From: tudor.ambarus@microchip.com (Tudor Ambarus)
To: linux-arm-kernel@lists.infradead.org
Subject: Kernel panic when using ccm(aes) with the Atmel AES HW accelerator
Date: Thu, 26 Oct 2017 15:34:56 +0300 [thread overview]
Message-ID: <4e822b84-2d5a-1b9d-a36b-faf04fcbfcf8@microchip.com> (raw)
In-Reply-To: <CAGkQfmP6Kq4DEBbGU7AW71PjbUJ2acdJF5PVDm6VqZkUaaoEzA@mail.gmail.com>
Hi, Romain,
On 10/18/2017 04:32 PM, Romain Izard wrote:
> diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
> index 29e20c37f3a6..f3eabe1f1490 100644
> --- a/drivers/crypto/atmel-aes.c
> +++ b/drivers/crypto/atmel-aes.c
> @@ -80,6 +80,7 @@
> #define AES_FLAGS_BUSY BIT(3)
> #define AES_FLAGS_DUMP_REG BIT(4)
> #define AES_FLAGS_OWN_SHA BIT(5)
> +#define AES_FLAGS_CIPHERTAIL BIT(6)
not really needed, see below.
>
> #define AES_FLAGS_PERSISTENT (AES_FLAGS_INIT | AES_FLAGS_BUSY)
>
> @@ -156,6 +157,7 @@ struct atmel_aes_authenc_ctx {
>
> struct atmel_aes_reqctx {
> unsigned long mode;
> + u32 ciphertail[AES_BLOCK_SIZE / sizeof(u32)];
How about renaming this variable to "lastc"? Ci, i=1..n is the usual
notation for the ciphertext blocks.
The assumption that the last ciphertext block is of AES_BLOCK_SIZE size
is correct, this driver is meant just for AES.
> };
>
> #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC
> @@ -496,6 +498,11 @@ static void atmel_aes_authenc_complete(struct
> atmel_aes_dev *dd, int err);
>
> static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
> {
> + struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
> + struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
> + struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
> + int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
> +
> #ifdef CONFIG_CRYPTO_DEV_ATMEL_AUTHENC
> atmel_aes_authenc_complete(dd, err);
> #endif
> @@ -503,6 +510,17 @@ static inline int atmel_aes_complete(struct
> atmel_aes_dev *dd, int err)
> clk_disable(dd->iclk);
> dd->flags &= ~AES_FLAGS_BUSY;
>
> + if (rctx->mode & AES_FLAGS_CIPHERTAIL) {
> + if (rctx->mode & AES_FLAGS_ENCRYPT) {
> + scatterwalk_map_and_copy(req->info, req->dst,
> + req->nbytes - ivsize,
> + ivsize, 0);
> + } else {
> + memcpy(req->info, rctx->ciphertail, ivsize);
why don't we make the same assumption and replace ivsize with
AES_BLOCK_SIZE? Is there any chance that req->info was allocated with
less than AES_BLOCK_SIZE size?
> + memset(rctx->ciphertail, 0, ivsize);
memset to zero is not necessary.
> + }
> + }
> +
> if (dd->is_async)
> dd->areq->complete(dd->areq, err);
>
> @@ -1071,11 +1089,13 @@ static int atmel_aes_ctr_start(struct atmel_aes_dev *dd)
>
> static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode)
> {
> + struct crypto_ablkcipher *ablkcipher;
> struct atmel_aes_base_ctx *ctx;
> struct atmel_aes_reqctx *rctx;
> struct atmel_aes_dev *dd;
>
> - ctx = crypto_ablkcipher_ctx(crypto_ablkcipher_reqtfm(req));
> + ablkcipher = crypto_ablkcipher_reqtfm(req);
> + ctx = crypto_ablkcipher_ctx(ablkcipher);
you can initialize these variables at declaration.
> switch (mode & AES_FLAGS_OPMODE_MASK) {
> case AES_FLAGS_CFB8:
> ctx->block_size = CFB8_BLOCK_SIZE;
> @@ -1103,7 +1123,15 @@ static int atmel_aes_crypt(struct
> ablkcipher_request *req, unsigned long mode)
> return -ENODEV;
>
> rctx = ablkcipher_request_ctx(req);
while here, please initialize this at declaration.
Also, this one:
'''
dd = atmel_aes_find_dev(ctx);
if (!dd)
return -ENODEV;
'''
should be moved at the beginning of the function. If an initialization
might fail, let's check it as soon as we can, so that we don't waste
resources.
> - rctx->mode = mode;
> +
> + if (!(mode & AES_FLAGS_ENCRYPT)) {
> + int ivsize = crypto_ablkcipher_ivsize(ablkcipher);
> +
> + scatterwalk_map_and_copy(rctx->ciphertail, req->src,
> + (req->nbytes - ivsize), ivsize, 0);
> + }
> + rctx->mode = mode | AES_FLAGS_CIPHERTAIL;
saving the last ciphertext block is a requirement for skcipher. This
flag is redundant, there's no need to use it.
Thank you, Romain!
ta
next prev parent reply other threads:[~2017-10-26 12:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 13:32 Kernel panic when using ccm(aes) with the Atmel AES HW accelerator Romain Izard
2017-10-23 12:38 ` Tudor Ambarus
2017-10-24 3:20 ` Herbert Xu
2017-10-24 9:30 ` Romain Izard
2017-10-24 15:25 ` Tudor Ambarus
2017-10-26 12:34 ` Tudor Ambarus [this message]
2017-10-27 12:02 ` Romain Izard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e822b84-2d5a-1b9d-a36b-faf04fcbfcf8@microchip.com \
--to=tudor.ambarus@microchip.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).