[openwrt/openwrt] ltq-deu: fix cryptomgr test errors for des
LEDE Commits
lede-commits at lists.infradead.org
Wed Jan 5 17:10:21 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/19cb3c9dff96da86d81907ef503ddf93b7ad562c
commit 19cb3c9dff96da86d81907ef503ddf93b7ad562c
Author: Daniel Kestrel <kestrel1974 at t-online.de>
AuthorDate: Mon May 31 14:43:08 2021 +0200
ltq-deu: fix cryptomgr test errors for des
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.
Signed-off-by: Daniel Kestrel <kestrel1974 at t-online.de>
---
package/kernel/lantiq/ltq-deu/Makefile | 2 +-
package/kernel/lantiq/ltq-deu/src/ifxmips_des.c | 87 ++++++++++++++++---------
2 files changed, 58 insertions(+), 31 deletions(-)
diff --git a/package/kernel/lantiq/ltq-deu/Makefile b/package/kernel/lantiq/ltq-deu/Makefile
index e5a7d0d86f..8ac37f5d2d 100644
--- a/package/kernel/lantiq/ltq-deu/Makefile
+++ b/package/kernel/lantiq/ltq-deu/Makefile
@@ -21,7 +21,7 @@ define KernelPackage/ltq-deu-template
TITLE:=deu driver for $(1)
URL:=http://www.lantiq.com/
VARIANT:=$(1)
- DEPENDS:=@TARGET_lantiq_$(2) +kmod-crypto-manager @LINUX_5_4
+ DEPENDS:=@TARGET_lantiq_$(2) +kmod-crypto-manager +kmod-crypto-des @LINUX_5_4
FILES:=$(PKG_BUILD_DIR)/ltq_deu_$(1).ko
AUTOLOAD:=$(call AutoProbe,ltq_deu_$(1))
endef
diff --git a/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c b/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c
index 6b24e0f4b4..a223e8ec38 100644
--- a/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c
+++ b/package/kernel/lantiq/ltq-deu/src/ifxmips_des.c
@@ -50,6 +50,7 @@
#include <linux/delay.h>
#include <asm/byteorder.h>
#include <crypto/algapi.h>
+#include <crypto/des.h>
#include <crypto/internal/skcipher.h>
#include "ifxmips_deu.h"
@@ -106,11 +107,13 @@ void des_dma_memory_copy(u32 *outcopy, u32 *out_dma, u8 *out_arg, int nbytes);
void ifx_deu_des (void *ctx_arg, u8 *out_arg, const u8 *in_arg,
u8 *iv_arg, u32 nbytes, int encdec, int mode);
-struct des_ctx {
+struct ifx_deu_des_ctx {
int controlr_M;
int key_length;
u8 iv[DES_BLOCK_SIZE];
u32 expkey[DES3_EDE_EXPKEY_WORDS];
+ struct des_ctx des_context;
+ struct des3_ede_ctx des3_ede_context;
};
extern int disable_multiblock;
@@ -127,20 +130,32 @@ extern int disable_deudma;
int des_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
- struct des_ctx *dctx = crypto_tfm_ctx(tfm);
+ struct ifx_deu_des_ctx *dctx = crypto_tfm_ctx(tfm);
+ int err;
//printk("setkey in %s\n", __FILE__);
+ err = des_expand_key(&dctx->des_context, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
+ }
+
dctx->controlr_M = 0; // des
dctx->key_length = keylen;
memcpy ((u8 *) (dctx->expkey), key, keylen);
- return 0;
+ if (err)
+ memset(dctx, 0, sizeof(*dctx));
+
+ return err;
}
-/*! \fn int des_set_key (struct crypto_skcipher *tfm, const uint8_t *in_key, unsigned int key_len)
+/*! \fn int des_setkey_skcipher (struct crypto_skcipher *tfm, const uint8_t *in_key, unsigned int key_len)
* \ingroup IFX_AES_FUNCTIONS
* \brief sets the AES keys for skcipher
* \param tfm linux crypto skcipher
@@ -170,7 +185,7 @@ void ifx_deu_des (void *ctx_arg, u8 *out_arg, const u8 *in_arg,
u8 *iv_arg, u32 nbytes, int encdec, int mode)
{
volatile struct des_t *des = (struct des_t *) DES_3DES_START;
- struct des_ctx *dctx = ctx_arg;
+ struct ifx_deu_des_ctx *dctx = ctx_arg;
u32 *key = dctx->expkey;
unsigned long flag;
@@ -360,31 +375,31 @@ void ifx_deu_des_ctr (void *ctx, uint8_t *dst, const uint8_t *src,
ifx_deu_des (ctx, dst, src, iv, nbytes, encdec, 4);
}
-/*! \fn void des_encrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in)
+/*! \fn void ifx_deu_des_encrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in)
* \ingroup IFX_DES_FUNCTIONS
* \brief encrypt DES_BLOCK_SIZE of data
* \param tfm linux crypto algo transform
* \param out output bytestream
* \param in input bytestream
*/
-void des_encrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in)
+void ifx_deu_des_encrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in)
{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(tfm);
ifx_deu_des (ctx, out, in, NULL, DES_BLOCK_SIZE,
CRYPTO_DIR_ENCRYPT, 0);
}
-/*! \fn void des_decrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in)
+/*! \fn void ifx_deu_des_decrypt (struct crypto_tfm *tfm, uint8_t *out, const uint8_t *in)
* \ingroup IFX_DES_FUNCTIONS
* \brief encrypt DES_BLOCK_SIZE of data
* \param tfm linux crypto algo transform
* \param out output bytestream
* \param in input bytestream
*/
-void des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in)
+void ifx_deu_des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in)
{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(tfm);
ifx_deu_des (ctx, out, in, NULL, DES_BLOCK_SIZE,
CRYPTO_DIR_DECRYPT, 0);
}
@@ -413,16 +428,28 @@ void des_decrypt (struct crypto_tfm *tfm, uint8_t * out, const uint8_t * in)
int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
- struct des_ctx *dctx = crypto_tfm_ctx(tfm);
+ struct ifx_deu_des_ctx *dctx = crypto_tfm_ctx(tfm);
+ int err;
//printk("setkey in %s\n", __FILE__);
+ err = des3_ede_expand_key(&dctx->des3_ede_context, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
+ }
+
dctx->controlr_M = keylen / 8 + 1; // 3DES EDE1 / EDE2 / EDE3 Mode
dctx->key_length = keylen;
memcpy ((u8 *) (dctx->expkey), key, keylen);
- return 0;
+ if (err)
+ memset(dctx, 0, sizeof(*dctx));
+
+ return err;
}
/*! \fn int des3_ede_setkey_skcipher(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen)
@@ -447,7 +474,7 @@ struct crypto_alg ifxdeu_des_alg = {
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_TYPE_CIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = DES_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct des_ctx),
+ .cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.cra_module = THIS_MODULE,
.cra_alignmask = 3,
.cra_list = LIST_HEAD_INIT(ifxdeu_des_alg.cra_list),
@@ -455,8 +482,8 @@ struct crypto_alg ifxdeu_des_alg = {
.cia_min_keysize = DES_KEY_SIZE,
.cia_max_keysize = DES_KEY_SIZE,
.cia_setkey = des_setkey,
- .cia_encrypt = des_encrypt,
- .cia_decrypt = des_decrypt } }
+ .cia_encrypt = ifx_deu_des_encrypt,
+ .cia_decrypt = ifx_deu_des_decrypt } }
};
/*
@@ -467,17 +494,17 @@ struct crypto_alg ifxdeu_des3_ede_alg = {
.cra_driver_name = "ifxdeu-des3_ede",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_TYPE_CIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
- .cra_blocksize = DES_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct des_ctx),
+ .cra_blocksize = DES3_EDE_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.cra_module = THIS_MODULE,
.cra_alignmask = 3,
.cra_list = LIST_HEAD_INIT(ifxdeu_des3_ede_alg.cra_list),
.cra_u = { .cipher = {
- .cia_min_keysize = DES_KEY_SIZE,
- .cia_max_keysize = DES_KEY_SIZE,
+ .cia_min_keysize = DES3_EDE_KEY_SIZE,
+ .cia_max_keysize = DES3_EDE_KEY_SIZE,
.cia_setkey = des3_ede_setkey,
- .cia_encrypt = des_encrypt,
- .cia_decrypt = des_decrypt } }
+ .cia_encrypt = ifx_deu_des_encrypt,
+ .cia_decrypt = ifx_deu_des_decrypt } }
};
/*! \fn int ecb_des_encrypt(struct skcipher_req *req)
@@ -488,7 +515,7 @@ struct crypto_alg ifxdeu_des3_ede_alg = {
*/
int ecb_des_encrypt(struct skcipher_request *req)
{
- struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct skcipher_walk walk;
int err;
unsigned int enc_bytes, nbytes;
@@ -514,7 +541,7 @@ int ecb_des_encrypt(struct skcipher_request *req)
*/
int ecb_des_decrypt(struct skcipher_request *req)
{
- struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct skcipher_walk walk;
int err;
unsigned int dec_bytes, nbytes;
@@ -542,7 +569,7 @@ struct skcipher_alg ifxdeu_ecb_des_alg = {
.base.cra_priority = 400,
.base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
.base.cra_blocksize = DES_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct des_ctx),
+ .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.base.cra_module = THIS_MODULE,
.base.cra_list = LIST_HEAD_INIT(ifxdeu_ecb_des_alg.base.cra_list),
.min_keysize = DES_KEY_SIZE,
@@ -561,7 +588,7 @@ struct skcipher_alg ifxdeu_ecb_des3_ede_alg = {
.base.cra_priority = 400,
.base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct des_ctx),
+ .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.base.cra_module = THIS_MODULE,
.base.cra_list = LIST_HEAD_INIT(ifxdeu_ecb_des3_ede_alg.base.cra_list),
.min_keysize = DES3_EDE_KEY_SIZE,
@@ -579,7 +606,7 @@ struct skcipher_alg ifxdeu_ecb_des3_ede_alg = {
*/
int cbc_des_encrypt(struct skcipher_request *req)
{
- struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct skcipher_walk walk;
int err;
unsigned int enc_bytes, nbytes;
@@ -607,7 +634,7 @@ int cbc_des_encrypt(struct skcipher_request *req)
*/
int cbc_des_decrypt(struct skcipher_request *req)
{
- struct des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct ifx_deu_des_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct skcipher_walk walk;
int err;
unsigned int dec_bytes, nbytes;
@@ -636,7 +663,7 @@ struct skcipher_alg ifxdeu_cbc_des_alg = {
.base.cra_priority = 400,
.base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
.base.cra_blocksize = DES_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct des_ctx),
+ .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.base.cra_module = THIS_MODULE,
.base.cra_list = LIST_HEAD_INIT(ifxdeu_cbc_des_alg.base.cra_list),
.min_keysize = DES_KEY_SIZE,
@@ -656,7 +683,7 @@ struct skcipher_alg ifxdeu_cbc_des3_ede_alg = {
.base.cra_priority = 400,
.base.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_KERN_DRIVER_ONLY,
.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
- .base.cra_ctxsize = sizeof(struct des_ctx),
+ .base.cra_ctxsize = sizeof(struct ifx_deu_des_ctx),
.base.cra_module = THIS_MODULE,
.base.cra_list = LIST_HEAD_INIT(ifxdeu_cbc_des3_ede_alg.base.cra_list),
.min_keysize = DES3_EDE_KEY_SIZE,
More information about the lede-commits
mailing list