target/linux/apm821xx/patches-4.14/023-0015-crypto-crypto4xx-block-ciphers-should-only-accept-co.patch

   1 From 0f7a81374060828280fcfdfbaa162cb559017f9f Mon Sep 17 00:00:00 2001
   2 From: Christian Lamparter <chunkeey@gmail.com>
   3 Date: Sat, 18 May 2019 23:28:12 +0200
   4 Subject: [PATCH 15/15] crypto: crypto4xx - block ciphers should only accept
   5  complete blocks
   6
   7 The hardware automatically zero pads incomplete block ciphers
   8 blocks without raising any errors. This is a screw-up. This
   9 was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that
  10 sent a incomplete blocks and expect them to fail.
  11
  12 This fixes:
  13 cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector
  14 "random: len=2409 klen=32"; expected_error=-22, cfg="random:
  15 may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066,
  16 0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767]
  17 iv_offset=6"
  18
  19 ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector
  20 "random: len=1011 klen=32"; expected_error=-22, cfg="random:
  21 may_sleep use_digest src_divs=[100.0%@alignmask+20]
  22 dst_divs=[3.12%@+3001, 96.88%@+4070]"
  23
  24 Cc: Eric Biggers <ebiggers@kernel.org>
  25 Cc: stable@vger.kernel.org [4.19, 5.0 and 5.1]
  26 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  27 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  28 ---
  29  drivers/crypto/amcc/crypto4xx_alg.c  | 36 +++++++++++++++++++---------
  30  drivers/crypto/amcc/crypto4xx_core.c | 16 ++++++-------
  31  drivers/crypto/amcc/crypto4xx_core.h | 10 ++++----
  32  3 files changed, 39 insertions(+), 23 deletions(-)
  33
  34 --- a/drivers/crypto/amcc/crypto4xx_alg.c
  35 +++ b/drivers/crypto/amcc/crypto4xx_alg.c
  36 @@ -76,12 +76,16 @@ static void set_dynamic_sa_command_1(str
  37  }
  38
  39  static inline int crypto4xx_crypt(struct skcipher_request *req,
  40 -                                 const unsigned int ivlen, bool decrypt)
  41 +                                 const unsigned int ivlen, bool decrypt,
  42 +                                 bool check_blocksize)
  43  {
  44         struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
  45         struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
  46         __le32 iv[AES_IV_SIZE];
  47
  48 +       if (check_blocksize && !IS_ALIGNED(req->cryptlen, AES_BLOCK_SIZE))
  49 +               return -EINVAL;
  50 +
  51         if (ivlen)
  52                 crypto4xx_memcpy_to_le32(iv, req->iv, ivlen);
  53
  54 @@ -90,24 +94,34 @@ static inline int crypto4xx_crypt(struct
  55                 ctx->sa_len, 0, NULL);
  56  }
  57
  58 -int crypto4xx_encrypt_noiv(struct skcipher_request *req)
  59 +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req)
  60 +{
  61 +       return crypto4xx_crypt(req, 0, false, true);
  62 +}
  63 +
  64 +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req)
  65 +{
  66 +       return crypto4xx_crypt(req, AES_IV_SIZE, false, false);
  67 +}
  68 +
  69 +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req)
  70  {
  71 -       return crypto4xx_crypt(req, 0, false);
  72 +       return crypto4xx_crypt(req, 0, true, true);
  73  }
  74
  75 -int crypto4xx_encrypt_iv(struct skcipher_request *req)
  76 +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req)
  77  {
  78 -       return crypto4xx_crypt(req, AES_IV_SIZE, false);
  79 +       return crypto4xx_crypt(req, AES_IV_SIZE, true, false);
  80  }
  81
  82 -int crypto4xx_decrypt_noiv(struct skcipher_request *req)
  83 +int crypto4xx_encrypt_iv_block(struct skcipher_request *req)
  84  {
  85 -       return crypto4xx_crypt(req, 0, true);
  86 +       return crypto4xx_crypt(req, AES_IV_SIZE, false, true);
  87  }
  88
  89 -int crypto4xx_decrypt_iv(struct skcipher_request *req)
  90 +int crypto4xx_decrypt_iv_block(struct skcipher_request *req)
  91  {
  92 -       return crypto4xx_crypt(req, AES_IV_SIZE, true);
  93 +       return crypto4xx_crypt(req, AES_IV_SIZE, true, true);
  94  }
  95
  96  /**
  97 @@ -272,8 +286,8 @@ crypto4xx_ctr_crypt(struct skcipher_requ
  98                 return ret;
  99         }
 100
 101 -       return encrypt ? crypto4xx_encrypt_iv(req)
 102 -                      : crypto4xx_decrypt_iv(req);
 103 +       return encrypt ? crypto4xx_encrypt_iv_stream(req)
 104 +                      : crypto4xx_decrypt_iv_stream(req);
 105  }
 106
 107  static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx,
 108 --- a/drivers/crypto/amcc/crypto4xx_core.c
 109 +++ b/drivers/crypto/amcc/crypto4xx_core.c
 110 @@ -1215,8 +1215,8 @@ static struct crypto4xx_alg_common crypt
 111                 .max_keysize = AES_MAX_KEY_SIZE,
 112                 .ivsize = AES_IV_SIZE,
 113                 .setkey = crypto4xx_setkey_aes_cbc,
 114 -               .encrypt = crypto4xx_encrypt_iv,
 115 -               .decrypt = crypto4xx_decrypt_iv,
 116 +               .encrypt = crypto4xx_encrypt_iv_block,
 117 +               .decrypt = crypto4xx_decrypt_iv_block,
 118                 .init = crypto4xx_sk_init,
 119                 .exit = crypto4xx_sk_exit,
 120         } },
 121 @@ -1235,8 +1235,8 @@ static struct crypto4xx_alg_common crypt
 122                 .max_keysize = AES_MAX_KEY_SIZE,
 123                 .ivsize = AES_IV_SIZE,
 124                 .setkey = crypto4xx_setkey_aes_cfb,
 125 -               .encrypt = crypto4xx_encrypt_iv,
 126 -               .decrypt = crypto4xx_decrypt_iv,
 127 +               .encrypt = crypto4xx_encrypt_iv_stream,
 128 +               .decrypt = crypto4xx_decrypt_iv_stream,
 129                 .init = crypto4xx_sk_init,
 130                 .exit = crypto4xx_sk_exit,
 131         } },
 132 @@ -1295,8 +1295,8 @@ static struct crypto4xx_alg_common crypt
 133                 .min_keysize = AES_MIN_KEY_SIZE,
 134                 .max_keysize = AES_MAX_KEY_SIZE,
 135                 .setkey = crypto4xx_setkey_aes_ecb,
 136 -               .encrypt = crypto4xx_encrypt_noiv,
 137 -               .decrypt = crypto4xx_decrypt_noiv,
 138 +               .encrypt = crypto4xx_encrypt_noiv_block,
 139 +               .decrypt = crypto4xx_decrypt_noiv_block,
 140                 .init = crypto4xx_sk_init,
 141                 .exit = crypto4xx_sk_exit,
 142         } },
 143 @@ -1315,8 +1315,8 @@ static struct crypto4xx_alg_common crypt
 144                 .max_keysize = AES_MAX_KEY_SIZE,
 145                 .ivsize = AES_IV_SIZE,
 146                 .setkey = crypto4xx_setkey_aes_ofb,
 147 -               .encrypt = crypto4xx_encrypt_iv,
 148 -               .decrypt = crypto4xx_decrypt_iv,
 149 +               .encrypt = crypto4xx_encrypt_iv_stream,
 150 +               .decrypt = crypto4xx_decrypt_iv_stream,
 151                 .init = crypto4xx_sk_init,
 152                 .exit = crypto4xx_sk_exit,
 153         } },
 154 --- a/drivers/crypto/amcc/crypto4xx_core.h
 155 +++ b/drivers/crypto/amcc/crypto4xx_core.h
 156 @@ -183,10 +183,12 @@ int crypto4xx_setkey_rfc3686(struct cryp
 157                              const u8 *key, unsigned int keylen);
 158  int crypto4xx_encrypt_ctr(struct skcipher_request *req);
 159  int crypto4xx_decrypt_ctr(struct skcipher_request *req);
 160 -int crypto4xx_encrypt_iv(struct skcipher_request *req);
 161 -int crypto4xx_decrypt_iv(struct skcipher_request *req);
 162 -int crypto4xx_encrypt_noiv(struct skcipher_request *req);
 163 -int crypto4xx_decrypt_noiv(struct skcipher_request *req);
 164 +int crypto4xx_encrypt_iv_stream(struct skcipher_request *req);
 165 +int crypto4xx_decrypt_iv_stream(struct skcipher_request *req);
 166 +int crypto4xx_encrypt_iv_block(struct skcipher_request *req);
 167 +int crypto4xx_decrypt_iv_block(struct skcipher_request *req);
 168 +int crypto4xx_encrypt_noiv_block(struct skcipher_request *req);
 169 +int crypto4xx_decrypt_noiv_block(struct skcipher_request *req);
 170  int crypto4xx_rfc3686_encrypt(struct skcipher_request *req);
 171  int crypto4xx_rfc3686_decrypt(struct skcipher_request *req);
 172  int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);