* [PATCH] crypto: qat - aead cipher length should be block multiple
@ 2020-08-22 7:29 Giovanni Cabiddu
2020-08-22 13:04 ` Ard Biesheuvel
[not found] ` <1cffce42de2f4e7b84514a27bd9a889d@irsmsx602.ger.corp.intel.com>
0 siblings, 2 replies; 4+ messages in thread
From: Giovanni Cabiddu @ 2020-08-22 7:29 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto, qat-linux, Dominik Przychodni, Giovanni Cabiddu
From: Dominik Przychodni <dominik.przychodni@intel.com>
Include an additional check on the cipher length to prevent undefined
behaviour from occurring upon submitting requests which are not a
multiple of AES_BLOCK_SIZE.
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Signed-off-by: Dominik Przychodni <dominik.przychodni@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
---
drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 72753b84dc95..d552dbcfe0a0 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -828,6 +828,11 @@ static int qat_alg_aead_dec(struct aead_request *areq)
struct icp_qat_fw_la_bulk_req *msg;
int digst_size = crypto_aead_authsize(aead_tfm);
int ret, ctr = 0;
+ u32 cipher_len;
+
+ cipher_len = areq->cryptlen - digst_size;
+ if (cipher_len % AES_BLOCK_SIZE != 0)
+ return -EINVAL;
ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
if (unlikely(ret))
@@ -842,7 +847,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp;
qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp;
cipher_param = (void *)&qat_req->req.serv_specif_rqpars;
- cipher_param->cipher_length = areq->cryptlen - digst_size;
+ cipher_param->cipher_length = cipher_len;
cipher_param->cipher_offset = areq->assoclen;
memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE);
auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param));
@@ -871,6 +876,9 @@ static int qat_alg_aead_enc(struct aead_request *areq)
u8 *iv = areq->iv;
int ret, ctr = 0;
+ if (areq->cryptlen % AES_BLOCK_SIZE != 0)
+ return -EINVAL;
+
ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
if (unlikely(ret))
return ret;
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: qat - aead cipher length should be block multiple
2020-08-22 7:29 [PATCH] crypto: qat - aead cipher length should be block multiple Giovanni Cabiddu
@ 2020-08-22 13:04 ` Ard Biesheuvel
[not found] ` <1cffce42de2f4e7b84514a27bd9a889d@irsmsx602.ger.corp.intel.com>
1 sibling, 0 replies; 4+ messages in thread
From: Ard Biesheuvel @ 2020-08-22 13:04 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: Herbert Xu, Linux Crypto Mailing List, qat-linux, Dominik Przychodni
On Sat, 22 Aug 2020 at 09:29, Giovanni Cabiddu
<giovanni.cabiddu@intel.com> wrote:
>
> From: Dominik Przychodni <dominik.przychodni@intel.com>
>
> Include an additional check on the cipher length to prevent undefined
> behaviour from occurring upon submitting requests which are not a
> multiple of AES_BLOCK_SIZE.
>
> Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
> Signed-off-by: Dominik Przychodni <dominik.przychodni@intel.com>
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
I only looked at the patch, and not at the entire file, but could you
explain which AES based AEAD implementations require the input length
to be a multiple of the block size? CCM and GCM are both CTR based,
and so any input length should be supported for at least those modes.
> ---
> drivers/crypto/qat/qat_common/qat_algs.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> index 72753b84dc95..d552dbcfe0a0 100644
> --- a/drivers/crypto/qat/qat_common/qat_algs.c
> +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> @@ -828,6 +828,11 @@ static int qat_alg_aead_dec(struct aead_request *areq)
> struct icp_qat_fw_la_bulk_req *msg;
> int digst_size = crypto_aead_authsize(aead_tfm);
> int ret, ctr = 0;
> + u32 cipher_len;
> +
> + cipher_len = areq->cryptlen - digst_size;
> + if (cipher_len % AES_BLOCK_SIZE != 0)
> + return -EINVAL;
>
> ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
> if (unlikely(ret))
> @@ -842,7 +847,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
> qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp;
> qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp;
> cipher_param = (void *)&qat_req->req.serv_specif_rqpars;
> - cipher_param->cipher_length = areq->cryptlen - digst_size;
> + cipher_param->cipher_length = cipher_len;
> cipher_param->cipher_offset = areq->assoclen;
> memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE);
> auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param));
> @@ -871,6 +876,9 @@ static int qat_alg_aead_enc(struct aead_request *areq)
> u8 *iv = areq->iv;
> int ret, ctr = 0;
>
> + if (areq->cryptlen % AES_BLOCK_SIZE != 0)
> + return -EINVAL;
> +
> ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
> if (unlikely(ret))
> return ret;
> --
> 2.26.2
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: qat - aead cipher length should be block multiple
[not found] ` <1cffce42de2f4e7b84514a27bd9a889d@irsmsx602.ger.corp.intel.com>
@ 2020-08-28 9:23 ` Giovanni Cabiddu
2020-08-31 13:26 ` Ard Biesheuvel
0 siblings, 1 reply; 4+ messages in thread
From: Giovanni Cabiddu @ 2020-08-28 9:23 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Herbert Xu, Linux Crypto Mailing List, qat-linux, Przychodni, Dominik
On Sat, Aug 22, 2020 at 02:04:10PM +0100, Ard Biesheuvel wrote:
> On Sat, 22 Aug 2020 at 09:29, Giovanni Cabiddu
> <giovanni.cabiddu@intel.com> wrote:
> >
> > From: Dominik Przychodni <dominik.przychodni@intel.com>
> >
> > Include an additional check on the cipher length to prevent undefined
> > behaviour from occurring upon submitting requests which are not a
> > multiple of AES_BLOCK_SIZE.
> >
> > Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
> > Signed-off-by: Dominik Przychodni <dominik.przychodni@intel.com>
> > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
>
> I only looked at the patch, and not at the entire file, but could you
> explain which AES based AEAD implementations require the input length
> to be a multiple of the block size? CCM and GCM are both CTR based,
> and so any input length should be supported for at least those modes.
This is only for AES CBC as the qat driver supports only
authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and
authenc(hmac(sha512),cbc(aes)).
Regards,
--
Giovanni
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: qat - aead cipher length should be block multiple
2020-08-28 9:23 ` Giovanni Cabiddu
@ 2020-08-31 13:26 ` Ard Biesheuvel
0 siblings, 0 replies; 4+ messages in thread
From: Ard Biesheuvel @ 2020-08-31 13:26 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: Herbert Xu, Linux Crypto Mailing List, qat-linux, Przychodni, Dominik
On Fri, 28 Aug 2020 at 12:24, Giovanni Cabiddu
<giovanni.cabiddu@intel.com> wrote:
>
> On Sat, Aug 22, 2020 at 02:04:10PM +0100, Ard Biesheuvel wrote:
> > On Sat, 22 Aug 2020 at 09:29, Giovanni Cabiddu
> > <giovanni.cabiddu@intel.com> wrote:
> > >
> > > From: Dominik Przychodni <dominik.przychodni@intel.com>
> > >
> > > Include an additional check on the cipher length to prevent undefined
> > > behaviour from occurring upon submitting requests which are not a
> > > multiple of AES_BLOCK_SIZE.
> > >
> > > Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
> > > Signed-off-by: Dominik Przychodni <dominik.przychodni@intel.com>
> > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> >
> > I only looked at the patch, and not at the entire file, but could you
> > explain which AES based AEAD implementations require the input length
> > to be a multiple of the block size? CCM and GCM are both CTR based,
> > and so any input length should be supported for at least those modes.
> This is only for AES CBC as the qat driver supports only
> authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and
> authenc(hmac(sha512),cbc(aes)).
>
Ah right, yes that makes sense.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-08-31 13:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-22 7:29 [PATCH] crypto: qat - aead cipher length should be block multiple Giovanni Cabiddu
2020-08-22 13:04 ` Ard Biesheuvel
[not found] ` <1cffce42de2f4e7b84514a27bd9a889d@irsmsx602.ger.corp.intel.com>
2020-08-28 9:23 ` Giovanni Cabiddu
2020-08-31 13:26 ` Ard Biesheuvel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).