From patchwork Wed Dec 11 15:06:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 181283 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp715360ile; Wed, 11 Dec 2019 07:55:56 -0800 (PST) X-Google-Smtp-Source: APXvYqxAQb9MP6Cp7KBfW65I8NeLwy0/GS5FD5hM4eX15TSsrfnbau6+UJxLETehRJSExLbA2oNt X-Received: by 2002:aca:cf58:: with SMTP id f85mr3411140oig.6.1576079756147; Wed, 11 Dec 2019 07:55:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079756; cv=none; d=google.com; s=arc-20160816; b=Sca34yr6oKwDWwIDy15u+UB2jgfSwlKSU+FasERr3hrbmaEjd3z0Q1d5za9r5ZKbea 2Ve2uMIhZSK0sh8J2EYZ3tX0Z58jtoYAzePZfNXgBdRhEeS6psC4s2XKESpDepJIISrj agnez7o+uMrn6FmL8F8Sf+4uPjBKcOOEZbavSrAQil/x/FmZBhvF+DLlFvKRWvkSnqGM +7a8xVbL1jiOHjr0+Yhvsw/Z8JvC3dj1a5uZjI/FGipBMeiUWKGP0zLkTcbqqZRdXhwb xTyMmdbgy5kCl4+GnFPYIQ0UOuYdBTwn90HcIN9FlPNx3P2H7twXkwWH/BpH9OZWeBNf kHhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=J5avmDOizACNmofqYuRE17p3bdRhlNoj/rXPF0Yd520=; b=BSYmPYfqQitlwfc6rUxGQlqZwk7FvA+RVRhziQlNMSHOMWqn4LnS8IQvcO5+NW1dPl YtVbU7YrRQQGwq7CwmktBhOkM+bnumnfGMuUmPmbxBSdp6BdR5Mj15MMc3s2CbnwAl9S Lf8fdoLahBa2Cg8RP9OkJxcB9VR0Y8OPvcYdUHzQx0yWI8ljmHPhL/KOMY8Z8/dgV/Uc 3XtXifuCFa/gs6Pv0CE17kIDBhcvXDvSFVUUED9g798ANAIwO2fMn1LmTwS9bzvdI0LB cKBER1LrG7al1tVRkhqAMUGA/wRP6MbA8HkZPtMxMsCbPb5yMRLhUEY1i4QpVUexYt6b LeLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=anJhU2U8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f189si1471926oib.268.2019.12.11.07.55.55; Wed, 11 Dec 2019 07:55:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=anJhU2U8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732426AbfLKPzy (ORCPT + 27 others); Wed, 11 Dec 2019 10:55:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:42098 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731574AbfLKPPk (ORCPT ); Wed, 11 Dec 2019 10:15:40 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 05AFD20663; Wed, 11 Dec 2019 15:15:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1576077339; bh=KMskS2d1qc91r8quykui3HyZFlFhTsVOYc2Ir+Blyro=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=anJhU2U8xL/Y0myzj6KDQCXlzLEW7Iyzh+DORgCbPBIsThOTPGsvG/SzgBVIpnEsX ZBZ/U+FEzQfQxoJzvVFE89jFqZn8DJGEX3DouH7EbiuMaWCR1C+JA31Le1Z/j9M9lm +bsyy+wvOVbuv6AUSk2LJPTjmhTUSE8+zkGlgqmw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ard Biesheuvel , Florian Bezdeka , Herbert Xu Subject: [PATCH 5.3 088/105] crypto: geode-aes - switch to skcipher for cbc(aes) fallback Date: Wed, 11 Dec 2019 16:06:17 +0100 Message-Id: <20191211150300.172484322@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191211150221.153659747@linuxfoundation.org> References: <20191211150221.153659747@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ard Biesheuvel commit 504582e8e40b90b8f8c58783e2d1e4f6a2b71a3a upstream. Commit 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") updated the generic CBC template wrapper from a blkcipher to a skcipher algo, to get away from the deprecated blkcipher interface. However, as a side effect, drivers that instantiate CBC transforms using the blkcipher as a fallback no longer work, since skciphers can wrap blkciphers but not the other way around. This broke the geode-aes driver. So let's fix it by moving to the sync skcipher interface when allocating the fallback. At the same time, align with the generic API for ECB and CBC by rejecting inputs that are not a multiple of the AES block size. Fixes: 79c65d179a40e145 ("crypto: cbc - Convert to skcipher") Cc: # v4.20+ ONLY Signed-off-by: Ard Biesheuvel Signed-off-by: Florian Bezdeka Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/geode-aes.c | 57 ++++++++++++++++++++++++++------------------- drivers/crypto/geode-aes.h | 2 - 2 files changed, 34 insertions(+), 25 deletions(-) --- a/drivers/crypto/geode-aes.c +++ b/drivers/crypto/geode-aes.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -166,13 +167,15 @@ static int geode_setkey_blk(struct crypt /* * The requested key size is not supported by HW, do a fallback */ - op->fallback.blk->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; - op->fallback.blk->base.crt_flags |= (tfm->crt_flags & CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_clear_flags(op->fallback.blk, CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_set_flags(op->fallback.blk, + tfm->crt_flags & CRYPTO_TFM_REQ_MASK); - ret = crypto_blkcipher_setkey(op->fallback.blk, key, len); + ret = crypto_sync_skcipher_setkey(op->fallback.blk, key, len); if (ret) { tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; - tfm->crt_flags |= (op->fallback.blk->base.crt_flags & CRYPTO_TFM_RES_MASK); + tfm->crt_flags |= crypto_sync_skcipher_get_flags(op->fallback.blk) & + CRYPTO_TFM_RES_MASK; } return ret; } @@ -181,33 +184,28 @@ static int fallback_blk_dec(struct blkci struct scatterlist *dst, struct scatterlist *src, unsigned int nbytes) { - unsigned int ret; - struct crypto_blkcipher *tfm; struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk); - tfm = desc->tfm; - desc->tfm = op->fallback.blk; - - ret = crypto_blkcipher_decrypt_iv(desc, dst, src, nbytes); + skcipher_request_set_sync_tfm(req, op->fallback.blk); + skcipher_request_set_callback(req, 0, NULL, NULL); + skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); - desc->tfm = tfm; - return ret; + return crypto_skcipher_decrypt(req); } + static int fallback_blk_enc(struct blkcipher_desc *desc, struct scatterlist *dst, struct scatterlist *src, unsigned int nbytes) { - unsigned int ret; - struct crypto_blkcipher *tfm; struct geode_aes_op *op = crypto_blkcipher_ctx(desc->tfm); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, op->fallback.blk); - tfm = desc->tfm; - desc->tfm = op->fallback.blk; - - ret = crypto_blkcipher_encrypt_iv(desc, dst, src, nbytes); + skcipher_request_set_sync_tfm(req, op->fallback.blk); + skcipher_request_set_callback(req, 0, NULL, NULL); + skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); - desc->tfm = tfm; - return ret; + return crypto_skcipher_encrypt(req); } static void @@ -307,6 +305,9 @@ geode_cbc_decrypt(struct blkcipher_desc struct blkcipher_walk walk; int err, ret; + if (nbytes % AES_BLOCK_SIZE) + return -EINVAL; + if (unlikely(op->keylen != AES_KEYSIZE_128)) return fallback_blk_dec(desc, dst, src, nbytes); @@ -339,6 +340,9 @@ geode_cbc_encrypt(struct blkcipher_desc struct blkcipher_walk walk; int err, ret; + if (nbytes % AES_BLOCK_SIZE) + return -EINVAL; + if (unlikely(op->keylen != AES_KEYSIZE_128)) return fallback_blk_enc(desc, dst, src, nbytes); @@ -366,9 +370,8 @@ static int fallback_init_blk(struct cryp const char *name = crypto_tfm_alg_name(tfm); struct geode_aes_op *op = crypto_tfm_ctx(tfm); - op->fallback.blk = crypto_alloc_blkcipher(name, 0, - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); - + op->fallback.blk = crypto_alloc_sync_skcipher(name, 0, + CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(op->fallback.blk)) { printk(KERN_ERR "Error allocating fallback algo %s\n", name); return PTR_ERR(op->fallback.blk); @@ -381,7 +384,7 @@ static void fallback_exit_blk(struct cry { struct geode_aes_op *op = crypto_tfm_ctx(tfm); - crypto_free_blkcipher(op->fallback.blk); + crypto_free_sync_skcipher(op->fallback.blk); op->fallback.blk = NULL; } @@ -420,6 +423,9 @@ geode_ecb_decrypt(struct blkcipher_desc struct blkcipher_walk walk; int err, ret; + if (nbytes % AES_BLOCK_SIZE) + return -EINVAL; + if (unlikely(op->keylen != AES_KEYSIZE_128)) return fallback_blk_dec(desc, dst, src, nbytes); @@ -450,6 +456,9 @@ geode_ecb_encrypt(struct blkcipher_desc struct blkcipher_walk walk; int err, ret; + if (nbytes % AES_BLOCK_SIZE) + return -EINVAL; + if (unlikely(op->keylen != AES_KEYSIZE_128)) return fallback_blk_enc(desc, dst, src, nbytes); --- a/drivers/crypto/geode-aes.h +++ b/drivers/crypto/geode-aes.h @@ -60,7 +60,7 @@ struct geode_aes_op { u8 *iv; union { - struct crypto_blkcipher *blk; + struct crypto_sync_skcipher *blk; struct crypto_cipher *cip; } fallback; u32 keylen;