Re: [PATCH] crypto: caam - limit output IV to CBC to work around CTR mode DMA issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 31 May 2019 at 16:21, Horia Geanta <horia.geanta@xxxxxxx> wrote:
>
> On 5/31/2019 11:14 AM, Ard Biesheuvel wrote:
> > The CAAM driver currently violates an undocumented and slightly
> > controversial requirement imposed by the crypto stack that a buffer
> > referred to by the request structure via its virtual address may not
> > be modified while any scatterlists passed via the same request
> > structure are mapped for inbound DMA.
> >
> IMO this requirement developed while discussing current issue,
> it did not exist a priori.
>

I won't argue with that.

> > This may result in errors like
> >
> >   alg: aead: decryption failed on test 1 for gcm_base(ctr-aes-caam,ghash-generic): ret=74
> >   alg: aead: Failed to load transform for gcm(aes): -2
> >
> > on non-cache coherent systems, due to the fact that the GCM driver
> > passes an IV buffer by virtual address which shares a cacheline with
> > the auth_tag buffer passed via a scatterlist, resulting in corruption
> > of the auth_tag when the IV is updated while the DMA mapping is live.
> >
> > Since the IV that is returned to the caller is only valid for CBC mode,
> > and given that the in-kernel users of CBC (such as CTS) don't trigger the
> > same issue as the GCM driver, let's just disable the output IV generation
> > for all modes except CBC for the time being.
> >
> > Cc: Horia Geanta <horia.geanta@xxxxxxx>
> > Cc: Iuliana Prodan <iuliana.prodan@xxxxxxx>
> > Reported-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> Link: https://lore.kernel.org/linux-crypto/1559149856-7938-1-git-send-email-iuliana.prodan@xxxxxxx/
> Reviewed-by: Horia Geanta <horia.geanta@xxxxxxx>
>
> Unfortunately this does not apply cleanly to -stable, I'll send a backport
> once it hits mainline.
>

Thanks.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux