[PATCH 0/4] Atmel crypto engine fixes

[PATCH 0/4] Atmel crypto engine fixes

[Ryan.Wanner]

From: Ryan Wanner <Ryan.Wanner@microchip.com>

I made changes to the crypto engines to fix the errors in the crypto
manager tests. Mainly having to do with in-place tests with two 
scatter lists. These are built and tested in 6.2.7 kernel, the
devices that are used for testing is the sam9x60, sama7g5, and
sama5d27_som1_ek.

Adding support for zero-length messages for hmac-sha operations. Using
the atmel_sha_fill_padding() function to padd the empty message manualy
then disabling auto padding. This is built and tested on kernel 6.2.7
using sam9x60, sama7g5, and sama5d27_som1_ek.


Ryan Wanner (4):
  crypto: atmel-sha: Add zero length message digest support for hmac
  crypto: atmel-tdes - Detecting in-place operations with two sg lists
  crypto: atmel-aes - Detecting in-place operations two sg lists
  crypto: atmel-aes - Match cfb block size with generic implementation

 drivers/crypto/atmel-aes.c  | 16 +++++-----------
 drivers/crypto/atmel-sha.c  | 34 ++++++++++++++++++++++++++++++----
 drivers/crypto/atmel-tdes.c | 15 +++++----------
 3 files changed, 40 insertions(+), 25 deletions(-)

-- 
2.37.2

[PATCH 1/4] crypto: atmel-sha: Add zero length message digest support for hmac

[Ryan.Wanner]

From: Ryan Wanner <Ryan.Wanner@microchip.com>

Add softare padding to hmac-sha digest for zero length messages.
Using the atmel_sha_fill_padding() to fill the buffer with a padded
empty message with a length of the block size.

Create a temporary scatter list from the padded buffer to pass into the
data processing functions.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
---
 drivers/crypto/atmel-sha.c | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c
index 00be792e605c..b42e3a0b8cb5 100644
--- a/drivers/crypto/atmel-sha.c
+++ b/drivers/crypto/atmel-sha.c
@@ -1948,14 +1948,32 @@ static int atmel_sha_hmac_digest2(struct atmel_sha_dev *dd)
 	struct atmel_sha_reqctx *ctx = ahash_request_ctx(req);
 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
 	struct atmel_sha_hmac_ctx *hmac = crypto_ahash_ctx(tfm);
+	struct scatterlist *sgbuf;
 	size_t hs = ctx->hash_size;
 	size_t i, num_words = hs / sizeof(u32);
 	bool use_dma = false;
 	u32 mr;
 
 	/* Special case for empty message. */
-	if (!req->nbytes)
-		return atmel_sha_complete(dd, -EINVAL); // TODO:
+	if (!req->nbytes) {
+		req->nbytes = 0;
+		ctx->bufcnt = 0;
+		ctx->digcnt[0] = 0;
+		ctx->digcnt[1] = 0;
+		switch (ctx->flags & SHA_FLAGS_ALGO_MASK) {
+		case SHA_FLAGS_SHA1:
+		case SHA_FLAGS_SHA224:
+		case SHA_FLAGS_SHA256:
+			atmel_sha_fill_padding(ctx, 64);
+			break;
+
+		case SHA_FLAGS_SHA384:
+		case SHA_FLAGS_SHA512:
+			atmel_sha_fill_padding(ctx, 128);
+			break;
+		}
+		sg_init_one(&dd->tmp, ctx->buffer, ctx->bufcnt);
+	}
 
 	/* Check DMA threshold and alignment. */
 	if (req->nbytes > ATMEL_SHA_DMA_THRESHOLD &&
@@ -1985,12 +2003,20 @@ static int atmel_sha_hmac_digest2(struct atmel_sha_dev *dd)
 
 	atmel_sha_write(dd, SHA_CR, SHA_CR_FIRST);
 
+	/* Special case for empty message. */
+	if (!req->nbytes) {
+		sgbuf = &dd->tmp;
+		req->nbytes = ctx->bufcnt;
+	} else {
+		sgbuf = req->src;
+	}
+
 	/* Process data. */
 	if (use_dma)
-		return atmel_sha_dma_start(dd, req->src, req->nbytes,
+		return atmel_sha_dma_start(dd, sgbuf, req->nbytes,
 					   atmel_sha_hmac_final_done);
 
-	return atmel_sha_cpu_start(dd, req->src, req->nbytes, false, true,
+	return atmel_sha_cpu_start(dd, sgbuf, req->nbytes, false, true,
 				   atmel_sha_hmac_final_done);
 }
 
-- 
2.37.2

[PATCH 2/4] crypto: atmel-tdes - Detecting in-place operations with two sg lists

[Ryan.Wanner]

From: Ryan Wanner <Ryan.Wanner@microchip.com>

Avoiding detecting finely in-place operations with different
scatter lists. Copying the source data for decryption into rctx->lastc
regardless if the operation is in-place or not. This allows in-place
operations with different scatter lists without affecting other
operations.

This approach takes less resources than parsing both scatter lists to
check if they are equal.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
---
 drivers/crypto/atmel-tdes.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
index 8b7bc1076e0d..edf18073516e 100644
--- a/drivers/crypto/atmel-tdes.c
+++ b/drivers/crypto/atmel-tdes.c
@@ -565,17 +565,12 @@ atmel_tdes_set_iv_as_last_ciphertext_block(struct atmel_tdes_dev *dd)
 	if (req->cryptlen < ivsize)
 		return;
 
-	if (rctx->mode & TDES_FLAGS_ENCRYPT) {
+	if (rctx->mode & TDES_FLAGS_ENCRYPT)
 		scatterwalk_map_and_copy(req->iv, req->dst,
 					 req->cryptlen - ivsize, ivsize, 0);
-	} else {
-		if (req->src == req->dst)
-			memcpy(req->iv, rctx->lastc, ivsize);
-		else
-			scatterwalk_map_and_copy(req->iv, req->src,
-						 req->cryptlen - ivsize,
-						 ivsize, 0);
-	}
+	else
+		memcpy(req->iv, rctx->lastc, ivsize);
+
 }
 
 static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
@@ -722,7 +717,7 @@ static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
 	rctx->mode = mode;
 
 	if ((mode & TDES_FLAGS_OPMODE_MASK) != TDES_FLAGS_ECB &&
-	    !(mode & TDES_FLAGS_ENCRYPT) && req->src == req->dst) {
+	    !(mode & TDES_FLAGS_ENCRYPT)) {
 		unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
 
 		if (req->cryptlen >= ivsize)
-- 
2.37.2

[PATCH 3/4] crypto: atmel-aes - Detecting in-place operations two sg lists

[Ryan.Wanner]

From: Ryan Wanner <Ryan.Wanner@microchip.com>

Avoiding detecting finely in-place operations with different
scatter lists. Copying the source data for decryption into rctx->lastc
regardless if the operation is in-place or not. This allows in-place
operations with different scatter lists.

This approach takes less resources than parsing both scatter lists to
check if they are equal.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
---
 drivers/crypto/atmel-aes.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 063394cfa874..08a923c2a0eb 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -493,17 +493,11 @@ static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd)
 	if (req->cryptlen < ivsize)
 		return;
 
-	if (rctx->mode & AES_FLAGS_ENCRYPT) {
+	if (rctx->mode & AES_FLAGS_ENCRYPT)
 		scatterwalk_map_and_copy(req->iv, req->dst,
 					 req->cryptlen - ivsize, ivsize, 0);
-	} else {
-		if (req->src == req->dst)
-			memcpy(req->iv, rctx->lastc, ivsize);
-		else
-			scatterwalk_map_and_copy(req->iv, req->src,
-						 req->cryptlen - ivsize,
-						 ivsize, 0);
-	}
+	else
+		memcpy(req->iv, rctx->lastc, ivsize);
 }
 
 static inline struct atmel_aes_ctr_ctx *
@@ -1146,7 +1140,7 @@ static int atmel_aes_crypt(struct skcipher_request *req, unsigned long mode)
 	rctx->mode = mode;
 
 	if (opmode != AES_FLAGS_ECB &&
-	    !(mode & AES_FLAGS_ENCRYPT) && req->src == req->dst) {
+	    !(mode & AES_FLAGS_ENCRYPT)) {
 		unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
 
 		if (req->cryptlen >= ivsize)
-- 
2.37.2

[PATCH 4/4] crypto: atmel-aes - Match cfb block size with generic implementation

[Ryan.Wanner]

From: Ryan Wanner <Ryan.Wanner@microchip.com>

Change blocksize to match the cfb(aes) generic implementation.

Signed-off-by: Ryan Wanner <Ryan.Wanner@microchip.com>
---
 drivers/crypto/atmel-aes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 08a923c2a0eb..012cdf60d9d2 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -1335,7 +1335,7 @@ static struct skcipher_alg aes_algs[] = {
 {
 	.base.cra_name		= "cfb(aes)",
 	.base.cra_driver_name	= "atmel-cfb-aes",
-	.base.cra_blocksize	= AES_BLOCK_SIZE,
+	.base.cra_blocksize	= 1,
 	.base.cra_ctxsize	= sizeof(struct atmel_aes_ctx),
 
 	.init			= atmel_aes_init_tfm,
-- 
2.37.2

Re: [PATCH 0/4] Atmel crypto engine fixes

[Herbert Xu]

On Tue, Mar 28, 2023 at 12:56:25PM -0700, Ryan.Wanner@microchip.com wrote:
> From: Ryan Wanner <Ryan.Wanner@microchip.com>
> 
> I made changes to the crypto engines to fix the errors in the crypto
> manager tests. Mainly having to do with in-place tests with two 
> scatter lists. These are built and tested in 6.2.7 kernel, the
> devices that are used for testing is the sam9x60, sama7g5, and
> sama5d27_som1_ek.
> 
> Adding support for zero-length messages for hmac-sha operations. Using
> the atmel_sha_fill_padding() function to padd the empty message manualy
> then disabling auto padding. This is built and tested on kernel 6.2.7
> using sam9x60, sama7g5, and sama5d27_som1_ek.
> 
> 
> Ryan Wanner (4):
>   crypto: atmel-sha: Add zero length message digest support for hmac
>   crypto: atmel-tdes - Detecting in-place operations with two sg lists
>   crypto: atmel-aes - Detecting in-place operations two sg lists
>   crypto: atmel-aes - Match cfb block size with generic implementation
> 
>  drivers/crypto/atmel-aes.c  | 16 +++++-----------
>  drivers/crypto/atmel-sha.c  | 34 ++++++++++++++++++++++++++++++----
>  drivers/crypto/atmel-tdes.c | 15 +++++----------
>  3 files changed, 40 insertions(+), 25 deletions(-)
> 
> -- 
> 2.37.2

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt