From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFD9FC433E6 for ; Thu, 21 Jan 2021 09:55:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9466B2399A for ; Thu, 21 Jan 2021 09:55:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727306AbhAUJzu (ORCPT ); Thu, 21 Jan 2021 04:55:50 -0500 Received: from pegase1.c-s.fr ([93.17.236.30]:24680 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726427AbhAUJzo (ORCPT ); Thu, 21 Jan 2021 04:55:44 -0500 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 4DLyRS5HVVz9v6L3; Thu, 21 Jan 2021 10:54:44 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id ldGUfcVV3v_f; Thu, 21 Jan 2021 10:54:44 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4DLyRS4Qzdz9v6Kv; Thu, 21 Jan 2021 10:54:44 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id C069B8B7FB; Thu, 21 Jan 2021 10:54:45 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id TDQ7okhBwX9c; Thu, 21 Jan 2021 10:54:45 +0100 (CET) Received: from [192.168.4.90] (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 350708B7F9; Thu, 21 Jan 2021 10:54:45 +0100 (CET) Subject: Re: [PATCH 1/2] crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) To: Ard Biesheuvel Cc: Herbert Xu , "David S. Miller" , Linux Crypto Mailing List , Linux Kernel Mailing List , "open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)" References: <4b7a870573f485b9fea496b13c9b02d86dd97314.1611169001.git.christophe.leroy@csgroup.eu> <6b804eff-bc9f-5e05-d479-f398de4e2b30@csgroup.eu> From: Christophe Leroy Message-ID: Date: Thu, 21 Jan 2021 10:54:43 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Le 21/01/2021 à 08:31, Ard Biesheuvel a écrit : > On Thu, 21 Jan 2021 at 06:35, Christophe Leroy > wrote: >> >> >> >> Le 20/01/2021 à 23:23, Ard Biesheuvel a écrit : >>> On Wed, 20 Jan 2021 at 19:59, Christophe Leroy >>> wrote: >>>> >>>> Talitos Security Engine AESU considers any input >>>> data size that is not a multiple of 16 bytes to be an error. >>>> This is not a problem in general, except for Counter mode >>>> that is a stream cipher and can have an input of any size. >>>> >>>> Test Manager for ctr(aes) fails on 4th test vector which has >>>> a length of 499 while all previous vectors which have a 16 bytes >>>> multiple length succeed. >>>> >>>> As suggested by Freescale, round up the input data length to the >>>> nearest 16 bytes. >>>> >>>> Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes") >>>> Signed-off-by: Christophe Leroy >>> >>> Doesn't this cause the hardware to write outside the given buffer? >> >> >> Only the input length is modified. Not the output length. >> >> The ERRATA says: >> >> The input data length (in the descriptor) can be rounded up to the nearest 16B. Set the >> data-in length (in the descriptor) to include X bytes of data beyond the payload. Set the >> data-out length to only output the relevant payload (don't need to output the padding). >> SEC reads from memory are not destructive, so the extra bytes included in the AES-CTR >> operation can be whatever bytes are contiguously trailing the payload. > > So what happens if the input is not 16 byte aligned, and rounding it > up causes it to extend across a page boundary into a page that is not > mapped by the IOMMU/SMMU? > What is the IOMMU/SMMU ? The mpc8xx, mpc82xx and mpc83xx which embed the Talitos Security Engine don't have such thing, the security engine uses DMA and has direct access to the memory bus for reading and writing. Christophe From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7124C433DB for ; Thu, 21 Jan 2021 09:57:17 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A7DFB235DD for ; Thu, 21 Jan 2021 09:57:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A7DFB235DD Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=csgroup.eu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4DLyVJ3mgNzDrBH for ; Thu, 21 Jan 2021 20:57:12 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=csgroup.eu (client-ip=93.17.236.30; helo=pegase1.c-s.fr; envelope-from=christophe.leroy@csgroup.eu; receiver=) Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4DLyRl2Z83zDqNk for ; Thu, 21 Jan 2021 20:54:53 +1100 (AEDT) Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 4DLyRS5HVVz9v6L3; Thu, 21 Jan 2021 10:54:44 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id ldGUfcVV3v_f; Thu, 21 Jan 2021 10:54:44 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4DLyRS4Qzdz9v6Kv; Thu, 21 Jan 2021 10:54:44 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id C069B8B7FB; Thu, 21 Jan 2021 10:54:45 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id TDQ7okhBwX9c; Thu, 21 Jan 2021 10:54:45 +0100 (CET) Received: from [192.168.4.90] (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 350708B7F9; Thu, 21 Jan 2021 10:54:45 +0100 (CET) Subject: Re: [PATCH 1/2] crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) To: Ard Biesheuvel References: <4b7a870573f485b9fea496b13c9b02d86dd97314.1611169001.git.christophe.leroy@csgroup.eu> <6b804eff-bc9f-5e05-d479-f398de4e2b30@csgroup.eu> From: Christophe Leroy Message-ID: Date: Thu, 21 Jan 2021 10:54:43 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: 8bit X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Linux Crypto Mailing List , Linux Kernel Mailing List , "open list:LINUX FOR POWERPC \(32-BIT AND 64-BIT\)" , Herbert Xu , "David S. Miller" Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" Le 21/01/2021 à 08:31, Ard Biesheuvel a écrit : > On Thu, 21 Jan 2021 at 06:35, Christophe Leroy > wrote: >> >> >> >> Le 20/01/2021 à 23:23, Ard Biesheuvel a écrit : >>> On Wed, 20 Jan 2021 at 19:59, Christophe Leroy >>> wrote: >>>> >>>> Talitos Security Engine AESU considers any input >>>> data size that is not a multiple of 16 bytes to be an error. >>>> This is not a problem in general, except for Counter mode >>>> that is a stream cipher and can have an input of any size. >>>> >>>> Test Manager for ctr(aes) fails on 4th test vector which has >>>> a length of 499 while all previous vectors which have a 16 bytes >>>> multiple length succeed. >>>> >>>> As suggested by Freescale, round up the input data length to the >>>> nearest 16 bytes. >>>> >>>> Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes") >>>> Signed-off-by: Christophe Leroy >>> >>> Doesn't this cause the hardware to write outside the given buffer? >> >> >> Only the input length is modified. Not the output length. >> >> The ERRATA says: >> >> The input data length (in the descriptor) can be rounded up to the nearest 16B. Set the >> data-in length (in the descriptor) to include X bytes of data beyond the payload. Set the >> data-out length to only output the relevant payload (don't need to output the padding). >> SEC reads from memory are not destructive, so the extra bytes included in the AES-CTR >> operation can be whatever bytes are contiguously trailing the payload. > > So what happens if the input is not 16 byte aligned, and rounding it > up causes it to extend across a page boundary into a page that is not > mapped by the IOMMU/SMMU? > What is the IOMMU/SMMU ? The mpc8xx, mpc82xx and mpc83xx which embed the Talitos Security Engine don't have such thing, the security engine uses DMA and has direct access to the memory bus for reading and writing. Christophe