* [PATCH 03/11] crypto: ccree - fix AEAD decrypt auth fail
[not found] <20200116101447.20374-1-gilad@benyossef.com>
@ 2020-01-16 10:14 ` Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 05/11] crypto: ccree - fix pm wrongful error reporting Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence Gilad Ben-Yossef
2 siblings, 0 replies; 5+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-16 10:14 UTC (permalink / raw)
To: Herbert Xu, David S. Miller
Cc: Ofir Drang, Hadar Gat, stable, linux-crypto, linux-kernel
On AEAD decryption authentication failure we are suppose to
zero out the output plaintext buffer. However, we've missed
skipping the optional associated data that may prefix the
ciphertext. This commit fixes this issue.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Fixes: e88b27c8eaa8 ("crypto: ccree - use std api sg_zero_buffer")
Cc: stable@vger.kernel.org
---
drivers/crypto/ccree/cc_aead.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index d014c8e063a7..754de302a3b5 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -237,7 +237,7 @@ static void cc_aead_complete(struct device *dev, void *cc_req, int err)
* revealed the decrypted message --> zero its memory.
*/
sg_zero_buffer(areq->dst, sg_nents(areq->dst),
- areq->cryptlen, 0);
+ areq->cryptlen, areq->assoclen);
err = -EBADMSG;
}
/*ENCRYPT*/
--
2.23.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 05/11] crypto: ccree - fix pm wrongful error reporting
[not found] <20200116101447.20374-1-gilad@benyossef.com>
2020-01-16 10:14 ` [PATCH 03/11] crypto: ccree - fix AEAD decrypt auth fail Gilad Ben-Yossef
@ 2020-01-16 10:14 ` Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence Gilad Ben-Yossef
2 siblings, 0 replies; 5+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-16 10:14 UTC (permalink / raw)
To: Herbert Xu, David S. Miller
Cc: Ofir Drang, Hadar Gat, stable, linux-crypto, linux-kernel
pm_runtime_get_sync() can return 1 as a valid (none error) return
code. Treat it as such.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
---
drivers/crypto/ccree/cc_pm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/ccree/cc_pm.c b/drivers/crypto/ccree/cc_pm.c
index 4de25c85d127..79c612144310 100644
--- a/drivers/crypto/ccree/cc_pm.c
+++ b/drivers/crypto/ccree/cc_pm.c
@@ -85,7 +85,7 @@ int cc_pm_get(struct device *dev)
else
pm_runtime_get_noresume(dev);
- return rc;
+ return (rc == 1 ? 0 : rc);
}
int cc_pm_put_suspend(struct device *dev)
--
2.23.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence
[not found] <20200116101447.20374-1-gilad@benyossef.com>
2020-01-16 10:14 ` [PATCH 03/11] crypto: ccree - fix AEAD decrypt auth fail Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 05/11] crypto: ccree - fix pm wrongful error reporting Gilad Ben-Yossef
@ 2020-01-16 10:14 ` Gilad Ben-Yossef
[not found] ` <20200119152653.6E37B20678@mail.kernel.org>
2 siblings, 1 reply; 5+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-16 10:14 UTC (permalink / raw)
To: Herbert Xu, David S. Miller
Cc: Ofir Drang, Hadar Gat, stable, linux-crypto, linux-kernel
From: Ofir Drang <ofir.drang@arm.com>
In FDE mode (xts, essiv and bitlocker) the cryptocell hardware requires
that the the XEX key will be loaded after Key1.
Signed-off-by: Ofir Drang <ofir.drang@arm.com>
Cc: stable@vger.kernel.org
---
drivers/crypto/ccree/cc_cipher.c | 48 ++++++++++++++++++++++++++++++--
1 file changed, 45 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index 03aa4fb8e6cb..7d6252d892d7 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -520,6 +520,7 @@ static void cc_setup_readiv_desc(struct crypto_tfm *tfm,
}
}
+
static void cc_setup_state_desc(struct crypto_tfm *tfm,
struct cipher_req_ctx *req_ctx,
unsigned int ivsize, unsigned int nbytes,
@@ -531,8 +532,6 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
int cipher_mode = ctx_p->cipher_mode;
int flow_mode = ctx_p->flow_mode;
int direction = req_ctx->gen_ctx.op_type;
- dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
- unsigned int key_len = ctx_p->keylen;
dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
unsigned int du_size = nbytes;
@@ -567,6 +566,47 @@ static void cc_setup_state_desc(struct crypto_tfm *tfm,
break;
case DRV_CIPHER_XTS:
case DRV_CIPHER_ESSIV:
+ case DRV_CIPHER_BITLOCKER:
+ break;
+ default:
+ dev_err(dev, "Unsupported cipher mode (%d)\n", cipher_mode);
+ }
+}
+
+
+static void cc_setup_xex_state_desc(struct crypto_tfm *tfm,
+ struct cipher_req_ctx *req_ctx,
+ unsigned int ivsize, unsigned int nbytes,
+ struct cc_hw_desc desc[],
+ unsigned int *seq_size)
+{
+ struct cc_cipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
+ struct device *dev = drvdata_to_dev(ctx_p->drvdata);
+ int cipher_mode = ctx_p->cipher_mode;
+ int flow_mode = ctx_p->flow_mode;
+ int direction = req_ctx->gen_ctx.op_type;
+ dma_addr_t key_dma_addr = ctx_p->user.key_dma_addr;
+ unsigned int key_len = ctx_p->keylen;
+ dma_addr_t iv_dma_addr = req_ctx->gen_ctx.iv_dma_addr;
+ unsigned int du_size = nbytes;
+
+ struct cc_crypto_alg *cc_alg =
+ container_of(tfm->__crt_alg, struct cc_crypto_alg,
+ skcipher_alg.base);
+
+ if (cc_alg->data_unit)
+ du_size = cc_alg->data_unit;
+
+ switch (cipher_mode) {
+ case DRV_CIPHER_ECB:
+ break;
+ case DRV_CIPHER_CBC:
+ case DRV_CIPHER_CBC_CTS:
+ case DRV_CIPHER_CTR:
+ case DRV_CIPHER_OFB:
+ break;
+ case DRV_CIPHER_XTS:
+ case DRV_CIPHER_ESSIV:
case DRV_CIPHER_BITLOCKER:
/* load XEX key */
hw_desc_init(&desc[*seq_size]);
@@ -877,12 +917,14 @@ static int cc_cipher_process(struct skcipher_request *req,
/* STAT_PHASE_2: Create sequence */
- /* Setup IV and XEX key used */
+ /* Setup state (IV) */
cc_setup_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
/* Setup MLLI line, if needed */
cc_setup_mlli_desc(tfm, req_ctx, dst, src, nbytes, req, desc, &seq_len);
/* Setup key */
cc_setup_key_desc(tfm, req_ctx, nbytes, desc, &seq_len);
+ /* Setup state (IV and XEX key) */
+ cc_setup_xex_state_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len);
/* Data processing */
cc_setup_flow_desc(tfm, req_ctx, dst, src, nbytes, desc, &seq_len);
/* Read next IV */
--
2.23.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence
[not found] ` <20200119152653.6E37B20678@mail.kernel.org>
@ 2020-01-20 14:27 ` Gilad Ben-Yossef
2020-01-21 9:35 ` Gilad Ben-Yossef
0 siblings, 1 reply; 5+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-20 14:27 UTC (permalink / raw)
To: Sasha Levin; +Cc: Ofir Drang, Herbert Xu, Hadar Gat, stable
Hi Sasha,
On Sun, Jan 19, 2020 at 5:26 PM Sasha Levin <sashal@kernel.org> wrote:
>
> Hi,
>
> [This is an automated email]
>
> This commit has been processed because it contains a -stable tag.
> The stable tag indicates that it's relevant for the following trees: all
>
> The bot has tested the following trees: v5.4.13, v4.19.97, v4.14.166, v4.9.210, v4.4.210.
>
> v5.4.13: Build OK!
> v4.19.97: Failed to apply! Possible dependencies:
'm looking into making a patch for v4.19.y. The rest are not relevant
Thanks,
Gilad
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence
2020-01-20 14:27 ` Gilad Ben-Yossef
@ 2020-01-21 9:35 ` Gilad Ben-Yossef
0 siblings, 0 replies; 5+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-21 9:35 UTC (permalink / raw)
To: Sasha Levin; +Cc: Ofir Drang, Herbert Xu, Hadar Gat, stable
Hi Sasha,
On Mon, Jan 20, 2020 at 4:27 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
>
> Hi Sasha,
>
> On Sun, Jan 19, 2020 at 5:26 PM Sasha Levin <sashal@kernel.org> wrote:
> >
> > Hi,
> >
> > [This is an automated email]
> >
> > This commit has been processed because it contains a -stable tag.
> > The stable tag indicates that it's relevant for the following trees: all
> >
> > The bot has tested the following trees: v5.4.13, v4.19.97, v4.14.166, v4.9.210, v4.4.210.
> >
> > v5.4.13: Build OK!
> > v4.19.97: Failed to apply! Possible dependencies:
>
>
> 'm looking into making a patch for v4.19.y. The rest are not relevant
>
After further investigation, this fix is only relevant for 5.4.y
stable releases as the earlier versions did not include the change
that originally caused the problem.
Many thanks,
Gilad
--
Gilad Ben-Yossef
Chief Coffee Drinker
values of β will give rise to dom!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-01-21 9:35 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200116101447.20374-1-gilad@benyossef.com>
2020-01-16 10:14 ` [PATCH 03/11] crypto: ccree - fix AEAD decrypt auth fail Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 05/11] crypto: ccree - fix pm wrongful error reporting Gilad Ben-Yossef
2020-01-16 10:14 ` [PATCH 07/11] crypto: ccree - fix FDE descriptor sequence Gilad Ben-Yossef
[not found] ` <20200119152653.6E37B20678@mail.kernel.org>
2020-01-20 14:27 ` Gilad Ben-Yossef
2020-01-21 9:35 ` Gilad Ben-Yossef
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).