From patchwork Sat Oct 26 14:52:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213529 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 35DE71864 for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 09D6D2070B for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101642; bh=8sAyKk8mt7SfTyUDT5mY7Ohm9Bw9dXaUue3oAQpCcn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=OzksJLZvXrGQVDUBVbWrCU2SkQ9tzoqI3En/8gM2MXMyXvVDQ1cHAFRkoF2eBpaZS H/Y9l3FRcPFR/G3ERE+aZXwi87qHLwuKDgsLmujD7t1/5cgXR/+76r119jj8EafAmx z9X3MA7JSPuIMGxnMEEIBiUfb2Hsy9zxq2JZBvH8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726224AbfJZOxu (ORCPT ); Sat, 26 Oct 2019 10:53:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:37128 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOxu (ORCPT ); Sat, 26 Oct 2019 10:53:50 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6285B21655; Sat, 26 Oct 2019 14:53:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101629; bh=8sAyKk8mt7SfTyUDT5mY7Ohm9Bw9dXaUue3oAQpCcn0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f3RCdZvD8eCd9S97bhOgYSFCNTMqmdGH4PPrcqdk30i+EcTnfEiLS/Z4GzF0pr6WD 4T/84YzYVcEuOjuLCYWcobXCwMrRa56KhuUervq4XhdjawWueKmrqiBX7C09+fQt4E jWD6oJflb3Icjc4bCmV+UjRgxGb7d2w0UVljnQp4= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 1/6] crypto: omap-aes - reject invalid input sizes for block modes Date: Sat, 26 Oct 2019 16:52:54 +0200 Message-Id: <20191026145259.16040-2-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org Block modes such as ECB and CBC only support input sizes that are a round multiple of the block size, so align with the generic code which returns -EINVAL when encountering inputs that violate this rule. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index de05b35283bf..067f4cd7c005 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -525,6 +525,9 @@ static int omap_aes_crypt(struct skcipher_request *req, unsigned long mode) struct omap_aes_dev *dd; int ret; + if ((req->cryptlen % AES_BLOCK_SIZE) && !(mode & FLAGS_CTR)) + return -EINVAL; + pr_debug("nbytes: %d, enc: %d, cbc: %d\n", req->cryptlen, !!(mode & FLAGS_ENCRYPT), !!(mode & FLAGS_CBC)); From patchwork Sat Oct 26 14:52:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213531 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F3CF4872 for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3E1B02070B for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101642; bh=nJSqzffn18xs1Qhu2a2UoMrbK1GaidB+6eMn6G00Sto=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=PL4e4YmfIIJ0T7vgME/Yt316zLL87leeLgwgHGKliStiaC4OovgEmY7UQYTiJZZQ5 Mo3qKbsZpnyX76wduC8vwqHqcC088Dg9lU3WpDtfLKDWw1R3bgvcjLyUUOIYZuV0PA NVaeVMP1Sk1Y/zHQyObj+YrnK8gEQt9C0V2l3pTw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726237AbfJZOxw (ORCPT ); Sat, 26 Oct 2019 10:53:52 -0400 Received: from mail.kernel.org ([198.145.29.99]:37170 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOxw (ORCPT ); Sat, 26 Oct 2019 10:53:52 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6DE9F214DA; Sat, 26 Oct 2019 14:53:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101632; bh=nJSqzffn18xs1Qhu2a2UoMrbK1GaidB+6eMn6G00Sto=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0m2bIK18yNnYhKWdZes8TPmAes4FUNRfUbqqEYiWckg9hTENNM2oJmx4ZaOTxQfO3 9Eml5PPUh30XS5NvAHEZQOXEgyDaS2YClEUdXfWUPziIDQUBlVYrvkY0PnoSWLNODG NBJRGYushXYi9dzFmCQhYFvMAaBwJHumH//1BNaQ= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 2/6] crypto: omap-aes-ctr - set blocksize to 1 Date: Sat, 26 Oct 2019 16:52:55 +0200 Message-Id: <20191026145259.16040-3-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org CTR is a streamcipher mode of AES, so set the blocksize accordingly. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 067f4cd7c005..33cba7a2d6df 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -747,7 +747,7 @@ static struct skcipher_alg algs_ctr[] = { .base.cra_flags = CRYPTO_ALG_KERN_DRIVER_ONLY | CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK, - .base.cra_blocksize = AES_BLOCK_SIZE, + .base.cra_blocksize = 1, .base.cra_ctxsize = sizeof(struct omap_aes_ctx), .base.cra_module = THIS_MODULE, From patchwork Sat Oct 26 14:52:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213537 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F26111951 for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C6D3E2070B for ; Sat, 26 Oct 2019 14:54:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101642; bh=SmDraQe5IZLOG+WLxMhmI/EhoYeINysU8csTg6xa8F4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=b1TOpKFyIeD4dreujw3+DBo/m4nfFe0ROExOHyh0GeZ8SsMNeil8NLr1MzqWecP8w UNdVBZS1Uei7+Xdzc2zRSDcF9cUOxRf8SQB6lmtfVoRGcsmvoG0dM0nsaO5jOezWr3 Bk1tGjo+QHh1Sfp3km0/5AeFyYEzi0NWDCVv+Hpw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726257AbfJZOxy (ORCPT ); Sat, 26 Oct 2019 10:53:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:37186 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOxy (ORCPT ); Sat, 26 Oct 2019 10:53:54 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ABDB92070B; Sat, 26 Oct 2019 14:53:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101634; bh=SmDraQe5IZLOG+WLxMhmI/EhoYeINysU8csTg6xa8F4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xcZ3QJDuPTu5jFBkBWRXTkOUoHLsDsflyjB+t4Tf2Pvx+x3kKyMX1HDiNdUudjAYx r1+vibniNvBkRxcUiHQYaNTOVhd2PnOI+UbF0IQ5WP10C/2xivvAOyzypFvf1qVggE fkjZyrqwzn7oenlDWxG+8onGKC5Aiyw/UMoB0ckU= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 3/6] crypto: omap-aes-gcm - deal with memory allocation failure Date: Sat, 26 Oct 2019 16:52:56 +0200 Message-Id: <20191026145259.16040-4-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org The OMAP gcm(aes) driver invokes omap_crypto_align_sg() without dealing with the errors it may return, resulting in a crash if the routine fails in a __get_free_pages(GFP_ATOMIC) call. So bail and return the error rather than limping on if one occurs. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes-gcm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c index dfd4d1cac421..05d2fe78b105 100644 --- a/drivers/crypto/omap-aes-gcm.c +++ b/drivers/crypto/omap-aes-gcm.c @@ -120,6 +120,8 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd, OMAP_CRYPTO_FORCE_SINGLE_ENTRY, FLAGS_ASSOC_DATA_ST_SHIFT, &dd->flags); + if (ret) + return ret; } if (cryptlen) { @@ -132,6 +134,8 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd, OMAP_CRYPTO_FORCE_SINGLE_ENTRY, FLAGS_IN_DATA_ST_SHIFT, &dd->flags); + if (ret) + return ret; } dd->in_sg = dd->in_sgl; From patchwork Sat Oct 26 14:52:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213539 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28C4F139A for ; Sat, 26 Oct 2019 14:54:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 06AAF2070B for ; Sat, 26 Oct 2019 14:54:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101643; bh=j38MFIQEBmGfRoLFXgH4RHB1dhx3cVtIlDkdUFYfEFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=x5fYbxBsG+gzwcTW/o9nUnm8kcHwW95w3xHsMOkUEP0CgzvsuK1ryUud/OQoKmgFO 6O7RmMVg4mPyLCY52PYIFt0k4vHJCrqxqqljCWOzlI86LR9lRX8sU6qnVk0bG6q3aN wpoaqDrqqD00cquV+XK/5N8DGEr/iInILYNiVSRg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726263AbfJZOx5 (ORCPT ); Sat, 26 Oct 2019 10:53:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:37202 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOx4 (ORCPT ); Sat, 26 Oct 2019 10:53:56 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B7675214DA; Sat, 26 Oct 2019 14:53:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101636; bh=j38MFIQEBmGfRoLFXgH4RHB1dhx3cVtIlDkdUFYfEFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f2nlrQLd3AXZWCOemwMdpaWBvIC8A3BLvhrdNTBwUFUQi4oXtklPKvn08J968usOU Ym6F1ddQwHPsZooC5YAJX1ZyQ7C0g58QxSYZUrlIhq1uSaS9/IyWLAUC2CIygG5U2O mq5aLysPjkEluGmNPFBwQGnrdOUZwcLFfzjVSGxc= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 4/6] crypto: omap-aes-gcm - add missing .setauthsize hooks Date: Sat, 26 Oct 2019 16:52:57 +0200 Message-Id: <20191026145259.16040-5-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org GCM only permits certain tag lengths, so populate the .setauthsize hooks which ensure that only permitted sizes are accepted by the implementation. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes-gcm.c | 11 +++++++++++ drivers/crypto/omap-aes.c | 2 ++ drivers/crypto/omap-aes.h | 3 +++ 3 files changed, 16 insertions(+) diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c index 05d2fe78b105..70398fbd669d 100644 --- a/drivers/crypto/omap-aes-gcm.c +++ b/drivers/crypto/omap-aes-gcm.c @@ -413,3 +413,14 @@ int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key, return 0; } + +int omap_aes_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) +{ + return crypto_gcm_check_authsize(authsize); +} + +int omap_aes_4106gcm_setauthsize(struct crypto_aead *parent, + unsigned int authsize) +{ + return crypto_rfc4106_check_authsize(authsize); +} diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 33cba7a2d6df..161af3bf667c 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -787,6 +787,7 @@ static struct aead_alg algs_aead_gcm[] = { .ivsize = GCM_AES_IV_SIZE, .maxauthsize = AES_BLOCK_SIZE, .setkey = omap_aes_gcm_setkey, + .setauthsize = omap_aes_gcm_setauthsize, .encrypt = omap_aes_gcm_encrypt, .decrypt = omap_aes_gcm_decrypt, }, @@ -807,6 +808,7 @@ static struct aead_alg algs_aead_gcm[] = { .maxauthsize = AES_BLOCK_SIZE, .ivsize = GCM_RFC4106_IV_SIZE, .setkey = omap_aes_4106gcm_setkey, + .setauthsize = omap_aes_4106gcm_setauthsize, .encrypt = omap_aes_4106gcm_encrypt, .decrypt = omap_aes_4106gcm_decrypt, }, diff --git a/drivers/crypto/omap-aes.h b/drivers/crypto/omap-aes.h index 2d3575231e31..1bcca7957e92 100644 --- a/drivers/crypto/omap-aes.h +++ b/drivers/crypto/omap-aes.h @@ -202,8 +202,11 @@ int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen); int omap_aes_gcm_encrypt(struct aead_request *req); int omap_aes_gcm_decrypt(struct aead_request *req); +int omap_aes_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize); int omap_aes_4106gcm_encrypt(struct aead_request *req); int omap_aes_4106gcm_decrypt(struct aead_request *req); +int omap_aes_4106gcm_setauthsize(struct crypto_aead *parent, + unsigned int authsize); int omap_aes_write_ctrl(struct omap_aes_dev *dd); int omap_aes_crypt_dma_start(struct omap_aes_dev *dd); int omap_aes_crypt_dma_stop(struct omap_aes_dev *dd); From patchwork Sat Oct 26 14:52:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213545 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BB1701747 for ; Sat, 26 Oct 2019 14:54:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8F6A32070B for ; Sat, 26 Oct 2019 14:54:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101643; bh=Tb61mM6yE+GYvbH8qeXuxuRPGbWwsEOBP0rD5F1PxWM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=BuEcTCx7Pod7LLedCcsPhP1QhXQywL9QCCBzwAE/FMJSkkXwJAqB3Djd24RTz2KMM gSRKC2wXSZdbjGr+bxfGKsY1tjky5qyhEJwyzb6Cxf7yPDDaYarMba3+Ph7vDfj1lI Ps1mNGc62NTZ0JfFA7G4yUjRijlxKLJqjYwRu40U= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726279AbfJZOx6 (ORCPT ); Sat, 26 Oct 2019 10:53:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:37222 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOx6 (ORCPT ); Sat, 26 Oct 2019 10:53:58 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 912602070B; Sat, 26 Oct 2019 14:53:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101638; bh=Tb61mM6yE+GYvbH8qeXuxuRPGbWwsEOBP0rD5F1PxWM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lvtLyLYRk5krgFpQodD8nCqvnp8WiiLCL+lQ8CTQBqbABmvkHX47UBkzSBq1y0ZDI GT6onIxdMQMAZY24SfSb2YeunzeV8wsg3nSPLFLYiFNpNSuocL0TUZS4n+EkDDuNFw qhL3qFZ8x6EGQ61iACeBd4/gkjJh0HtCpy0yeYfo= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 5/6] crypto: omap-aes-gcm - check length of assocdata in RFC4106 mode Date: Sat, 26 Oct 2019 16:52:58 +0200 Message-Id: <20191026145259.16040-6-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org RFC4106 requires the associated data to be a certain size, so reject inputs that are wrong. This also prevents crashes or other problems due to assoclen becoming negative after subtracting 8 bytes. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes-gcm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c index 70398fbd669d..1aabf9a72066 100644 --- a/drivers/crypto/omap-aes-gcm.c +++ b/drivers/crypto/omap-aes-gcm.c @@ -365,7 +365,8 @@ int omap_aes_4106gcm_encrypt(struct aead_request *req) memcpy(rctx->iv, ctx->nonce, 4); memcpy(rctx->iv + 4, req->iv, 8); - return omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM | + return crypto_ipsec_check_assoclen(req->assoclen) ?: + omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM | FLAGS_RFC4106_GCM); } @@ -376,7 +377,8 @@ int omap_aes_4106gcm_decrypt(struct aead_request *req) memcpy(rctx->iv, ctx->nonce, 4); memcpy(rctx->iv + 4, req->iv, 8); - return omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM); + return crypto_ipsec_check_assoclen(req->assoclen) ?: + omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM); } int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, From patchwork Sat Oct 26 14:52:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11213549 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C0941864 for ; Sat, 26 Oct 2019 14:54:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id EE00A2070B for ; Sat, 26 Oct 2019 14:54:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101644; bh=1MRF1Aj1s3isB0oz2bTjDJrnN0zOuvtcLnre6LxuGPI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=pmz3tThET08s0v9SRReqEF+qlVGrtChuVhq9o9dAc5J1jwGTHjRbWQwOqb+laS7B5 IJ3WA72DiS4BJnUO2q1mT7JAAy1lzsDkRi/y/P3SluziPUPQYrl6M5lxpgPdL3aQBE L2t7Jktgjb7/ix5ccowauPaVZLw162jA+dJyYpmY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726285AbfJZOyB (ORCPT ); Sat, 26 Oct 2019 10:54:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:37238 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726162AbfJZOyB (ORCPT ); Sat, 26 Oct 2019 10:54:01 -0400 Received: from e123331-lin.home (lfbn-mar-1-643-104.w90-118.abo.wanadoo.fr [90.118.215.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 65E2621871; Sat, 26 Oct 2019 14:53:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572101640; bh=1MRF1Aj1s3isB0oz2bTjDJrnN0zOuvtcLnre6LxuGPI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sqlYDUoF9DbFTaJszTGyQ4nfhPeGF4LSrVj2DEFc0iyOGyeQvM7yoA4phCknxEtJA Lw8+mqYjW8erKe2tvh5nCCI6gL6jfrsPGIr5t8J7+9aHxdZO270+U+h07cGjX/TQ3l uZOGkADDlmEZ6CIvCNSx7ojab1FNzrXYxYdlrtpw= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, Ard Biesheuvel , linux-omap@vger.kernel.org, Tero Kristo Subject: [PATCH 6/6] crypto: omap-aes-gcm - use the AES library to encrypt the tag Date: Sat, 26 Oct 2019 16:52:59 +0200 Message-Id: <20191026145259.16040-7-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191026145259.16040-1-ardb@kernel.org> References: <20191026145259.16040-1-ardb@kernel.org> Sender: linux-omap-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-omap@vger.kernel.org The OMAP AES-GCM implementation uses a fallback ecb(aes) skcipher to produce the keystream to encrypt the output tag. Let's use the new AES library instead - this is much simpler, and shouldn't affect performance given that it only involves a single block. Signed-off-by: Ard Biesheuvel --- drivers/crypto/omap-aes-gcm.c | 98 +++++--------------- drivers/crypto/omap-aes.c | 26 +----- drivers/crypto/omap-aes.h | 7 +- 3 files changed, 33 insertions(+), 98 deletions(-) diff --git a/drivers/crypto/omap-aes-gcm.c b/drivers/crypto/omap-aes-gcm.c index 1aabf9a72066..6da05149b195 100644 --- a/drivers/crypto/omap-aes-gcm.c +++ b/drivers/crypto/omap-aes-gcm.c @@ -167,62 +167,12 @@ static int omap_aes_gcm_copy_buffers(struct omap_aes_dev *dd, return 0; } -static void omap_aes_gcm_complete(struct crypto_async_request *req, int err) -{ - struct omap_aes_gcm_result *res = req->data; - - if (err == -EINPROGRESS) - return; - - res->err = err; - complete(&res->completion); -} - static int do_encrypt_iv(struct aead_request *req, u32 *tag, u32 *iv) { - struct scatterlist iv_sg, tag_sg; - struct skcipher_request *sk_req; - struct omap_aes_gcm_result result; - struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); - int ret = 0; - - sk_req = skcipher_request_alloc(ctx->ctr, GFP_KERNEL); - if (!sk_req) { - pr_err("skcipher: Failed to allocate request\n"); - return -ENOMEM; - } - - init_completion(&result.completion); - - sg_init_one(&iv_sg, iv, AES_BLOCK_SIZE); - sg_init_one(&tag_sg, tag, AES_BLOCK_SIZE); - skcipher_request_set_callback(sk_req, CRYPTO_TFM_REQ_MAY_BACKLOG, - omap_aes_gcm_complete, &result); - ret = crypto_skcipher_setkey(ctx->ctr, (u8 *)ctx->key, ctx->keylen); - skcipher_request_set_crypt(sk_req, &iv_sg, &tag_sg, AES_BLOCK_SIZE, - NULL); - ret = crypto_skcipher_encrypt(sk_req); - switch (ret) { - case 0: - break; - case -EINPROGRESS: - case -EBUSY: - ret = wait_for_completion_interruptible(&result.completion); - if (!ret) { - ret = result.err; - if (!ret) { - reinit_completion(&result.completion); - break; - } - } - /* fall through */ - default: - pr_err("Encryption of IV failed for GCM mode\n"); - break; - } + struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); - skcipher_request_free(sk_req); - return ret; + aes_encrypt(&ctx->actx, (u8 *)tag, (u8 *)iv); + return 0; } void omap_aes_gcm_dma_out_callback(void *data) @@ -252,7 +202,7 @@ void omap_aes_gcm_dma_out_callback(void *data) static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd, struct aead_request *req) { - struct omap_aes_ctx *ctx; + struct omap_aes_gcm_ctx *ctx; struct aead_request *backlog; struct omap_aes_reqctx *rctx; unsigned long flags; @@ -281,7 +231,7 @@ static int omap_aes_gcm_handle_queue(struct omap_aes_dev *dd, ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); rctx = aead_request_ctx(req); - dd->ctx = ctx; + dd->ctx = &ctx->octx; rctx->dd = dd; dd->aead_req = req; @@ -360,10 +310,10 @@ int omap_aes_gcm_decrypt(struct aead_request *req) int omap_aes_4106gcm_encrypt(struct aead_request *req) { - struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); + struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct omap_aes_reqctx *rctx = aead_request_ctx(req); - memcpy(rctx->iv, ctx->nonce, 4); + memcpy(rctx->iv, ctx->octx.nonce, 4); memcpy(rctx->iv + 4, req->iv, 8); return crypto_ipsec_check_assoclen(req->assoclen) ?: omap_aes_gcm_crypt(req, FLAGS_ENCRYPT | FLAGS_GCM | @@ -372,10 +322,10 @@ int omap_aes_4106gcm_encrypt(struct aead_request *req) int omap_aes_4106gcm_decrypt(struct aead_request *req) { - struct omap_aes_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); + struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); struct omap_aes_reqctx *rctx = aead_request_ctx(req); - memcpy(rctx->iv, ctx->nonce, 4); + memcpy(rctx->iv, ctx->octx.nonce, 4); memcpy(rctx->iv + 4, req->iv, 8); return crypto_ipsec_check_assoclen(req->assoclen) ?: omap_aes_gcm_crypt(req, FLAGS_GCM | FLAGS_RFC4106_GCM); @@ -384,14 +334,15 @@ int omap_aes_4106gcm_decrypt(struct aead_request *req) int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) { - struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm); + struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm); + int ret; - if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 && - keylen != AES_KEYSIZE_256) - return -EINVAL; + ret = aes_expandkey(&ctx->actx, key, keylen); + if (ret) + return ret; - memcpy(ctx->key, key, keylen); - ctx->keylen = keylen; + memcpy(ctx->octx.key, key, keylen); + ctx->octx.keylen = keylen; return 0; } @@ -399,19 +350,20 @@ int omap_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, int omap_aes_4106gcm_setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) { - struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm); + struct omap_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm); + int ret; if (keylen < 4) return -EINVAL; - keylen -= 4; - if (keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_192 && - keylen != AES_KEYSIZE_256) - return -EINVAL; - memcpy(ctx->key, key, keylen); - memcpy(ctx->nonce, key + keylen, 4); - ctx->keylen = keylen; + ret = aes_expandkey(&ctx->actx, key, keylen); + if (ret) + return ret; + + memcpy(ctx->octx.key, key, keylen); + memcpy(ctx->octx.nonce, key + keylen, 4); + ctx->octx.keylen = keylen; return 0; } diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 161af3bf667c..d63ab370030e 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c @@ -645,7 +645,6 @@ static int omap_aes_init_tfm(struct crypto_skcipher *tfm) static int omap_aes_gcm_cra_init(struct crypto_aead *tfm) { struct omap_aes_dev *dd = NULL; - struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm); int err; /* Find AES device, currently picks the first device */ @@ -663,12 +662,6 @@ static int omap_aes_gcm_cra_init(struct crypto_aead *tfm) } tfm->reqsize = sizeof(struct omap_aes_reqctx); - ctx->ctr = crypto_alloc_skcipher("ecb(aes)", 0, 0); - if (IS_ERR(ctx->ctr)) { - pr_warn("could not load aes driver for encrypting IV\n"); - return PTR_ERR(ctx->ctr); - } - return 0; } @@ -682,19 +675,6 @@ static void omap_aes_exit_tfm(struct crypto_skcipher *tfm) ctx->fallback = NULL; } -static void omap_aes_gcm_cra_exit(struct crypto_aead *tfm) -{ - struct omap_aes_ctx *ctx = crypto_aead_ctx(tfm); - - if (ctx->fallback) - crypto_free_sync_skcipher(ctx->fallback); - - ctx->fallback = NULL; - - if (ctx->ctr) - crypto_free_skcipher(ctx->ctr); -} - /* ********************** ALGS ************************************ */ static struct skcipher_alg algs_ecb_cbc[] = { @@ -778,12 +758,11 @@ static struct aead_alg algs_aead_gcm[] = { .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY, .cra_blocksize = 1, - .cra_ctxsize = sizeof(struct omap_aes_ctx), + .cra_ctxsize = sizeof(struct omap_aes_gcm_ctx), .cra_alignmask = 0xf, .cra_module = THIS_MODULE, }, .init = omap_aes_gcm_cra_init, - .exit = omap_aes_gcm_cra_exit, .ivsize = GCM_AES_IV_SIZE, .maxauthsize = AES_BLOCK_SIZE, .setkey = omap_aes_gcm_setkey, @@ -799,12 +778,11 @@ static struct aead_alg algs_aead_gcm[] = { .cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY, .cra_blocksize = 1, - .cra_ctxsize = sizeof(struct omap_aes_ctx), + .cra_ctxsize = sizeof(struct omap_aes_gcm_ctx), .cra_alignmask = 0xf, .cra_module = THIS_MODULE, }, .init = omap_aes_gcm_cra_init, - .exit = omap_aes_gcm_cra_exit, .maxauthsize = AES_BLOCK_SIZE, .ivsize = GCM_RFC4106_IV_SIZE, .setkey = omap_aes_4106gcm_setkey, diff --git a/drivers/crypto/omap-aes.h b/drivers/crypto/omap-aes.h index 1bcca7957e92..b0d7c7d08d46 100644 --- a/drivers/crypto/omap-aes.h +++ b/drivers/crypto/omap-aes.h @@ -9,6 +9,7 @@ #ifndef __OMAP_AES_H__ #define __OMAP_AES_H__ +#include #include #define DST_MAXBURST 4 @@ -98,7 +99,11 @@ struct omap_aes_ctx { u32 key[AES_KEYSIZE_256 / sizeof(u32)]; u8 nonce[4]; struct crypto_sync_skcipher *fallback; - struct crypto_skcipher *ctr; +}; + +struct omap_aes_gcm_ctx { + struct omap_aes_ctx octx; + struct crypto_aes_ctx actx; }; struct omap_aes_reqctx {