Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1319005imu; Wed, 23 Jan 2019 14:53:07 -0800 (PST) X-Google-Smtp-Source: ALg8bN70HEKE79AlR9qaxpjSCmn8vmnA6JZok8ztxDvytHfY5RhvWg0fglAcCCC6b3+I2O/E8hHm X-Received: by 2002:a17:902:d90d:: with SMTP id c13mr4157323plz.31.1548283987297; Wed, 23 Jan 2019 14:53:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548283987; cv=none; d=google.com; s=arc-20160816; b=aFlkadvCOvsvZbPsqN9LhWAjpK+BcQF0zUneSssA8xFQ7S3xfY/8RezLtt65gNFki0 lhdjgMwVDaTYsrtmfHE0GV4BM9xehVUuyv4VU3+lq6Iq4NEumlu9JNsDqceLl5bTd9uf K3K2ct4IP4V0Wy9CiZhbbIfHq6kc9/pZmhuLxonDJvQ/gtKXlnNJj+Nk/yqK4N7zzUMr WZoM+R+6FDt4piQDF/+XtF4eTSg8WP1XJCDqFa11ZsXkDgAz82t4vMo1AQe5ACykT9vM kR23RtMeMyFRKTsoZldJb2zEk2jj7w6hIfuYavqVqXxqw6xaxPjIRqeJn1Jpz2l2hP5L 6iDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=D0bp0cNv/C7qmYLdzrCUO5Mi/l0Fl6M4zBf4u6klWWw=; b=leQdGRQaEji6aNHy1CkYurUavtYVW4YkFNqZ/l2z94pRFe14MXsTTk/PK8ZRxMWGyt VL9lo4nR3aCa+nSn2VQmbBp3yLecbFAzbJOyNJyJnfeKRKkPXg68wiKhaBJIAN08PGFX 4LsEr1e7jYj/VIyfNkuF96hpDkUias6bDOm68lkpBf7QDwzJEQs1HcUnIsGsTaBlrSkN WOpwClGg0R29AHDtlA+ayGbtnUV790AKqaiYq1Sx9C5GeXrxSkBPomnm9Ca7cBhDE5gW KUBDwskuybg9cxEHrU4dT/ACc5w5LP2YDMstExm3PvB5gBH+lbB95RIOhvvv9aA37zmt 5/vw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qQTo9Tsy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si20300553plk.296.2019.01.23.14.52.52; Wed, 23 Jan 2019 14:53:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qQTo9Tsy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727183AbfAWWwl (ORCPT + 99 others); Wed, 23 Jan 2019 17:52:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:50100 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726152AbfAWWwc (ORCPT ); Wed, 23 Jan 2019 17:52:32 -0500 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 55B17218A1; Wed, 23 Jan 2019 22:52:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548283951; bh=oKS3kcktzzR287q6H0rR3/ZGl2v281gm1CFxOCbTNKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qQTo9TsyJIFSx7B9fdB6gM9g3V+tk13EL4VtX36GanzcAkhpi3ChJCsMX0xGvr/iL rYDAaeiNZOTnHQippOj+MpyIPCuJdMPXG4RjL1gaEsVvmjXkUPeFf7Ag/+R18ZZ2TK nd3H9MJCBn8t9dny/yrew0AMtQEdUTXhs+8Rrq/A= From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Cc: linux-kernel@vger.kernel.org, "Jason A . Donenfeld" , stable@vger.kernel.org, Ondrej Mosnacek Subject: [RFC/RFT PATCH 01/15] crypto: aegis - fix handling chunked inputs Date: Wed, 23 Jan 2019 14:49:12 -0800 Message-Id: <20190123224926.250525-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1.321.g9e740568ce-goog In-Reply-To: <20190123224926.250525-1-ebiggers@kernel.org> References: <20190123224926.250525-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers The generic AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. Fix them. Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations") Cc: # v4.18+ Cc: Ondrej Mosnacek Signed-off-by: Eric Biggers --- crypto/aegis128.c | 14 +++++++------- crypto/aegis128l.c | 14 +++++++------- crypto/aegis256.c | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/aegis128.c b/crypto/aegis128.c index c22f4414856d..789716f92e4c 100644 --- a/crypto/aegis128.c +++ b/crypto/aegis128.c @@ -290,19 +290,19 @@ static void crypto_aegis128_process_crypt(struct aegis_state *state, const struct aegis128_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c index b6fb21ebdc3e..73811448cb6b 100644 --- a/crypto/aegis128l.c +++ b/crypto/aegis128l.c @@ -353,19 +353,19 @@ static void crypto_aegis128l_process_crypt(struct aegis_state *state, const struct aegis128l_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis256.c b/crypto/aegis256.c index 11f0f8ec9c7c..8a71e9c06193 100644 --- a/crypto/aegis256.c +++ b/crypto/aegis256.c @@ -303,19 +303,19 @@ static void crypto_aegis256_process_crypt(struct aegis_state *state, const struct aegis256_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } -- 2.20.1.321.g9e740568ce-goog