crypto: atmel-tdes - Set the IV after {en,de}crypt

The req->iv of the skcipher_request is expected to contain the
last ciphertext block when the {en,de}crypt operation is done.
In case of in-place decryption, copy the ciphertext in an
intermediate buffer before decryption.

This fixes the following tcrypt tests:
alg: skcipher: atmel-cbc-des encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
00000000: fe dc ba 98 76 54 32 10
alg: skcipher: atmel-cbc-tdes encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
00000000: 7d 33 88 93 0f 93 b2 42

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
index bb7c0a387c0477620eedd68bdf463da745f2b77b..0c1f79b30fc1bac6063964ac095bd36a80367f7f 100644 (file)
--- a/drivers/crypto/atmel-tdes.c
+++ b/drivers/crypto/atmel-tdes.c
@@ -81,6 +81,7 @@ struct atmel_tdes_ctx {
 
 struct atmel_tdes_reqctx {
        unsigned long mode;
+       u8 lastc[DES_BLOCK_SIZE];
 };
 
 struct atmel_tdes_dma {
@@ -572,6 +573,30 @@ static int atmel_tdes_crypt_start(struct atmel_tdes_dev *dd)
        return err;
 }
 
+static void
+atmel_tdes_set_iv_as_last_ciphertext_block(struct atmel_tdes_dev *dd)
+{
+       struct skcipher_request *req = dd->req;
+       struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
+       struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+       unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+       if (req->cryptlen < ivsize)
+               return;
+
+       if (rctx->mode & TDES_FLAGS_ENCRYPT) {
+               scatterwalk_map_and_copy(req->iv, req->dst,
+                                        req->cryptlen - ivsize, ivsize, 0);
+       } else {
+               if (req->src == req->dst)
+                       memcpy(req->iv, rctx->lastc, ivsize);
+               else
+                       scatterwalk_map_and_copy(req->iv, req->src,
+                                                req->cryptlen - ivsize,
+                                                ivsize, 0);
+       }
+}
+
 static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
 {
        struct skcipher_request *req = dd->req;
@@ -580,6 +605,8 @@ static void atmel_tdes_finish_req(struct atmel_tdes_dev *dd, int err)
 
        dd->flags &= ~TDES_FLAGS_BUSY;
 
+       atmel_tdes_set_iv_as_last_ciphertext_block(dd);
+
        req->base.complete(&req->base, err);
 }
 
@@ -668,8 +695,8 @@ static int atmel_tdes_crypt_dma_stop(struct atmel_tdes_dev *dd)
 
 static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
 {
-       struct atmel_tdes_ctx *ctx = crypto_skcipher_ctx(
-                       crypto_skcipher_reqtfm(req));
+       struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
+       struct atmel_tdes_ctx *ctx = crypto_skcipher_ctx(skcipher);
        struct atmel_tdes_reqctx *rctx = skcipher_request_ctx(req);
 
        if (mode & TDES_FLAGS_CFB8) {
@@ -700,6 +727,15 @@ static int atmel_tdes_crypt(struct skcipher_request *req, unsigned long mode)
 
        rctx->mode = mode;
 
+       if (!(mode & TDES_FLAGS_ENCRYPT) && req->src == req->dst) {
+               unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
+
+               if (req->cryptlen >= ivsize)
+                       scatterwalk_map_and_copy(rctx->lastc, req->src,
+                                                req->cryptlen - ivsize,
+                                                ivsize, 0);
+       }
+
        return atmel_tdes_handle_queue(ctx->dd, req);
 }