aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2019-12-20 10:52:17 -0300
committerChristian Lamparter <chunkeey@gmail.com>2020-02-28 22:46:09 +0100
commit13b8404b1eaaa51027cae42c8152b9123d92a425 (patch)
treea3193bb01ead9a0d3ea281b619161da6e86ea1ce /target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
parentee4a0afdcdf0c11528d685efd64fb8f4b4efcbb1 (diff)
downloadupstream-13b8404b1eaaa51027cae42c8152b9123d92a425.tar.gz
upstream-13b8404b1eaaa51027cae42c8152b9123d92a425.tar.bz2
upstream-13b8404b1eaaa51027cae42c8152b9123d92a425.zip
ipq40xx: qce - add fixes for AES ciphers
This backports commits from master that fix AES ciphers when using the qce driver: - A couple of simple fixes for CTR and XTS modes used with AES: * 041-crypto-qce-fix-ctr-aes-qce-block-chunk-sizes.patch * 042-crypto-qce-fix-xts-aes-qce-key-sizes.patch - A fix for a bug that affected cases when there were more entries in the input sg list than necessary to actually encrypt, resulting in failure in gcm, where the authentication tag is present after the encryption data: * 043-crypto-qce-save-a-sg-table-slot-for-result-buf.patch - A fix to update the IV buffer passed to the driver from the kernel: * 044-crypto-qce-update-the-skcipher-IV.patch - A patch that reduces memory footprint and driver initialization by only initializing the fallback mechanism where it is actually used: * 046-crypto-qce-initialize-fallback-only-for-AES.patch - Three patches that make gcm and xts modes work with the qce driver, and improve performance with small blocks: * 047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch * 048-crypto-qce-use-AES-fallback-for-small-requests.patch * 049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch - A patch that allows the hashes/ciphers to be built individually. * 051-crypto-qce-allow-building-only-hashes-ciphers.patch Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [renumbered patches, added patches from dropped commit, refreshed, 5.4] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Diffstat (limited to 'target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch')
-rw-r--r--target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch b/target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
new file mode 100644
index 0000000000..00dc3791ab
--- /dev/null
+++ b/target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
@@ -0,0 +1,53 @@
+From bbf2b1cf22dc98f3df33b6666df046dfb9564d91 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Wed, 5 Feb 2020 13:42:25 -0300
+Subject: [PATCH] crypto: qce - handle AES-XTS cases that qce fails
+
+QCE hangs when presented with an AES-XTS request whose length is larger
+than QCE_SECTOR_SIZE (512-bytes), and is not a multiple of it. Let the
+fallback cipher handle them.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -23,8 +23,6 @@
+ #include "regs-v5.h"
+ #include "sha.h"
+
+-#define QCE_SECTOR_SIZE 512
+-
+ static inline u32 qce_read(struct qce_device *qce, u32 offset)
+ {
+ return readl(qce->base + offset);
+--- a/drivers/crypto/qce/common.h
++++ b/drivers/crypto/qce/common.h
+@@ -20,6 +20,9 @@
+ #include <crypto/hash.h>
+ #include <crypto/internal/skcipher.h>
+
++/* xts du size */
++#define QCE_SECTOR_SIZE 512
++
+ /* key size in bytes */
+ #define QCE_SHA_HMAC_KEY_SIZE 64
+ #define QCE_MAX_CIPHER_KEY_SIZE AES_KEYSIZE_256
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -213,9 +213,14 @@ static int qce_skcipher_crypt(struct skc
+ rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+ keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+
++ /* qce is hanging when AES-XTS request len > QCE_SECTOR_SIZE and
++ * is not a multiple of it; pass such requests to the fallback
++ */
+ if (IS_AES(rctx->flags) &&
+- ((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
+- req->cryptlen <= aes_sw_max_len)) {
++ (((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
++ req->cryptlen <= aes_sw_max_len) ||
++ (IS_XTS(rctx->flags) && req->cryptlen > QCE_SECTOR_SIZE &&
++ req->cryptlen % QCE_SECTOR_SIZE))) {
+ SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+
+ skcipher_request_set_tfm(subreq, ctx->fallback);