crypto: sahara - fix cbc selftest failure

[ Upstream commit 9f10bc28c0fb676ae58aa3bfa358db8f5de124bb ]

The kernel crypto API requires that all CBC implementations update the IV
buffer to contain the last ciphertext block.

This fixes the following cbc selftest error:
alg: skcipher: sahara-cbc-aes encryption test failed (wrong output IV) on
test vector 0, cfg="in-place (one sglist)"

Fixes: 5de8875281e1 ("crypto: sahara - Add driver for SAHARA2 accelerator.")
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index 7970891..037a623 100644 (file)
--- a/drivers/crypto/sahara.c
+++ b/drivers/crypto/sahara.c
@@ -148,6 +148,7 @@ struct sahara_ctx {
 
 struct sahara_aes_reqctx {
        unsigned long mode;
+       u8 iv_out[AES_BLOCK_SIZE];
        struct skcipher_request fallback_req;   // keep at the end
 };
 
@@ -541,8 +542,24 @@ unmap_in:
        return -EINVAL;
 }
 
+static void sahara_aes_cbc_update_iv(struct skcipher_request *req)
+{
+       struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+       struct sahara_aes_reqctx *rctx = skcipher_request_ctx(req);
+       unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+       /* Update IV buffer to contain the last ciphertext block */
+       if (rctx->mode & FLAGS_ENCRYPT) {
+               sg_pcopy_to_buffer(req->dst, sg_nents(req->dst), req->iv,
+                                  ivsize, req->cryptlen - ivsize);
+       } else {
+               memcpy(req->iv, rctx->iv_out, ivsize);
+       }
+}
+
 static int sahara_aes_process(struct skcipher_request *req)
 {
+       struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
        struct sahara_dev *dev = dev_ptr;
        struct sahara_ctx *ctx;
        struct sahara_aes_reqctx *rctx;
@@ -564,8 +581,17 @@ static int sahara_aes_process(struct skcipher_request *req)
        rctx->mode &= FLAGS_MODE_MASK;
        dev->flags = (dev->flags & ~FLAGS_MODE_MASK) | rctx->mode;
 
-       if ((dev->flags & FLAGS_CBC) && req->iv)
-               memcpy(dev->iv_base, req->iv, AES_KEYSIZE_128);
+       if ((dev->flags & FLAGS_CBC) && req->iv) {
+               unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+               memcpy(dev->iv_base, req->iv, ivsize);
+
+               if (!(dev->flags & FLAGS_ENCRYPT)) {
+                       sg_pcopy_to_buffer(req->src, sg_nents(req->src),
+                                          rctx->iv_out, ivsize,
+                                          req->cryptlen - ivsize);
+               }
+       }
 
        /* assign new context to device */
        dev->ctx = ctx;
@@ -588,6 +614,9 @@ static int sahara_aes_process(struct skcipher_request *req)
        dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg,
                DMA_TO_DEVICE);
 
+       if ((dev->flags & FLAGS_CBC) && req->iv)
+               sahara_aes_cbc_update_iv(req);
+
        return 0;
 }