Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp483171rdb; Thu, 18 Jan 2024 09:07:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IFmP564my7IToHiPUdkuALvTeN2gGZxXr1XNf65ifTyCbr31NwTNHPhL1hXiTQbIlyd79kw X-Received: by 2002:a05:6102:738:b0:466:9f87:b621 with SMTP id u24-20020a056102073800b004669f87b621mr1090547vsg.27.1705597666372; Thu, 18 Jan 2024 09:07:46 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705597666; cv=pass; d=google.com; s=arc-20160816; b=C9Tsn0G858VhiTIuww1V50pYctgWTHkH5iwkhp0utlK/FDli2EEJ+lWzNLUCg7jP3/ 4lXWnd6VRpoSBqvtmuoxj4K3GAH8TPNQlSnAz4yRplFNEL4QnIZCc8dx466Akd05rOe+ hZ2/IF/Xy5UxqIoDoRktSrrna4OO6KbqrmFRf1aBOYpfPEyljkg7QdrmrVNHUJDoRxCD BFR453hBcQkqx18Oik+dqlET3R0zYzwOGr5DBg4cg2TGEXvIvb7itW81FcJuHkiPfS9Z 1RA/YrLW99kqZNZJI+AZHqrXWnZCSFlT5fPzEXCjfGU4eJWE6KXbSAxveLxhhoOMeiKk YueQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=dbblg1g18vESHRUanqd3gqjzLxnkVDJAYZyoYzsYl98=; fh=MoNanF5d0vjGrp692+ghhk+JSPJJjsLNvHcs25SnBB4=; b=Ei4AR6dnacpJD20VO/Q2YuOIJdGxrkMcxSAm4rbOO8sPWrpHLNoOuY4CpHl9nKd3DX 6lpn4E6tckso1nn8xvNmkTRr8YfcTOjhoqoiyI78OknlhOkAxvfjoIMKL6rsetGqvW9o 9Q+zqM3aUP7tB3lxGJcYn3RZ9+PlUaeHPJOG8WRUV/9bd9LUzlgA5vxWgEyHmKtqUaNb Zx9re4exaWhRymoO93grxHfpvPd8AbUKATKHzUidImwdrmDAr2oB6ZTQ6sASCUcoKOLe o/TYUmrdh2scnDhWcvJErud1xV6RRdsRiFTLsmsWPL3SJMM+GyCKr+ttDUSaOewnHTf/ R/Eg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=O06Pg2Hk; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-1485-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1485-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bf7-20020a0561023a6700b00469832c4174si370254vsb.300.2024.01.18.09.07.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jan 2024 09:07:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1485-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=O06Pg2Hk; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-crypto+bounces-1485-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1485-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E4EF21C224DF for ; Thu, 18 Jan 2024 17:07:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 434DB2C84C; Thu, 18 Jan 2024 17:07:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="O06Pg2Hk" X-Original-To: linux-crypto@vger.kernel.org Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DEF72C843 for ; Thu, 18 Jan 2024 17:07:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705597662; cv=none; b=MynFcWzfJZm/eup6miO5B+gla2tdaOX3+azxo2xuYjhLd5gtvX3wxZq626CSat0I/cAHxfsSC/aacrGP+3a1kcsiyNYmARjercjvpdLE1OL1frzKyi3mutyutbuNlkx+l/UaDRLZP9z9l4/g/keLwO8lu/TmodUnVDDb0c3RYO0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705597662; c=relaxed/simple; bh=92UiQ6e2DOT3H/EOJ5xxiYlizB2H5aO6pwzx1rpb/FA=; h=Received:DKIM-Signature:X-Google-DKIM-Signature: X-Gm-Message-State:X-Google-Smtp-Source:X-Received:Date: In-Reply-To:Mime-Version:References:X-Developer-Key: X-Developer-Signature:X-Mailer:Message-ID:Subject:From:To:Cc: Content-Type; b=Abf+kAlFwa01vWc95u/frclPiQLEKTZZ3ZJ4+SB+Wn6b8LSnX7fzrhbBZ77wUj/U7gA+iwwnVTPIhfBqHvSqYgQ9LvwLHb4DYEjCxlKGJi1KFGGXnooJBzk4KQ/OiLgZ8laKS8fzn7L7ssXwXDktX7M0clTBTNFXa0aXtlEn57Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=O06Pg2Hk; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5eba564eb3fso224847927b3.1 for ; Thu, 18 Jan 2024 09:07:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1705597659; x=1706202459; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dbblg1g18vESHRUanqd3gqjzLxnkVDJAYZyoYzsYl98=; b=O06Pg2Hks3eB8xgC7X/NogVHH/+UotKK+NUEpm+raSIu+WXhfad5HB4Fseo82eY5qc uMuSfiiZL/+0theVRCAW3+TMuQ38kZGq5lSt1dNUhuLispmkXbQptn2GzQThkipkKozY UR1WJwVXBtUNt16f8EF+MqZe0K0UmY3XGcnZGDkUUu8kWlEJGGwN/l03MCTp7qn2n3I+ XHUUdfpAxDTheA+jn2Ug43FE30RGqdkrGB/pWpJMUZ0x2eiExagDAuO1w7XXmhHOE/8o 5pieDyJROkQQHOpwzVsNhtFOnGGRlQBU8919LLCLb3If5U5OQxBea3LEkGBLaXoapibp PXJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705597659; x=1706202459; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dbblg1g18vESHRUanqd3gqjzLxnkVDJAYZyoYzsYl98=; b=F9lbuEZHuPxyeIIMNi7AJKcs/qkPbVHkYsEQAFyu7R6ndBfQ/g73hUXLSV756mC/5H 3bFCBIg4FQ0taxb6ioPlATHHZAqn8/3R1D7v5MT3awG3ybpQsVwld1wNmgPRAmmOPl8A rGYm9KQKmWaOuP1BBex9BJFbI/ZaPP3ExDMIkH9NopYIjBd5UkfaLdrLt8DiS+b6MiRD euYnp81yqx4s0R5nVGr82/TlvyAkVJJPW3lvT/z44mO78pleOm3AWhGOgG10GCAvYsO3 BkvA+P8SEA0SZ87bRB2bb61ToxsppdlmHR7tKs2EMIgcZVktPatqpBi3Q8dqOFFstjfN +9kw== X-Gm-Message-State: AOJu0Yym2QX7mGgD0KP1LSICfApR1ebzM+Y59BLbysehUX81fr93Fzub pRKwyh5PQuU203YqPvONgLq0UlIsaIya/VnWyh3Sow4qvBhTV77swaS+EzUDka+aT2hN/mSfqRF TuP5X71ZzlPHzCBEQ6NOrbFNVg4ycbyBVwmQSXHQ3TZNMEAa2LCI3gt13F2AxIVwvRsIqDNWUCi iWN4z0DxNPuaDhvBhLd/Oi3s4XKoXR0g== X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a81:99c4:0:b0:5e6:6b2c:8620 with SMTP id q187-20020a8199c4000000b005e66b2c8620mr528280ywg.7.1705597659591; Thu, 18 Jan 2024 09:07:39 -0800 (PST) Date: Thu, 18 Jan 2024 18:06:30 +0100 In-Reply-To: <20240118170628.3049797-10-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240118170628.3049797-10-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=4040; i=ardb@kernel.org; h=from:subject; bh=JFhgp0jLRo+TU0jJ43nYp0OZsvoylBSy/v8YLlAKwv8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXVl1DTDBw+qFOQN5F8/n8XbOi1JWuyAUMeFB9cz/rDon +L+Gze3o5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzk9U5Ghrvv5rEbtqtqW7J+ 7K5XkmCSe2EWKda8bX/81rUOj3xUNjMyLBU1jvRYXKcqKOfm/rvj/k6pRF/Nj7NYzrVxyC9lP7O LDwA= X-Mailer: git-send-email 2.43.0.381.gb435a96ce8-goog Message-ID: <20240118170628.3049797-11-ardb+git@google.com> Subject: [PATCH v2 1/8] crypto: arm64/aes-ccm - Revert "Rewrite skcipher walker loop" From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: ebiggers@kernel.org, herbert@gondor.apana.org.au, Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" From: Ard Biesheuvel This reverts commit 57ead1bf1c54, which updated the CCM code to only rely on walk.nbytes to check for failures returned from the skcipher walk API, mostly for the common good rather than to fix a particular problem in the code. This change introduces a problem of its own: the skcipher walk is started with the 'atomic' argument set to false, which means that the skcipher walk API is permitted to sleep. Subsequently, it invokes skcipher_walk_done() with preemption disabled on the final iteration of the loop. This appears to work by accident, but it is arguably a bad example, and providing a better example was the point of the original patch. Given that future changes to the CCM code will rely on the original behavior of entering the loop even for zero sized inputs, let's just revert this change entirely, and proceed from there. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-ce-ccm-glue.c | 57 +++++++++++--------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c index 25cd3808ecbe..c4f14415f5f0 100644 --- a/arch/arm64/crypto/aes-ce-ccm-glue.c +++ b/arch/arm64/crypto/aes-ce-ccm-glue.c @@ -161,39 +161,43 @@ static int ccm_encrypt(struct aead_request *req) memcpy(buf, req->iv, AES_BLOCK_SIZE); err = skcipher_walk_aead_encrypt(&walk, req, false); + if (unlikely(err)) + return err; kernel_neon_begin(); if (req->assoclen) ccm_calculate_auth_mac(req, mac); - while (walk.nbytes) { + do { u32 tail = walk.nbytes % AES_BLOCK_SIZE; - bool final = walk.nbytes == walk.total; - if (final) + if (walk.nbytes == walk.total) tail = 0; ce_aes_ccm_encrypt(walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes - tail, ctx->key_enc, num_rounds(ctx), mac, walk.iv); - if (!final) - kernel_neon_end(); - err = skcipher_walk_done(&walk, tail); - if (!final) - kernel_neon_begin(); - } + if (walk.nbytes == walk.total) + ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); - ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); + kernel_neon_end(); - kernel_neon_end(); + if (walk.nbytes) { + err = skcipher_walk_done(&walk, tail); + if (unlikely(err)) + return err; + if (unlikely(walk.nbytes)) + kernel_neon_begin(); + } + } while (walk.nbytes); /* copy authtag to end of dst */ scatterwalk_map_and_copy(mac, req->dst, req->assoclen + req->cryptlen, crypto_aead_authsize(aead), 1); - return err; + return 0; } static int ccm_decrypt(struct aead_request *req) @@ -215,36 +219,37 @@ static int ccm_decrypt(struct aead_request *req) memcpy(buf, req->iv, AES_BLOCK_SIZE); err = skcipher_walk_aead_decrypt(&walk, req, false); + if (unlikely(err)) + return err; kernel_neon_begin(); if (req->assoclen) ccm_calculate_auth_mac(req, mac); - while (walk.nbytes) { + do { u32 tail = walk.nbytes % AES_BLOCK_SIZE; - bool final = walk.nbytes == walk.total; - if (final) + if (walk.nbytes == walk.total) tail = 0; ce_aes_ccm_decrypt(walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes - tail, ctx->key_enc, num_rounds(ctx), mac, walk.iv); - if (!final) - kernel_neon_end(); - err = skcipher_walk_done(&walk, tail); - if (!final) - kernel_neon_begin(); - } + if (walk.nbytes == walk.total) + ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); - ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); + kernel_neon_end(); - kernel_neon_end(); - - if (unlikely(err)) - return err; + if (walk.nbytes) { + err = skcipher_walk_done(&walk, tail); + if (unlikely(err)) + return err; + if (unlikely(walk.nbytes)) + kernel_neon_begin(); + } + } while (walk.nbytes); /* compare calculated auth tag with the stored one */ scatterwalk_map_and_copy(buf, req->src, -- 2.43.0.381.gb435a96ce8-goog