Re: [PATCH v1 08/15] crypto: talitos - Do not modify req->cryptlen on decryption.

2019-05-28 Thread Horia Geanta 
On 5/21/2019 4:34 PM, Christophe Leroy wrote:
> For decrypt, req->cryptlen includes the size of the authentication
> part while all functions of the driver expect cryptlen to be
> the size of the encrypted data.
> 
> As it is not expected to change req->cryptlen, this patch
> implements local calculation of cryptlen.
> 
An alternative would be to restore req->cryptlen in the *_done() callback.
It would be easier to implement, though probably less intuitive.

Horia

[PATCH v1 08/15] crypto: talitos - Do not modify req->cryptlen on decryption.

2019-05-21 Thread Christophe Leroy 
For decrypt, req->cryptlen includes the size of the authentication
part while all functions of the driver expect cryptlen to be
the size of the encrypted data.

As it is not expected to change req->cryptlen, this patch
implements local calculation of cryptlen.

Signed-off-by: Christophe Leroy 
Fixes: 9c4a79653b35 ("crypto: talitos - Freescale integrated security engine 
(SEC) driver")
---
 drivers/crypto/talitos.c | 31 +--
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 6f6f34754ad8..a15aa6d6ec33 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1025,11 +1025,13 @@ static void talitos_sg_unmap(struct device *dev,
 
 static void ipsec_esp_unmap(struct device *dev,
struct talitos_edesc *edesc,
-   struct aead_request *areq)
+   struct aead_request *areq, bool encrypt)
 {
struct crypto_aead *aead = crypto_aead_reqtfm(areq);
struct talitos_ctx *ctx = crypto_aead_ctx(aead);
unsigned int ivsize = crypto_aead_ivsize(aead);
+   unsigned int authsize = crypto_aead_authsize(aead);
+   unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP;
struct talitos_ptr *civ_ptr = >desc.ptr[is_ipsec_esp ? 2 : 3];
 
@@ -1038,7 +1040,7 @@ static void ipsec_esp_unmap(struct device *dev,
 DMA_FROM_DEVICE);
unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE);
 
-   talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen,
+   talitos_sg_unmap(dev, edesc, areq->src, areq->dst, cryptlen,
 areq->assoclen);
 
if (edesc->dma_len)
@@ -1049,7 +1051,7 @@ static void ipsec_esp_unmap(struct device *dev,
unsigned int dst_nents = edesc->dst_nents ? : 1;
 
sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize,
-  areq->assoclen + areq->cryptlen - ivsize);
+  areq->assoclen + cryptlen - ivsize);
}
 }
 
@@ -1072,7 +1074,7 @@ static void ipsec_esp_encrypt_done(struct device *dev,
 
edesc = container_of(desc, struct talitos_edesc, desc);
 
-   ipsec_esp_unmap(dev, edesc, areq);
+   ipsec_esp_unmap(dev, edesc, areq, true);
 
/* copy the generated ICV to dst */
if (edesc->icv_ool) {
@@ -1108,7 +1110,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device 
*dev,
 
edesc = container_of(desc, struct talitos_edesc, desc);
 
-   ipsec_esp_unmap(dev, edesc, req);
+   ipsec_esp_unmap(dev, edesc, req, false);
 
if (!err) {
/* auth check */
@@ -1145,7 +1147,7 @@ static void ipsec_esp_decrypt_hwauth_done(struct device 
*dev,
 
edesc = container_of(desc, struct talitos_edesc, desc);
 
-   ipsec_esp_unmap(dev, edesc, req);
+   ipsec_esp_unmap(dev, edesc, req, false);
 
/* check ICV auth status */
if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) !=
@@ -1248,6 +1250,7 @@ static int talitos_sg_map(struct device *dev, struct 
scatterlist *src,
  * fill in and submit ipsec_esp descriptor
  */
 static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
+bool encrypt,
 void (*callback)(struct device *dev,
  struct talitos_desc *desc,
  void *context, int error))
@@ -1257,7 +1260,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct 
aead_request *areq,
struct talitos_ctx *ctx = crypto_aead_ctx(aead);
struct device *dev = ctx->dev;
struct talitos_desc *desc = >desc;
-   unsigned int cryptlen = areq->cryptlen;
+   unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
unsigned int ivsize = crypto_aead_ivsize(aead);
int tbl_off = 0;
int sg_count, ret;
@@ -1384,7 +1387,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct 
aead_request *areq,
 
ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
if (ret != -EINPROGRESS) {
-   ipsec_esp_unmap(dev, edesc, areq);
+   ipsec_esp_unmap(dev, edesc, areq, encrypt);
kfree(edesc);
}
return ret;
@@ -1502,9 +1505,10 @@ static struct talitos_edesc *aead_edesc_alloc(struct 
aead_request *areq, u8 *iv,
unsigned int authsize = crypto_aead_authsize(authenc);
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
unsigned int ivsize = crypto_aead_ivsize(authenc);
+   unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
 
return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
-  iv, areq->assoclen, areq->cryptlen,
+