From patchwork Mon Aug 14 13:28:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 109996 Delivered-To: patch@linaro.org Received: by 10.140.95.78 with SMTP id h72csp4334454qge; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) X-Received: by 10.84.198.129 with SMTP id p1mr27648109pld.120.1502717312018; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1502717312; cv=none; d=google.com; s=arc-20160816; b=zJaWiYWqjY13KOgrK/7THwOC2Sb8Fqc2mnLjSyt1HE7Yc71wj9ikcf9RTvntnZi9rP BwofuXOxRSCa3TrbYIJE5XLPEGlf13q1vHb7CIleTQ7SVgKSBkUG5lGPooo9ZmuIMKkp mXyB/sLbyOrQnQH7TPt1Y/XwH9JK9GDNRXMEnJK5W27V80/aoxOGIkgG9ORDm4i4PSNX YbhvOIFvXxQoE1T8tIHLqJ6BhYG2mRIPebT5BVVqYjIFoOAeUoRxFg29VL+ZHhEXy49F dbj+LEbibmwsDsCofkmiQ1MFpvqqikZi9mqd+/F3UfCX9dJ1EcQ4XC3eA9m47tpg2a6A EEoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=BOY3WxDnlms7RQU8dyHv+YuH5nijCrghd9zKwJefTCwn4ub0sRNwTLZKMo8vmrhjNy CHLsJctegfKbtzyPrSrTaCIA/mJW97978o18180yeYmFnetCuT4NVPfo6lgpHkOd3yZI 4ENvuaxhtpmh4hJiJKUiOIlRtOUDxhINXW3ZkVLDqDrx68R8nXFmtRXFdzAr3mCHn6Yq GigjMXctRb03GU8mG6hKPU0AnQ6xCBO39+0A+Uv8z2QJX+N3mTa5hyMgzJnb/M8cd0KW Zs7UYxH7aj98zxNLMSPUU+Z4hAQCw87GrUGr9h4G0RJEm9qgNqln7QjfIA5gsiFtECOV 4Ndw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HL7ocr0Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a124si4080953pgc.796.2017.08.14.06.28.31; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HL7ocr0Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752038AbdHNN2b (ORCPT + 1 other); Mon, 14 Aug 2017 09:28:31 -0400 Received: from mail-wm0-f54.google.com ([74.125.82.54]:38426 "EHLO mail-wm0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752026AbdHNN2a (ORCPT ); Mon, 14 Aug 2017 09:28:30 -0400 Received: by mail-wm0-f54.google.com with SMTP id f15so43779885wmg.1 for ; Mon, 14 Aug 2017 06:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=HL7ocr0ZmqTi4RHpo6BWE8MZEQ3gX2ORj2mAouXihbkJn7yjoe70QsdnDk0dkH7MDV 5CrLpRrfAVMpKl5KicvbZh4aWmk939xfeNqfMOBFj9n7Upq9IK5miP8Xzo9LqjAFqU0+ iu1vBxfeyQ3Q6//esgQkB/k5MyyUCWQhEs570= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=X7kdQCLON157qw+qnv+27yCMThFy/+tvSJh0UsqIPkFJ4EO3LI8hOPskSY09zeGwIJ uT+4wMWG4sVihTlw3k5/ukDDU99ldU9x8x3KSki3go8lvS67mz3r47EjDj1PGCGFUdIK BqXPnHNEDdJegD7JjMZPa2IUA6vyKi9Y8nE6sKS2sMg4Dy/BJGG/c2naAqzqt5VkSbVv 3R+lik7Ari8b7D6KsNVSu3f/45lqNBd2sw7nUwOF35v+kBypTvVkHTDgtwQm/KxX481y 10/jEie7eAxc9WfUZStYxVK1HC2bxBmUd3/UttdqOL5eOQeCTffgEgEMh9DoHc0K0vnx nfYg== X-Gm-Message-State: AHYfb5i7QjMM3cY7R10l1vG/1AE36VgWC5M93MAvCwX+rDGnevl7OWTD diPXnLl/SOrug3pBGUC2rQ== X-Received: by 10.28.54.202 with SMTP id y71mr4849369wmh.106.1502717309024; Mon, 14 Aug 2017 06:28:29 -0700 (PDT) Received: from localhost.localdomain ([154.146.161.128]) by smtp.gmail.com with ESMTPSA id s8sm4902677wmf.1.2017.08.14.06.28.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Aug 2017 06:28:28 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, steffen.klassert@secunet.com, tobias@strongswan.org, martin@strongswan.org, Ard Biesheuvel Subject: [PATCH 1/2] crypto/chacha20: fix handling of chunked input Date: Mon, 14 Aug 2017 14:28:14 +0100 Message-Id: <20170814132815.24524-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Commit 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 versions to skcipher") ported the existing chacha20 code to use the new skcipher API, and introduced a bug along the way. Unfortunately, the tcrypt tests did not catch the error, and it was only found recently by Tobias. Stefan kindly diagnosed the error, and proposed a fix which is similar to the one below, with the exception that 'walk.stride' is used rather than the hardcoded block size. This does not actually matter in this case, but it's a better example of how to use the skcipher walk API. Fixes: 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 ...") Cc: # v4.11+ Cc: Steffen Klassert Reported-by: Tobias Brunner Signed-off-by: Ard Biesheuvel --- crypto/chacha20_generic.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/crypto/chacha20_generic.c b/crypto/chacha20_generic.c index 8b3c04d625c3..4a45fa4890c0 100644 --- a/crypto/chacha20_generic.c +++ b/crypto/chacha20_generic.c @@ -91,9 +91,14 @@ int crypto_chacha20_crypt(struct skcipher_request *req) crypto_chacha20_init(state, ctx, walk.iv); while (walk.nbytes > 0) { + unsigned int nbytes = walk.nbytes; + + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); + chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr, - walk.nbytes); - err = skcipher_walk_done(&walk, 0); + nbytes); + err = skcipher_walk_done(&walk, walk.nbytes - nbytes); } return err; From patchwork Mon Aug 14 13:28:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 109997 Delivered-To: patch@linaro.org Received: by 10.140.95.78 with SMTP id h72csp4334494qge; Mon, 14 Aug 2017 06:28:34 -0700 (PDT) X-Received: by 10.84.128.9 with SMTP id 9mr26958603pla.98.1502717314771; Mon, 14 Aug 2017 06:28:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1502717314; cv=none; d=google.com; s=arc-20160816; b=LgF8lavXYA0tfsnhf/z/EyNQ2XqQXX0FuBnIBo+xzpu7cyT+4p61XIbIpXlqqlGKVa T0O+81CoeSZVokh2cxSYO8GkzeuwaMRcrI91a6iPlcdtdOV4uaBJyeQuieS3SwEQcWf2 4ciFioW3TOfJ39v/DCXOYdpXC7Wolc4F7rIYfLGMNb2od50zF+QktQz4ThHwmCK2JSrQ 9qnmZQi/NvY07Nv0tXPog7WtHYSAVUxShAcxuFX5vTDVJQAkJ/iZ5EQVBrI2sUePYwmz 7TRpKP+updFEQQQ9uncHoDIIbor+0ua9zI/fgyGbvY2MbOpg/0PdjpmhubWo0UoG7oD9 GKdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=4ZHDtMwj8Pp/Qe/gAtVrom2RFtPJx4jqH5vth/cTyJs=; b=EexFwxL0eq56xR4m0WKLV/nK/J5DIu3AXeij4aZl6kC1ymS6E4N3EvFZUCVH2WQdd7 y6g7MNMAy4GpZ5qxetjkkEJwkG1dSkN0TxpTBUN4tk9ItKgboSa08NELVpFMv0/g6aCM vTgjxScbPWO5pPVTBD2u+9dNW8qbur4i/U3LeE2zucDKIHnvcqeDjYAeJV3kOsku4nax N43gnDkXsOsM/gBupVM9mQud31fWVYU04FNlWysc/cS96mdmC119fUj/D3VzutRjIXl5 qxEdYm6x7RRXwX/DKfSOprQp5HESH/AOTzk4CysrE0c9VO9Bf0bHnuzNd+m05XWJEoH5 zDYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=e2MyLIJl; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a124si4080953pgc.796.2017.08.14.06.28.34; Mon, 14 Aug 2017 06:28:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=e2MyLIJl; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752060AbdHNN2d (ORCPT + 1 other); Mon, 14 Aug 2017 09:28:33 -0400 Received: from mail-wr0-f175.google.com ([209.85.128.175]:33436 "EHLO mail-wr0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752026AbdHNN2d (ORCPT ); Mon, 14 Aug 2017 09:28:33 -0400 Received: by mail-wr0-f175.google.com with SMTP id b65so9849106wrd.0 for ; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4ZHDtMwj8Pp/Qe/gAtVrom2RFtPJx4jqH5vth/cTyJs=; b=e2MyLIJllDMSLneTjsZpgmAzXIo05+34SK4zhKqAnvIy6Kn6KF70xKEOFtbkCiMtLF BABzMAat0uh6UxkiVgaRT2+pTp7Ly25ayvOu3C/O2gih2Te8wQL2VJfMXUYjwhJn2PFr Nap99Kc/WCxpP31qhPhLEsN3glJrJTe/D36ps= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4ZHDtMwj8Pp/Qe/gAtVrom2RFtPJx4jqH5vth/cTyJs=; b=B9iSP01xYPu3OwZH5yBmaRTqKei7BttwRBGzheONTK9lWdXjPZCaX9j+tx+LazwRgP HBQD8wWV8HabGi+YIy4nl6MX15SATy2IA+Ga4er39Oa5sQNrzSvkVig/VTp83MZdpL7m AV+UQUMczz8DZ647/uSW8t+OBMIGjkjm2cFk/kvRKJJ/YiZ8Z5soEyXvUq4BmGULBblI vbqyoOBLTQgtbdMpMPmruO3/TLGNVNf6sWZ74lDL3ZSeRbg8rn/1cn0NBlzWbDoDnX5Y KX0mlf4zt5ALu3KO8gjpk7fiVpTBC86ezdeezkSKCYK0HjHs1wqo95RGOFUtLoOqUuEu kLuw== X-Gm-Message-State: AHYfb5ipYy14FQOF08XaoC1Tk5H7j1iKpPZlIxPToza9tEcQeaaJsUaN MxvgjbKdUUPty4Cm3G9qgA== X-Received: by 10.223.145.163 with SMTP id 32mr18765461wri.224.1502717311951; Mon, 14 Aug 2017 06:28:31 -0700 (PDT) Received: from localhost.localdomain ([154.146.161.128]) by smtp.gmail.com with ESMTPSA id s8sm4902677wmf.1.2017.08.14.06.28.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Aug 2017 06:28:30 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, steffen.klassert@secunet.com, tobias@strongswan.org, martin@strongswan.org, Ard Biesheuvel Subject: [PATCH 2/2] crypto: testmgr - add chunked test cases for chacha20 Date: Mon, 14 Aug 2017 14:28:15 +0100 Message-Id: <20170814132815.24524-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170814132815.24524-1-ard.biesheuvel@linaro.org> References: <20170814132815.24524-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org We failed to catch a bug in the chacha20 code after porting it to the skcipher API. We would have caught it if any chunked tests had been defined, so define some now so we will catch future regressions. Signed-off-by: Ard Biesheuvel --- crypto/testmgr.h | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.11.0 diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 6ceb0e2758bb..d54971d2d1c8 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -32675,6 +32675,10 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\x5b\x86\x2f\x37\x30\xe3\x7c\xfd" "\xc4\xfd\x80\x6c\x22\xf2\x21", .rlen = 375, + .also_non_np = 1, + .np = 3, + .tap = { 375 - 20, 4, 16 }, + }, { /* RFC7539 A.2. Test Vector #3 */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" @@ -33049,6 +33053,9 @@ static const struct cipher_testvec chacha20_enc_tv_template[] = { "\xa1\xed\xad\xd5\x76\xfa\x24\x8f" "\x98", .rlen = 1281, + .also_non_np = 1, + .np = 3, + .tap = { 1200, 1, 80 }, }, };