by mail-wr0-f193.google.com with SMTP id l10so3211154wre.3;
	Fri, 06 Oct 2017 08:51:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=LptMXKGnFRpJE9xdmJKPhvfKBrLAFDMNW+WmGasfek4=;
	b=JTg7QXz0Yq6pIm8vmPr7T3VsOm9Prg/OLCyAkey2R4MMoWT/lFrSkEx84cKhXFrcKd
	I47VUrfTTNmkxbZL41YB4272RpCl9qzMMSj3bgoAX6CXWzzgNfsOFX/h8wbqa95SH+kx
	W4Zi5TnqPkZd/KKVjCdyy/0755LK9j4ArWkMqHwaBYW9ettjC019Z9wMzXEJehWV3X3H
	g2SzmbdGXohIJP5Smf2yxk3RrMoftq89XOENqarUI9K9YlDmD7xLQrXoE0YanxbRW6th
	xwQCIVh13SxQvZKoY/knJfw1a4T13e7PJ9aJD5AGJ/TOPEkEcuaeLOBrLw9SW239nkXe
	VjSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=LptMXKGnFRpJE9xdmJKPhvfKBrLAFDMNW+WmGasfek4=;
	b=GgRQJFrYfil67htmJyz9YQhY1TzBJYb1vmWLaOHFU9GrCj2NV5/GKkfVjXW13TA+Ru
	bPDekKE7ltw2BJogcNOYPjM76H9ZbAAC2iadOjHMiti1HHlYGD8kZ4pHOt4l24JrsgY8
	w46fZm5dVrKeuX3uCxCJrQV0mIRy92bI/0fdgQ2MAR2CAFtEkiQf9ACj+1GraYrqxnOM
	ESMoUDmddo8jXnGOcIcA66+rTCBUTXAlysoWfsjKAr7u1R3tep5S9hnOVgUpm7yDmr9S
	oXPvTh+Wx0J5IqD0WttV7JJcCQ7jw3x2zdVzAPEwrrX8rvo7/4TCltFxbDKGy2zvc/yA
	agFw==
X-Gm-Message-State: AMCzsaXkZsTsY7+FBSzHAV0z087GPLR/CR6AJ413TuFsZQ3pDRdBkDwr
	XztKf/VKmS9QzvjZ3nfBn+bfuQ==
X-Google-Smtp-Source: 
 AOwi7QApGh/eHVVCpVGakGUgYiIdAJ7ksXZyiNosVETF+DVdT7UO8CAfhzf4NMVYjaBmkBlvtiUuOg==
X-Received: by 10.223.151.51 with SMTP id r48mr2519617wrb.164.1507305077921;
	Fri, 06 Oct 2017 08:51:17 -0700 (PDT)
Received: from localhost.localdomain (146.187.3.109.rev.sfr.net.
	[109.3.187.146]) by smtp.gmail.com with ESMTPSA id
	a34sm4626961wra.64.2017.10.06.08.51.16
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 06 Oct 2017 08:51:17 -0700 (PDT)
From: Romain Izard <romain.izard.pro@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S . Miller" <davem@davemloft.net>
Subject: [PATCH] crypto: atmel-aes - properly set IV after {en,de}crypt
Date: Fri,  6 Oct 2017 17:51:08 +0200
Message-Id: <20171006155108.6581-1-romain.izard.pro@gmail.com>
X-Mailer: git-send-email 2.11.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20171006_085141_545662_075BFCF5 
X-CRM114-Status: GOOD (  11.82  )
X-Spam-Score: -4.3 (----)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-4.3 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [209.85.128.193 listed in list.dnswl.org]
	0.5 RCVD_IN_SORBS_SPAM     RBL: SORBS: sender is a spam source
	[209.85.128.193 listed in dnsbl.sorbs.net]
	-2.8 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
	[209.85.128.193 listed in wl.mailspike.net]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (romain.izard.pro[at]gmail.com)
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
X-BeenThere: linux-mtd@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-mtd/>
List-Post: <mailto:linux-mtd@lists.infradead.org>
List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>
Cc: David Gstir <david@sigma-star.at>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	linux-kernel@vger.kernel.org,
	Cyrille Pitchen <cyrille.pitchen@microchip.com>,
	linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org,
	Nicolas Feignon <nicolas.feignon@mobile-devices.fr>,
	Romain Izard <romain.izard.pro@gmail.com>,
	linux-arm-kernel@lists.infradead.org
MIME-Version: 1.0
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Certain cipher modes like CTS expect the IV (req->info) of
ablkcipher_request (or equivalently req->iv of skcipher_request) to
contain the last ciphertext block when the {en,de}crypt operation is done.

Fix this issue for the Atmel AES hardware engine. The tcrypt test
case for cts(cbc(aes)) is now correctly passed.

To handle the case of in-place decryption, copy the ciphertext in an
intermediate buffer before decryption.

Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
---
 drivers/crypto/atmel-aes.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 29e20c37f3a6..f22300babb45 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -156,6 +156,7 @@ struct atmel_aes_authenc_ctx {
 
 struct atmel_aes_reqctx {
 	unsigned long		mode;
+	u8			*backup_info;
 };
 
 #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC
@@ -496,6 +497,12 @@ static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err);
 
 static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
 {
+	struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
+	struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+	struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
+	int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+	bool enc = atmel_aes_is_encrypt(dd);
+
 #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC
 	atmel_aes_authenc_complete(dd, err);
 #endif
@@ -503,6 +510,15 @@ static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
 	clk_disable(dd->iclk);
 	dd->flags &= ~AES_FLAGS_BUSY;
 
+	if (enc) {
+		scatterwalk_map_and_copy(req->info, req->dst,
+					 req->nbytes - ivsize, ivsize, 0);
+	} else if (rctx->backup_info) {
+		memcpy(req->info, rctx->backup_info, ivsize);
+		kfree(rctx->backup_info);
+		rctx->backup_info = NULL;
+	}
+
 	if (dd->is_async)
 		dd->areq->complete(dd->areq, err);
 
@@ -959,13 +975,25 @@ static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd)
 static int atmel_aes_start(struct atmel_aes_dev *dd)
 {
 	struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
+	struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
 	struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
+	int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+	bool enc = atmel_aes_is_encrypt(dd);
 	bool use_dma = (req->nbytes >= ATMEL_AES_DMA_THRESHOLD ||
 			dd->ctx->block_size != AES_BLOCK_SIZE);
 	int err;
 
 	atmel_aes_set_mode(dd, rctx);
 
+	if (!enc) {
+		rctx->backup_info = kzalloc(ivsize, GFP_KERNEL);
+		if (rctx->backup_info == NULL)
+			return atmel_aes_complete(dd, -ENOMEM);
+
+		scatterwalk_map_and_copy(rctx->backup_info, req->src,
+				 (req->nbytes - ivsize), ivsize, 0);
+	}
+
 	err = atmel_aes_hw_init(dd);
 	if (err)
 		return atmel_aes_complete(dd, err);