Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp959255pxa; Sat, 22 Aug 2020 06:07:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUJjhqtTEES7p4vQGBh4bMppeXslTmEkTGz0SDlcmEL7dB2ojbnV8Haw1rum5/GP7VzIRF X-Received: by 2002:aa7:d291:: with SMTP id w17mr7262403edq.257.1598101649741; Sat, 22 Aug 2020 06:07:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598101649; cv=none; d=google.com; s=arc-20160816; b=UUwjNV48afnf/lIebU/nFmPnz1amrbg+Pg6sA/gp/g0DdYzvlLsAeEOpMPRvIbdY1I 5Ak9vmZr7Qho8y1CsWxVIsNyOSfVF8YzuqKvWJekYQdFYBXxTT5YYzgVy+95xlEmiPhq J5hgpljUDa0Q2chi99RESYd+cO9aRkcagjRCnAoqb57YKozx5PsBZf80qrtDozVzBQnV 9H1l9eaNi6qnLg8zgFnBJ8p6dqrSuduDZM6ufJvd/88yiTWwKFWkRIEyJZP2rIiybnU3 2IhQJrnr7CLTDTjCE4s3nfghCOaHoRUxA69DgJuqHTtxUOFPWXfTZRGxa0YbGeJBjY4g qPxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=waBOzWuwn7p+buUBeK8HY7BuPZ41J9x72fcROv6xMeI=; b=BLmETizJAJGecl70YKSPKlmVNNAai33tJitkmIaOdCc6Y8GcO76LwNuSn+2wdN4Wf4 Hi2jQNiX0dyqIzDTMOPUmy2LWz7UQo1opfgc77wz1645GpONQzd05yvkyDGvYjfWl0R8 6Qmg/AbvJU6u0PAwEt6yACca9bOsw1w4m2AOhvJr2eXamXnwA8pPvhPiNg0zjjxUHCmu JIV3NFNRRiCvMGp352rd+u2xt+kYQmp+fAgzXg4z07PI10S6IL/2uJrqyk6Bqq8aQmio 7eSTW7UqrxT+DP3RFzAjPb3+omW6/o5DRBJi1GHXu4RTdFFFAr5716MxLo7oTlT+RqJk rM8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MAg7CvS+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k21si3049784eje.480.2020.08.22.06.06.44; Sat, 22 Aug 2020 06:07:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MAg7CvS+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727900AbgHVNEX (ORCPT + 99 others); Sat, 22 Aug 2020 09:04:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:49646 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727864AbgHVNEW (ORCPT ); Sat, 22 Aug 2020 09:04:22 -0400 Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A990F207DF for ; Sat, 22 Aug 2020 13:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598101461; bh=IAETXI5TJu5PFa9rkP0KtaMf0vS/k0B1qj+XHHdps0I=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=MAg7CvS+YLgaLfOhXflEmZpIsQYCbPNn2DkUJBYm82p4oJDeEfLF5dG70FkavubHj 0p+pN533moPCpjV7BP2UDo8eh7BrSgDg5ZMzug/SPVGMgW+2le408XbdmZ5pfgVgbf +ZEN176uU8gM3OEBUzfcaDNWqzSilhywz+CDnnQQ= Received: by mail-ot1-f43.google.com with SMTP id u16so249576otj.10 for ; Sat, 22 Aug 2020 06:04:21 -0700 (PDT) X-Gm-Message-State: AOAM5334McZOulaoN3TVlOk5mldQC5HOAvpGpHoOwMKeIm2XpYarjUiE 773j/SXj+WZboMudYG5vuat+xRa2Gtl7rujPQJs= X-Received: by 2002:a9d:774d:: with SMTP id t13mr5090428otl.108.1598101461017; Sat, 22 Aug 2020 06:04:21 -0700 (PDT) MIME-Version: 1.0 References: <20200822072934.4394-1-giovanni.cabiddu@intel.com> In-Reply-To: <20200822072934.4394-1-giovanni.cabiddu@intel.com> From: Ard Biesheuvel Date: Sat, 22 Aug 2020 15:04:10 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] crypto: qat - aead cipher length should be block multiple To: Giovanni Cabiddu Cc: Herbert Xu , Linux Crypto Mailing List , qat-linux@intel.com, Dominik Przychodni Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sat, 22 Aug 2020 at 09:29, Giovanni Cabiddu wrote: > > From: Dominik Przychodni > > Include an additional check on the cipher length to prevent undefined > behaviour from occurring upon submitting requests which are not a > multiple of AES_BLOCK_SIZE. > > Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") > Signed-off-by: Dominik Przychodni > Signed-off-by: Giovanni Cabiddu I only looked at the patch, and not at the entire file, but could you explain which AES based AEAD implementations require the input length to be a multiple of the block size? CCM and GCM are both CTR based, and so any input length should be supported for at least those modes. > --- > drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c > index 72753b84dc95..d552dbcfe0a0 100644 > --- a/drivers/crypto/qat/qat_common/qat_algs.c > +++ b/drivers/crypto/qat/qat_common/qat_algs.c > @@ -828,6 +828,11 @@ static int qat_alg_aead_dec(struct aead_request *areq) > struct icp_qat_fw_la_bulk_req *msg; > int digst_size = crypto_aead_authsize(aead_tfm); > int ret, ctr = 0; > + u32 cipher_len; > + > + cipher_len = areq->cryptlen - digst_size; > + if (cipher_len % AES_BLOCK_SIZE != 0) > + return -EINVAL; > > ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); > if (unlikely(ret)) > @@ -842,7 +847,7 @@ static int qat_alg_aead_dec(struct aead_request *areq) > qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp; > qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp; > cipher_param = (void *)&qat_req->req.serv_specif_rqpars; > - cipher_param->cipher_length = areq->cryptlen - digst_size; > + cipher_param->cipher_length = cipher_len; > cipher_param->cipher_offset = areq->assoclen; > memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE); > auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param)); > @@ -871,6 +876,9 @@ static int qat_alg_aead_enc(struct aead_request *areq) > u8 *iv = areq->iv; > int ret, ctr = 0; > > + if (areq->cryptlen % AES_BLOCK_SIZE != 0) > + return -EINVAL; > + > ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req); > if (unlikely(ret)) > return ret; > -- > 2.26.2 >