Received: by 10.192.165.156 with SMTP id m28csp23564imm; Tue, 10 Apr 2018 15:35:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+S8Tz8ATrE3ZeM4TWUvMehW9KXi/yZ9DkA/Nf3AOi9LGPjmdqV/P+zeUzB+/mww/jUt3gh X-Received: by 10.99.0.200 with SMTP id 191mr1573280pga.33.1523399734720; Tue, 10 Apr 2018 15:35:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523399734; cv=none; d=google.com; s=arc-20160816; b=FRo2xbFkmQNpTQJyYxx6VkHttEDubx4CNPQJSKUoSwoP9Bx3m30tZPO/VJT2KLKrhX nsyxs31Kahw2kFt8QDn4TIHgfPAka3BrdgttKRkx30lNmyrklYGxKswcztieFVWEskKu jceUEM8YTGaALIxOQlSgEikVl0FwO+VgBoRYxiH55zIYWMHg9nOSb4VHrBxSf/L+IjN6 wW1b9i5lSBZlwyf5511xWihZn+Ax1gK3QaxMtnmQynSB93SAs7Q18agUj4W+CDohwk2r BsVID0XDGHC/voXaDVuM/ucWUOKQuM6c+vRqwTOVfocqRpa5RyovEqu8ZdCXeWqcctnV mJug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=c8WImE7MMXQ/Vt6e1/6aZC4TUgOyn1cpDHY5rQwIEUQ=; b=EAce0Aml2Pqf5AIxhn9bFGb81pN3TozityL60L6Gla1n2/VWiRmHxeMMRJ+h9IPZhK /N93d1ym5UVrLX6YHbSSkPfNFntX0azykegDHNGTJt5wxpScGEv2pgkDhzCqN8d2iBX+ I8FoV43R7QO/1CJA0SZjP2sEvaL0V2KYGdSX1shy75SHoJ40Ak7f/jVllYFDYWAMqlox YDln8KQ5/5C84cE8p+4sHqmFRHgt4YUGCu2vgoCUpjKIeK+UTDu9LdLCjyxe/oelJKMn Sj2VVk71u+OFZDOSa+H7uAJBjv2TyPUFJTbsAp8XwevKHP4MYhz7kOvSRdaeeLSe8dOm xQYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f130si2398773pgc.304.2018.04.10.15.34.57; Tue, 10 Apr 2018 15:35:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753872AbeDJW1y (ORCPT + 99 others); Tue, 10 Apr 2018 18:27:54 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:37984 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753783AbeDJW1u (ORCPT ); Tue, 10 Apr 2018 18:27:50 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 81360C03; Tue, 10 Apr 2018 22:27:49 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christian Lamparter , Herbert Xu , Sasha Levin Subject: [PATCH 4.15 047/168] crypto: crypto4xx - perform aead icv check in the driver Date: Wed, 11 Apr 2018 00:23:09 +0200 Message-Id: <20180410212802.210479322@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180410212800.144079021@linuxfoundation.org> References: <20180410212800.144079021@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Christian Lamparter [ Upstream commit 0b5a7f71b4c557b15ec54a1b49023bc1b21044cc ] The ccm-aes-ppc4xx now fails one of testmgr's expected failure test cases as such: |decryption failed on test 10 for ccm-aes-ppc4xx: |ret was 0, |expected -EBADMSG It doesn't look like the hardware sets the authentication failure flag. The original vendor source from which this was ported does not have any special code or notes about why this would happen or if there are any WAs. Hence, this patch converts the aead_done callback handler to perform the icv check in the driver. And this fixes the false negative and the ccm-aes-ppc4xx passes the selftests once again. |name : ccm(aes) |driver : ccm-aes-ppc4xx |module : crypto4xx |priority : 300 |refcnt : 1 |selftest : passed |internal : no |type : aead |async : yes |blocksize : 1 |ivsize : 16 |maxauthsize : 16 |geniv : Signed-off-by: Christian Lamparter Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/amcc/crypto4xx_alg.c | 6 --- drivers/crypto/amcc/crypto4xx_core.c | 54 +++++++++++++++++------------------ 2 files changed, 28 insertions(+), 32 deletions(-) --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -256,10 +256,6 @@ static inline bool crypto4xx_aead_need_f if (is_ccm && !(req->iv[0] == 1 || req->iv[0] == 3)) return true; - /* CCM - fix CBC MAC mismatch in special case */ - if (is_ccm && decrypt && !req->assoclen) - return true; - return false; } @@ -330,7 +326,7 @@ int crypto4xx_setkey_aes_ccm(struct cryp sa = (struct dynamic_sa_ctl *) ctx->sa_in; sa->sa_contents.w = SA_AES_CCM_CONTENTS | (keylen << 2); - set_dynamic_sa_command_0(sa, SA_NOT_SAVE_HASH, SA_NOT_SAVE_IV, + set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV, SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE, SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC, SA_CIPHER_ALG_AES, --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -570,15 +570,14 @@ static void crypto4xx_aead_done(struct c struct pd_uinfo *pd_uinfo, struct ce_pd *pd) { - struct aead_request *aead_req; - struct crypto4xx_ctx *ctx; + struct aead_request *aead_req = container_of(pd_uinfo->async_req, + struct aead_request, base); struct scatterlist *dst = pd_uinfo->dest_va; + size_t cp_len = crypto_aead_authsize( + crypto_aead_reqtfm(aead_req)); + u32 icv[cp_len]; int err = 0; - aead_req = container_of(pd_uinfo->async_req, struct aead_request, - base); - ctx = crypto_tfm_ctx(aead_req->base.tfm); - if (pd_uinfo->using_sd) { crypto4xx_copy_pkt_to_dst(dev, pd, pd_uinfo, pd->pd_ctl_len.bf.pkt_len, @@ -590,38 +589,39 @@ static void crypto4xx_aead_done(struct c if (pd_uinfo->sa_va->sa_command_0.bf.dir == DIR_OUTBOUND) { /* append icv at the end */ - size_t cp_len = crypto_aead_authsize( - crypto_aead_reqtfm(aead_req)); - u32 icv[cp_len]; - crypto4xx_memcpy_from_le32(icv, pd_uinfo->sr_va->save_digest, cp_len); scatterwalk_map_and_copy(icv, dst, aead_req->cryptlen, cp_len, 1); + } else { + /* check icv at the end */ + scatterwalk_map_and_copy(icv, aead_req->src, + aead_req->assoclen + aead_req->cryptlen - + cp_len, cp_len, 0); + + crypto4xx_memcpy_from_le32(icv, icv, cp_len); + + if (crypto_memneq(icv, pd_uinfo->sr_va->save_digest, cp_len)) + err = -EBADMSG; } crypto4xx_ret_sg_desc(dev, pd_uinfo); if (pd->pd_ctl.bf.status & 0xff) { - if (pd->pd_ctl.bf.status & 0x1) { - /* authentication error */ - err = -EBADMSG; - } else { - if (!__ratelimit(&dev->aead_ratelimit)) { - if (pd->pd_ctl.bf.status & 2) - pr_err("pad fail error\n"); - if (pd->pd_ctl.bf.status & 4) - pr_err("seqnum fail\n"); - if (pd->pd_ctl.bf.status & 8) - pr_err("error _notify\n"); - pr_err("aead return err status = 0x%02x\n", - pd->pd_ctl.bf.status & 0xff); - pr_err("pd pad_ctl = 0x%08x\n", - pd->pd_ctl.bf.pd_pad_ctl); - } - err = -EINVAL; + if (!__ratelimit(&dev->aead_ratelimit)) { + if (pd->pd_ctl.bf.status & 2) + pr_err("pad fail error\n"); + if (pd->pd_ctl.bf.status & 4) + pr_err("seqnum fail\n"); + if (pd->pd_ctl.bf.status & 8) + pr_err("error _notify\n"); + pr_err("aead return err status = 0x%02x\n", + pd->pd_ctl.bf.status & 0xff); + pr_err("pd pad_ctl = 0x%08x\n", + pd->pd_ctl.bf.pd_pad_ctl); } + err = -EINVAL; } if (pd_uinfo->state & PD_ENTRY_BUSY)