Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1540823yba; Fri, 17 May 2019 00:36:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqwC/hQolRgm3DV2rF6jNfl2lee5ch2A221x0KLAGz/CweQ5ORHuybX3csWtta8C8NQ7mC5I X-Received: by 2002:a17:902:5c5:: with SMTP id f63mr53755408plf.327.1558078562255; Fri, 17 May 2019 00:36:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558078562; cv=none; d=google.com; s=arc-20160816; b=LU9BpWGmFCiT5xak56jUXZZFpwgtxZd3GA/eJRlLKEvO4JQxPLk66FCIHESs9JfJNh B+EpRO/AhT0itQNDlxDwigeJPLBVyA8doMCdhsgGVxxuyWAMlSHn0dDD0C4BMdM8HezP MX54GFA1DcR/neYMibN+YMrBg3SnSDgCse9C2eqE9L5gGe/VEmi48PypvN6+oaZXTtmo V2yyJZraIAkdMxjT2TEi1VVDqeJYDmE4G/QmmHQV1CeBw9nF+mu+kpE2eHJySJXSGXgL P/JzKmE8+SVjpLkuutD3/L49NbVXuo8dbElb99xK1OEdMfuEmdK6AYPqWnZXsa5QCCf0 +swg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=rCuUwwBJTVdO9q8URfJh0Ki9rrFykS+EKL0w4gPlEFM=; b=S81lLUyvAGRL/xiBZfZdd6YJ6Acvf6/BsUAN72GM7EP9l/87KKqgUNe+cDpfKo+x4h BvDhnfLGvCM9LN5hyDtcg/apJULo8QyA9n7PHOKuPkdG2+GAnUkyUeGQzch4fYSy5lNt Fw5Dtpv2pBTjGp5q5O6qUxzv0CWLlx9mcgvDhEzNw2W76c+tnNIA5OksmTyOWqHx8D+/ kwUG/K1NAw7VQctxQushPQDEXIvX3QBnHIMH2aSewVHknKns9eScsDMcsdV6BiYaUn9h Z+orVwm+sd5h86HUOwKpvVXcCbi9MNmGZ3ulg5WJFc59ObWHn9Tj9FdTQQfK4LjF47Ns 0TdQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si7603851pgg.348.2019.05.17.00.35.43; Fri, 17 May 2019 00:36:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727573AbfEQHdt (ORCPT + 99 others); Fri, 17 May 2019 03:33:49 -0400 Received: from metis.ext.pengutronix.de ([85.220.165.71]:46881 "EHLO metis.ext.pengutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727528AbfEQHdt (ORCPT ); Fri, 17 May 2019 03:33:49 -0400 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hRXNC-00016p-Oo; Fri, 17 May 2019 09:33:46 +0200 Received: from sha by ptx.hi.pengutronix.de with local (Exim 4.89) (envelope-from ) id 1hRXNC-0001as-98; Fri, 17 May 2019 09:33:46 +0200 Date: Fri, 17 May 2019 09:33:46 +0200 From: Sascha Hauer To: Horia Geanta Cc: Fabio Estevam , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Sascha Hauer Subject: Re: ctr(aes) broken in CAAM driver Message-ID: <20190517073346.2rdy5pz73hwonw5b@pengutronix.de> References: <20190515130746.cvhkxxffrmmynfq3@pengutronix.de> <20190515132225.oczgouglycuhqo4l@pengutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-Uptime: 09:32:51 up 59 days, 18:43, 86 users, load average: 1.09, 1.12, 1.12 User-Agent: NeoMutt/20170113 (1.7.2) X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::c0 X-SA-Exim-Mail-From: sha@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, May 15, 2019 at 01:35:16PM +0000, Horia Geanta wrote: > On 5/15/2019 4:22 PM, Sascha Hauer wrote: > > Hi Fabio, > > > > On Wed, May 15, 2019 at 10:17:19AM -0300, Fabio Estevam wrote: > >> Hi Sascha, > >> > >> On Wed, May 15, 2019 at 10:09 AM Sascha Hauer wrote: > >>> > >>> Hi, > >>> > >>> ctr(aes) is broken in current kernel (v5.1+). It may have been broken > >>> for longer, but the crypto tests now check for a correct output IV. The > >>> testmgr answers with: > >>> > >>> alg: skcipher: ctr-aes-caam encryption test failed (wrong output IV) on test vector 0, cfg="in-place" > >>> > >>> output IV is this, which is the last 16 bytes of the encrypted message: > >>> 00000000: 1e 03 1d da 2f be 03 d1 79 21 70 a0 f3 00 9c ee > >>> > >>> It should look like this instead, which is input IV + 4: > >>> 00000000: f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd ff 03 > >>> > >>> I have no idea how to fix this as I don't know how to get the output IV > >>> back from the CAAM. Any ideas? > >> > >> Is this problem similar to this one? > >> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg37512.html > > > > Different algo, different hardware, but yes, it seems to be the same > > type of failure. > > > For talitos, the problem is the lack of IV update. > > For caam, the problem is incorrect IV update (output IV is equal to last > ciphertext block, which is correect for cbc, but not for ctr mode). > > I am working at a fix, but it takes longer since I would like to program the > accelerator to the save the IV (and not do counter increment in SW, which > created problems for many other implementations). Thanks for working on it. I'd be glad to test it once you have something. Thanks Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |