From patchwork Sun Jul 1 07:02:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 140694 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp2689800ljj; Sun, 1 Jul 2018 00:04:18 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIiJjbN9RJ7Gt2zKD0wDBhigxseCnYdGw93Yf4w1njfCBhFcYmeZgs4YjdbMlfBKfMk/sqH X-Received: by 2002:a63:920c:: with SMTP id o12-v6mr17859548pgd.233.1530428658399; Sun, 01 Jul 2018 00:04:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530428658; cv=none; d=google.com; s=arc-20160816; b=zKwKkyI5dOY36A5VHmkXgaYm9raBBT80iOPWQ2spBZVTnrLjWDtJr0k27gwvqJeDfS gbONDe7l3bnJxZ29uAO0dk5GKuUWslVtTxy1p1x/k147OJu84JkTDcO2shK9pTOHw2Zv g075AVYq5MUA+sMZVxH5mYy1NTG8kYI2TXXWxqmmiYgu+EJ5IIk3r8rtdn7/w+SNKLMT dMHVlfTl7qUPv6nwlNXi6QIepa8Aqnq7ESUywLX8qFvtnOXR7WfhZt/SV0znmabORb1y ngTilgdGurlGdb0p7yYyAB8xu2gLnMM1RiF5KrMqeOIKnE/HzxR7e3RH1izCmsk7Qo2y OPtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=L8yKTXjD7nXisggrQALPvIPlS564DWgFY0T0pdLIgLY=; b=FSKB+HvUVhxagcgPuS4A1+Zx1kKM1PaIuETRislXYts7YztLclMtUWVoq6zHw79tQ1 EFQnjk1igyXXkss9sr8Dy0FunxrlnURkCt9E7yF6aN5D3nJxIjQRbcI33ZyIYUZPZA+G Dxt7nV4/j5tWtZRCodvv2+13Q+bLWQXa7JQMnPB8mnlYXQGpyRw2s2wyL8WmOPEO80JW G3+QlDvdQKdaO+6vZa/hyeRPnH0V8HrYEbuFxTSjkC2yp7Mb95AJYRvjNGv56ORqmwXj wjT0KKoAyLY86V0lL5fDZkMZyAdnZiIlx+3PYiy6aSkcazUNSbvqjCscfPPSYdXT2Tgg JUSA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m13-v6si13749134pls.70.2018.07.01.00.04.18; Sun, 01 Jul 2018 00:04:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752179AbeGAHEQ (ORCPT + 1 other); Sun, 1 Jul 2018 03:04:16 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47370 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752192AbeGAHDq (ORCPT ); Sun, 1 Jul 2018 03:03:46 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 350DD18A; Sun, 1 Jul 2018 00:03:46 -0700 (PDT) Received: from sugar.benyossef.com (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5950B3F318; Sun, 1 Jul 2018 00:03:44 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , Hadar Gat , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 5/6] crypto: ccree: use CBC-CS3 CTS mode Date: Sun, 1 Jul 2018 08:02:38 +0100 Message-Id: <1530428560-4440-6-git-send-email-gilad@benyossef.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1530428560-4440-1-git-send-email-gilad@benyossef.com> References: <1530428560-4440-1-git-send-email-gilad@benyossef.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The ccree driver implemented NIST 800-38A CBC-CS2 ciphertext format, which only reverses the last two blocks if the stolen ciphertext amount are none zero. Move it to the kernel chosen format of CBC-CS3 which swaps the final blocks unconditionally and rename it to "cts" now that it complies with the kernel format and passes the self tests. Ironically, the CryptoCell REE HW does just that, so the fix is dropping the code that forced it to use plain CBC if the ciphertext was block aligned. Signed-off-by: Gilad Ben-Yossef --- drivers/crypto/ccree/cc_cipher.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) -- 2.7.4 diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 5d12372..7a80963 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -687,7 +687,7 @@ static int cc_cipher_process(struct skcipher_request *req, struct device *dev = drvdata_to_dev(ctx_p->drvdata); struct cc_hw_desc desc[MAX_ABLKCIPHER_SEQ_LEN]; struct cc_crypto_req cc_req = {}; - int rc, cts_restore_flag = 0; + int rc; unsigned int seq_len = 0; gfp_t flags = cc_gfp_flags(&req->base); @@ -719,13 +719,6 @@ static int cc_cipher_process(struct skcipher_request *req, goto exit_process; } - /*For CTS in case of data size aligned to 16 use CBC mode*/ - if (((nbytes % AES_BLOCK_SIZE) == 0) && - ctx_p->cipher_mode == DRV_CIPHER_CBC_CTS) { - ctx_p->cipher_mode = DRV_CIPHER_CBC; - cts_restore_flag = 1; - } - /* Setup request structure */ cc_req.user_cb = (void *)cc_cipher_complete; cc_req.user_arg = (void *)req; @@ -770,9 +763,6 @@ static int cc_cipher_process(struct skcipher_request *req, } exit_process: - if (cts_restore_flag) - ctx_p->cipher_mode = DRV_CIPHER_CBC_CTS; - if (rc != -EINPROGRESS && rc != -EBUSY) { kzfree(req_ctx->backup_info); kzfree(req_ctx->iv); @@ -1026,8 +1016,8 @@ static const struct cc_alg_template skcipher_algs[] = { .min_hw_rev = CC_HW_REV_712, }, { - .name = "cts1(cbc(paes))", - .driver_name = "cts1-cbc-paes-ccree", + .name = "cts(cbc(paes))", + .driver_name = "cts-cbc-paes-ccree", .blocksize = AES_BLOCK_SIZE, .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .template_skcipher = { @@ -1261,8 +1251,8 @@ static const struct cc_alg_template skcipher_algs[] = { .min_hw_rev = CC_HW_REV_630, }, { - .name = "cts1(cbc(aes))", - .driver_name = "cts1-cbc-aes-ccree", + .name = "cts(cbc(aes))", + .driver_name = "cts-cbc-aes-ccree", .blocksize = AES_BLOCK_SIZE, .type = CRYPTO_ALG_TYPE_ABLKCIPHER, .template_skcipher = {