Commit b4eba0ca authored by jmlatten@linux.vnet.ibm.com's avatar jmlatten@linux.vnet.ibm.com Committed by Herbert Xu

crypto: nx - fix nx-aes-gcm verification

This patch fixes a bug in the nx-aes-gcm implementation.
Corrected the code so that the authtag is always verified after
decrypting and not just when there is associated data included.
Also, corrected the code to retrieve the input authtag from src
instead of dst.
Reviewed-by: default avatarFionnuala Gunter <fin@linux.vnet.ibm.com>
Reviewed-by: default avatarMarcelo Cerri <mhcerri@linux.vnet.ibm.com>
Signed-off-by: default avatarJoy Latten <jmlatten@linux.vnet.ibm.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent d4d8edf8
...@@ -246,11 +246,11 @@ static int gcm_aes_nx_crypt(struct aead_request *req, int enc) ...@@ -246,11 +246,11 @@ static int gcm_aes_nx_crypt(struct aead_request *req, int enc)
req->dst, nbytes, req->dst, nbytes,
crypto_aead_authsize(crypto_aead_reqtfm(req)), crypto_aead_authsize(crypto_aead_reqtfm(req)),
SCATTERWALK_TO_SG); SCATTERWALK_TO_SG);
} else if (req->assoclen) { } else {
u8 *itag = nx_ctx->priv.gcm.iauth_tag; u8 *itag = nx_ctx->priv.gcm.iauth_tag;
u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac; u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac;
scatterwalk_map_and_copy(itag, req->dst, nbytes, scatterwalk_map_and_copy(itag, req->src, nbytes,
crypto_aead_authsize(crypto_aead_reqtfm(req)), crypto_aead_authsize(crypto_aead_reqtfm(req)),
SCATTERWALK_FROM_SG); SCATTERWALK_FROM_SG);
rc = memcmp(itag, otag, rc = memcmp(itag, otag,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment