From patchwork Sat Feb 11 19:25:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93826 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp429759qgi; Sat, 11 Feb 2017 11:25:37 -0800 (PST) X-Received: by 10.99.175.16 with SMTP id w16mr17989394pge.32.1486841137502; Sat, 11 Feb 2017 11:25:37 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y17si5207802pgi.179.2017.02.11.11.25.37; Sat, 11 Feb 2017 11:25:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750946AbdBKTZf (ORCPT + 1 other); Sat, 11 Feb 2017 14:25:35 -0500 Received: from mail-wm0-f44.google.com ([74.125.82.44]:35302 "EHLO mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750779AbdBKTZe (ORCPT ); Sat, 11 Feb 2017 14:25:34 -0500 Received: by mail-wm0-f44.google.com with SMTP id v186so133295998wmd.0 for ; Sat, 11 Feb 2017 11:25:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=dnMBL1xmJ+2WaPotT2v6gIJOe2En58gNXbflYxv8wjs=; b=fj4VY70P3UjPAflLDI09cfq8pUHppBZyn/8Luc10Q1bJje/UYGDjamNfEzNFT1oJbW i+fXb2qFuG+fT4TSrn9lYZDx6i1QZkqDAFrd4g3RJt7/i5pmclDktM0sIFSqPtmOQ1PZ Bmpc0P2TrZ3nM4ilwjdQsYv+nG4n6/3ETmG3E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=dnMBL1xmJ+2WaPotT2v6gIJOe2En58gNXbflYxv8wjs=; b=EqvMgFsyPnEwUiisXH5+xwUFwSvgAOHDXxREnF5XRhS1unh6/6Jy2bRP4N75i9S9DT NDjsSO1pDxkfnkje0YYmT0sH3uKwTdvUK32UNquKE4RsiIp3VpAj/Nanz3yhE5veOgbH yG5TXgSDmJo9dt86TgQ4AFT7mMD4wCdmWCbodjBW2tL2W4Fc6IGRnOPJs68lXV0LT03n xl0wvtLl6mN/fnkJD46Dtwu1sR0U2Ly0gKa0JyVwwdx1X7Tjge33d3Z3/bWQ4u0eJtQb 7+WWt1zwfbSsFa4iFWngZZ/ENyFKoJPAeBKfzX8trENwA+0XuuWONqtOX9Wp4bflFf0f Wzrg== X-Gm-Message-State: AMke39kujCM5Gs+98GLtKK36AUe5qQR/WxIyBjBhDUFWs7bIKscRruYH7FHuyLj9HeBJMKA0 X-Received: by 10.28.5.70 with SMTP id 67mr31104287wmf.32.1486841133125; Sat, 11 Feb 2017 11:25:33 -0800 (PST) Received: from localhost.localdomain ([197.131.131.89]) by smtp.gmail.com with ESMTPSA id k142sm4498288wmg.31.2017.02.11.11.25.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 11 Feb 2017 11:25:32 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au Cc: Ard Biesheuvel Subject: [PATCH 1/2] crypto: ccm - honour alignmask of subordinate MAC cipher Date: Sat, 11 Feb 2017 19:25:21 +0000 Message-Id: <1486841122-1686-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The CCM driver was recently updated to defer the MAC part of the algorithm to a dedicated crypto transform, and a template for instantiating such transforms was added at the same time. However, this new cbcmac template fails to take the alignmask of the encapsulated cipher into account, which may result in buffer addresses being passed down that are not sufficiently aligned. So update the code to ensure that the digest buffer in the desc ctx appears at a sufficiently aligned offset, and tweak the code so that all calls to crypto_cipher_encrypt_one() operate on this buffer exclusively. Signed-off-by: Ard Biesheuvel --- crypto/ccm.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) -- 2.7.4 diff --git a/crypto/ccm.c b/crypto/ccm.c index 52e307807ff6..24c26ab052ca 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -58,7 +58,6 @@ struct cbcmac_tfm_ctx { struct cbcmac_desc_ctx { unsigned int len; - u8 dg[]; }; static inline struct crypto_ccm_req_priv_ctx *crypto_ccm_reqctx( @@ -868,9 +867,10 @@ static int crypto_cbcmac_digest_init(struct shash_desc *pdesc) { struct cbcmac_desc_ctx *ctx = shash_desc_ctx(pdesc); int bs = crypto_shash_digestsize(pdesc->tfm); + u8 *dg = (u8 *)ctx + crypto_shash_descsize(pdesc->tfm) - bs; ctx->len = 0; - memset(ctx->dg, 0, bs); + memset(dg, 0, bs); return 0; } @@ -883,17 +883,18 @@ static int crypto_cbcmac_digest_update(struct shash_desc *pdesc, const u8 *p, struct cbcmac_desc_ctx *ctx = shash_desc_ctx(pdesc); struct crypto_cipher *tfm = tctx->child; int bs = crypto_shash_digestsize(parent); + u8 *dg = (u8 *)ctx + crypto_shash_descsize(parent) - bs; while (len > 0) { unsigned int l = min(len, bs - ctx->len); - crypto_xor(ctx->dg + ctx->len, p, l); + crypto_xor(dg + ctx->len, p, l); ctx->len +=l; len -= l; p += l; if (ctx->len == bs) { - crypto_cipher_encrypt_one(tfm, ctx->dg, ctx->dg); + crypto_cipher_encrypt_one(tfm, dg, dg); ctx->len = 0; } } @@ -908,12 +909,12 @@ static int crypto_cbcmac_digest_final(struct shash_desc *pdesc, u8 *out) struct cbcmac_desc_ctx *ctx = shash_desc_ctx(pdesc); struct crypto_cipher *tfm = tctx->child; int bs = crypto_shash_digestsize(parent); + u8 *dg = (u8 *)ctx + crypto_shash_descsize(parent) - bs; if (ctx->len) - crypto_cipher_encrypt_one(tfm, out, ctx->dg); - else - memcpy(out, ctx->dg, bs); + crypto_cipher_encrypt_one(tfm, dg, dg); + memcpy(out, dg, bs); return 0; } @@ -969,7 +970,8 @@ static int cbcmac_create(struct crypto_template *tmpl, struct rtattr **tb) inst->alg.base.cra_blocksize = 1; inst->alg.digestsize = alg->cra_blocksize; - inst->alg.descsize = sizeof(struct cbcmac_desc_ctx) + + inst->alg.descsize = ALIGN(sizeof(struct cbcmac_desc_ctx), + alg->cra_alignmask + 1) + alg->cra_blocksize; inst->alg.base.cra_ctxsize = sizeof(struct cbcmac_tfm_ctx);