Commit 24586b5f authored by Herbert Xu's avatar Herbert Xu

crypto: caam - fix DKP detection logic

The detection for DKP (Derived Key Protocol) relied on the value
of the setkey function.  This was broken by the recent change which
added des3_aead_setkey.

This patch fixes this by introducing a new flag for DKP and setting
that where needed.

Fixes: 1b52c409 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
Reported-by: default avatarHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Tested-by: default avatarHoria Geantă <horia.geanta@nxp.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 0816ecf4
...@@ -89,6 +89,7 @@ struct caam_alg_entry { ...@@ -89,6 +89,7 @@ struct caam_alg_entry {
int class2_alg_type; int class2_alg_type;
bool rfc3686; bool rfc3686;
bool geniv; bool geniv;
bool nodkp;
}; };
struct caam_aead_alg { struct caam_aead_alg {
...@@ -2052,6 +2053,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -2052,6 +2053,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
{ {
...@@ -2070,6 +2072,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -2070,6 +2072,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
/* Galois Counter Mode */ /* Galois Counter Mode */
...@@ -2089,6 +2092,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -2089,6 +2092,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
/* single-pass ipsec_esp descriptor */ /* single-pass ipsec_esp descriptor */
...@@ -3334,6 +3338,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -3334,6 +3338,7 @@ static struct caam_aead_alg driver_aeads[] = {
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.class2_alg_type = OP_ALG_ALGSEL_POLY1305 | .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.nodkp = true,
}, },
}, },
{ {
...@@ -3356,6 +3361,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -3356,6 +3361,7 @@ static struct caam_aead_alg driver_aeads[] = {
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.class2_alg_type = OP_ALG_ALGSEL_POLY1305 | .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.nodkp = true,
}, },
}, },
}; };
...@@ -3417,8 +3423,7 @@ static int caam_aead_init(struct crypto_aead *tfm) ...@@ -3417,8 +3423,7 @@ static int caam_aead_init(struct crypto_aead *tfm)
container_of(alg, struct caam_aead_alg, aead); container_of(alg, struct caam_aead_alg, aead);
struct caam_ctx *ctx = crypto_aead_ctx(tfm); struct caam_ctx *ctx = crypto_aead_ctx(tfm);
return caam_init_common(ctx, &caam_alg->caam, return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
alg->setkey == aead_setkey);
} }
static void caam_exit_common(struct caam_ctx *ctx) static void caam_exit_common(struct caam_ctx *ctx)
......
...@@ -36,6 +36,7 @@ struct caam_alg_entry { ...@@ -36,6 +36,7 @@ struct caam_alg_entry {
int class2_alg_type; int class2_alg_type;
bool rfc3686; bool rfc3686;
bool geniv; bool geniv;
bool nodkp;
}; };
struct caam_aead_alg { struct caam_aead_alg {
...@@ -1523,6 +1524,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1523,6 +1524,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
{ {
...@@ -1541,6 +1543,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1541,6 +1543,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
/* Galois Counter Mode */ /* Galois Counter Mode */
...@@ -1560,6 +1563,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1560,6 +1563,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
} }
}, },
/* single-pass ipsec_esp descriptor */ /* single-pass ipsec_esp descriptor */
...@@ -2433,8 +2437,7 @@ static int caam_aead_init(struct crypto_aead *tfm) ...@@ -2433,8 +2437,7 @@ static int caam_aead_init(struct crypto_aead *tfm)
aead); aead);
struct caam_ctx *ctx = crypto_aead_ctx(tfm); struct caam_ctx *ctx = crypto_aead_ctx(tfm);
return caam_init_common(ctx, &caam_alg->caam, return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
alg->setkey == aead_setkey);
} }
static void caam_exit_common(struct caam_ctx *ctx) static void caam_exit_common(struct caam_ctx *ctx)
......
...@@ -42,6 +42,7 @@ struct caam_alg_entry { ...@@ -42,6 +42,7 @@ struct caam_alg_entry {
int class2_alg_type; int class2_alg_type;
bool rfc3686; bool rfc3686;
bool geniv; bool geniv;
bool nodkp;
}; };
struct caam_aead_alg { struct caam_aead_alg {
...@@ -1480,7 +1481,7 @@ static int caam_cra_init_aead(struct crypto_aead *tfm) ...@@ -1480,7 +1481,7 @@ static int caam_cra_init_aead(struct crypto_aead *tfm)
crypto_aead_set_reqsize(tfm, sizeof(struct caam_request)); crypto_aead_set_reqsize(tfm, sizeof(struct caam_request));
return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam, return caam_cra_init(crypto_aead_ctx(tfm), &caam_alg->caam,
alg->setkey == aead_setkey); !caam_alg->caam.nodkp);
} }
static void caam_exit_common(struct caam_ctx *ctx) static void caam_exit_common(struct caam_ctx *ctx)
...@@ -1641,6 +1642,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1641,6 +1642,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
{ {
...@@ -1659,6 +1661,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1659,6 +1661,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
}, },
}, },
/* Galois Counter Mode */ /* Galois Counter Mode */
...@@ -1678,6 +1681,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -1678,6 +1681,7 @@ static struct caam_aead_alg driver_aeads[] = {
}, },
.caam = { .caam = {
.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM, .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
.nodkp = true,
} }
}, },
/* single-pass ipsec_esp descriptor */ /* single-pass ipsec_esp descriptor */
...@@ -2755,6 +2759,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -2755,6 +2759,7 @@ static struct caam_aead_alg driver_aeads[] = {
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.class2_alg_type = OP_ALG_ALGSEL_POLY1305 | .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.nodkp = true,
}, },
}, },
{ {
...@@ -2777,6 +2782,7 @@ static struct caam_aead_alg driver_aeads[] = { ...@@ -2777,6 +2782,7 @@ static struct caam_aead_alg driver_aeads[] = {
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.class2_alg_type = OP_ALG_ALGSEL_POLY1305 | .class2_alg_type = OP_ALG_ALGSEL_POLY1305 |
OP_ALG_AAI_AEAD, OP_ALG_AAI_AEAD,
.nodkp = true,
}, },
}, },
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment