lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACRpkdY8iN_ga0VuQ-z=8KUWaJ6=5rh2vZEwcp+oNgcBuPFk=g@mail.gmail.com>
Date:   Mon, 6 Mar 2023 11:08:13 +0100
From:   Linus Walleij <linus.walleij@...aro.org>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     Lionel Debieve <lionel.debieve@...s.st.com>,
        Li kunyu <kunyu@...china.com>, davem@...emloft.net,
        linux-arm-kernel@...ts.infradead.org, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-stm32@...md-mailman.stormreply.com, mcoquelin.stm32@...il.com
Subject: Re: [v5 PATCH 7/7] crypto: stm32 - Save and restore between each request

On Mon, Mar 6, 2023 at 5:42 AM Herbert Xu <herbert@...dor.apana.org.au> wrote:

> The Crypto API hashing paradigm requires the hardware state to
> be exported between *each* request because multiple unrelated
> hashes may be processed concurrently.
>
> The stm32 hardware is capable of producing the hardware hashing
> state but it was only doing it in the export function.  This is
> not only broken for export as you can't export a kernel pointer
> and reimport it, but it also means that concurrent hashing was
> fundamentally broken.
>
> Fix this by moving the saving and restoring of hardware hash
> state between each and every hashing request.
>
> Also change the emptymsg check in stm32_hash_copy_hash to rely
> on whether we have any existing hash state, rather than whether
> this particular update request is empty.
>
> Fixes: 8a1012d3f2ab ("crypto: stm32 - Support for STM32 HASH module")
> Reported-by: Li kunyu <kunyu@...china.com>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

This partly works (after my folded in fix in patch 5)!

Clean SHA1 and SHA256 works flawlessly.
HMAC still fails, but not until we start testing random vectors:

[    7.541954] alg: ahash: stm32-hmac-sha256 digest() failed on test
vector "random: psize=0 ksize=80"; expected_error=0,
actual_error=-110, cfg="random: may_sleep"
[    7.567212] alg: self-tests for hmac(sha256) using
stm32-hmac-sha256 failed (rc=-110)
[    7.567222] ------------[ cut here ]------------
[    7.579669] WARNING: CPU: 0 PID: 89 at crypto/testmgr.c:5858
alg_test.part.0+0x4d0/0x4dc
[    7.587809] alg: self-tests for hmac(sha256) using
stm32-hmac-sha256 failed (rc=-110)
[    7.587817] Modules linked in:
[    7.598702] CPU: 0 PID: 89 Comm: cryptomgr_test Not tainted
6.2.0-13572-gcdc48b2701b2 #87
[    7.606877] Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support)
[    7.613842]  unwind_backtrace from show_stack+0x10/0x14
[    7.619080]  show_stack from dump_stack_lvl+0x40/0x4c
[    7.624145]  dump_stack_lvl from __warn+0x94/0xc0
[    7.628861]  __warn from warn_slowpath_fmt+0x118/0x164
[    7.634007]  warn_slowpath_fmt from alg_test.part.0+0x4d0/0x4dc
[    7.639936]  alg_test.part.0 from cryptomgr_test+0x18/0x38
[    7.645430]  cryptomgr_test from kthread+0xc0/0xc4
[    7.650229]  kthread from ret_from_fork+0x14/0x2c
[    7.654936] Exception stack(0xf10b5fb0 to 0xf10b5ff8)
[    7.659984] 5fa0:                                     00000000
00000000 00000000 00000000
[    7.668154] 5fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[    7.676325] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    7.682986] ---[ end trace 0000000000000000 ]---
[    7.688219] stm32-hash a03c2000.hash: allocated sha256 fallback
[   10.675002] stm32-hash a03c2000.hash: allocated hmac(sha1) fallback
[   11.269604] alg: ahash: stm32-hmac-sha1 finup() failed with err
-110 on test vector "random: psize=0 ksize=15", cfg="random: use_finup
src_divs=[100.0%@...81] i"
[   11.285037] alg: self-tests for hmac(sha1) using stm32-hmac-sha1
failed (rc=-110)
[   11.285048] ------------[ cut here ]------------
[   11.297141] WARNING: CPU: 1 PID: 102 at crypto/testmgr.c:5858
alg_test.part.0+0x4d0/0x4dc
[   11.305352] alg: self-tests for hmac(sha1) using stm32-hmac-sha1
failed (rc=-110)
[   11.305361] Modules linked in:
[   11.315894] CPU: 1 PID: 102 Comm: cryptomgr_test Tainted: G
W          6.2.0-13572-gcdc48b2701b2 #87
[   11.325633] Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support)
[   11.332594]  unwind_backtrace from show_stack+0x10/0x14
[   11.337832]  show_stack from dump_stack_lvl+0x40/0x4c
[   11.342897]  dump_stack_lvl from __warn+0x94/0xc0
[   11.347611]  __warn from warn_slowpath_fmt+0x118/0x164
[   11.352758]  warn_slowpath_fmt from alg_test.part.0+0x4d0/0x4dc
[   11.358687]  alg_test.part.0 from cryptomgr_test+0x18/0x38
[   11.364181]  cryptomgr_test from kthread+0xc0/0xc4
[   11.368981]  kthread from ret_from_fork+0x14/0x2c
[   11.373687] Exception stack(0xf10f1fb0 to 0xf10f1ff8)
[   11.378734] 1fa0:                                     00000000
00000000 00000000 00000000
[   11.386906] 1fc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[   11.395076] 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   11.401724] ---[ end trace 0000000000000000 ]---
[   11.407162] stm32-hash a03c2000.hash: allocated sha1 fallback

I will try to investigate further as time permits. (Right now I have
to go off for lunch...)

Yours,
Linus Walleij

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ