aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/crypto/caam/caamalg.c
diff options
context:
space:
mode:
authorKim Phillips <kim.phillips@freescale.com>2011-05-14 23:08:02 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2011-05-19 00:37:59 -0400
commitddbb80884a37601026ac3e5eaf176c4296231862 (patch)
tree3c4d486db42bbb8dbba59021fbd64aae54486403 /drivers/crypto/caam/caamalg.c
parent2930d49768e5276da4fbed9d9cc1bd40ed25818e (diff)
crypto: caam - fix decryption shared vs. non-shared key setting
Key sharing is enabled by default in the shared descriptor. Using CBC decrypt, AES has to alter the key in order to decrypt. During high traffic decryption rates, i.e, when sharing starts to take place, we need to use a different OPERATION option to tell AES that the key was already altered by the PRIOR descriptor - we need the following kind of logic: if ( shared ) operation where AES uses decryption key (DK=1) else operation where AES uses encryption key (DK=0) this patch implements this logic using a conditional and a non-conditional local jump within the decryption job descriptor. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/caam/caamalg.c')
-rw-r--r--drivers/crypto/caam/caamalg.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index b97575e414f6..4c69ba79f900 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -571,9 +571,27 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
571 /* copy iv from cipher/class1 input context to class2 infifo */ 571 /* copy iv from cipher/class1 input context to class2 infifo */
572 append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO | ivsize); 572 append_move(desc, MOVE_SRC_CLASS1CTX | MOVE_DEST_CLASS2INFIFO | ivsize);
573 573
574 /* start class 1 (cipher) operation */ 574 if (!encrypt) {
575 append_operation(desc, ctx->class1_alg_type | OP_ALG_AS_INITFINAL | 575 u32 *jump_cmd, *uncond_jump_cmd;
576 encrypt); 576
577 /* JUMP if shared */
578 jump_cmd = append_jump(desc, JUMP_TEST_ALL | JUMP_COND_SHRD);
579
580 /* start class 1 (cipher) operation, non-shared version */
581 append_operation(desc, ctx->class1_alg_type |
582 OP_ALG_AS_INITFINAL);
583
584 uncond_jump_cmd = append_jump(desc, 0);
585
586 set_jump_tgt_here(desc, jump_cmd);
587
588 /* start class 1 (cipher) operation, shared version */
589 append_operation(desc, ctx->class1_alg_type |
590 OP_ALG_AS_INITFINAL | OP_ALG_AAI_DK);
591 set_jump_tgt_here(desc, uncond_jump_cmd);
592 } else
593 append_operation(desc, ctx->class1_alg_type |
594 OP_ALG_AS_INITFINAL | encrypt);
577 595
578 /* load payload & instruct to class2 to snoop class 1 if encrypting */ 596 /* load payload & instruct to class2 to snoop class 1 if encrypting */
579 options = 0; 597 options = 0;
@@ -762,7 +780,7 @@ static int aead_authenc_decrypt(struct aead_request *req)
762 req->cryptlen -= ctx->authsize; 780 req->cryptlen -= ctx->authsize;
763 781
764 /* allocate extended descriptor */ 782 /* allocate extended descriptor */
765 edesc = ipsec_esp_edesc_alloc(req, 21 * sizeof(u32)); 783 edesc = ipsec_esp_edesc_alloc(req, 24 * sizeof(u32));
766 if (IS_ERR(edesc)) 784 if (IS_ERR(edesc))
767 return PTR_ERR(edesc); 785 return PTR_ERR(edesc);
768 786