From patchwork Mon Aug 14 13:28:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 109996 Delivered-To: patch@linaro.org Received: by 10.140.95.78 with SMTP id h72csp4334454qge; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) X-Received: by 10.84.198.129 with SMTP id p1mr27648109pld.120.1502717312018; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1502717312; cv=none; d=google.com; s=arc-20160816; b=zJaWiYWqjY13KOgrK/7THwOC2Sb8Fqc2mnLjSyt1HE7Yc71wj9ikcf9RTvntnZi9rP BwofuXOxRSCa3TrbYIJE5XLPEGlf13q1vHb7CIleTQ7SVgKSBkUG5lGPooo9ZmuIMKkp mXyB/sLbyOrQnQH7TPt1Y/XwH9JK9GDNRXMEnJK5W27V80/aoxOGIkgG9ORDm4i4PSNX YbhvOIFvXxQoE1T8tIHLqJ6BhYG2mRIPebT5BVVqYjIFoOAeUoRxFg29VL+ZHhEXy49F dbj+LEbibmwsDsCofkmiQ1MFpvqqikZi9mqd+/F3UfCX9dJ1EcQ4XC3eA9m47tpg2a6A EEoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=BOY3WxDnlms7RQU8dyHv+YuH5nijCrghd9zKwJefTCwn4ub0sRNwTLZKMo8vmrhjNy CHLsJctegfKbtzyPrSrTaCIA/mJW97978o18180yeYmFnetCuT4NVPfo6lgpHkOd3yZI 4ENvuaxhtpmh4hJiJKUiOIlRtOUDxhINXW3ZkVLDqDrx68R8nXFmtRXFdzAr3mCHn6Yq GigjMXctRb03GU8mG6hKPU0AnQ6xCBO39+0A+Uv8z2QJX+N3mTa5hyMgzJnb/M8cd0KW Zs7UYxH7aj98zxNLMSPUU+Z4hAQCw87GrUGr9h4G0RJEm9qgNqln7QjfIA5gsiFtECOV 4Ndw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HL7ocr0Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a124si4080953pgc.796.2017.08.14.06.28.31; Mon, 14 Aug 2017 06:28:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HL7ocr0Z; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752038AbdHNN2b (ORCPT + 1 other); Mon, 14 Aug 2017 09:28:31 -0400 Received: from mail-wm0-f54.google.com ([74.125.82.54]:38426 "EHLO mail-wm0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752026AbdHNN2a (ORCPT ); Mon, 14 Aug 2017 09:28:30 -0400 Received: by mail-wm0-f54.google.com with SMTP id f15so43779885wmg.1 for ; Mon, 14 Aug 2017 06:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=HL7ocr0ZmqTi4RHpo6BWE8MZEQ3gX2ORj2mAouXihbkJn7yjoe70QsdnDk0dkH7MDV 5CrLpRrfAVMpKl5KicvbZh4aWmk939xfeNqfMOBFj9n7Upq9IK5miP8Xzo9LqjAFqU0+ iu1vBxfeyQ3Q6//esgQkB/k5MyyUCWQhEs570= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2x5l1SGDMuAVVT6Pm3a/FQ1m/LCOyUXTDYMt4loo1hY=; b=X7kdQCLON157qw+qnv+27yCMThFy/+tvSJh0UsqIPkFJ4EO3LI8hOPskSY09zeGwIJ uT+4wMWG4sVihTlw3k5/ukDDU99ldU9x8x3KSki3go8lvS67mz3r47EjDj1PGCGFUdIK BqXPnHNEDdJegD7JjMZPa2IUA6vyKi9Y8nE6sKS2sMg4Dy/BJGG/c2naAqzqt5VkSbVv 3R+lik7Ari8b7D6KsNVSu3f/45lqNBd2sw7nUwOF35v+kBypTvVkHTDgtwQm/KxX481y 10/jEie7eAxc9WfUZStYxVK1HC2bxBmUd3/UttdqOL5eOQeCTffgEgEMh9DoHc0K0vnx nfYg== X-Gm-Message-State: AHYfb5i7QjMM3cY7R10l1vG/1AE36VgWC5M93MAvCwX+rDGnevl7OWTD diPXnLl/SOrug3pBGUC2rQ== X-Received: by 10.28.54.202 with SMTP id y71mr4849369wmh.106.1502717309024; Mon, 14 Aug 2017 06:28:29 -0700 (PDT) Received: from localhost.localdomain ([154.146.161.128]) by smtp.gmail.com with ESMTPSA id s8sm4902677wmf.1.2017.08.14.06.28.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Aug 2017 06:28:28 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, steffen.klassert@secunet.com, tobias@strongswan.org, martin@strongswan.org, Ard Biesheuvel Subject: [PATCH 1/2] crypto/chacha20: fix handling of chunked input Date: Mon, 14 Aug 2017 14:28:14 +0100 Message-Id: <20170814132815.24524-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Commit 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 versions to skcipher") ported the existing chacha20 code to use the new skcipher API, and introduced a bug along the way. Unfortunately, the tcrypt tests did not catch the error, and it was only found recently by Tobias. Stefan kindly diagnosed the error, and proposed a fix which is similar to the one below, with the exception that 'walk.stride' is used rather than the hardcoded block size. This does not actually matter in this case, but it's a better example of how to use the skcipher walk API. Fixes: 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 ...") Cc: # v4.11+ Cc: Steffen Klassert Reported-by: Tobias Brunner Signed-off-by: Ard Biesheuvel --- crypto/chacha20_generic.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/crypto/chacha20_generic.c b/crypto/chacha20_generic.c index 8b3c04d625c3..4a45fa4890c0 100644 --- a/crypto/chacha20_generic.c +++ b/crypto/chacha20_generic.c @@ -91,9 +91,14 @@ int crypto_chacha20_crypt(struct skcipher_request *req) crypto_chacha20_init(state, ctx, walk.iv); while (walk.nbytes > 0) { + unsigned int nbytes = walk.nbytes; + + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); + chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr, - walk.nbytes); - err = skcipher_walk_done(&walk, 0); + nbytes); + err = skcipher_walk_done(&walk, walk.nbytes - nbytes); } return err;