linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: Eric Biggers <ebiggers@kernel.org>,
	Daniel Axtens <dja@axtens.net>,
	leo.barbosa@canonical.com,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Stephan Mueller <smueller@chronox.de>,
	nayna@linux.ibm.com, omosnacek@gmail.com, leitao@debian.org,
	pfsmorigo@gmail.com,
	"open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
	<linux-crypto@vger.kernel.org>,
	marcelo.cerri@canonical.com,
	linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH] crypto: vmx - fix copy-paste error in CTR mode
Date: Mon, 18 Mar 2019 10:13:39 +0100	[thread overview]
Message-ID: <CAKv+Gu_w_d5AbkYu=fdK1ver97G4O_rqu9o9tNy_-zNaAOnkkA@mail.gmail.com> (raw)
In-Reply-To: <87pnqo7ewp.fsf@concordia.ellerman.id.au>

On Mon, 18 Mar 2019 at 09:41, Michael Ellerman <mpe@ellerman.id.au> wrote:
>
> Eric Biggers <ebiggers@kernel.org> writes:
> > On Fri, Mar 15, 2019 at 03:24:35PM +1100, Daniel Axtens wrote:
> ...
> >> >> This leads to corruption of the IV, which leads to subsequent blocks
> >> >> being corrupted.
> >> >>
> >> >> This can be detected with libkcapi test suite, which is available at
> >> >> https://github.com/smuellerDD/libkcapi
> >> >
> >> > Is this also detected by the kernel's crypto self-tests, and if not why not?
> >> > What about with the new option CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y?
> >>
> >> It seems the self-tests do not catch it. To catch it, there has to be a
> >> test where the blkcipher_walk creates a walk.nbytes such that
> >> [(the number of AES blocks) mod 8] is either 2 or 3. This happens with
> >> AF_ALG pretty frequently, but when I booted with self-tests it only hit
> >> 1, 4, 5, 6 and 7 - it missed 0, 2 and 3.
> >>
> >> I don't have the EXTRA_TESTS option - I'm testing with 5.0-rc6. Is it in
> >> -next?
> >
> > The improvements I recently made to the self-tests are intended to catch exactly
> > this sort of bug.  They were just merged for v5.1, so try the latest mainline.
> > This almost certainly would be caught by EXTRA_TESTS (and if not I'd want to
> > know), but it may be caught by the regular self-tests now too.
>
> Enabling the crypto tests (CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n)
> actually hides the bug for me.
>
> By which I mean I can't trigger the bug via kcapi-enc-tests.sh, because
> the VMX code is never called.
>
> ie:
>   # zgrep -e CRYPTO_MANAGER -e VMX /proc/config.gz
>   CONFIG_CRYPTO_MANAGER=y
>   CONFIG_CRYPTO_MANAGER2=y
>   # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
>   # CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set
>   CONFIG_CRYPTO_DEV_VMX=y
>   CONFIG_CRYPTO_DEV_VMX_ENCRYPT=y
>
>   # echo "p:p8_aes_ctr_crypt p8_aes_ctr_crypt" > /sys/kernel/debug/tracing/kprobe_events
>   # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable
>   # ./kcapi-enc-test.sh
>   ...
>   Number of failures: 0
>   # grep -c p8_aes_ctr_crypt  /sys/kernel/debug/tracing/trace
>   0
>
>
> I don't understand how the crypto core chooses which crypto_alg to use,
> but I didn't expect enabling the tests to change it?
>

This is not entirely unexpected. Based on the tests, algos that are
found to be broken are disregarded for further use, and you should see
a warning in the kernel log about this.

  reply	other threads:[~2019-03-18  9:13 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-15  2:09 [PATCH] crypto: vmx - fix copy-paste error in CTR mode Daniel Axtens
2019-03-15  2:24 ` Eric Biggers
2019-03-15  4:24   ` Daniel Axtens
2019-03-15  4:34     ` Eric Biggers
2019-03-15  5:23       ` Daniel Axtens
2019-04-10  7:02         ` Eric Biggers
2019-04-11 14:47           ` Daniel Axtens
2019-04-11 17:40             ` Nayna
2019-04-13  3:41               ` Michael Ellerman
2019-05-06 15:53                 ` Eric Biggers
2019-05-13  0:59                   ` Herbert Xu
2019-05-13 11:39                     ` Michael Ellerman
2019-05-14 17:35                       ` Daniel Axtens
2019-05-15  3:53                         ` Herbert Xu
2019-05-15  6:36                           ` Daniel Axtens
2019-05-16  2:12                             ` Daniel Axtens
2019-05-16  2:56                               ` Eric Biggers
2019-05-16  5:28                                 ` Daniel Axtens
2019-03-18  8:41       ` Michael Ellerman
2019-03-18  9:13         ` Ard Biesheuvel [this message]
2019-03-19  0:52           ` Michael Ellerman
2019-03-18  6:03 ` Michael Ellerman
2019-03-20  8:40 ` Ondrej Mosnáček
2019-03-22 13:04 ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKv+Gu_w_d5AbkYu=fdK1ver97G4O_rqu9o9tNy_-zNaAOnkkA@mail.gmail.com' \
    --to=ard.biesheuvel@linaro.org \
    --cc=dja@axtens.net \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=leitao@debian.org \
    --cc=leo.barbosa@canonical.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=marcelo.cerri@canonical.com \
    --cc=mpe@ellerman.id.au \
    --cc=nayna@linux.ibm.com \
    --cc=omosnacek@gmail.com \
    --cc=pfsmorigo@gmail.com \
    --cc=smueller@chronox.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).