From 24586b5feaf17ecf85ae6259fe3ea7815dee432d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 6 May 2019 14:39:44 +0800 Subject: [PATCH] crypto: caam - fix DKP detection logic MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The detection for DKP (Derived Key Protocol) relied on the value of the setkey function. This was broken by the recent change which added des3_aead_setkey. This patch fixes this by introducing a new flag for DKP and setting that where needed. Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") Reported-by: Horia Geantă Signed-off-by: Herbert Xu Tested-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 9 +++++++-- drivers/crypto/caam/caamalg_qi.c | 7 +++++-- drivers/crypto/caam/caamalg_qi2.c | 8 +++++++- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 3e23d4b2cce2..c0ece44f303b 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -89,6 +89,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -2052,6 +2053,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -2070,6 +2072,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -2089,6 +2092,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* single-pass ipsec_esp descriptor */ @@ -3334,6 +3338,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { @@ -3356,6 +3361,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, }; @@ -3417,8 +3423,7 @@ static int caam_aead_init(struct crypto_aead *tfm) container_of(alg, struct caam_aead_alg, aead); struct caam_ctx *ctx = crypto_aead_ctx(tfm); - return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 70af211d2d01..d290d6b41825 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -36,6 +36,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -1523,6 +1524,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -1541,6 +1543,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -1560,6 +1563,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, } }, /* single-pass ipsec_esp descriptor */ @@ -2433,8 +2437,7 @@ static int caam_aead_init(struct crypto_aead *tfm) aead); struct caam_ctx *ctx = crypto_aead_ctx(tfm); - return caam_init_common(ctx, &caam_alg->caam, - alg->setkey == aead_setkey); + return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 33a4df6b81de..2b2980a8a9b9 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -42,6 +42,7 @@ struct caam_alg_entry { int class2_alg_type; bool rfc3686; bool geniv; + bool nodkp; }; struct caam_aead_alg { @@ -1480,7 +1481,7 @@ static int caam_cra_init_aead(struct crypto_aead *tfm) crypto_aead_set_reqsize(tfm, sizeof(struct caam_request)); return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam, - alg->setkey == aead_setkey); + !caam_alg->caam.nodkp); } static void caam_exit_common(struct caam_ctx *ctx) @@ -1641,6 +1642,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, { @@ -1659,6 +1661,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, }, }, /* Galois Counter Mode */ @@ -1678,6 +1681,7 @@ static struct caam_aead_alg driver_aeads[] = { }, .caam = { .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, + .nodkp = true, } }, /* single-pass ipsec_esp descriptor */ @@ -2755,6 +2759,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { @@ -2777,6 +2782,7 @@ static struct caam_aead_alg driver_aeads[] = { OP_ALG_AAI_AEAD, .class2_alg_type = OP_ALG_ALGSEL_POLY1305 | OP_ALG_AAI_AEAD, + .nodkp = true, }, }, { -- 2.30.2