crypto: ccp - Fix XTS-AES-128 support on v5 CCPs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Version 5 CCPs have some new requirements for XTS-AES: the type field
must be specified, and the key requires 512 bits, with each part
occupying 256 bits and padded with zeroes.

cc: <stable@vger.kernel.org> # 4.9.x+

Signed-off-by: Gary R Hook <ghook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Gary R Hook and committed by

Herbert Xu 8 years ago e652399e 7c83d689

+43 -11

5 changed files

expand all

drivers

crypto

ccp

ccp-crypto-aes-xts.c

ccp-dev-v5.c

ccp-dev.h

ccp-ops.c

include

linux

ccp.h

+3 -1

drivers/crypto/ccp/ccp-crypto-aes-xts.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) AES XTS crypto API support 3 3 * 4 - * Copyright (C) 2013 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 + * Author: Gary R Hook <gary.hook@amd.com> 6 7 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 8 * 8 9 * This program is free software; you can redistribute it and/or modify ··· 165 164 memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 166 165 INIT_LIST_HEAD(&rctx->cmd.entry); 167 166 rctx->cmd.engine = CCP_ENGINE_XTS_AES_128; 167 + rctx->cmd.u.xts.type = CCP_AES_TYPE_128; 168 168 rctx->cmd.u.xts.action = (encrypt) ? CCP_AES_ACTION_ENCRYPT 169 169 : CCP_AES_ACTION_DECRYPT; 170 170 rctx->cmd.u.xts.unit_size = unit_size;

drivers/crypto/ccp/ccp-dev-v5.c

··· 145 145 #define CCP_AES_MODE(p) ((p)->aes.mode) 146 146 #define CCP_AES_TYPE(p) ((p)->aes.type) 147 147 #define CCP_XTS_SIZE(p) ((p)->aes_xts.size) 148 + #define CCP_XTS_TYPE(p) ((p)->aes_xts.type) 148 149 #define CCP_XTS_ENCRYPT(p) ((p)->aes_xts.encrypt) 149 150 #define CCP_DES3_SIZE(p) ((p)->des3.size) 150 151 #define CCP_DES3_ENCRYPT(p) ((p)->des3.encrypt) ··· 345 344 CCP5_CMD_PROT(&desc) = 0; 346 345 347 346 function.raw = 0; 347 + CCP_XTS_TYPE(&function) = op->u.xts.type; 348 348 CCP_XTS_ENCRYPT(&function) = op->u.xts.action; 349 349 CCP_XTS_SIZE(&function) = op->u.xts.unit_size; 350 350 CCP5_CMD_FUNCTION(&desc) = function.raw;

drivers/crypto/ccp/ccp-dev.h

··· 194 194 #define CCP_AES_CTX_SB_COUNT 1 195 195 196 196 #define CCP_XTS_AES_KEY_SB_COUNT 1 197 + #define CCP5_XTS_AES_KEY_SB_COUNT 2 197 198 #define CCP_XTS_AES_CTX_SB_COUNT 1 198 199 199 200 #define CCP_DES3_KEY_SB_COUNT 1 ··· 499 498 }; 500 499 501 500 struct ccp_xts_aes_op { 501 + enum ccp_aes_type type; 502 502 enum ccp_aes_action action; 503 503 enum ccp_xts_aes_unit_size unit_size; 504 504 };

+34 -9

drivers/crypto/ccp/ccp-ops.c

··· 1038 1038 struct ccp_op op; 1039 1039 unsigned int unit_size, dm_offset; 1040 1040 bool in_place = false; 1041 + unsigned int sb_count; 1042 + enum ccp_aes_type aestype; 1041 1043 int ret; 1042 1044 1043 1045 switch (xts->unit_size) { ··· 1063 1061 return -EINVAL; 1064 1062 } 1065 1063 1066 - if (xts->key_len != AES_KEYSIZE_128) 1064 + if (xts->key_len == AES_KEYSIZE_128) 1065 + aestype = CCP_AES_TYPE_128; 1066 + else 1067 1067 return -EINVAL; 1068 1068 1069 1069 if (!xts->final && (xts->src_len & (AES_BLOCK_SIZE - 1))) ··· 1087 1083 op.sb_key = cmd_q->sb_key; 1088 1084 op.sb_ctx = cmd_q->sb_ctx; 1089 1085 op.init = 1; 1086 + op.u.xts.type = aestype; 1090 1087 op.u.xts.action = xts->action; 1091 1088 op.u.xts.unit_size = xts->unit_size; 1092 1089 1093 - /* All supported key sizes fit in a single (32-byte) SB entry 1094 - * and must be in little endian format. Use the 256-bit byte 1095 - * swap passthru option to convert from big endian to little 1096 - * endian. 1090 + /* A version 3 device only supports 128-bit keys, which fits into a 1091 + * single SB entry. A version 5 device uses a 512-bit vector, so two 1092 + * SB entries. 1097 1093 */ 1094 + if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) 1095 + sb_count = CCP_XTS_AES_KEY_SB_COUNT; 1096 + else 1097 + sb_count = CCP5_XTS_AES_KEY_SB_COUNT; 1098 1098 ret = ccp_init_dm_workarea(&key, cmd_q, 1099 - CCP_XTS_AES_KEY_SB_COUNT * CCP_SB_BYTES, 1099 + sb_count * CCP_SB_BYTES, 1100 1100 DMA_TO_DEVICE); 1101 1101 if (ret) 1102 1102 return ret; 1103 1103 1104 - dm_offset = CCP_SB_BYTES - AES_KEYSIZE_128; 1105 - ccp_set_dm_area(&key, dm_offset, xts->key, 0, xts->key_len); 1106 - ccp_set_dm_area(&key, 0, xts->key, dm_offset, xts->key_len); 1104 + if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) { 1105 + /* All supported key sizes must be in little endian format. 1106 + * Use the 256-bit byte swap passthru option to convert from 1107 + * big endian to little endian. 1108 + */ 1109 + dm_offset = CCP_SB_BYTES - AES_KEYSIZE_128; 1110 + ccp_set_dm_area(&key, dm_offset, xts->key, 0, xts->key_len); 1111 + ccp_set_dm_area(&key, 0, xts->key, xts->key_len, xts->key_len); 1112 + } else { 1113 + /* Version 5 CCPs use a 512-bit space for the key: each portion 1114 + * occupies 256 bits, or one entire slot, and is zero-padded. 1115 + */ 1116 + unsigned int pad; 1117 + 1118 + dm_offset = CCP_SB_BYTES; 1119 + pad = dm_offset - xts->key_len; 1120 + ccp_set_dm_area(&key, pad, xts->key, 0, xts->key_len); 1121 + ccp_set_dm_area(&key, dm_offset + pad, xts->key, xts->key_len, 1122 + xts->key_len); 1123 + } 1107 1124 ret = ccp_copy_to_sb(cmd_q, &key, op.jobid, op.sb_key, 1108 1125 CCP_PASSTHRU_BYTESWAP_256BIT); 1109 1126 if (ret) {

+2 -1

include/linux/ccp.h

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 229 229 * AES operation the new IV overwrites the old IV. 230 230 */ 231 231 struct ccp_xts_aes_engine { 232 + enum ccp_aes_type type; 232 233 enum ccp_aes_action action; 233 234 enum ccp_xts_aes_unit_size unit_size; 234 235