Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3535831ybt; Tue, 30 Jun 2020 05:28:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwrGGlAGfecwmOBTqdQUFwKk17FqmhjJ9m2CHeJjfYdtpmVSMiHbuQbXlTU4chLuKcEJLCC X-Received: by 2002:aa7:c407:: with SMTP id j7mr22530824edq.96.1593520092108; Tue, 30 Jun 2020 05:28:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593520092; cv=none; d=google.com; s=arc-20160816; b=iGWhSUY3k6LI+JCBCoff79t219YdYpOSf7fh2seMVs71X6Y1mxnwBzZdZPz0JZFI9D QA30sUI3qJXXK2mo1CjC0Rlw9wE4sN3Re6xe4O5XeNbk9P9vloqN1sc5tLQl3r/X4Izm C8BW2SBLDeNzWe/Ocl3hm+mNxmYvVP05r3WlgZRVT4HjbOvM0RqjNIw3CLfz1rAoVToT 5BSOCfPFjTOk/tNagGMv5LTP2UuxLt/77Pv61fcM556Ansku00ICt8NLOD9vf9ARbjwO 8tYZ5nCzUPqHn6ejP2saT3Taa1Sh05wccy6e7FFZ0SL7u2pkaLOqzPz2YgVWUdRvdGd1 3Zdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=9vNdnY/ytuc4vzBuxzvaFyjtgWZ3pmdv/kkOUIzJ8RM=; b=tUeFqNDpWtK+QOyuUUbbPNOeDyi78VEzfPX0VKm5NpXIDSrEZk8QTNwxahJOfy+2sF zrySvufrI6lum+gyTnTF1WLdxjPKU4bq0qevCHLqhg010P95Kgyn0TSuWMvSNthUn7KG qwHI7Fzqy8kwcGqkLz/aOUozok2z+jgcxIS3W4g0AVZggVHpUyEk7uTd0MfEb5+0iSOz OChR6jFO/JvhJkV3VyEGgsSV5rR0qZKSDGq/1CWOPC4wtHtiz9ZN3DyvC9tgkUqirDnQ 2keKLPJpAb0i5mvk1MxwFAaQaMxFyeo3adFqaullu3Bpv/mRrLsFrBDoLaYmJULzeqS8 uQdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GLMdGfwb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q18si1155294edr.440.2020.06.30.05.27.48; Tue, 30 Jun 2020 05:28:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=GLMdGfwb; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387645AbgF3MT7 (ORCPT + 99 others); Tue, 30 Jun 2020 08:19:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:36558 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732804AbgF3MT6 (ORCPT ); Tue, 30 Jun 2020 08:19:58 -0400 Received: from e123331-lin.nice.arm.com (lfbn-nic-1-188-42.w2-15.abo.wanadoo.fr [2.15.37.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 72DD920774; Tue, 30 Jun 2020 12:19:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593519597; bh=qrgEp858d6S/nsBVd7ZX2BiVRKqbjQySrsdS4UYEijM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GLMdGfwbc0kJH52vcpwUJz3QOcoEBpxN1F/q1+gpzmdPXXa/C4mXdQswIvA0LAxug 8F8fBd2NGkgKyqvaE7xabPdAlNU34odFq6ZKnW3xLuoRzePoLXTiVdvWzsMyqXLDq6 3+aqCFTKGFdLMhWy7XB1+LDp8C7UrdWUDEvo5AYc= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Corentin Labbe , Herbert Xu , "David S. Miller" , Maxime Ripard , Chen-Yu Tsai , Tom Lendacky , Ayush Sawal , Vinay Kumar Yadav , Rohit Maheshwari , Shawn Guo , Sascha Hauer , Pengutronix Kernel Team , Fabio Estevam , NXP Linux Team , Jamie Iles , Eric Biggers , Tero Kristo , Matthias Brugger Subject: [PATCH v3 09/13] crypto: mxs-dcp - permit asynchronous skcipher as fallback Date: Tue, 30 Jun 2020 14:19:03 +0200 Message-Id: <20200630121907.24274-10-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630121907.24274-1-ardb@kernel.org> References: <20200630121907.24274-1-ardb@kernel.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Even though the mxs-dcp driver implements asynchronous versions of ecb(aes) and cbc(aes), the fallbacks it allocates are required to be synchronous. Given that SIMD based software implementations are usually asynchronous as well, even though they rarely complete asynchronously (this typically only happens in cases where the request was made from softirq context, while SIMD was already in use in the task context that it interrupted), these implementations are disregarded, and either the generic C version or another table based version implemented in assembler is selected instead. Since falling back to synchronous AES is not only a performance issue, but potentially a security issue as well (due to the fact that table based AES is not time invariant), let's fix this, by allocating an ordinary skcipher as the fallback, and invoke it with the completion routine that was given to the outer request. Signed-off-by: Ard Biesheuvel --- drivers/crypto/mxs-dcp.c | 33 ++++++++++---------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index d84530293036..909a7eb748e3 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -97,7 +97,7 @@ struct dcp_async_ctx { unsigned int hot:1; /* Crypto-specific context */ - struct crypto_sync_skcipher *fallback; + struct crypto_skcipher *fallback; unsigned int key_len; uint8_t key[AES_KEYSIZE_128]; }; @@ -105,6 +105,7 @@ struct dcp_async_ctx { struct dcp_aes_req_ctx { unsigned int enc:1; unsigned int ecb:1; + struct skcipher_request fallback_req; // keep at the end }; struct dcp_sha_req_ctx { @@ -426,21 +427,20 @@ static int dcp_chan_thread_aes(void *data) static int mxs_dcp_block_fallback(struct skcipher_request *req, int enc) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req); struct dcp_async_ctx *ctx = crypto_skcipher_ctx(tfm); - SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); int ret; - skcipher_request_set_sync_tfm(subreq, ctx->fallback); - skcipher_request_set_callback(subreq, req->base.flags, NULL, NULL); - skcipher_request_set_crypt(subreq, req->src, req->dst, + skcipher_request_set_tfm(&rctx->fallback_req, ctx->fallback); + skcipher_request_set_callback(&rctx->fallback_req, req->base.flags, + req->base.complete, req->base.data); + skcipher_request_set_crypt(&rctx->fallback_req, req->src, req->dst, req->cryptlen, req->iv); if (enc) - ret = crypto_skcipher_encrypt(subreq); + ret = crypto_skcipher_encrypt(&rctx->fallback_req); else - ret = crypto_skcipher_decrypt(subreq); - - skcipher_request_zero(subreq); + ret = crypto_skcipher_decrypt(&rctx->fallback_req); return ret; } @@ -510,24 +510,25 @@ static int mxs_dcp_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, * but is supported by in-kernel software implementation, we use * software fallback. */ - crypto_sync_skcipher_clear_flags(actx->fallback, CRYPTO_TFM_REQ_MASK); - crypto_sync_skcipher_set_flags(actx->fallback, + crypto_skcipher_clear_flags(actx->fallback, CRYPTO_TFM_REQ_MASK); + crypto_skcipher_set_flags(actx->fallback, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK); - return crypto_sync_skcipher_setkey(actx->fallback, key, len); + return crypto_skcipher_setkey(actx->fallback, key, len); } static int mxs_dcp_aes_fallback_init_tfm(struct crypto_skcipher *tfm) { const char *name = crypto_tfm_alg_name(crypto_skcipher_tfm(tfm)); struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm); - struct crypto_sync_skcipher *blk; + struct crypto_skcipher *blk; - blk = crypto_alloc_sync_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK); + blk = crypto_alloc_skcipher(name, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(blk)) return PTR_ERR(blk); actx->fallback = blk; - crypto_skcipher_set_reqsize(tfm, sizeof(struct dcp_aes_req_ctx)); + crypto_skcipher_set_reqsize(tfm, sizeof(struct dcp_aes_req_ctx) + + crypto_skcipher_reqsize(blk)); return 0; } @@ -535,7 +536,7 @@ static void mxs_dcp_aes_fallback_exit_tfm(struct crypto_skcipher *tfm) { struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm); - crypto_free_sync_skcipher(actx->fallback); + crypto_free_skcipher(actx->fallback); } /* -- 2.17.1