lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 31 Oct 2021 13:28:58 +0100
From:   Ard Biesheuvel <ardb@...nel.org>
To:     Nicolas Toromanoff <nicolas.toromanoff@...s.st.com>
Cc:     Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        Alexandre Torgue <alexandre.torgue@...s.st.com>,
        Marek Vasut <marex@...x.de>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        linux-stm32@...md-mailman.stormreply.com,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 3/8] crypto: stm32/cryp - fix CTR counter carry

On Fri, 29 Oct 2021 at 16:01, Nicolas Toromanoff
<nicolas.toromanoff@...s.st.com> wrote:
>
> Fix issue in CTR counter overflow, the carry-over is now properly
> managed.
> Fixes: bbb2832620ac ("crypto: stm32 - Fix sparse warnings")
>
> Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@...s.st.com>
> ---
>  drivers/crypto/stm32/stm32-cryp.c | 19 ++++++++++---------
>  1 file changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
> index 7b55ad6d2f1a..6eeeca0d70ce 100644
> --- a/drivers/crypto/stm32/stm32-cryp.c
> +++ b/drivers/crypto/stm32/stm32-cryp.c
> @@ -163,7 +163,7 @@ struct stm32_cryp {
>         struct scatter_walk     in_walk;
>         struct scatter_walk     out_walk;
>
> -       u32                     last_ctr[4];
> +       __be32                  last_ctr[4];
>         u32                     gcm_ctr;
>  };
>
> @@ -1219,25 +1219,26 @@ static void stm32_cryp_check_ctr_counter(struct stm32_cryp *cryp)
>
>         if (unlikely(cryp->last_ctr[3] == 0xFFFFFFFF)) {
>                 cryp->last_ctr[3] = 0;
> -               cryp->last_ctr[2]++;
> +               cryp->last_ctr[2] = cpu_to_be32(be32_to_cpu(cryp->last_ctr[2]) + 1);
>                 if (!cryp->last_ctr[2]) {
> -                       cryp->last_ctr[1]++;
> +                       cryp->last_ctr[1] = cpu_to_be32(be32_to_cpu(cryp->last_ctr[1]) + 1);
>                         if (!cryp->last_ctr[1])
> -                               cryp->last_ctr[0]++;
> +                               cryp->last_ctr[0] = cpu_to_be32(be32_to_cpu(cryp->last_ctr[0]) + 1);
>                 }
>

crypto_inc() ??

>                 cr = stm32_cryp_read(cryp, CRYP_CR);
>                 stm32_cryp_write(cryp, CRYP_CR, cr & ~CR_CRYPEN);
>
> -               stm32_cryp_hw_write_iv(cryp, (__be32 *)cryp->last_ctr);
> +               stm32_cryp_hw_write_iv(cryp, cryp->last_ctr);
>
>                 stm32_cryp_write(cryp, CRYP_CR, cr);
>         }
>
> -       cryp->last_ctr[0] = stm32_cryp_read(cryp, CRYP_IV0LR);
> -       cryp->last_ctr[1] = stm32_cryp_read(cryp, CRYP_IV0RR);
> -       cryp->last_ctr[2] = stm32_cryp_read(cryp, CRYP_IV1LR);
> -       cryp->last_ctr[3] = stm32_cryp_read(cryp, CRYP_IV1RR);
> +       /* The IV registers are BE  */
> +       cryp->last_ctr[0] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV0LR));
> +       cryp->last_ctr[1] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV0RR));
> +       cryp->last_ctr[2] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV1LR));
> +       cryp->last_ctr[3] = cpu_to_be32(stm32_cryp_read(cryp, CRYP_IV1RR));
>  }
>
>  static bool stm32_cryp_irq_read_data(struct stm32_cryp *cryp)
> --
> 2.17.1
>

Powered by blists - more mailing lists