From: Zhang Zhijie <zhangzj@rock-chips.com>
To: Gael PORTAY <gael.portay@collabora.com>,
Ezequiel Garcia <ezequiel.garcia@collabora.com>,
Eric Biggers <ebiggers@kernel.org>
Cc: Tao Huang <huangtao@rock-chips.com>,
Zain Wang <wzz@rock-chips.com>, Heiko Stuebner <heiko@sntech.de>,
Arnd Bergmann <arnd@arndb.de>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-rockchip@lists.infradead.org,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>, Olof Johansson <olof@lixom.net>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [Bug] Rockchip crypto driver sometimes produces wrong ciphertext
Date: Mon, 25 Mar 2019 14:31:32 +0800 [thread overview]
Message-ID: <f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com> (raw)
In-Reply-To: <cb075264-614e-5741-b6b9-4aa014e5277d@collabora.com>
Hi Eric and Gael,
On 2019/3/22 上午1:04, Gael PORTAY wrote:
> Hello,
>
> On 3/18/19 11:03 AM, Gael PORTAY wrote:
>> Hello,
>>
>> On 3/16/19 6:31 PM, Ezequiel Garcia wrote:
>>> Adding my colleague Gael, who has been working on fixing this driver.
>>
>> I have a couple of pending commits that may fix that issue.
>>
>> I will give it a try, and get back to you then.
>>
>
> The patches I had fix the same issue than recent commit to [1] and [2]
> in a different way.
>
> But they do not fix the issue below.
I will try to fix the issue below.
>
>>> ...
>>>>
>>>> Thanks for the fixes, but I've improved the self-tests more, and
>>>> there is
>>>> another bug. See the KernelCI job here:
>>>>
>>>> https://kernelci.org/boot/all/job/ardb/branch/for-kernelci/kernel/v5.0-11071-g7d597cc3f0ef/
>>>>
>>>>
>>>> The self-tests are failing on the rk3288-rock2-square platform:
>>>>
>>>> alg: skcipher: cbc-aes-rk encryption test failed (wrong output
>>>> IV) on test vector 0, cfg=\"in-place\"
>>>> alg: skcipher: cbc-des-rk encryption test failed (wrong output
>>>> IV) on test vector 0, cfg=\"in-place\"
>>>> alg: skcipher: cbc-des3-ede-rk encryption test failed (wrong
>>>> output IV) on test vector 0, cfg=\"in-place\"
>>>>
>>>> The issue is that the self-tests now verify that CBC
>>>> implementations update the
>>>> IV buffer to contain the next IV, aka the last ciphertext block.
>>>> But the
>>>> Rockchip crypto driver doesn't do that, so it needs to be fixed.
>>>>
>>>> This has always been a requirement for CBC implementations so that
>>>> users can
>>>> chain CBC requests. Unfortunately it was just never tested for...
>>>>
>>>> This should be easily reproducible using the mainline kernel.
>>>>
>>>> - Eric
>>>
>>>
>>> _______________________________________________
>>> linux-arm-kernel mailing list
>>> linux-arm-kernel@lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>>>
>>
>> Gael
>
> [1]:
> https://github.com/torvalds/linux/commit/c1c214adcb56d36433480c8fedf772498e7e539c#diff-440313f9d25f65c14d4bffb1360a3c60
> [2]:
> https://github.com/torvalds/linux/commit/4359669a087633132203c52d67dd8c31e09e7b2e#diff-440313f9d25f65c14d4bffb1360a3c60
>
> Gael
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Zhang Zhijie <zhangzj@rock-chips.com>
To: Gael PORTAY <gael.portay@collabora.com>,
Ezequiel Garcia <ezequiel.garcia@collabora.com>,
Eric Biggers <ebiggers@kernel.org>
Cc: Tao Huang <huangtao@rock-chips.com>,
Zain Wang <wzz@rock-chips.com>, Heiko Stuebner <heiko@sntech.de>,
Arnd Bergmann <arnd@arndb.de>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-rockchip@lists.infradead.org,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>, Olof Johansson <olof@lixom.net>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>
Subject: Re: [Bug] Rockchip crypto driver sometimes produces wrong ciphertext
Date: Mon, 25 Mar 2019 14:31:32 +0800 [thread overview]
Message-ID: <f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com> (raw)
In-Reply-To: <cb075264-614e-5741-b6b9-4aa014e5277d@collabora.com>
Hi Eric and Gael,
On 2019/3/22 上午1:04, Gael PORTAY wrote:
> Hello,
>
> On 3/18/19 11:03 AM, Gael PORTAY wrote:
>> Hello,
>>
>> On 3/16/19 6:31 PM, Ezequiel Garcia wrote:
>>> Adding my colleague Gael, who has been working on fixing this driver.
>>
>> I have a couple of pending commits that may fix that issue.
>>
>> I will give it a try, and get back to you then.
>>
>
> The patches I had fix the same issue than recent commit to [1] and [2]
> in a different way.
>
> But they do not fix the issue below.
I will try to fix the issue below.
>
>>> ...
>>>>
>>>> Thanks for the fixes, but I've improved the self-tests more, and
>>>> there is
>>>> another bug. See the KernelCI job here:
>>>>
>>>> https://kernelci.org/boot/all/job/ardb/branch/for-kernelci/kernel/v5.0-11071-g7d597cc3f0ef/
>>>>
>>>>
>>>> The self-tests are failing on the rk3288-rock2-square platform:
>>>>
>>>> alg: skcipher: cbc-aes-rk encryption test failed (wrong output
>>>> IV) on test vector 0, cfg=\"in-place\"
>>>> alg: skcipher: cbc-des-rk encryption test failed (wrong output
>>>> IV) on test vector 0, cfg=\"in-place\"
>>>> alg: skcipher: cbc-des3-ede-rk encryption test failed (wrong
>>>> output IV) on test vector 0, cfg=\"in-place\"
>>>>
>>>> The issue is that the self-tests now verify that CBC
>>>> implementations update the
>>>> IV buffer to contain the next IV, aka the last ciphertext block.
>>>> But the
>>>> Rockchip crypto driver doesn't do that, so it needs to be fixed.
>>>>
>>>> This has always been a requirement for CBC implementations so that
>>>> users can
>>>> chain CBC requests. Unfortunately it was just never tested for...
>>>>
>>>> This should be easily reproducible using the mainline kernel.
>>>>
>>>> - Eric
>>>
>>>
>>> _______________________________________________
>>> linux-arm-kernel mailing list
>>> linux-arm-kernel@lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>>>
>>
>> Gael
>
> [1]:
> https://github.com/torvalds/linux/commit/c1c214adcb56d36433480c8fedf772498e7e539c#diff-440313f9d25f65c14d4bffb1360a3c60
> [2]:
> https://github.com/torvalds/linux/commit/4359669a087633132203c52d67dd8c31e09e7b2e#diff-440313f9d25f65c14d4bffb1360a3c60
>
> Gael
>
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-03-25 6:40 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-26 21:05 [Bug] Rockchip crypto driver sometimes produces wrong ciphertext Eric Biggers
2019-01-26 21:05 ` Eric Biggers
2019-01-27 8:54 ` Ard Biesheuvel
2019-01-27 8:54 ` Ard Biesheuvel
2019-01-27 8:54 ` Ard Biesheuvel
2019-01-27 10:29 ` Heiko Stuebner
2019-01-27 10:29 ` Heiko Stuebner
2019-01-27 10:29 ` Heiko Stuebner
2019-01-28 3:14 ` Tao Huang
2019-01-28 3:14 ` Tao Huang
2019-01-28 3:14 ` Tao Huang
2019-03-15 3:31 ` Eric Biggers
2019-03-15 3:31 ` Eric Biggers
2019-03-15 3:31 ` Eric Biggers
2019-03-16 22:31 ` Ezequiel Garcia
2019-03-16 22:31 ` Ezequiel Garcia
2019-03-16 22:31 ` Ezequiel Garcia
2019-03-18 15:03 ` Gael PORTAY
2019-03-18 15:03 ` Gael PORTAY
2019-03-18 15:03 ` Gael PORTAY
2019-03-21 17:04 ` Gael PORTAY
2019-03-21 17:04 ` Gael PORTAY
2019-03-25 6:31 ` Zhang Zhijie [this message]
2019-03-25 6:31 ` Zhang Zhijie
2019-04-04 13:41 ` Pascal Van Leeuwen
2019-04-04 13:41 ` Pascal Van Leeuwen
2019-04-04 13:41 ` Pascal Van Leeuwen
2019-04-04 17:12 ` Eric Biggers
2019-04-04 17:12 ` Eric Biggers
2019-04-04 17:12 ` Eric Biggers
2019-04-07 12:42 ` Herbert Xu
2019-04-07 12:42 ` Herbert Xu
2019-04-07 12:42 ` Herbert Xu
2019-04-07 19:12 ` Pascal Van Leeuwen
2019-04-07 19:12 ` Pascal Van Leeuwen
2019-04-07 19:12 ` Pascal Van Leeuwen
2019-04-08 5:58 ` Herbert Xu
2019-04-08 5:58 ` Herbert Xu
2019-04-08 5:58 ` Herbert Xu
2019-04-08 8:59 ` Pascal Van Leeuwen
2019-04-08 8:59 ` Pascal Van Leeuwen
2019-04-08 8:59 ` Pascal Van Leeuwen
2019-04-08 9:06 ` Herbert Xu
2019-04-08 9:06 ` Herbert Xu
2019-04-08 9:06 ` Herbert Xu
2019-04-09 15:53 ` Pascal Van Leeuwen
2019-04-09 15:53 ` Pascal Van Leeuwen
2019-04-09 15:53 ` Pascal Van Leeuwen
2019-04-08 18:09 ` Eric Biggers
2019-04-08 18:09 ` Eric Biggers
2019-04-08 18:09 ` Eric Biggers
2019-04-09 16:43 ` Pascal Van Leeuwen
2019-04-09 16:43 ` Pascal Van Leeuwen
2019-04-09 16:43 ` Pascal Van Leeuwen
2019-04-08 18:27 ` Eric Biggers
2019-04-08 18:27 ` Eric Biggers
2019-04-08 18:27 ` Eric Biggers
2019-04-08 21:17 ` Ard Biesheuvel
2019-04-08 21:17 ` Ard Biesheuvel
2019-04-08 21:17 ` Ard Biesheuvel
2019-04-09 16:58 ` Pascal Van Leeuwen
2019-04-09 16:58 ` Pascal Van Leeuwen
2019-04-09 16:58 ` Pascal Van Leeuwen
2019-03-21 10:46 ` [Bug] STM32 crc driver failed on selftest 1 Lionel DEBIEVE
2019-03-21 13:41 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com \
--to=zhangzj@rock-chips.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=ebiggers@kernel.org \
--cc=ezequiel.garcia@collabora.com \
--cc=gael.portay@collabora.com \
--cc=heiko@sntech.de \
--cc=huangtao@rock-chips.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=olof@lixom.net \
--cc=wzz@rock-chips.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.