From patchwork Tue Nov 29 13:05:32 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 84796
Delivered-To: patch@linaro.org
Received: by 10.140.20.101 with SMTP id 92csp1585613qgi;
 Tue, 29 Nov 2016 05:05:59 -0800 (PST)
X-Received: by 10.84.209.227 with SMTP id y90mr61481009plh.111.1480424759112; 
 Tue, 29 Nov 2016 05:05:59 -0800 (PST)
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id s3si59873107pfe.68.2016.11.29.05.05.59;
 Tue, 29 Nov 2016 05:05:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=fail (p=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S933399AbcK2NFo (ORCPT <rfc822;victor.chong@linaro.org>
 + 1 other); Tue, 29 Nov 2016 08:05:44 -0500
Received: from mail-wm0-f43.google.com ([74.125.82.43]:36834 "EHLO
 mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S933366AbcK2NFo (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Tue, 29 Nov 2016 08:05:44 -0500
Received: by mail-wm0-f43.google.com with SMTP id g23so237066446wme.1
 for <linux-crypto@vger.kernel.org>;
 Tue, 29 Nov 2016 05:05:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=7F31Z9Ko0SSuZWl+MeIS3O0+V3q7EwWksWyNBPkIjk0=;
 b=fFX7b3MsyqvLjQQ/4AG0vGh6UO859YC3u3eOfl9xna0Isi1IvN5kFZ+EAIAxqJKTZ9
 350BiHglWgqlE2sUgXySwZqZjIyGfkWu4IZQSq3oiaVWvT+qkEsIUzJt+DScAHwtbMVn
 XRyLVGziQASO3z13RiZvbLB2dMD6n51HT/KhU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=7F31Z9Ko0SSuZWl+MeIS3O0+V3q7EwWksWyNBPkIjk0=;
 b=e98fOBOSJII5OBpy/2pu3a0GbwQeBTpH+k/t7+cjXqh3GEdgerpCb40TkO3Ddn+Ma7
 cw8GyLLkA5jnsT+x2vauGDlJD/8vjrdsXsyR43M00p6pQVsC3G8vH7c5OE735BV04Ie3
 N1+r7ut+TIafXptKVMPbp+AMZJ7vEVMoz8Wvv3EPjD+rnKFxBmNDXvwOn2hDb0lQqbc0
 Eot3G66fUPOb+ppWegflBl+h0xKzD1Pxq4X/2haMHpbf0PXqObEA3uK54Rgl9kPaAdrA
 OEunrAUJJBmS/P2V+HuHKKLTNIDsfiX4V9wypCfMqeRdpUHdQ2HgvjwowAYtnHIXjBFX
 qwag==
X-Gm-Message-State: AKaTC00zLXNbYYNXZz4NOWgDQ0UtnmtGOAdhSXEKA2PIXdsYD9CXdDEostx1Moe+aHt8zxSn
X-Received: by 10.28.51.211 with SMTP id z202mr25852008wmz.125.1480424742816; 
 Tue, 29 Nov 2016 05:05:42 -0800 (PST)
Received: from localhost.localdomain ([105.138.199.36])
 by smtp.gmail.com with ESMTPSA id
 n5sm2749312wmf.0.2016.11.29.05.05.40
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 29 Nov 2016 05:05:42 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au
Cc: linux-arm-kernel@lists.infradead.org,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 3/4] crypto: arm64/aes-ce-ccm - fix decrypt path with new
 skcipher interface
Date: Tue, 29 Nov 2016 13:05:32 +0000
Message-Id: <1480424733-10797-3-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1480424733-10797-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1480424733-10797-1-git-send-email-ard.biesheuvel@linaro.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The new skcipher walk interface does not take into account whether we
are encrypting or decrypting. In the latter case, the walk should
disregard the MAC. Fix this in the arm64 CE driver.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-ce-ccm-glue.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c
index d4f35685363b..1a011d658387 100644
--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
+++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
@@ -204,10 +204,10 @@ static int ccm_decrypt(struct aead_request *req)
 	struct skcipher_walk walk;
 	u8 __aligned(8) mac[AES_BLOCK_SIZE];
 	u8 buf[AES_BLOCK_SIZE];
-	u32 len = req->cryptlen - authsize;
 	int err;
 
-	err = ccm_init_mac(req, mac, len);
+	req->cryptlen -= authsize;
+	err = ccm_init_mac(req, mac, req->cryptlen);
 	if (err)
 		return err;
 
@@ -242,8 +242,7 @@ static int ccm_decrypt(struct aead_request *req)
 		return err;
 
 	/* compare calculated auth tag with the stored one */
-	scatterwalk_map_and_copy(buf, req->src,
-				 req->assoclen + req->cryptlen - authsize,
+	scatterwalk_map_and_copy(buf, req->src, req->assoclen + req->cryptlen,
 				 authsize, 0);
 
 	if (crypto_memneq(mac, buf, authsize))