crypto: caam - fix tls1.0 decrypt for zero pre ICV length case

The tls1.0 decrypt crypto engine descriptor did not handle correctly the case when the ciphertext contained only the authentication tag and padding (i.e. pre ICV length is zero). While here, add a test vector in test manager for this case. Change-Id: Ic3b12f1f9581b992b49d73f335d2ec991d92f1ad Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Reviewed-on: http://git.am.freescale.net:8181/7063 Reviewed-by: Mircea Pop <mircea.pop@freescale.com> Reviewed-by: Cristian Stoica <cristian.stoica@freescale.com> Reviewed-by: Thomas Trefny <Tom.Trefny@freescale.com> Tested-by: Zhenhua Luo <zhenhua.luo@freescale.com> (cherry picked from commit 5c235b1ce4ad0b53e86fe157b4add7079934f614) Reviewed-on: http://git.am.freescale.net:8181/10377 Reviewed-by: Alexandru Porosanu <alexandru.porosanu@freescale.com> Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com> Reviewed-by: Jose Rivera <German.Rivera@freescale.com>
author: Horia Geanta <horia.geanta@freescale.com> 2013-12-03 14:55:57 (GMT)
committer: Jose Rivera <German.Rivera@freescale.com> 2014-03-28 13:39:44 (GMT)
commit: ffa718c8660ab30a92f1dcf59bc7bf17c4d050cf (patch)
tree: ed6fb983e99b6281e419c640720f3566c393cbd7
parent: 779126cf974e9703db04bfe03cb45d07a21b8f85 (diff)
download: linux-fsl-qoriq-ffa718c8660ab30a92f1dcf59bc7bf17c4d050cf.tar.xz
2 files changed, 49 insertions, 16 deletions
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 93638c1..4522228 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -113,7 +113,7 @@ static char zeroed_string[48];
  * TLS1.0 synthetic test vectors
  */
 #define TLS_ENC_TEST_VECTORS 2
-#define TLS_DEC_TEST_VECTORS 1
+#define TLS_DEC_TEST_VECTORS 2
 
 static struct tls_testvec tls_enc_tv_template[] = {
 	{
@@ -193,6 +193,29 @@ static struct tls_testvec tls_dec_tv_template[] = {
 		.alen	= 13,
 		.result	= "Single block msg",
 		.rlen	= 16,
+	}, {
+#ifdef __LITTLE_ENDIAN
+		.key	= "\x08\x00"		/* rta length */
+			"\x01\x00"		/* rta type */
+#else
+		.key	= "\x00\x08"		/* rta length */
+			"\x00\x01"		/* rta type */
+#endif
+			"\x00\x00\x00\x10"	/* enc key length */
+			"authenticationkey20b"
+			"enckeyis16_bytes",
+		.klen	= 8 + 20 + 16,
+		.iv	= "iv0123456789abcd",
+		.input = "\x58\x2a\x11\xc\x86\x8e\x4b\x67"
+			"\x2d\x16\x26\x1a\xac\x4b\xe2\x1a"
+			"\xe9\x6a\xcc\x4d\x6f\x79\x8a\x45"
+			"\x1f\x4e\x27\xf2\xa7\x59\xb4\x5a",
+		.ilen	= 20 + 12,
+		.assoc	= "\x00\x01\x02\x03\x04\x05\x06\x07"
+			"\x00\x03\x01\x00\x20",
+		.alen	= 13,
+		.result	= "",
+		.rlen	= 0,
 	}
 };
 
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 276f123..152cfb8 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -461,7 +461,7 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 	struct caam_ctx *ctx = crypto_aead_ctx(aead);
 	struct device *jrdev = ctx->jrdev;
 	bool keys_fit_inline = false;
-	u32 *key_jump_cmd, *zero_payload_jump_cmd;
+	u32 *key_jump_cmd, *zero_payload_jump_cmd, *skip_zero_jump_cmd;
 	u32 genpad, clrw, jumpback, stidx;
 	u32 *desc;
 	unsigned int blocksize = crypto_aead_blocksize(aead);
@@ -631,10 +631,6 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 	append_move(desc, MOVE_WAITCOMP | MOVE_SRC_OUTFIFO | MOVE_DEST_MATH0 |
 		    blocksize);
 
-	/* compute padding length */
-	append_math_and_imm_u64(desc, REG1, REG1, IMM, 255);
-	append_math_add(desc, REG1, REG1, ONE, 4);
-
 	/* clear cha1 specific registers */
 	clrw = CLRW_CLR_C1MODE | CLRW_CLR_C1DATAS | CLRW_CLR_C1CTX |
 	       CLRW_RESET_CLS1_CHA;
@@ -658,13 +654,13 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 	append_cmd(desc, CMD_SEQ_LOAD | LDST_CLASS_1_CCB |
 		   LDST_SRCDST_WORD_CLASS_CTX | tfm->ivsize);
 
-	append_jump(desc, JUMP_TEST_ALL | JUMP_COND_CALM | 1);
+	/* compute (padlen - 1) */
+	append_math_and_imm_u64(desc, REG1, REG1, IMM, 255);
 
-	/* math2 = icvlen + padlen */
-	append_math_add_imm_u32(desc, REG2, REG1, IMM, ctx->authsize);
+	/* math2 = icvlen + (padlen - 1) + 1 */
+	append_math_add_imm_u32(desc, REG2, REG1, IMM, ctx->authsize + 1);
 
-	/* VSIL = (payloadlen + icvlen + padlen) - (icvlen + padlen)*/
-	append_math_sub(desc, VARSEQINLEN, REG3, REG2, 4);
+	append_jump(desc, JUMP_TEST_ALL | JUMP_COND_CALM | 1);
 
 	/* VSOL = payloadlen + icvlen + padlen */
 	append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, 4);
@@ -673,19 +669,33 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 	append_math_rshift_imm_u64(desc, REG0, REG0, IMM, 24);
 	append_math_sub(desc, REG0, REG0, REG2, 8);
 
+	/* store decrypted payload, icv and padding */
+	append_seq_fifo_store(desc, 0, FIFOST_TYPE_MESSAGE_DATA | LDST_VLF);
+
+	/* VSIL = (payloadlen + icvlen + padlen) - (icvlen + padlen)*/
+	append_math_sub(desc, VARSEQINLEN, REG3, REG2, 4);
+
+	zero_payload_jump_cmd = append_jump(desc, JUMP_TEST_ALL |
+					    JUMP_COND_MATH_Z);
+
 	/* send Type, Version and Len(pre ICV) fields to authentication */
 	append_move(desc, MOVE_WAITCOMP |
 		    MOVE_SRC_MATH0 | MOVE_DEST_CLASS2INFIFO |
 		    (3 << MOVE_OFFSET_SHIFT) | 5);
 
-	/* store decrypted payload, icv and padding */
-	append_seq_fifo_store(desc, 0, FIFOST_TYPE_MESSAGE_DATA | LDST_VLF);
-
 	/* outsnooping payload */
 	append_seq_fifo_load(desc, 0, FIFOLD_CLASS_BOTH |
 			     FIFOLD_TYPE_MSG1OUT2 | FIFOLD_TYPE_LAST2 |
 			     FIFOLDST_VLF);
+	skip_zero_jump_cmd = append_jump(desc, JUMP_TEST_ALL | 2);
+
+	set_jump_tgt_here(desc, zero_payload_jump_cmd);
+	/* send Type, Version and Len(pre ICV) fields to authentication */
+	append_move(desc, MOVE_WAITCOMP | MOVE_AUX_LS |
+		    MOVE_SRC_MATH0 | MOVE_DEST_CLASS2INFIFO |
+		    (3 << MOVE_OFFSET_SHIFT) | 5);
 
+	set_jump_tgt_here(desc, skip_zero_jump_cmd);
 	append_math_add(desc, VARSEQINLEN, ZERO, REG2, 4);
 
 	/* load icvlen and padlen */
@@ -697,7 +707,7 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 
 	/* move seqoutptr fields into math registers */
 	append_move(desc, MOVE_WAITCOMP | MOVE_SRC_DESCBUF | MOVE_DEST_MATH0 |
-			(53 * 4 << MOVE_OFFSET_SHIFT) | 20);
+			(55 * 4 << MOVE_OFFSET_SHIFT) | 20);
 	/* seqinptr will point to seqoutptr */
 	append_math_and_imm_u32(desc, REG0, REG0, IMM,
 				~(CMD_SEQ_IN_PTR ^ CMD_SEQ_OUT_PTR));
@@ -708,7 +718,7 @@ static int tls_set_sh_desc(struct crypto_aead *aead)
 			    (4 << LDST_OFFSET_SHIFT));
 	/* move updated seqinptr fields to JD */
 	append_move(desc, MOVE_WAITCOMP | MOVE_SRC_MATH0 | MOVE_DEST_DESCBUF |
-			(53 * 4 << MOVE_OFFSET_SHIFT) | 24);
+			(55 * 4 << MOVE_OFFSET_SHIFT) | 24);
 	/* read updated seqinptr */
 	append_jump(desc, JUMP_TEST_ALL | JUMP_COND_CALM | 6);
author	Horia Geanta <horia.geanta@freescale.com>	2013-12-03 14:55:57 (GMT)
committer	Jose Rivera <German.Rivera@freescale.com>	2014-03-28 13:39:44 (GMT)
commit	ffa718c8660ab30a92f1dcf59bc7bf17c4d050cf (patch)
tree	ed6fb983e99b6281e419c640720f3566c393cbd7
parent	779126cf974e9703db04bfe03cb45d07a21b8f85 (diff)
download	linux-fsl-qoriq-ffa718c8660ab30a92f1dcf59bc7bf17c4d050cf.tar.xz