* [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
@ 2019-05-15 12:29 Christophe Leroy
2019-05-15 14:05 ` Horia Geanta
2019-05-23 6:51 ` Herbert Xu
0 siblings, 2 replies; 6+ messages in thread
From: Christophe Leroy @ 2019-05-15 12:29 UTC (permalink / raw)
To: Herbert Xu, David S. Miller; +Cc: linux-crypto, linux-kernel, linuxppc-dev
Selftests report the following:
[ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
[ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[ 3.043185] 00000000: fe dc ba 98 76 54 32 10
[ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
[ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
This above dumps show that the actual output IV is indeed the input IV.
This is due to the IV not being copied back into the request.
This patch fixes that.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
drivers/crypto/talitos.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 1d429fc073d1..f443cbe7da80 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1637,11 +1637,15 @@ static void ablkcipher_done(struct device *dev,
int err)
{
struct ablkcipher_request *areq = context;
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+ unsigned int ivsize = crypto_ablkcipher_ivsize(cipher);
struct talitos_edesc *edesc;
edesc = container_of(desc, struct talitos_edesc, desc);
common_nonsnoop_unmap(dev, edesc, areq);
+ memcpy(areq->info, ctx->iv, ivsize);
kfree(edesc);
--
2.13.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
2019-05-15 12:29 [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV Christophe Leroy
@ 2019-05-15 14:05 ` Horia Geanta
2019-05-15 18:49 ` Christophe Leroy
2019-05-23 6:51 ` Herbert Xu
1 sibling, 1 reply; 6+ messages in thread
From: Horia Geanta @ 2019-05-15 14:05 UTC (permalink / raw)
To: Christophe Leroy, Herbert Xu, David S. Miller
Cc: linux-crypto, linux-kernel, linuxppc-dev
On 5/15/2019 3:29 PM, Christophe Leroy wrote:
> Selftests report the following:
>
> [ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
> [ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 3.043185] 00000000: fe dc ba 98 76 54 32 10
> [ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
>
> This above dumps show that the actual output IV is indeed the input IV.
> This is due to the IV not being copied back into the request.
>
> This patch fixes that.
>
> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
While here, could you please check ecb mode (which by definition does not have
an IV) is behaving correctly?
Looking in driver_algs[] list of crypto algorithms supported by talitos,
ecb(aes,des,3des) are declared with ivsize != 0.
Thanks,
Horia
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
2019-05-15 14:05 ` Horia Geanta
@ 2019-05-15 18:49 ` Christophe Leroy
2019-05-16 2:30 ` Eric Biggers
0 siblings, 1 reply; 6+ messages in thread
From: Christophe Leroy @ 2019-05-15 18:49 UTC (permalink / raw)
To: Horia Geanta, Herbert Xu, David S. Miller
Cc: linux-crypto, linux-kernel, linuxppc-dev
Le 15/05/2019 à 16:05, Horia Geanta a écrit :
> On 5/15/2019 3:29 PM, Christophe Leroy wrote:
>> Selftests report the following:
>>
>> [ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>> [ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
>> [ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>> [ 3.043185] 00000000: fe dc ba 98 76 54 32 10
>> [ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>> [ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
>>
>> This above dumps show that the actual output IV is indeed the input IV.
>> This is due to the IV not being copied back into the request.
>>
>> This patch fixes that.
>>
>> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
> Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
It's missing a Fixes: tag and a Cc: to stable.
I'll resend tomorrow.
>
> While here, could you please check ecb mode (which by definition does not have
> an IV) is behaving correctly?
> Looking in driver_algs[] list of crypto algorithms supported by talitos,
> ecb(aes,des,3des) are declared with ivsize != 0.
According to /proc/crypto, test are passed for ecb.
Christophe
>
> Thanks,
> Horia
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
2019-05-15 18:49 ` Christophe Leroy
@ 2019-05-16 2:30 ` Eric Biggers
2019-05-16 13:32 ` Christophe Leroy
0 siblings, 1 reply; 6+ messages in thread
From: Eric Biggers @ 2019-05-16 2:30 UTC (permalink / raw)
To: Christophe Leroy
Cc: Horia Geanta, Herbert Xu, David S. Miller, linux-crypto,
linux-kernel, linuxppc-dev
On Wed, May 15, 2019 at 08:49:48PM +0200, Christophe Leroy wrote:
>
>
> Le 15/05/2019 à 16:05, Horia Geanta a écrit :
> > On 5/15/2019 3:29 PM, Christophe Leroy wrote:
> > > Selftests report the following:
> > >
> > > [ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> > > [ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
> > > [ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> > > [ 3.043185] 00000000: fe dc ba 98 76 54 32 10
> > > [ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> > > [ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
> > >
> > > This above dumps show that the actual output IV is indeed the input IV.
> > > This is due to the IV not being copied back into the request.
> > >
> > > This patch fixes that.
> > >
> > > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
> > Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
>
> It's missing a Fixes: tag and a Cc: to stable.
>
> I'll resend tomorrow.
>
> >
> > While here, could you please check ecb mode (which by definition does not have
> > an IV) is behaving correctly?
> > Looking in driver_algs[] list of crypto algorithms supported by talitos,
> > ecb(aes,des,3des) are declared with ivsize != 0.
>
> According to /proc/crypto, test are passed for ecb.
>
Did you try enabling CONFIG_CRYPTO_MANAGER_EXTRA_TESTS? There is now a check
that the driver's ivsize matches the generic implementation's:
if (ivsize != crypto_skcipher_ivsize(generic_tfm)) {
pr_err("alg: skcipher: ivsize for %s (%u) doesn't match generic impl (%u)\n",
driver, ivsize, crypto_skcipher_ivsize(generic_tfm));
err = -EINVAL;
goto out;
}
For ECB that means the ivsize must be 0.
AFAICS the talitos driver even accesses the IV for ECB, which is wrong; and the
only reason this isn't crashing the self-tests already is that they are confused
by the declared ivsize being nonzero so they don't pass NULL as they should.
- Eric
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
2019-05-16 2:30 ` Eric Biggers
@ 2019-05-16 13:32 ` Christophe Leroy
0 siblings, 0 replies; 6+ messages in thread
From: Christophe Leroy @ 2019-05-16 13:32 UTC (permalink / raw)
To: Eric Biggers
Cc: Horia Geanta, Herbert Xu, David S. Miller, linux-crypto,
linux-kernel, linuxppc-dev
Le 16/05/2019 à 04:30, Eric Biggers a écrit :
> On Wed, May 15, 2019 at 08:49:48PM +0200, Christophe Leroy wrote:
>>
>>
>> Le 15/05/2019 à 16:05, Horia Geanta a écrit :
>>> On 5/15/2019 3:29 PM, Christophe Leroy wrote:
>>>> Selftests report the following:
>>>>
>>>> [ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>>>> [ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
>>>> [ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>>>> [ 3.043185] 00000000: fe dc ba 98 76 54 32 10
>>>> [ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
>>>> [ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
>>>>
>>>> This above dumps show that the actual output IV is indeed the input IV.
>>>> This is due to the IV not being copied back into the request.
>>>>
>>>> This patch fixes that.
>>>>
>>>> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
>>> Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
>>
>> It's missing a Fixes: tag and a Cc: to stable.
>>
>> I'll resend tomorrow.
>>
>>>
>>> While here, could you please check ecb mode (which by definition does not have
>>> an IV) is behaving correctly?
>>> Looking in driver_algs[] list of crypto algorithms supported by talitos,
>>> ecb(aes,des,3des) are declared with ivsize != 0.
>>
>> According to /proc/crypto, test are passed for ecb.
>>
>
> Did you try enabling CONFIG_CRYPTO_MANAGER_EXTRA_TESTS? There is now a check
> that the driver's ivsize matches the generic implementation's:
>
> if (ivsize != crypto_skcipher_ivsize(generic_tfm)) {
> pr_err("alg: skcipher: ivsize for %s (%u) doesn't match generic impl (%u)\n",
> driver, ivsize, crypto_skcipher_ivsize(generic_tfm));
> err = -EINVAL;
> goto out;
> }
>
> For ECB that means the ivsize must be 0.
>
> AFAICS the talitos driver even accesses the IV for ECB, which is wrong; and the
> only reason this isn't crashing the self-tests already is that they are confused
> by the declared ivsize being nonzero so they don't pass NULL as they should.
>
Ok, thanks. I'll try and run EXTRA TESTS as soon as I get the current
test all fixed.
For the time being, I'm having a problem that I'm a bit lost with:
AEAD decryption fails at the moment for out-of-line tests, and the
reason is that the ICV (used to do the SW compare with the expected one)
is generated after the decrypted data.
It works perfectly when src == dst, because the src has space for it,
but when the dst is different, the dst length is smaller so the ICV is
generated outside the sg list, and the comparison fails because the
comparison is done with the last bytes of the last segment of dst sg
list (which corresponds to the end of decrypted data in that case).
What I'm having hard time with it that it seems that when the sg list
has several elements, it uses an out of line area for generating the ICV
but not when the sg list has only one element. I'm really wondering why.
Thanks
Christophe
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV
2019-05-15 12:29 [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV Christophe Leroy
2019-05-15 14:05 ` Horia Geanta
@ 2019-05-23 6:51 ` Herbert Xu
1 sibling, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2019-05-23 6:51 UTC (permalink / raw)
To: Christophe Leroy
Cc: David S. Miller, linux-crypto, linux-kernel, linuxppc-dev
On Wed, May 15, 2019 at 12:29:03PM +0000, Christophe Leroy wrote:
> Selftests report the following:
>
> [ 2.984845] alg: skcipher: cbc-aes-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 2.995377] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
> [ 3.032673] alg: skcipher: cbc-des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 3.043185] 00000000: fe dc ba 98 76 54 32 10
> [ 3.063238] alg: skcipher: cbc-3des-talitos encryption test failed (wrong output IV) on test vector 0, cfg="in-place"
> [ 3.073818] 00000000: 7d 33 88 93 0f 93 b2 42
>
> This above dumps show that the actual output IV is indeed the input IV.
> This is due to the IV not being copied back into the request.
>
> This patch fixes that.
>
> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
> ---
> drivers/crypto/talitos.c | 4 ++++
> 1 file changed, 4 insertions(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-05-23 6:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-15 12:29 [PATCH] crypto: talitos - fix skcipher failure due to wrong output IV Christophe Leroy
2019-05-15 14:05 ` Horia Geanta
2019-05-15 18:49 ` Christophe Leroy
2019-05-16 2:30 ` Eric Biggers
2019-05-16 13:32 ` Christophe Leroy
2019-05-23 6:51 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).