[v1] crypto: ccp - Add hash state import and export support

Message ID	20160112171738.23496.44254.stgit@tlendack-t1.amdoffice.net (mailing list archive)
State	Accepted
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> Subject: [PATCH v1] crypto: ccp - Add hash state import and export support From: Tom Lendacky <thomas.lendacky@amd.com> To: <linux-crypto@vger.kernel.org> CC: Herbert Xu <herbert@gondor.apana.org.au>, <stable@vger.kernel.org>, "David Miller" <davem@davemloft.net> Date: Tue, 12 Jan 2016 11:17:38 -0600 Message-ID: <20160112171738.23496.44254.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTk2OzIzOlZ0K1BEcXpKVXZEOFBSOWRHWkpqc3cwUS9H?= =?utf-8?B?SFl6VndTYnZndERta0FEaE53WkxnMjJWUGNpK0ZDVHZQZjZ4Tmc5cW03bHp1?= =?utf-8?B?L2hMVUhheXFSVnQwSTJ6YVR2RUxtQzJpZ1hmd3RkM0VXbC8vMXY3VG84TnFU?= =?utf-8?B?OHMrcitZMFlIbE5DOWNIaEFKTmVqV3BQMTZMMDZucG5UVHBwTi9TRnU3V0kz?= =?utf-8?B?eVU3MThMWU4wYk45M3hraCsxTStzR3ZNRDM3MFVpTnN2dGFMV2NkcFRWNmRM?= =?utf-8?B?eFVCckkwZzFFamNMZ0ZPZFpZRy8weEtXbzVCSC9tVnVHNFVTZEFVMGY2ekNB?= =?utf-8?B?ZXg5L2NZZlc1bG1sdG1LQk0ybE01cGZlaWVEekR2VHN5REdtSXNIanVaS0dU?= =?utf-8?B?ZnlJMnRpcGszOXpjWnZYU0labklhZGR6Q29hWVZIQ2s2dWp0LzhUcXF5TUdl?= =?utf-8?B?SHlqMXkzS1FhYUhWbXJCek5Xb3pHcDUxRlltVUVOVTF1c3l5YTN2UFk5UG5o?= =?utf-8?B?ZkdobVNjS3JGQzh6NDR5QVNsRlVWWWpKYnYxamlhTWFNMTRzSVNFRGd3dStZ?= =?utf-8?B?QWVRMWViaU5qS1JFV3RKMlMvVXgwL2tWSHZDbFA5RjZTbUsvK2xMUWE1V3hD?= =?utf-8?B?Wkw1SHUyS2xVUjFORGxkcTNuTWxXNEE3cXZwb3BuSEtHMkFkVzM3dXpKN1BC?= =?utf-8?B?UDIvemhHUmxtY21VR2dkRW44VzlUU2haR0w3Smh0UG9SYWhiR24wWEQ3Q1lj?= =?utf-8?B?cUF4QlNrQ0pPdTFwQVExNW5lQW1ybGFUMStvTko4MHhSUEZNSzJURFdFTUtz?= =?utf-8?B?MWMrcGtwVWxEUFVIWWlBV2haWHAxcHN1Q3lEczlHdElRVlQzSnVwWUF2d3pi?= =?utf-8?B?VlY2eUdYZ2ZPWCtSTGo1NzkyUWZKQXlPSDY1TEQwYTVXSUxyenp4M29PSXhW?= =?utf-8?B?b0I5WWdzOUUzZVRFdU83KzNVN3Rqb1ZZcmxPV2QycHVob3lucFNNS3lLK1V2?= =?utf-8?B?UWhlT2l3WDR6bGpBSkFaM1c0VlVwbCtXNlFzS3kzV0Vqb25FdWtmSm1BNVda?= =?utf-8?B?VmVvZjVxdlZZRURVeEpuWjBpT0JvQWM0UjlneGpSYkw1cjdhVUhzS1NNOFNY?= =?utf-8?B?UU44Nm0vUk9CUDMxVHRHcEtTQmk1SElRZEt4RGFXTmp3N3pMQXEwc3BiQmdG?= =?utf-8?B?cXpKT3dOL0FvQmFMVVpZb0VnSHUvU0FKZHJwNldqL2cvd0pSb0ZWQnhZYzR3?= =?utf-8?B?ZDg5VENHc0hqcUJiMU9ndkxOZ2xJQWQ4d202dnVGWTlnQ1EveDFxbmZBNmE2?= =?utf-8?B?L05qRjRkVnFTNmVJL1k4TG45aUtvQWppSkU5ZlRpQlBERDc1cGh1cGcrejZS?= =?utf-8?B?T0xnbTkwQTRORUZyRUFtVUVoLzVMZDd2NktIR1lOMjJWNWlQdDhLZy9qTHpN?= =?utf-8?B?eG9kZXlyd3hIQitKbGtJMnA3ZjY3MHFtRjVoSlhJSDZlb1ZCVDUrZy81YWJL?= =?utf-8?B?ckZpV2xRcitWVmlJNCt4a2E3UW9nZURTYlNhRElidTI5M21scUxpZER3RnZJ?= =?utf-8?Q?5omM4fWMKSQYVa6uEx0nLBYf2TzwHUcQ7fCHwquKdKIk=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0196; 5:NxYhSnjrjQSnBbyVTXmzghSnM8F4q7bB4+Nbh2AWc8e92PFjaYwe1FK5QlZXwsQO5WNA2Fy32fNcyZW9yTEYxEIoLfjmEJF1cdC333BD9I2iF3/mxmss2NJotrG8zSvg0HsJv/Y9l9jTb3id1XnjBA==; 24:qnl8dQaBbZwTt6M+ZcyzUKPzJBso6AMPaqlhnf9u1hm2iZRhyTeh+j3DiUSihdGx5d4ZGszdtNaFkLRpmMoUAvPOjfl56YYd65tGWrXsNkc=; 20:kaIG3NHh2NYyBkSxD2lWiRu8P/LACm6l1hVYxuoZnnkbNVOg7l3dL2mPIxwOFZddrJpnHaoHXHBglI0cSGvfyRowj1h9sQbyvOgSGjZ16cApcjyq3TpME44iaUBLIciSbpJJknImhlUYTQmiYcW0b6cvL6CzZ97++f1jL3XkRZZHFdEf85HfJUN+qkow2ykpdWwJS4VOnpsrWqDrfPoCO004U8EnfmHhog5gnO8bd3zUjn/HDZ84VSX9o2HvNqgX Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk

Tom Lendacky Jan. 12, 2016, 5:17 p.m. UTC

Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
added a check to prevent ahash algorithms from successfully registering
if the import and export functions were not implemented. This prevents
an oops in the hash_accept function of algif_hash. This commit causes
the ccp-crypto module SHA support and AES CMAC support from successfully
registering and causing the ccp-crypto module load to fail because the
ahash import and export functions are not implemented.

Update the CCP Crypto API support to provide import and export support
for ahash algorithms.

Cc: <stable@vger.kernel.org> # 3.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 drivers/crypto/ccp/ccp-crypto-aes-cmac.c |   23 +++++++++++++++++++++++
 drivers/crypto/ccp/ccp-crypto-sha.c      |   23 +++++++++++++++++++++++
 2 files changed, 46 insertions(+)


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Tom Lendacky Jan. 22, 2016, 5:22 p.m. UTC | #1

On 01/12/2016 11:17 AM, Tom Lendacky wrote:
> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> added a check to prevent ahash algorithms from successfully registering
> if the import and export functions were not implemented. This prevents
> an oops in the hash_accept function of algif_hash. This commit causes
> the ccp-crypto module SHA support and AES CMAC support from successfully
> registering and causing the ccp-crypto module load to fail because the
> ahash import and export functions are not implemented.
> 
> Update the CCP Crypto API support to provide import and export support
> for ahash algorithms.
> 
> Cc: <stable@vger.kernel.org> # 3.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Herbert, is it possible this patch can be part of Crypto Fixes for 4.5?

Thanks,
Tom

> ---
>  drivers/crypto/ccp/ccp-crypto-aes-cmac.c |   23 +++++++++++++++++++++++
>  drivers/crypto/ccp/ccp-crypto-sha.c      |   23 +++++++++++++++++++++++
>  2 files changed, 46 insertions(+)
> 
> diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> index d89f20c..00207cf 100644
> --- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> +++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> @@ -220,6 +220,26 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
>  	return ccp_aes_cmac_finup(req);
>  }
>  
> +static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
> +{
> +	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
> +	struct ccp_aes_cmac_req_ctx *state = out;
> +
> +	*state = *rctx;
> +
> +	return 0;
> +}
> +
> +static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
> +{
> +	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
> +	const struct ccp_aes_cmac_req_ctx *state = in;
> +
> +	*rctx = *state;
> +
> +	return 0;
> +}
> +
>  static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
>  			       unsigned int key_len)
>  {
> @@ -352,10 +372,13 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
>  	alg->final = ccp_aes_cmac_final;
>  	alg->finup = ccp_aes_cmac_finup;
>  	alg->digest = ccp_aes_cmac_digest;
> +	alg->export = ccp_aes_cmac_export;
> +	alg->import = ccp_aes_cmac_import;
>  	alg->setkey = ccp_aes_cmac_setkey;
>  
>  	halg = &alg->halg;
>  	halg->digestsize = AES_BLOCK_SIZE;
> +	halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
>  
>  	base = &halg->base;
>  	snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
> diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
> index d14b3f2..3aae58d 100644
> --- a/drivers/crypto/ccp/ccp-crypto-sha.c
> +++ b/drivers/crypto/ccp/ccp-crypto-sha.c
> @@ -207,6 +207,26 @@ static int ccp_sha_digest(struct ahash_request *req)
>  	return ccp_sha_finup(req);
>  }
>  
> +static int ccp_sha_export(struct ahash_request *req, void *out)
> +{
> +	struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
> +	struct ccp_sha_req_ctx *state = out;
> +
> +	*state = *rctx;
> +
> +	return 0;
> +}
> +
> +static int ccp_sha_import(struct ahash_request *req, const void *in)
> +{
> +	struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
> +	const struct ccp_sha_req_ctx *state = in;
> +
> +	*rctx = *state;
> +
> +	return 0;
> +}
> +
>  static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
>  			  unsigned int key_len)
>  {
> @@ -403,9 +423,12 @@ static int ccp_register_sha_alg(struct list_head *head,
>  	alg->final = ccp_sha_final;
>  	alg->finup = ccp_sha_finup;
>  	alg->digest = ccp_sha_digest;
> +	alg->export = ccp_sha_export;
> +	alg->import = ccp_sha_import;
>  
>  	halg = &alg->halg;
>  	halg->digestsize = def->digest_size;
> +	halg->statesize = sizeof(struct ccp_sha_req_ctx);
>  
>  	base = &halg->base;
>  	snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Herbert Xu Jan. 25, 2016, 7:20 a.m. UTC | #2

On Fri, Jan 22, 2016 at 11:22:48AM -0600, Tom Lendacky wrote:
> On 01/12/2016 11:17 AM, Tom Lendacky wrote:
> > Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> > added a check to prevent ahash algorithms from successfully registering
> > if the import and export functions were not implemented. This prevents
> > an oops in the hash_accept function of algif_hash. This commit causes
> > the ccp-crypto module SHA support and AES CMAC support from successfully
> > registering and causing the ccp-crypto module load to fail because the
> > ahash import and export functions are not implemented.
> > 
> > Update the CCP Crypto API support to provide import and export support
> > for ahash algorithms.
> > 
> > Cc: <stable@vger.kernel.org> # 3.14.x-
> > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> 
> Herbert, is it possible this patch can be part of Crypto Fixes for 4.5?

While your patch is probably OK the rctx structure just contains
too much crap for me to feel safe about pushing this in at this
point in time.  So I'd like to have it cook for another cycle.

The reason I'm overly cautious is because import/export is directly
exposed to user-space so if we get this wrong then we may open
up a root hole.

Cheers,

Herbert Xu Jan. 25, 2016, 2:48 p.m. UTC | #3

On Tue, Jan 12, 2016 at 11:17:38AM -0600, Tom Lendacky wrote:
> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> added a check to prevent ahash algorithms from successfully registering
> if the import and export functions were not implemented. This prevents
> an oops in the hash_accept function of algif_hash. This commit causes
> the ccp-crypto module SHA support and AES CMAC support from successfully
> registering and causing the ccp-crypto module load to fail because the
> ahash import and export functions are not implemented.
> 
> Update the CCP Crypto API support to provide import and export support
> for ahash algorithms.
> 
> Cc: <stable@vger.kernel.org> # 3.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Applied.

Tom Lendacky Jan. 25, 2016, 2:58 p.m. UTC | #4

On 01/25/2016 01:20 AM, Herbert Xu wrote:
> On Fri, Jan 22, 2016 at 11:22:48AM -0600, Tom Lendacky wrote:
>> On 01/12/2016 11:17 AM, Tom Lendacky wrote:
>>> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
>>> added a check to prevent ahash algorithms from successfully registering
>>> if the import and export functions were not implemented. This prevents
>>> an oops in the hash_accept function of algif_hash. This commit causes
>>> the ccp-crypto module SHA support and AES CMAC support from successfully
>>> registering and causing the ccp-crypto module load to fail because the
>>> ahash import and export functions are not implemented.
>>>
>>> Update the CCP Crypto API support to provide import and export support
>>> for ahash algorithms.
>>>
>>> Cc: <stable@vger.kernel.org> # 3.14.x-
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> Herbert, is it possible this patch can be part of Crypto Fixes for 4.5?
> 
> While your patch is probably OK the rctx structure just contains
> too much crap for me to feel safe about pushing this in at this
> point in time.  So I'd like to have it cook for another cycle.
> 
> The reason I'm overly cautious is because import/export is directly
> exposed to user-space so if we get this wrong then we may open
> up a root hole.

Many of the fields in the rctx structure are set during the update
operation and don't matter to the driver from an export and import
perspective. I included them to make the routines simple, but if
user-space exposure is a concern I can pare down the amount of data
that is exported and imported. I can send a follow-on patch to do
that if you prefer.

Thanks,
Tom

> 
> Cheers,
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Herbert Xu Jan. 26, 2016, 11:16 a.m. UTC | #5

On Mon, Jan 25, 2016 at 08:58:41AM -0600, Tom Lendacky wrote:
> 
> Many of the fields in the rctx structure are set during the update
> operation and don't matter to the driver from an export and import
> perspective. I included them to make the routines simple, but if
> user-space exposure is a concern I can pare down the amount of data
> that is exported and imported. I can send a follow-on patch to do
> that if you prefer.

I've already merged your patch into cryptodev so it'll eventually
make it into mainline and then percolate back via stable.

Of course any improvements to the export/import functions are
still welcome but I'd prefer to leave the patch in cryptodev
for now.

Thanks,

[v1] crypto: ccp - Add hash state import and export support

Commit Message

Comments

Patch