From: Kim Phillips <kim.phillips@freescale.com>
To: <linux-crypto@vger.kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 2/4] crypto: caam - fix decryption shared vs. non-shared key setting
Date: Sat, 14 May 2011 22:08:02 -0500 [thread overview]
Message-ID: <20110514220802.c8c48a51.kim.phillips@freescale.com> (raw)
Key sharing is enabled by default in the shared descriptor.
Using CBC decrypt, AES has to alter the key in order to decrypt.
During high traffic decryption rates, i.e, when sharing starts to
take place, we need to use a different OPERATION option to tell AES
that the key was already altered by the PRIOR descriptor - we need
the following kind of logic:
if ( shared )
operation where AES uses decryption key (DK=1)
else
operation where AES uses encryption key (DK=0)
this patch implements this logic using a conditional and
a non-conditional local jump within the decryption job
descriptor.
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
---
drivers/crypto/caam/caamalg.c | 26 ++++++++++++++++++++++----
1 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index b97575e..4c69ba7 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -571,9 +571,27 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
/* copy iv from cipher/class1 input context to class2 infifo */
append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO | ivsize);
- /* start class 1 (cipher) operation */
- append_operation(desc, ctx->class1_alg_type | OP_ALG_AS_INITFINAL |
- encrypt);
+ if (!encrypt) {
+ u32 *jump_cmd, *uncond_jump_cmd;
+
+ /* JUMP if shared */
+ jump_cmd = append_jump(desc, JUMP_TEST_ALL | JUMP_COND_SHRD);
+
+ /* start class 1 (cipher) operation, non-shared version */
+ append_operation(desc, ctx->class1_alg_type |
+ OP_ALG_AS_INITFINAL);
+
+ uncond_jump_cmd = append_jump(desc, 0);
+
+ set_jump_tgt_here(desc, jump_cmd);
+
+ /* start class 1 (cipher) operation, shared version */
+ append_operation(desc, ctx->class1_alg_type |
+ OP_ALG_AS_INITFINAL | OP_ALG_AAI_DK);
+ set_jump_tgt_here(desc, uncond_jump_cmd);
+ } else
+ append_operation(desc, ctx->class1_alg_type |
+ OP_ALG_AS_INITFINAL | encrypt);
/* load payload & instruct to class2 to snoop class 1 if encrypting */
options = 0;
@@ -762,7 +780,7 @@ static int aead_authenc_decrypt(struct aead_request *req)
req->cryptlen -= ctx->authsize;
/* allocate extended descriptor */
- edesc = ipsec_esp_edesc_alloc(req, 21 * sizeof(u32));
+ edesc = ipsec_esp_edesc_alloc(req, 24 * sizeof(u32));
if (IS_ERR(edesc))
return PTR_ERR(edesc);
--
1.7.5.1
reply other threads:[~2011-05-15 3:08 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110514220802.c8c48a51.kim.phillips@freescale.com \
--to=kim.phillips@freescale.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).