* [PATCH 0/6] crypto: additional fixes for omap-aes
@ 2019-10-26 14:52 Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes Ard Biesheuvel
` (6 more replies)
0 siblings, 7 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
This series applies onto Tero's series [0], and addresses a number of
additional issues that exist in the omap-aes driver that aren't being
addresses by Tero's fixes.
Note that the resulting code is still not 100% correct: an issue remains
where inputs into GCM consisting solely of assocdata are not being processed
correctly, e.g.,
alg: aead: gcm-aes-omap encryption test failed (wrong result) on test vector
"random: alen=38 plen=0 authsize=16 klen=32",
cfg="random: inplace may_sleep use_digest src_divs=[100.0%@+19] iv_offset=31"
I have no idea how to fix this, so I'll leave this to people that know this
hardware and have access to the Sitara TRM.
Note that I also spotted some issues in the SHAM driver, i.e.,
alg: ahash: omap-sha1 test failed (wrong result) on test vector
"random: psize=7928 ksize=0", cfg="random: inplace use_final
src_divs=[5.64%@+13, 59.70%@+18, <flush>31.53%@+4072,
<flush,nosimd>3.13%@alignmask+263]"
alg: ahash: omap-hmac-sha256 test failed (wrong result) on test vector
"random: psize=960 ksize=37", cfg="random: inplace use_final
src_divs=[32.54%@+2449, 17.18%@+4, <flush>50.28%@+1] iv_offset=31"
All of these failures are triggered by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS,
so they will not show up when using the standard set of test vectors.
[0] https://lore.kernel.org/linux-crypto/20191017122549.4634-1-t-kristo@ti.com/
Cc: linux-omap@vger.kernel.org
Cc: Tero Kristo <t-kristo@ti.com>
Ard Biesheuvel (6):
crypto: omap-aes - reject invalid input sizes for block modes
crypto: omap-aes-ctr - set blocksize to 1
crypto: omap-aes-gcm - deal with memory allocation failure
crypto: omap-aes-gcm - add missing .setauthsize hooks
crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode
crypto: omap-aes-gcm - use the AES library to encrypt the tag
drivers/crypto/omap-aes-gcm.c | 119 ++++++++------------
drivers/crypto/omap-aes.c | 33 ++----
drivers/crypto/omap-aes.h | 10 +-
3 files changed, 61 insertions(+), 101 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 2/6] crypto: omap-aes-ctr - set blocksize to 1 Ard Biesheuvel
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
Block modes such as ECB and CBC only support input sizes that are
a round multiple of the block size, so align with the generic code
which returns -EINVAL when encountering inputs that violate this
rule.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index de05b35283bf..067f4cd7c005 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -525,6 +525,9 @@ static int omap_aes_crypt(struct skcipher_request *req, unsigned long mode)
struct omap_aes_dev *dd;
int ret;
+ if ((req->cryptlen % AES_BLOCK_SIZE) && !(mode & FLAGS_CTR))
+ return -EINVAL;
+
pr_debug("nbytes: %d, enc: %d, cbc: %d\n", req->cryptlen,
!!(mode & FLAGS_ENCRYPT),
!!(mode & FLAGS_CBC));
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/6] crypto: omap-aes-ctr - set blocksize to 1
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 3/6] crypto: omap-aes-gcm - deal with memory allocation failure Ard Biesheuvel
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
CTR is a streamcipher mode of AES, so set the blocksize accordingly.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index 067f4cd7c005..33cba7a2d6df 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -747,7 +747,7 @@ static struct skcipher_alg algs_ctr[] = {
.base.cra_flags = CRYPTO_ALG_KERN_DRIVER_ONLY |
CRYPTO_ALG_ASYNC |
CRYPTO_ALG_NEED_FALLBACK,
- .base.cra_blocksize = AES_BLOCK_SIZE,
+ .base.cra_blocksize = 1,
.base.cra_ctxsize = sizeof(struct omap_aes_ctx),
.base.cra_module = THIS_MODULE,
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/6] crypto: omap-aes-gcm - deal with memory allocation failure
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 2/6] crypto: omap-aes-ctr - set blocksize to 1 Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 4/6] crypto: omap-aes-gcm - add missing .setauthsize hooks Ard Biesheuvel
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
The OMAP gcm(aes) driver invokes omap_crypto_align_sg() without
dealing with the errors it may return, resulting in a crash if
the routine fails in a __get_free_pages(GFP_ATOMIC) call. So
bail and return the error rather than limping on if one occurs.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes-gcm.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c
index dfd4d1cac421..05d2fe78b105 100644
--- a/drivers/crypto/omap-aes-gcm.c
+++ b/drivers/crypto/omap-aes-gcm.c
@@ -120,6 +120,8 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd,
OMAP_CRYPTO_FORCE_SINGLE_ENTRY,
FLAGS_ASSOC_DATA_ST_SHIFT,
&dd->flags);
+ if (ret)
+ return ret;
}
if (cryptlen) {
@@ -132,6 +134,8 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd,
OMAP_CRYPTO_FORCE_SINGLE_ENTRY,
FLAGS_IN_DATA_ST_SHIFT,
&dd->flags);
+ if (ret)
+ return ret;
}
dd->in_sg = dd->in_sgl;
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/6] crypto: omap-aes-gcm - add missing .setauthsize hooks
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
` (2 preceding siblings ...)
2019-10-26 14:52 ` [PATCH 3/6] crypto: omap-aes-gcm - deal with memory allocation failure Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 5/6] crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode Ard Biesheuvel
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
GCM only permits certain tag lengths, so populate the .setauthsize
hooks which ensure that only permitted sizes are accepted by the
implementation.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes-gcm.c | 11 +++++++++++
drivers/crypto/omap-aes.c | 2 ++
drivers/crypto/omap-aes.h | 3 +++
3 files changed, 16 insertions(+)
diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c
index 05d2fe78b105..70398fbd669d 100644
--- a/drivers/crypto/omap-aes-gcm.c
+++ b/drivers/crypto/omap-aes-gcm.c
@@ -413,3 +413,14 @@ int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key,
return 0;
}
+
+int omap_aes_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
+{
+ return crypto_gcm_check_authsize(authsize);
+}
+
+int omap_aes_4106gcm_setauthsize(struct crypto_aead *parent,
+ unsigned int authsize)
+{
+ return crypto_rfc4106_check_authsize(authsize);
+}
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index 33cba7a2d6df..161af3bf667c 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -787,6 +787,7 @@ static struct aead_alg algs_aead_gcm[] = {
.ivsize = GCM_AES_IV_SIZE,
.maxauthsize = AES_BLOCK_SIZE,
.setkey = omap_aes_gcm_setkey,
+ .setauthsize = omap_aes_gcm_setauthsize,
.encrypt = omap_aes_gcm_encrypt,
.decrypt = omap_aes_gcm_decrypt,
},
@@ -807,6 +808,7 @@ static struct aead_alg algs_aead_gcm[] = {
.maxauthsize = AES_BLOCK_SIZE,
.ivsize = GCM_RFC4106_IV_SIZE,
.setkey = omap_aes_4106gcm_setkey,
+ .setauthsize = omap_aes_4106gcm_setauthsize,
.encrypt = omap_aes_4106gcm_encrypt,
.decrypt = omap_aes_4106gcm_decrypt,
},
diff --git a/drivers/crypto/omap-aes.h b/drivers/crypto/omap-aes.h
index 2d3575231e31..1bcca7957e92 100644
--- a/drivers/crypto/omap-aes.h
+++ b/drivers/crypto/omap-aes.h
@@ -202,8 +202,11 @@ int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen);
int omap_aes_gcm_encrypt(struct aead_request *req);
int omap_aes_gcm_decrypt(struct aead_request *req);
+int omap_aes_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize);
int omap_aes_4106gcm_encrypt(struct aead_request *req);
int omap_aes_4106gcm_decrypt(struct aead_request *req);
+int omap_aes_4106gcm_setauthsize(struct crypto_aead *parent,
+ unsigned int authsize);
int omap_aes_write_ctrl(struct omap_aes_dev *dd);
int omap_aes_crypt_dma_start(struct omap_aes_dev *dd);
int omap_aes_crypt_dma_stop(struct omap_aes_dev *dd);
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 5/6] crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
` (3 preceding siblings ...)
2019-10-26 14:52 ` [PATCH 4/6] crypto: omap-aes-gcm - add missing .setauthsize hooks Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 6/6] crypto: omap-aes-gcm - use the AES library to encrypt the tag Ard Biesheuvel
2019-11-05 12:19 ` [PATCH 0/6] crypto: additional fixes for omap-aes Tero Kristo
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
RFC4106 requires the associated data to be a certain size, so reject
inputs that are wrong. This also prevents crashes or other problems due
to assoclen becoming negative after subtracting 8 bytes.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes-gcm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c
index 70398fbd669d..1aabf9a72066 100644
--- a/drivers/crypto/omap-aes-gcm.c
+++ b/drivers/crypto/omap-aes-gcm.c
@@ -365,7 +365,8 @@ int omap_aes_4106gcm_encrypt(struct aead_request *req)
memcpy(rctx->iv, ctx->nonce, 4);
memcpy(rctx->iv + 4, req->iv, 8);
- return omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM |
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM |
FLAGS_RFC4106_GCM);
}
@@ -376,7 +377,8 @@ int omap_aes_4106gcm_decrypt(struct aead_request *req)
memcpy(rctx->iv, ctx->nonce, 4);
memcpy(rctx->iv + 4, req->iv, 8);
- return omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM);
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM);
}
int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 6/6] crypto: omap-aes-gcm - use the AES library to encrypt the tag
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
` (4 preceding siblings ...)
2019-10-26 14:52 ` [PATCH 5/6] crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode Ard Biesheuvel
@ 2019-10-26 14:52 ` Ard Biesheuvel
2019-11-05 12:19 ` [PATCH 0/6] crypto: additional fixes for omap-aes Tero Kristo
6 siblings, 0 replies; 10+ messages in thread
From: Ard Biesheuvel @ 2019-10-26 14:52 UTC (permalink / raw)
To: linux-crypto; +Cc: herbert, Ard Biesheuvel, linux-omap, Tero Kristo
The OMAP AES-GCM implementation uses a fallback ecb(aes) skcipher to
produce the keystream to encrypt the output tag. Let's use the new
AES library instead - this is much simpler, and shouldn't affect
performance given that it only involves a single block.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/crypto/omap-aes-gcm.c | 98 +++++---------------
drivers/crypto/omap-aes.c | 26 +-----
drivers/crypto/omap-aes.h | 7 +-
3 files changed, 33 insertions(+), 98 deletions(-)
diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c
index 1aabf9a72066..6da05149b195 100644
--- a/drivers/crypto/omap-aes-gcm.c
+++ b/drivers/crypto/omap-aes-gcm.c
@@ -167,62 +167,12 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd,
return 0;
}
-static void omap_aes_gcm_complete(struct crypto_async_request *req, int err)
-{
- struct omap_aes_gcm_result *res = req->data;
-
- if (err == -EINPROGRESS)
- return;
-
- res->err = err;
- complete(&res->completion);
-}
-
static int do_encrypt_iv(struct aead_request *req, u32 *tag, u32 *iv)
{
- struct scatterlist iv_sg, tag_sg;
- struct skcipher_request *sk_req;
- struct omap_aes_gcm_result result;
- struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
- int ret = 0;
-
- sk_req = skcipher_request_alloc(ctx->ctr, GFP_KERNEL);
- if (!sk_req) {
- pr_err("skcipher: Failed to allocate request\n");
- return -ENOMEM;
- }
-
- init_completion(&result.completion);
-
- sg_init_one(&iv_sg, iv, AES_BLOCK_SIZE);
- sg_init_one(&tag_sg, tag, AES_BLOCK_SIZE);
- skcipher_request_set_callback(sk_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- omap_aes_gcm_complete, &result);
- ret = crypto_skcipher_setkey(ctx->ctr, (u8 *)ctx->key, ctx->keylen);
- skcipher_request_set_crypt(sk_req, &iv_sg, &tag_sg, AES_BLOCK_SIZE,
- NULL);
- ret = crypto_skcipher_encrypt(sk_req);
- switch (ret) {
- case 0:
- break;
- case -EINPROGRESS:
- case -EBUSY:
- ret = wait_for_completion_interruptible(&result.completion);
- if (!ret) {
- ret = result.err;
- if (!ret) {
- reinit_completion(&result.completion);
- break;
- }
- }
- /* fall through */
- default:
- pr_err("Encryption of IV failed for GCM mode\n");
- break;
- }
+ struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
- skcipher_request_free(sk_req);
- return ret;
+ aes_encrypt(&ctx->actx, (u8 *)tag, (u8 *)iv);
+ return 0;
}
void omap_aes_gcm_dma_out_callback(void *data)
@@ -252,7 +202,7 @@ void omap_aes_gcm_dma_out_callback(void *data)
static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd,
struct aead_request *req)
{
- struct omap_aes_ctx *ctx;
+ struct omap_aes_gcm_ctx *ctx;
struct aead_request *backlog;
struct omap_aes_reqctx *rctx;
unsigned long flags;
@@ -281,7 +231,7 @@ static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd,
ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
rctx = aead_request_ctx(req);
- dd->ctx = ctx;
+ dd->ctx = &ctx->octx;
rctx->dd = dd;
dd->aead_req = req;
@@ -360,10 +310,10 @@ int omap_aes_gcm_decrypt(struct aead_request *req)
int omap_aes_4106gcm_encrypt(struct aead_request *req)
{
- struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
+ struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct omap_aes_reqctx *rctx = aead_request_ctx(req);
- memcpy(rctx->iv, ctx->nonce, 4);
+ memcpy(rctx->iv, ctx->octx.nonce, 4);
memcpy(rctx->iv + 4, req->iv, 8);
return crypto_ipsec_check_assoclen(req->assoclen) ?:
omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM |
@@ -372,10 +322,10 @@ int omap_aes_4106gcm_encrypt(struct aead_request *req)
int omap_aes_4106gcm_decrypt(struct aead_request *req)
{
- struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
+ struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct omap_aes_reqctx *rctx = aead_request_ctx(req);
- memcpy(rctx->iv, ctx->nonce, 4);
+ memcpy(rctx->iv, ctx->octx.nonce, 4);
memcpy(rctx->iv + 4, req->iv, 8);
return crypto_ipsec_check_assoclen(req->assoclen) ?:
omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM);
@@ -384,14 +334,15 @@ int omap_aes_4106gcm_decrypt(struct aead_request *req)
int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen)
{
- struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm);
+ struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
+ int ret;
- if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 &&
- keylen != AES_KEYSIZE_256)
- return -EINVAL;
+ ret = aes_expandkey(&ctx->actx, key, keylen);
+ if (ret)
+ return ret;
- memcpy(ctx->key, key, keylen);
- ctx->keylen = keylen;
+ memcpy(ctx->octx.key, key, keylen);
+ ctx->octx.keylen = keylen;
return 0;
}
@@ -399,19 +350,20 @@ int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen)
{
- struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm);
+ struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
+ int ret;
if (keylen < 4)
return -EINVAL;
-
keylen -= 4;
- if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 &&
- keylen != AES_KEYSIZE_256)
- return -EINVAL;
- memcpy(ctx->key, key, keylen);
- memcpy(ctx->nonce, key + keylen, 4);
- ctx->keylen = keylen;
+ ret = aes_expandkey(&ctx->actx, key, keylen);
+ if (ret)
+ return ret;
+
+ memcpy(ctx->octx.key, key, keylen);
+ memcpy(ctx->octx.nonce, key + keylen, 4);
+ ctx->octx.keylen = keylen;
return 0;
}
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index 161af3bf667c..d63ab370030e 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -645,7 +645,6 @@ static int omap_aes_init_tfm(struct crypto_skcipher *tfm)
static int omap_aes_gcm_cra_init(struct crypto_aead *tfm)
{
struct omap_aes_dev *dd = NULL;
- struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm);
int err;
/* Find AES device, currently picks the first device */
@@ -663,12 +662,6 @@ static int omap_aes_gcm_cra_init(struct crypto_aead *tfm)
}
tfm->reqsize = sizeof(struct omap_aes_reqctx);
- ctx->ctr = crypto_alloc_skcipher("ecb(aes)", 0, 0);
- if (IS_ERR(ctx->ctr)) {
- pr_warn("could not load aes driver for encrypting IV\n");
- return PTR_ERR(ctx->ctr);
- }
-
return 0;
}
@@ -682,19 +675,6 @@ static void omap_aes_exit_tfm(struct crypto_skcipher *tfm)
ctx->fallback = NULL;
}
-static void omap_aes_gcm_cra_exit(struct crypto_aead *tfm)
-{
- struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm);
-
- if (ctx->fallback)
- crypto_free_sync_skcipher(ctx->fallback);
-
- ctx->fallback = NULL;
-
- if (ctx->ctr)
- crypto_free_skcipher(ctx->ctr);
-}
-
/* ********************** ALGS ************************************ */
static struct skcipher_alg algs_ecb_cbc[] = {
@@ -778,12 +758,11 @@ static struct aead_alg algs_aead_gcm[] = {
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct omap_aes_ctx),
+ .cra_ctxsize = sizeof(struct omap_aes_gcm_ctx),
.cra_alignmask = 0xf,
.cra_module = THIS_MODULE,
},
.init = omap_aes_gcm_cra_init,
- .exit = omap_aes_gcm_cra_exit,
.ivsize = GCM_AES_IV_SIZE,
.maxauthsize = AES_BLOCK_SIZE,
.setkey = omap_aes_gcm_setkey,
@@ -799,12 +778,11 @@ static struct aead_alg algs_aead_gcm[] = {
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct omap_aes_ctx),
+ .cra_ctxsize = sizeof(struct omap_aes_gcm_ctx),
.cra_alignmask = 0xf,
.cra_module = THIS_MODULE,
},
.init = omap_aes_gcm_cra_init,
- .exit = omap_aes_gcm_cra_exit,
.maxauthsize = AES_BLOCK_SIZE,
.ivsize = GCM_RFC4106_IV_SIZE,
.setkey = omap_aes_4106gcm_setkey,
diff --git a/drivers/crypto/omap-aes.h b/drivers/crypto/omap-aes.h
index 1bcca7957e92..b0d7c7d08d46 100644
--- a/drivers/crypto/omap-aes.h
+++ b/drivers/crypto/omap-aes.h
@@ -9,6 +9,7 @@
#ifndef __OMAP_AES_H__
#define __OMAP_AES_H__
+#include <crypto/aes.h>
#include <crypto/engine.h>
#define DST_MAXBURST 4
@@ -98,7 +99,11 @@ struct omap_aes_ctx {
u32 key[AES_KEYSIZE_256 / sizeof(u32)];
u8 nonce[4];
struct crypto_sync_skcipher *fallback;
- struct crypto_skcipher *ctr;
+};
+
+struct omap_aes_gcm_ctx {
+ struct omap_aes_ctx octx;
+ struct crypto_aes_ctx actx;
};
struct omap_aes_reqctx {
--
2.17.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 0/6] crypto: additional fixes for omap-aes
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
` (5 preceding siblings ...)
2019-10-26 14:52 ` [PATCH 6/6] crypto: omap-aes-gcm - use the AES library to encrypt the tag Ard Biesheuvel
@ 2019-11-05 12:19 ` Tero Kristo
2019-11-05 13:20 ` Herbert Xu
6 siblings, 1 reply; 10+ messages in thread
From: Tero Kristo @ 2019-11-05 12:19 UTC (permalink / raw)
To: Ard Biesheuvel, linux-crypto; +Cc: herbert, linux-omap
On 26/10/2019 17:52, Ard Biesheuvel wrote:
> This series applies onto Tero's series [0], and addresses a number of
> additional issues that exist in the omap-aes driver that aren't being
> addresses by Tero's fixes.
>
> Note that the resulting code is still not 100% correct: an issue remains
> where inputs into GCM consisting solely of assocdata are not being processed
> correctly, e.g.,
>
> alg: aead: gcm-aes-omap encryption test failed (wrong result) on test vector
> "random: alen=38 plen=0 authsize=16 klen=32",
> cfg="random: inplace may_sleep use_digest src_divs=[100.0%@+19] iv_offset=31"
>
> I have no idea how to fix this, so I'll leave this to people that know this
> hardware and have access to the Sitara TRM.
>
> Note that I also spotted some issues in the SHAM driver, i.e.,
>
> alg: ahash: omap-sha1 test failed (wrong result) on test vector
> "random: psize=7928 ksize=0", cfg="random: inplace use_final
> src_divs=[5.64%@+13, 59.70%@+18, <flush>31.53%@+4072,
> <flush,nosimd>3.13%@alignmask+263]"
> alg: ahash: omap-hmac-sha256 test failed (wrong result) on test vector
> "random: psize=960 ksize=37", cfg="random: inplace use_final
> src_divs=[32.54%@+2449, 17.18%@+4, <flush>50.28%@+1] iv_offset=31"
>
> All of these failures are triggered by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS,
> so they will not show up when using the standard set of test vectors.
>
> [0] https://lore.kernel.org/linux-crypto/20191017122549.4634-1-t-kristo@ti.com/
>
> Cc: linux-omap@vger.kernel.org
> Cc: Tero Kristo <t-kristo@ti.com>
For the whole series:
Reviewed-by: Tero Kristo <t-kristo@ti.com>
Tested-by: Tero Kristo <t-kristo@ti.com>
-Tero
>
> Ard Biesheuvel (6):
> crypto: omap-aes - reject invalid input sizes for block modes
> crypto: omap-aes-ctr - set blocksize to 1
> crypto: omap-aes-gcm - deal with memory allocation failure
> crypto: omap-aes-gcm - add missing .setauthsize hooks
> crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode
> crypto: omap-aes-gcm - use the AES library to encrypt the tag
>
> drivers/crypto/omap-aes-gcm.c | 119 ++++++++------------
> drivers/crypto/omap-aes.c | 33 ++----
> drivers/crypto/omap-aes.h | 10 +-
> 3 files changed, 61 insertions(+), 101 deletions(-)
>
--
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/6] crypto: additional fixes for omap-aes
2019-11-05 12:19 ` [PATCH 0/6] crypto: additional fixes for omap-aes Tero Kristo
@ 2019-11-05 13:20 ` Herbert Xu
2019-11-05 13:38 ` Tero Kristo
0 siblings, 1 reply; 10+ messages in thread
From: Herbert Xu @ 2019-11-05 13:20 UTC (permalink / raw)
To: Tero Kristo; +Cc: Ard Biesheuvel, linux-crypto, linux-omap
On Tue, Nov 05, 2019 at 02:19:54PM +0200, Tero Kristo wrote:
> On 26/10/2019 17:52, Ard Biesheuvel wrote:
> > This series applies onto Tero's series [0], and addresses a number of
> > additional issues that exist in the omap-aes driver that aren't being
> > addresses by Tero's fixes.
> >
> > Note that the resulting code is still not 100% correct: an issue remains
> > where inputs into GCM consisting solely of assocdata are not being processed
> > correctly, e.g.,
> >
> > alg: aead: gcm-aes-omap encryption test failed (wrong result) on test vector
> > "random: alen=38 plen=0 authsize=16 klen=32",
> > cfg="random: inplace may_sleep use_digest src_divs=[100.0%@+19] iv_offset=31"
> >
> > I have no idea how to fix this, so I'll leave this to people that know this
> > hardware and have access to the Sitara TRM.
> >
> > Note that I also spotted some issues in the SHAM driver, i.e.,
> >
> > alg: ahash: omap-sha1 test failed (wrong result) on test vector
> > "random: psize=7928 ksize=0", cfg="random: inplace use_final
> > src_divs=[5.64%@+13, 59.70%@+18, <flush>31.53%@+4072,
> > <flush,nosimd>3.13%@alignmask+263]"
> > alg: ahash: omap-hmac-sha256 test failed (wrong result) on test vector
> > "random: psize=960 ksize=37", cfg="random: inplace use_final
> > src_divs=[32.54%@+2449, 17.18%@+4, <flush>50.28%@+1] iv_offset=31"
> >
> > All of these failures are triggered by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS,
> > so they will not show up when using the standard set of test vectors.
> >
> > [0] https://lore.kernel.org/linux-crypto/20191017122549.4634-1-t-kristo@ti.com/
> >
> > Cc: linux-omap@vger.kernel.org
> > Cc: Tero Kristo <t-kristo@ti.com>
>
> For the whole series:
>
> Reviewed-by: Tero Kristo <t-kristo@ti.com>
> Tested-by: Tero Kristo <t-kristo@ti.com>
Actually I've lost track of both of your patch series. Please
repost both in the correct order for merging.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/6] crypto: additional fixes for omap-aes
2019-11-05 13:20 ` Herbert Xu
@ 2019-11-05 13:38 ` Tero Kristo
0 siblings, 0 replies; 10+ messages in thread
From: Tero Kristo @ 2019-11-05 13:38 UTC (permalink / raw)
To: Herbert Xu; +Cc: Ard Biesheuvel, linux-crypto, linux-omap
On 05/11/2019 15:20, Herbert Xu wrote:
> On Tue, Nov 05, 2019 at 02:19:54PM +0200, Tero Kristo wrote:
>> On 26/10/2019 17:52, Ard Biesheuvel wrote:
>>> This series applies onto Tero's series [0], and addresses a number of
>>> additional issues that exist in the omap-aes driver that aren't being
>>> addresses by Tero's fixes.
>>>
>>> Note that the resulting code is still not 100% correct: an issue remains
>>> where inputs into GCM consisting solely of assocdata are not being processed
>>> correctly, e.g.,
>>>
>>> alg: aead: gcm-aes-omap encryption test failed (wrong result) on test vector
>>> "random: alen=38 plen=0 authsize=16 klen=32",
>>> cfg="random: inplace may_sleep use_digest src_divs=[100.0%@+19] iv_offset=31"
>>>
>>> I have no idea how to fix this, so I'll leave this to people that know this
>>> hardware and have access to the Sitara TRM.
>>>
>>> Note that I also spotted some issues in the SHAM driver, i.e.,
>>>
>>> alg: ahash: omap-sha1 test failed (wrong result) on test vector
>>> "random: psize=7928 ksize=0", cfg="random: inplace use_final
>>> src_divs=[5.64%@+13, 59.70%@+18, <flush>31.53%@+4072,
>>> <flush,nosimd>3.13%@alignmask+263]"
>>> alg: ahash: omap-hmac-sha256 test failed (wrong result) on test vector
>>> "random: psize=960 ksize=37", cfg="random: inplace use_final
>>> src_divs=[32.54%@+2449, 17.18%@+4, <flush>50.28%@+1] iv_offset=31"
>>>
>>> All of these failures are triggered by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS,
>>> so they will not show up when using the standard set of test vectors.
>>>
>>> [0] https://lore.kernel.org/linux-crypto/20191017122549.4634-1-t-kristo@ti.com/
>>>
>>> Cc: linux-omap@vger.kernel.org
>>> Cc: Tero Kristo <t-kristo@ti.com>
>>
>> For the whole series:
>>
>> Reviewed-by: Tero Kristo <t-kristo@ti.com>
>> Tested-by: Tero Kristo <t-kristo@ti.com>
>
> Actually I've lost track of both of your patch series. Please
> repost both in the correct order for merging.
Yeah, I was kinda expecting this. :)
Will repost all as single series.
-Tero
--
Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-11-05 13:38 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-26 14:52 [PATCH 0/6] crypto: additional fixes for omap-aes Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 2/6] crypto: omap-aes-ctr - set blocksize to 1 Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 3/6] crypto: omap-aes-gcm - deal with memory allocation failure Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 4/6] crypto: omap-aes-gcm - add missing .setauthsize hooks Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 5/6] crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode Ard Biesheuvel
2019-10-26 14:52 ` [PATCH 6/6] crypto: omap-aes-gcm - use the AES library to encrypt the tag Ard Biesheuvel
2019-11-05 12:19 ` [PATCH 0/6] crypto: additional fixes for omap-aes Tero Kristo
2019-11-05 13:20 ` Herbert Xu
2019-11-05 13:38 ` Tero Kristo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).