All of lore.kernel.org
 help / color / mirror / Atom feed
* FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree
@ 2018-06-14 13:08 gregkh
  2018-06-15  8:07 ` Martin Townsend
  0 siblings, 1 reply; 3+ messages in thread
From: gregkh @ 2018-06-14 13:08 UTC (permalink / raw)
  To: horia.geanta, fabio.estevam, herbert, mtownsend1973, stable,
	tudor.ambarus
  Cc: stable


The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 8a2a0dd35f2e54c023d9041a5428b6c5639af86c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
Date: Mon, 16 Apr 2018 08:07:05 -0500
Subject: [PATCH] crypto: caam - strip input zeros from RSA input buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sometimes the provided RSA input buffer provided is not stripped
of leading zeros. This could cause its size to be bigger than that
of the modulus, making the HW complain:

caam_jr 2142000.jr1: 40000789: DECO: desc idx 7:
Protocol Size Error - A protocol has seen an error in size. When
running RSA, pdb size N < (size of F) when no formatting is used; or
pdb size N < (F + 11) when formatting is used.

Fix the problem by stripping off the leading zero from input data
before feeding it to the CAAM accelerator.

Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm")
Cc: <stable@vger.kernel.org> # 4.8+
Reported-by: Martin Townsend <mtownsend1973@gmail.com>
Link: https://lkml.kernel.org/r/CABatt_ytYORYKtApcB4izhNanEKkGFi9XAQMjHi_n-8YWoCRiw@mail.gmail.com
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index 7a897209f181..979072b25eaa 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -166,18 +166,71 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err,
 	akcipher_request_complete(req, err);
 }
 
+static int caam_rsa_count_leading_zeros(struct scatterlist *sgl,
+					unsigned int nbytes,
+					unsigned int flags)
+{
+	struct sg_mapping_iter miter;
+	int lzeros, ents;
+	unsigned int len;
+	unsigned int tbytes = nbytes;
+	const u8 *buff;
+
+	ents = sg_nents_for_len(sgl, nbytes);
+	if (ents < 0)
+		return ents;
+
+	sg_miter_start(&miter, sgl, ents, SG_MITER_FROM_SG | flags);
+
+	lzeros = 0;
+	len = 0;
+	while (nbytes > 0) {
+		while (len && !*buff) {
+			lzeros++;
+			len--;
+			buff++;
+		}
+
+		if (len && *buff)
+			break;
+
+		sg_miter_next(&miter);
+		buff = miter.addr;
+		len = miter.length;
+
+		nbytes -= lzeros;
+		lzeros = 0;
+	}
+
+	miter.consumed = lzeros;
+	sg_miter_stop(&miter);
+	nbytes -= lzeros;
+
+	return tbytes - nbytes;
+}
+
 static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
 					 size_t desclen)
 {
 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 	struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
 	struct device *dev = ctx->dev;
+	struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
 	struct rsa_edesc *edesc;
 	gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
 		       GFP_KERNEL : GFP_ATOMIC;
+	int sg_flags = (flags == GFP_ATOMIC) ? SG_MITER_ATOMIC : 0;
 	int sgc;
 	int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes;
 	int src_nents, dst_nents;
+	int lzeros;
+
+	lzeros = caam_rsa_count_leading_zeros(req->src, req->src_len, sg_flags);
+	if (lzeros < 0)
+		return ERR_PTR(lzeros);
+
+	req->src_len -= lzeros;
+	req->src = scatterwalk_ffwd(req_ctx->src, req->src, lzeros);
 
 	src_nents = sg_nents_for_len(req->src, req->src_len);
 	dst_nents = sg_nents_for_len(req->dst, req->dst_len);
@@ -953,6 +1006,7 @@ static struct akcipher_alg caam_rsa = {
 	.max_size = caam_rsa_max_size,
 	.init = caam_rsa_init_tfm,
 	.exit = caam_rsa_exit_tfm,
+	.reqsize = sizeof(struct caam_rsa_req_ctx),
 	.base = {
 		.cra_name = "rsa",
 		.cra_driver_name = "rsa-caam",
diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h
index fd145c46eae1..82645bcf8b27 100644
--- a/drivers/crypto/caam/caampkc.h
+++ b/drivers/crypto/caam/caampkc.h
@@ -95,6 +95,14 @@ struct caam_rsa_ctx {
 	struct device *dev;
 };
 
+/**
+ * caam_rsa_req_ctx - per request context.
+ * @src: input scatterlist (stripped of leading zeros)
+ */
+struct caam_rsa_req_ctx {
+	struct scatterlist src[2];
+};
+
 /**
  * rsa_edesc - s/w-extended rsa descriptor
  * @src_nents     : number of segments in input scatterlist

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree
  2018-06-14 13:08 FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree gregkh
@ 2018-06-15  8:07 ` Martin Townsend
  2018-06-15  8:12   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Martin Townsend @ 2018-06-15  8:07 UTC (permalink / raw)
  To: gregkh
  Cc: Horia Geantă, Fabio Estevam, Herbert Xu, stable, Tudor Ambarus

On Thu, Jun 14, 2018 at 2:08 PM <gregkh@linuxfoundation.org> wrote:
>
>
> The patch below does not apply to the 4.9-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 8a2a0dd35f2e54c023d9041a5428b6c5639af86c Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
> Date: Mon, 16 Apr 2018 08:07:05 -0500
> Subject: [PATCH] crypto: caam - strip input zeros from RSA input buffer
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> Sometimes the provided RSA input buffer provided is not stripped
> of leading zeros. This could cause its size to be bigger than that
> of the modulus, making the HW complain:
>
> caam_jr 2142000.jr1: 40000789: DECO: desc idx 7:
> Protocol Size Error - A protocol has seen an error in size. When
> running RSA, pdb size N < (size of F) when no formatting is used; or
> pdb size N < (F + 11) when formatting is used.
>
> Fix the problem by stripping off the leading zero from input data
> before feeding it to the CAAM accelerator.
>
> Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm")
> Cc: <stable@vger.kernel.org> # 4.8+
> Reported-by: Martin Townsend <mtownsend1973@gmail.com>
> Link: https://lkml.kernel.org/r/CABatt_ytYORYKtApcB4izhNanEKkGFi9XAQMjHi_n-8YWoCRiw@mail.gmail.com
> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
> Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
> index 7a897209f181..979072b25eaa 100644
> --- a/drivers/crypto/caam/caampkc.c
> +++ b/drivers/crypto/caam/caampkc.c
> @@ -166,18 +166,71 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err,
>         akcipher_request_complete(req, err);
>  }
>
> +static int caam_rsa_count_leading_zeros(struct scatterlist *sgl,
> +                                       unsigned int nbytes,
> +                                       unsigned int flags)
> +{
> +       struct sg_mapping_iter miter;
> +       int lzeros, ents;
> +       unsigned int len;
> +       unsigned int tbytes = nbytes;
> +       const u8 *buff;
> +
> +       ents = sg_nents_for_len(sgl, nbytes);
> +       if (ents < 0)
> +               return ents;
> +
> +       sg_miter_start(&miter, sgl, ents, SG_MITER_FROM_SG | flags);
> +
> +       lzeros = 0;
> +       len = 0;
> +       while (nbytes > 0) {
> +               while (len && !*buff) {
> +                       lzeros++;
> +                       len--;
> +                       buff++;
> +               }
> +
> +               if (len && *buff)
> +                       break;
> +
> +               sg_miter_next(&miter);
> +               buff = miter.addr;
> +               len = miter.length;
> +
> +               nbytes -= lzeros;
> +               lzeros = 0;
> +       }
> +
> +       miter.consumed = lzeros;
> +       sg_miter_stop(&miter);
> +       nbytes -= lzeros;
> +
> +       return tbytes - nbytes;
> +}
> +
>  static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
>                                          size_t desclen)
>  {
>         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
>         struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
>         struct device *dev = ctx->dev;
> +       struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
>         struct rsa_edesc *edesc;
>         gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
>                        GFP_KERNEL : GFP_ATOMIC;
> +       int sg_flags = (flags == GFP_ATOMIC) ? SG_MITER_ATOMIC : 0;
>         int sgc;
>         int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes;
>         int src_nents, dst_nents;
> +       int lzeros;
> +
> +       lzeros = caam_rsa_count_leading_zeros(req->src, req->src_len, sg_flags);
> +       if (lzeros < 0)
> +               return ERR_PTR(lzeros);
> +
> +       req->src_len -= lzeros;
> +       req->src = scatterwalk_ffwd(req_ctx->src, req->src, lzeros);
>
>         src_nents = sg_nents_for_len(req->src, req->src_len);
>         dst_nents = sg_nents_for_len(req->dst, req->dst_len);
> @@ -953,6 +1006,7 @@ static struct akcipher_alg caam_rsa = {
>         .max_size = caam_rsa_max_size,
>         .init = caam_rsa_init_tfm,
>         .exit = caam_rsa_exit_tfm,
> +       .reqsize = sizeof(struct caam_rsa_req_ctx),
>         .base = {
>                 .cra_name = "rsa",
>                 .cra_driver_name = "rsa-caam",
> diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h
> index fd145c46eae1..82645bcf8b27 100644
> --- a/drivers/crypto/caam/caampkc.h
> +++ b/drivers/crypto/caam/caampkc.h
> @@ -95,6 +95,14 @@ struct caam_rsa_ctx {
>         struct device *dev;
>  };
>
> +/**
> + * caam_rsa_req_ctx - per request context.
> + * @src: input scatterlist (stripped of leading zeros)
> + */
> +struct caam_rsa_req_ctx {
> +       struct scatterlist src[2];
> +};
> +
>  /**
>   * rsa_edesc - s/w-extended rsa descriptor
>   * @src_nents     : number of segments in input scatterlist
>


I have back ported this to 4.9 and have it running on an i.MX6UL
board. I am happy to submit this if someone can tell me the best way
to do this.

Many Thanks,
Martin.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree
  2018-06-15  8:07 ` Martin Townsend
@ 2018-06-15  8:12   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2018-06-15  8:12 UTC (permalink / raw)
  To: Martin Townsend
  Cc: Horia Geantă, Fabio Estevam, Herbert Xu, stable, Tudor Ambarus

On Fri, Jun 15, 2018 at 09:07:24AM +0100, Martin Townsend wrote:
> On Thu, Jun 14, 2018 at 2:08 PM <gregkh@linuxfoundation.org> wrote:
> >
> >
> > The patch below does not apply to the 4.9-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> >
> > thanks,
> >
> > greg k-h
> >
> > ------------------ original commit in Linus's tree ------------------
> >
> > From 8a2a0dd35f2e54c023d9041a5428b6c5639af86c Mon Sep 17 00:00:00 2001
> > From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
> > Date: Mon, 16 Apr 2018 08:07:05 -0500
> > Subject: [PATCH] crypto: caam - strip input zeros from RSA input buffer
> > MIME-Version: 1.0
> > Content-Type: text/plain; charset=UTF-8
> > Content-Transfer-Encoding: 8bit
> >
> > Sometimes the provided RSA input buffer provided is not stripped
> > of leading zeros. This could cause its size to be bigger than that
> > of the modulus, making the HW complain:
> >
> > caam_jr 2142000.jr1: 40000789: DECO: desc idx 7:
> > Protocol Size Error - A protocol has seen an error in size. When
> > running RSA, pdb size N < (size of F) when no formatting is used; or
> > pdb size N < (F + 11) when formatting is used.
> >
> > Fix the problem by stripping off the leading zero from input data
> > before feeding it to the CAAM accelerator.
> >
> > Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm")
> > Cc: <stable@vger.kernel.org> # 4.8+
> > Reported-by: Martin Townsend <mtownsend1973@gmail.com>
> > Link: https://lkml.kernel.org/r/CABatt_ytYORYKtApcB4izhNanEKkGFi9XAQMjHi_n-8YWoCRiw@mail.gmail.com
> > Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> > Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
> > Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> >
> > diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
> > index 7a897209f181..979072b25eaa 100644
> > --- a/drivers/crypto/caam/caampkc.c
> > +++ b/drivers/crypto/caam/caampkc.c
> > @@ -166,18 +166,71 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err,
> >         akcipher_request_complete(req, err);
> >  }
> >
> > +static int caam_rsa_count_leading_zeros(struct scatterlist *sgl,
> > +                                       unsigned int nbytes,
> > +                                       unsigned int flags)
> > +{
> > +       struct sg_mapping_iter miter;
> > +       int lzeros, ents;
> > +       unsigned int len;
> > +       unsigned int tbytes = nbytes;
> > +       const u8 *buff;
> > +
> > +       ents = sg_nents_for_len(sgl, nbytes);
> > +       if (ents < 0)
> > +               return ents;
> > +
> > +       sg_miter_start(&miter, sgl, ents, SG_MITER_FROM_SG | flags);
> > +
> > +       lzeros = 0;
> > +       len = 0;
> > +       while (nbytes > 0) {
> > +               while (len && !*buff) {
> > +                       lzeros++;
> > +                       len--;
> > +                       buff++;
> > +               }
> > +
> > +               if (len && *buff)
> > +                       break;
> > +
> > +               sg_miter_next(&miter);
> > +               buff = miter.addr;
> > +               len = miter.length;
> > +
> > +               nbytes -= lzeros;
> > +               lzeros = 0;
> > +       }
> > +
> > +       miter.consumed = lzeros;
> > +       sg_miter_stop(&miter);
> > +       nbytes -= lzeros;
> > +
> > +       return tbytes - nbytes;
> > +}
> > +
> >  static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
> >                                          size_t desclen)
> >  {
> >         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
> >         struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
> >         struct device *dev = ctx->dev;
> > +       struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
> >         struct rsa_edesc *edesc;
> >         gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
> >                        GFP_KERNEL : GFP_ATOMIC;
> > +       int sg_flags = (flags == GFP_ATOMIC) ? SG_MITER_ATOMIC : 0;
> >         int sgc;
> >         int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes;
> >         int src_nents, dst_nents;
> > +       int lzeros;
> > +
> > +       lzeros = caam_rsa_count_leading_zeros(req->src, req->src_len, sg_flags);
> > +       if (lzeros < 0)
> > +               return ERR_PTR(lzeros);
> > +
> > +       req->src_len -= lzeros;
> > +       req->src = scatterwalk_ffwd(req_ctx->src, req->src, lzeros);
> >
> >         src_nents = sg_nents_for_len(req->src, req->src_len);
> >         dst_nents = sg_nents_for_len(req->dst, req->dst_len);
> > @@ -953,6 +1006,7 @@ static struct akcipher_alg caam_rsa = {
> >         .max_size = caam_rsa_max_size,
> >         .init = caam_rsa_init_tfm,
> >         .exit = caam_rsa_exit_tfm,
> > +       .reqsize = sizeof(struct caam_rsa_req_ctx),
> >         .base = {
> >                 .cra_name = "rsa",
> >                 .cra_driver_name = "rsa-caam",
> > diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h
> > index fd145c46eae1..82645bcf8b27 100644
> > --- a/drivers/crypto/caam/caampkc.h
> > +++ b/drivers/crypto/caam/caampkc.h
> > @@ -95,6 +95,14 @@ struct caam_rsa_ctx {
> >         struct device *dev;
> >  };
> >
> > +/**
> > + * caam_rsa_req_ctx - per request context.
> > + * @src: input scatterlist (stripped of leading zeros)
> > + */
> > +struct caam_rsa_req_ctx {
> > +       struct scatterlist src[2];
> > +};
> > +
> >  /**
> >   * rsa_edesc - s/w-extended rsa descriptor
> >   * @src_nents     : number of segments in input scatterlist
> >
> 
> 
> I have back ported this to 4.9 and have it running on an i.MX6UL
> board. I am happy to submit this if someone can tell me the best way
> to do this.

Just send it to stable@vger.kernel.org and say "here is the backport to
4.9 of commit id XXXX, can you please apply it?"

nothing fancy needed :)

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-06-15  8:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-14 13:08 FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree gregkh
2018-06-15  8:07 ` Martin Townsend
2018-06-15  8:12   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.