From: Zhang Zhijie <zhangzj@rock-chips.com> To: Gael PORTAY <gael.portay@collabora.com>, Ezequiel Garcia <ezequiel.garcia@collabora.com>, Eric Biggers <ebiggers@kernel.org> Cc: Tao Huang <huangtao@rock-chips.com>, Zain Wang <wzz@rock-chips.com>, Heiko Stuebner <heiko@sntech.de>, Arnd Bergmann <arnd@arndb.de>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-rockchip@lists.infradead.org, "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" <linux-crypto@vger.kernel.org>, Olof Johansson <olof@lixom.net>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org> Subject: Re: [Bug] Rockchip crypto driver sometimes produces wrong ciphertext Date: Mon, 25 Mar 2019 14:31:32 +0800 [thread overview] Message-ID: <f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com> (raw) In-Reply-To: <cb075264-614e-5741-b6b9-4aa014e5277d@collabora.com> Hi Eric and Gael, On 2019/3/22 上午1:04, Gael PORTAY wrote: > Hello, > > On 3/18/19 11:03 AM, Gael PORTAY wrote: >> Hello, >> >> On 3/16/19 6:31 PM, Ezequiel Garcia wrote: >>> Adding my colleague Gael, who has been working on fixing this driver. >> >> I have a couple of pending commits that may fix that issue. >> >> I will give it a try, and get back to you then. >> > > The patches I had fix the same issue than recent commit to [1] and [2] > in a different way. > > But they do not fix the issue below. I will try to fix the issue below. > >>> ... >>>> >>>> Thanks for the fixes, but I've improved the self-tests more, and >>>> there is >>>> another bug. See the KernelCI job here: >>>> >>>> https://kernelci.org/boot/all/job/ardb/branch/for-kernelci/kernel/v5.0-11071-g7d597cc3f0ef/ >>>> >>>> >>>> The self-tests are failing on the rk3288-rock2-square platform: >>>> >>>> alg: skcipher: cbc-aes-rk encryption test failed (wrong output >>>> IV) on test vector 0, cfg=\"in-place\" >>>> alg: skcipher: cbc-des-rk encryption test failed (wrong output >>>> IV) on test vector 0, cfg=\"in-place\" >>>> alg: skcipher: cbc-des3-ede-rk encryption test failed (wrong >>>> output IV) on test vector 0, cfg=\"in-place\" >>>> >>>> The issue is that the self-tests now verify that CBC >>>> implementations update the >>>> IV buffer to contain the next IV, aka the last ciphertext block. >>>> But the >>>> Rockchip crypto driver doesn't do that, so it needs to be fixed. >>>> >>>> This has always been a requirement for CBC implementations so that >>>> users can >>>> chain CBC requests. Unfortunately it was just never tested for... >>>> >>>> This should be easily reproducible using the mainline kernel. >>>> >>>> - Eric >>> >>> >>> _______________________________________________ >>> linux-arm-kernel mailing list >>> linux-arm-kernel@lists.infradead.org >>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >>> >> >> Gael > > [1]: > https://github.com/torvalds/linux/commit/c1c214adcb56d36433480c8fedf772498e7e539c#diff-440313f9d25f65c14d4bffb1360a3c60 > [2]: > https://github.com/torvalds/linux/commit/4359669a087633132203c52d67dd8c31e09e7b2e#diff-440313f9d25f65c14d4bffb1360a3c60 > > Gael > >
WARNING: multiple messages have this Message-ID (diff)
From: Zhang Zhijie <zhangzj@rock-chips.com> To: Gael PORTAY <gael.portay@collabora.com>, Ezequiel Garcia <ezequiel.garcia@collabora.com>, Eric Biggers <ebiggers@kernel.org> Cc: Tao Huang <huangtao@rock-chips.com>, Zain Wang <wzz@rock-chips.com>, Heiko Stuebner <heiko@sntech.de>, Arnd Bergmann <arnd@arndb.de>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-rockchip@lists.infradead.org, "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" <linux-crypto@vger.kernel.org>, Olof Johansson <olof@lixom.net>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org> Subject: Re: [Bug] Rockchip crypto driver sometimes produces wrong ciphertext Date: Mon, 25 Mar 2019 14:31:32 +0800 [thread overview] Message-ID: <f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com> (raw) In-Reply-To: <cb075264-614e-5741-b6b9-4aa014e5277d@collabora.com> Hi Eric and Gael, On 2019/3/22 上午1:04, Gael PORTAY wrote: > Hello, > > On 3/18/19 11:03 AM, Gael PORTAY wrote: >> Hello, >> >> On 3/16/19 6:31 PM, Ezequiel Garcia wrote: >>> Adding my colleague Gael, who has been working on fixing this driver. >> >> I have a couple of pending commits that may fix that issue. >> >> I will give it a try, and get back to you then. >> > > The patches I had fix the same issue than recent commit to [1] and [2] > in a different way. > > But they do not fix the issue below. I will try to fix the issue below. > >>> ... >>>> >>>> Thanks for the fixes, but I've improved the self-tests more, and >>>> there is >>>> another bug. See the KernelCI job here: >>>> >>>> https://kernelci.org/boot/all/job/ardb/branch/for-kernelci/kernel/v5.0-11071-g7d597cc3f0ef/ >>>> >>>> >>>> The self-tests are failing on the rk3288-rock2-square platform: >>>> >>>> alg: skcipher: cbc-aes-rk encryption test failed (wrong output >>>> IV) on test vector 0, cfg=\"in-place\" >>>> alg: skcipher: cbc-des-rk encryption test failed (wrong output >>>> IV) on test vector 0, cfg=\"in-place\" >>>> alg: skcipher: cbc-des3-ede-rk encryption test failed (wrong >>>> output IV) on test vector 0, cfg=\"in-place\" >>>> >>>> The issue is that the self-tests now verify that CBC >>>> implementations update the >>>> IV buffer to contain the next IV, aka the last ciphertext block. >>>> But the >>>> Rockchip crypto driver doesn't do that, so it needs to be fixed. >>>> >>>> This has always been a requirement for CBC implementations so that >>>> users can >>>> chain CBC requests. Unfortunately it was just never tested for... >>>> >>>> This should be easily reproducible using the mainline kernel. >>>> >>>> - Eric >>> >>> >>> _______________________________________________ >>> linux-arm-kernel mailing list >>> linux-arm-kernel@lists.infradead.org >>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >>> >> >> Gael > > [1]: > https://github.com/torvalds/linux/commit/c1c214adcb56d36433480c8fedf772498e7e539c#diff-440313f9d25f65c14d4bffb1360a3c60 > [2]: > https://github.com/torvalds/linux/commit/4359669a087633132203c52d67dd8c31e09e7b2e#diff-440313f9d25f65c14d4bffb1360a3c60 > > Gael > > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-03-25 6:40 UTC|newest] Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-01-26 21:05 [Bug] Rockchip crypto driver sometimes produces wrong ciphertext Eric Biggers 2019-01-26 21:05 ` Eric Biggers 2019-01-27 8:54 ` Ard Biesheuvel 2019-01-27 8:54 ` Ard Biesheuvel 2019-01-27 8:54 ` Ard Biesheuvel 2019-01-27 10:29 ` Heiko Stuebner 2019-01-27 10:29 ` Heiko Stuebner 2019-01-27 10:29 ` Heiko Stuebner 2019-01-28 3:14 ` Tao Huang 2019-01-28 3:14 ` Tao Huang 2019-01-28 3:14 ` Tao Huang 2019-03-15 3:31 ` Eric Biggers 2019-03-15 3:31 ` Eric Biggers 2019-03-15 3:31 ` Eric Biggers 2019-03-16 22:31 ` Ezequiel Garcia 2019-03-16 22:31 ` Ezequiel Garcia 2019-03-16 22:31 ` Ezequiel Garcia 2019-03-18 15:03 ` Gael PORTAY 2019-03-18 15:03 ` Gael PORTAY 2019-03-18 15:03 ` Gael PORTAY 2019-03-21 17:04 ` Gael PORTAY 2019-03-21 17:04 ` Gael PORTAY 2019-03-25 6:31 ` Zhang Zhijie [this message] 2019-03-25 6:31 ` Zhang Zhijie 2019-04-04 13:41 ` Pascal Van Leeuwen 2019-04-04 13:41 ` Pascal Van Leeuwen 2019-04-04 13:41 ` Pascal Van Leeuwen 2019-04-04 17:12 ` Eric Biggers 2019-04-04 17:12 ` Eric Biggers 2019-04-04 17:12 ` Eric Biggers 2019-04-07 12:42 ` Herbert Xu 2019-04-07 12:42 ` Herbert Xu 2019-04-07 12:42 ` Herbert Xu 2019-04-07 19:12 ` Pascal Van Leeuwen 2019-04-07 19:12 ` Pascal Van Leeuwen 2019-04-07 19:12 ` Pascal Van Leeuwen 2019-04-08 5:58 ` Herbert Xu 2019-04-08 5:58 ` Herbert Xu 2019-04-08 5:58 ` Herbert Xu 2019-04-08 8:59 ` Pascal Van Leeuwen 2019-04-08 8:59 ` Pascal Van Leeuwen 2019-04-08 8:59 ` Pascal Van Leeuwen 2019-04-08 9:06 ` Herbert Xu 2019-04-08 9:06 ` Herbert Xu 2019-04-08 9:06 ` Herbert Xu 2019-04-09 15:53 ` Pascal Van Leeuwen 2019-04-09 15:53 ` Pascal Van Leeuwen 2019-04-09 15:53 ` Pascal Van Leeuwen 2019-04-08 18:09 ` Eric Biggers 2019-04-08 18:09 ` Eric Biggers 2019-04-08 18:09 ` Eric Biggers 2019-04-09 16:43 ` Pascal Van Leeuwen 2019-04-09 16:43 ` Pascal Van Leeuwen 2019-04-09 16:43 ` Pascal Van Leeuwen 2019-04-08 18:27 ` Eric Biggers 2019-04-08 18:27 ` Eric Biggers 2019-04-08 18:27 ` Eric Biggers 2019-04-08 21:17 ` Ard Biesheuvel 2019-04-08 21:17 ` Ard Biesheuvel 2019-04-08 21:17 ` Ard Biesheuvel 2019-04-09 16:58 ` Pascal Van Leeuwen 2019-04-09 16:58 ` Pascal Van Leeuwen 2019-04-09 16:58 ` Pascal Van Leeuwen 2019-03-21 10:46 ` [Bug] STM32 crc driver failed on selftest 1 Lionel DEBIEVE 2019-03-21 13:41 ` Eric Biggers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=f59e52ea-d0b8-0eff-e290-f35f2126c8e6@rock-chips.com \ --to=zhangzj@rock-chips.com \ --cc=ard.biesheuvel@linaro.org \ --cc=arnd@arndb.de \ --cc=ebiggers@kernel.org \ --cc=ezequiel.garcia@collabora.com \ --cc=gael.portay@collabora.com \ --cc=heiko@sntech.de \ --cc=huangtao@rock-chips.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-crypto@vger.kernel.org \ --cc=linux-rockchip@lists.infradead.org \ --cc=olof@lixom.net \ --cc=wzz@rock-chips.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.