Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9980999ybi; Wed, 24 Jul 2019 13:28:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqxa9mgtWsnyn0GlqxUuZSxLX4kMEseqRUkSLbBV+0RY8UhaCxdmUzrdnTvY1q3tw8qxBPiz X-Received: by 2002:a62:f202:: with SMTP id m2mr13506818pfh.6.1564000130913; Wed, 24 Jul 2019 13:28:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564000130; cv=none; d=google.com; s=arc-20160816; b=zRApJLQIS49dH8MKq9KNSShwrovFdZoQPmfcW8CBdpBJQoi80nSq3iLpRBaUFYLE5Z DlFdBX4XUrLzsnrs6zvDQHXPgWP18RhKGOT8cqUeQC9Zl+PKpbp7rGoMkWpwObG0Bxpt MejHZoDooUdfyQviyFZxXnaN4hv1t7y8LSVNjXfQTk7g9PQMVnmi7B07OsFRdxTWjmxF mzxogILNUCV7PlgLG3Um4P3c6j3UsZVla2X1ggcM1X3Z0CcpdxRMZi/6z2OWE4KF4FtZ 4Az16gbaOqbM5OQb2krsX4dNk9Z29J9jClygNC6nQwqQZrgcwsGqpXUQq4XVOmrlBZWK cSQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=MRWe3KtQI/dZ+K31ouO3JozBvsdlhg7W31aPcvdpsHU=; b=J6DZ/1zvhD4Lr+w0Myngls+gAvNzPNCYWhVJ+nenkryUdJLvpfPFQ9UDXIJuSTamZp OXUDjoL1S+6VIzDXBzwsCSUyIOo0REAs0uwjQezk/XT3utgTHyVaWChCzrN7t8B6onws ZzfwOkfcRtFztsWqIZ1CIM7ulQbNfvfR2v0MOY7AEGXWHhTzQ9cUKEjXWrk0awpCnw/g A76wVTipxlyDBZQVr7IMud6pISoVu7MRjrIQ9KAi6d2WjMwBcJ0LSD55NQYgvwnREMfe 2oCjug5STWGmJfVdmKdNchfywyaSar83vWDknU0+xG/iqQq/GKLO4dmuj7jK2FGjIUHQ wm/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cTPSqXZm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p20si16594519pgk.158.2019.07.24.13.28.36; Wed, 24 Jul 2019 13:28:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cTPSqXZm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388891AbfGXTft (ORCPT + 99 others); Wed, 24 Jul 2019 15:35:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:33806 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388392AbfGXTfq (ORCPT ); Wed, 24 Jul 2019 15:35:46 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 08DAA20659; Wed, 24 Jul 2019 19:35:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563996945; bh=MxbTrWEfclhDQ2aiyMg7D09m/ztBVxxhPyylCf+k+WI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cTPSqXZmzdRh2yvNpKV48IWqX0+OHUHjwVQoKH206EpDzoatyrz7W2V4kcEBN11aG i15Ea02V6DUwzV7ijGnDo6xEzws5Swza9sbTPvjFPQhWAxemz0HLv2xZLm8WLGDuAa FDE5NxRS5fICqXgXTTLZ6GgQO3tK9Tqil1Mp4Ffs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Christian Lamparter , Herbert Xu Subject: [PATCH 5.2 271/413] crypto: crypto4xx - block ciphers should only accept complete blocks Date: Wed, 24 Jul 2019 21:19:22 +0200 Message-Id: <20190724191755.607730272@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191735.096702571@linuxfoundation.org> References: <20190724191735.096702571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christian Lamparter commit 0f7a81374060828280fcfdfbaa162cb559017f9f upstream. The hardware automatically zero pads incomplete block ciphers blocks without raising any errors. This is a screw-up. This was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that sent a incomplete blocks and expect them to fail. This fixes: cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector "random: len=2409 klen=32"; expected_error=-22, cfg="random: may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066, 0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767] iv_offset=6" ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector "random: len=1011 klen=32"; expected_error=-22, cfg="random: may_sleep use_digest src_divs=[100.0%@alignmask+20] dst_divs=[3.12%@+3001, 96.88%@+4070]" Cc: Eric Biggers Cc: stable@vger.kernel.org [4.19, 5.0 and 5.1] Signed-off-by: Christian Lamparter Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/amcc/crypto4xx_alg.c | 36 ++++++++++++++++++++++++----------- drivers/crypto/amcc/crypto4xx_core.c | 16 +++++++-------- drivers/crypto/amcc/crypto4xx_core.h | 10 +++++---- 3 files changed, 39 insertions(+), 23 deletions(-) --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -67,12 +67,16 @@ static void set_dynamic_sa_command_1(str } static inline int crypto4xx_crypt(struct skcipher_request *req, - const unsigned int ivlen, bool decrypt) + const unsigned int ivlen, bool decrypt, + bool check_blocksize) { struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); __le32 iv[AES_IV_SIZE]; + if (check_blocksize && !IS_ALIGNED(req->cryptlen, AES_BLOCK_SIZE)) + return -EINVAL; + if (ivlen) crypto4xx_memcpy_to_le32(iv, req->iv, ivlen); @@ -81,24 +85,34 @@ static inline int crypto4xx_crypt(struct ctx->sa_len, 0, NULL); } -int crypto4xx_encrypt_noiv(struct skcipher_request *req) +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, 0, false, true); +} + +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, AES_IV_SIZE, false, false); +} + +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, 0, false); + return crypto4xx_crypt(req, 0, true, true); } -int crypto4xx_encrypt_iv(struct skcipher_request *req) +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req) { - return crypto4xx_crypt(req, AES_IV_SIZE, false); + return crypto4xx_crypt(req, AES_IV_SIZE, true, false); } -int crypto4xx_decrypt_noiv(struct skcipher_request *req) +int crypto4xx_encrypt_iv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, 0, true); + return crypto4xx_crypt(req, AES_IV_SIZE, false, true); } -int crypto4xx_decrypt_iv(struct skcipher_request *req) +int crypto4xx_decrypt_iv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, AES_IV_SIZE, true); + return crypto4xx_crypt(req, AES_IV_SIZE, true, true); } /** @@ -269,8 +283,8 @@ crypto4xx_ctr_crypt(struct skcipher_requ return ret; } - return encrypt ? crypto4xx_encrypt_iv(req) - : crypto4xx_decrypt_iv(req); + return encrypt ? crypto4xx_encrypt_iv_stream(req) + : crypto4xx_decrypt_iv_stream(req); } static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx, --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -1210,8 +1210,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_cbc, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_block, + .decrypt = crypto4xx_decrypt_iv_block, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1230,8 +1230,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_cfb, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_stream, + .decrypt = crypto4xx_decrypt_iv_stream, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1290,8 +1290,8 @@ static struct crypto4xx_alg_common crypt .min_keysize = AES_MIN_KEY_SIZE, .max_keysize = AES_MAX_KEY_SIZE, .setkey = crypto4xx_setkey_aes_ecb, - .encrypt = crypto4xx_encrypt_noiv, - .decrypt = crypto4xx_decrypt_noiv, + .encrypt = crypto4xx_encrypt_noiv_block, + .decrypt = crypto4xx_decrypt_noiv_block, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1310,8 +1310,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_ofb, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_stream, + .decrypt = crypto4xx_decrypt_iv_stream, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, --- a/drivers/crypto/amcc/crypto4xx_core.h +++ b/drivers/crypto/amcc/crypto4xx_core.h @@ -173,10 +173,12 @@ int crypto4xx_setkey_rfc3686(struct cryp const u8 *key, unsigned int keylen); int crypto4xx_encrypt_ctr(struct skcipher_request *req); int crypto4xx_decrypt_ctr(struct skcipher_request *req); -int crypto4xx_encrypt_iv(struct skcipher_request *req); -int crypto4xx_decrypt_iv(struct skcipher_request *req); -int crypto4xx_encrypt_noiv(struct skcipher_request *req); -int crypto4xx_decrypt_noiv(struct skcipher_request *req); +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req); +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req); +int crypto4xx_encrypt_iv_block(struct skcipher_request *req); +int crypto4xx_decrypt_iv_block(struct skcipher_request *req); +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req); +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req); int crypto4xx_rfc3686_encrypt(struct skcipher_request *req); int crypto4xx_rfc3686_decrypt(struct skcipher_request *req); int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);