The use of swab() is causing failures in 64-bit arch, as it
translates to __swab64() instead of the intended __swab32().
It eventually causes wrong results in xcbcmac & cmac algo.
Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
Signed-off-by: Peter Harliman Liem <[email protected]>
---
v2:
Add fixes tag
drivers/crypto/inside-secure/safexcel_hash.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
index bc60b5802256..2124416742f8 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -383,7 +383,7 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
u32 x;
x = ipad[i] ^ ipad[i + 4];
- cache[i] ^= swab(x);
+ cache[i] ^= swab32(x);
}
}
cache_len = AES_BLOCK_SIZE;
@@ -821,7 +821,7 @@ static int safexcel_ahash_final(struct ahash_request *areq)
u32 *result = (void *)areq->result;
/* K3 */
- result[i] = swab(ctx->base.ipad.word[i + 4]);
+ result[i] = swab32(ctx->base.ipad.word[i + 4]);
}
areq->result[0] ^= 0x80; // 10- padding
crypto_cipher_encrypt_one(ctx->kaes, areq->result, areq->result);
@@ -2106,7 +2106,7 @@ static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
crypto_cipher_encrypt_one(ctx->kaes, (u8 *)key_tmp + AES_BLOCK_SIZE,
"\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
- ctx->base.ipad.word[i] = swab(key_tmp[i]);
+ ctx->base.ipad.word[i] = swab32(key_tmp[i]);
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
@@ -2189,7 +2189,7 @@ static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
return ret;
for (i = 0; i < len / sizeof(u32); i++)
- ctx->base.ipad.word[i + 8] = swab(aes.key_enc[i]);
+ ctx->base.ipad.word[i + 8] = swab32(aes.key_enc[i]);
/* precompute the CMAC key material */
crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
--
2.17.1
Quoting Peter Harliman Liem (2022-09-06 04:51:28)
> The use of swab() is causing failures in 64-bit arch, as it
> translates to __swab64() instead of the intended __swab32().
> It eventually causes wrong results in xcbcmac & cmac algo.
>
> Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
> Signed-off-by: Peter Harliman Liem <[email protected]>
Acked-by: Antoine Tenart <[email protected]>
Thanks!
> ---
> v2:
> Add fixes tag
>
> drivers/crypto/inside-secure/safexcel_hash.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
> index bc60b5802256..2124416742f8 100644
> --- a/drivers/crypto/inside-secure/safexcel_hash.c
> +++ b/drivers/crypto/inside-secure/safexcel_hash.c
> @@ -383,7 +383,7 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
> u32 x;
>
> x = ipad[i] ^ ipad[i + 4];
> - cache[i] ^= swab(x);
> + cache[i] ^= swab32(x);
> }
> }
> cache_len = AES_BLOCK_SIZE;
> @@ -821,7 +821,7 @@ static int safexcel_ahash_final(struct ahash_request *areq)
> u32 *result = (void *)areq->result;
>
> /* K3 */
> - result[i] = swab(ctx->base.ipad.word[i + 4]);
> + result[i] = swab32(ctx->base.ipad.word[i + 4]);
> }
> areq->result[0] ^= 0x80; // 10- padding
> crypto_cipher_encrypt_one(ctx->kaes, areq->result, areq->result);
> @@ -2106,7 +2106,7 @@ static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,
> crypto_cipher_encrypt_one(ctx->kaes, (u8 *)key_tmp + AES_BLOCK_SIZE,
> "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");
> for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)
> - ctx->base.ipad.word[i] = swab(key_tmp[i]);
> + ctx->base.ipad.word[i] = swab32(key_tmp[i]);
>
> crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
> crypto_cipher_set_flags(ctx->kaes, crypto_ahash_get_flags(tfm) &
> @@ -2189,7 +2189,7 @@ static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
> return ret;
>
> for (i = 0; i < len / sizeof(u32); i++)
> - ctx->base.ipad.word[i + 8] = swab(aes.key_enc[i]);
> + ctx->base.ipad.word[i + 8] = swab32(aes.key_enc[i]);
>
> /* precompute the CMAC key material */
> crypto_cipher_clear_flags(ctx->kaes, CRYPTO_TFM_REQ_MASK);
> --
> 2.17.1
>
On Tue, Sep 06, 2022 at 10:51:28AM +0800, Peter Harliman Liem wrote:
> The use of swab() is causing failures in 64-bit arch, as it
> translates to __swab64() instead of the intended __swab32().
> It eventually causes wrong results in xcbcmac & cmac algo.
>
> Fixes: 78cf1c8bfcb8 ("crypto: inside-secure - Move ipad/opad into safexcel_context")
> Signed-off-by: Peter Harliman Liem <[email protected]>
> ---
> v2:
> Add fixes tag
>
> drivers/crypto/inside-secure/safexcel_hash.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt