Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10486577ybi; Thu, 25 Jul 2019 00:09:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqzOD0CTDbbZJEzitlPzdJGhD09fZgUWXPK4wpFv53VKsWthO2FwLI4YlA2zGha7EV3C6mYB X-Received: by 2002:a17:902:9a06:: with SMTP id v6mr87308190plp.71.1564038578320; Thu, 25 Jul 2019 00:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564038578; cv=none; d=google.com; s=arc-20160816; b=kAoXCB6HuUGEGiMdL50Bp2bzpRCSWE17TXXQJuXPfl5istvGA/kXFzzQU0/IwLF7cn akr4isJLL9+OutkZB/H0uEM2reSFgvNYhOGhwCOHIT+Ds84Gws1KvZAJ8h+jo+z9zD2h ee/2ZOt1XsxLBszusnh7kSEMZvbSQ6BL1vZSMt0rxDF+rlF47B4eE0VSoyjQc9jS1XIs SGULvplfazi33xnAIclR5teZuufafeo/X6C9kjbZFhOUpY3SjeI+sTtZ6vbXUOsZs1Rv YXXtR1uz6GaKrIcvdD/6JihjVCbxee8xZPSa3jM8zXtHYB3w2m5EHqO8KkEdBtyRsqqe 8Hlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/sdB48xooykYm2nrV5KTaYlv8uiVqReWawoAw4xPRlU=; b=Wx/G2+y5vl6TuDAUR6BXEt5JrmucpVGne4CcLC6qKatRjF6lUa3J4i/44Tx5flbHXK +qwgVhyqqpScmrOsFBIXot0WDt7xHPbmdOtS85p9n3320JiJDpWxTNepEM7o33M3vAJF ymGqYvRhreOM2H6hXPN/tdSAK2oyzjHBWeevcVoklLuZE8l17m/gobUrCqzr9khi/PX1 dINXAfl8r0sHt99H9FLJf2Fvx1NCB7JY0X67qqw1vt7B2PStt6nlr7HEcpYedp9xgTrF jzxyvFc/QSRY08ztoxHWCRt9qfBZIAFFg7vnVrd6xzgzlklC6ipJHKz5JLLFjGwG8yNv yVFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="d/XjIuaz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y193si16486973pgd.108.2019.07.25.00.09.23; Thu, 25 Jul 2019 00:09:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="d/XjIuaz"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391672AbfGXTzN (ORCPT + 99 others); Wed, 24 Jul 2019 15:55:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:38588 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391367AbfGXTzK (ORCPT ); Wed, 24 Jul 2019 15:55:10 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E53F5214AF; Wed, 24 Jul 2019 19:55:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563998109; bh=+Ga5K/f+pRdkb2gp/U/LGh9PolMPyPkzOhCb/+ZfqSA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d/XjIuazF3gQ7jAd5sDf+oGANWvbugVl3vs1uDxpBPfUfWXYSygWErMbbk4zydOSf 0Crkh7jkzN/OIKgCkh22y3Jr+5vnvEkvv0yot/XK1chhsM2p+Qa3diT+4SUmHAQF21 jZcc3qcotnSaOHTDX5ORThgP9TiSVuQm6az5zaRc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Christian Lamparter , Herbert Xu Subject: [PATCH 5.1 247/371] crypto: crypto4xx - block ciphers should only accept complete blocks Date: Wed, 24 Jul 2019 21:19:59 +0200 Message-Id: <20190724191743.301193295@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191724.382593077@linuxfoundation.org> References: <20190724191724.382593077@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christian Lamparter commit 0f7a81374060828280fcfdfbaa162cb559017f9f upstream. The hardware automatically zero pads incomplete block ciphers blocks without raising any errors. This is a screw-up. This was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that sent a incomplete blocks and expect them to fail. This fixes: cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector "random: len=2409 klen=32"; expected_error=-22, cfg="random: may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066, 0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767] iv_offset=6" ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector "random: len=1011 klen=32"; expected_error=-22, cfg="random: may_sleep use_digest src_divs=[100.0%@alignmask+20] dst_divs=[3.12%@+3001, 96.88%@+4070]" Cc: Eric Biggers Cc: stable@vger.kernel.org [4.19, 5.0 and 5.1] Signed-off-by: Christian Lamparter Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/amcc/crypto4xx_alg.c | 36 ++++++++++++++++++++++++----------- drivers/crypto/amcc/crypto4xx_core.c | 16 +++++++-------- drivers/crypto/amcc/crypto4xx_core.h | 10 +++++---- 3 files changed, 39 insertions(+), 23 deletions(-) --- a/drivers/crypto/amcc/crypto4xx_alg.c +++ b/drivers/crypto/amcc/crypto4xx_alg.c @@ -76,12 +76,16 @@ static void set_dynamic_sa_command_1(str } static inline int crypto4xx_crypt(struct skcipher_request *req, - const unsigned int ivlen, bool decrypt) + const unsigned int ivlen, bool decrypt, + bool check_blocksize) { struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher); __le32 iv[AES_IV_SIZE]; + if (check_blocksize && !IS_ALIGNED(req->cryptlen, AES_BLOCK_SIZE)) + return -EINVAL; + if (ivlen) crypto4xx_memcpy_to_le32(iv, req->iv, ivlen); @@ -90,24 +94,34 @@ static inline int crypto4xx_crypt(struct ctx->sa_len, 0, NULL); } -int crypto4xx_encrypt_noiv(struct skcipher_request *req) +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, 0, false, true); +} + +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req) +{ + return crypto4xx_crypt(req, AES_IV_SIZE, false, false); +} + +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, 0, false); + return crypto4xx_crypt(req, 0, true, true); } -int crypto4xx_encrypt_iv(struct skcipher_request *req) +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req) { - return crypto4xx_crypt(req, AES_IV_SIZE, false); + return crypto4xx_crypt(req, AES_IV_SIZE, true, false); } -int crypto4xx_decrypt_noiv(struct skcipher_request *req) +int crypto4xx_encrypt_iv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, 0, true); + return crypto4xx_crypt(req, AES_IV_SIZE, false, true); } -int crypto4xx_decrypt_iv(struct skcipher_request *req) +int crypto4xx_decrypt_iv_block(struct skcipher_request *req) { - return crypto4xx_crypt(req, AES_IV_SIZE, true); + return crypto4xx_crypt(req, AES_IV_SIZE, true, true); } /** @@ -278,8 +292,8 @@ crypto4xx_ctr_crypt(struct skcipher_requ return ret; } - return encrypt ? crypto4xx_encrypt_iv(req) - : crypto4xx_decrypt_iv(req); + return encrypt ? crypto4xx_encrypt_iv_stream(req) + : crypto4xx_decrypt_iv_stream(req); } static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx, --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -1226,8 +1226,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_cbc, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_block, + .decrypt = crypto4xx_decrypt_iv_block, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1246,8 +1246,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_cfb, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_stream, + .decrypt = crypto4xx_decrypt_iv_stream, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1306,8 +1306,8 @@ static struct crypto4xx_alg_common crypt .min_keysize = AES_MIN_KEY_SIZE, .max_keysize = AES_MAX_KEY_SIZE, .setkey = crypto4xx_setkey_aes_ecb, - .encrypt = crypto4xx_encrypt_noiv, - .decrypt = crypto4xx_decrypt_noiv, + .encrypt = crypto4xx_encrypt_noiv_block, + .decrypt = crypto4xx_decrypt_noiv_block, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, @@ -1326,8 +1326,8 @@ static struct crypto4xx_alg_common crypt .max_keysize = AES_MAX_KEY_SIZE, .ivsize = AES_IV_SIZE, .setkey = crypto4xx_setkey_aes_ofb, - .encrypt = crypto4xx_encrypt_iv, - .decrypt = crypto4xx_decrypt_iv, + .encrypt = crypto4xx_encrypt_iv_stream, + .decrypt = crypto4xx_decrypt_iv_stream, .init = crypto4xx_sk_init, .exit = crypto4xx_sk_exit, } }, --- a/drivers/crypto/amcc/crypto4xx_core.h +++ b/drivers/crypto/amcc/crypto4xx_core.h @@ -183,10 +183,12 @@ int crypto4xx_setkey_rfc3686(struct cryp const u8 *key, unsigned int keylen); int crypto4xx_encrypt_ctr(struct skcipher_request *req); int crypto4xx_decrypt_ctr(struct skcipher_request *req); -int crypto4xx_encrypt_iv(struct skcipher_request *req); -int crypto4xx_decrypt_iv(struct skcipher_request *req); -int crypto4xx_encrypt_noiv(struct skcipher_request *req); -int crypto4xx_decrypt_noiv(struct skcipher_request *req); +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req); +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req); +int crypto4xx_encrypt_iv_block(struct skcipher_request *req); +int crypto4xx_decrypt_iv_block(struct skcipher_request *req); +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req); +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req); int crypto4xx_rfc3686_encrypt(struct skcipher_request *req); int crypto4xx_rfc3686_decrypt(struct skcipher_request *req); int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);