crypto: ccp - Fix handling of RSA exponent on a v5 device

Message ID	20161101190505.1191.20536.stgit@taos (mailing list archive)
State	Accepted
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> Subject: [PATCH] crypto: ccp - Fix handling of RSA exponent on a v5 device From: Gary R Hook <gary.hook@amd.com> To: <linux-crypto@vger.kernel.org> CC: <thomas.lendacky@amd.com>, <herbert@gondor.apana.org.au>, <davem@davemloft.net> Date: Tue, 1 Nov 2016 14:05:05 -0500 Message-ID: <20161101190505.1191.20536.stgit@taos> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxNDAwOzIzOnpyOHlhekJhSUwveldpMDRTbWtVTGZkNE93?= =?utf-8?B?OFI5RTJ3WGxsc2xNSzlzYnp5ZDN3US9SRzR5aGY3MW45bWROZHBMTHJFUml5?= =?utf-8?B?dnAwV2RaTzBsZ01lLzBlMWR6c0FybERiSmVCcU0xWStVUTA3THh2aDYydW5U?= =?utf-8?B?bmJzbUpZc1o0ZjBHbGhBRGdBSE5rTlU4RjhqSUZSR3RNN2daWXFOeXQzZjha?= =?utf-8?B?TXo5MFZqMFgxZnJZZC9leVFBOVh0b29vQkVvVFdqVStENU04NzZvUXVvRkJO?= =?utf-8?B?M2crRTZMMHUwSDg4TE1VNVZCYXM2NFdwem4wMS9WQnB2RGloc2FyNktYSGo2?= =?utf-8?B?VkU0LzFrYjR0OTVPdEhhOFlXZ2xhbk4zc1I0RE9CdXhtRTdpUDJzQ0FKbW93?= =?utf-8?B?bU05YzUvRGs0ZUFkTEl3ZHQ3em1tR052MXZHYmUrT0hnTTJTa0d2WWdYM0Nt?= =?utf-8?B?NXhnY3JYczl3c2dtdTM0WHQ1Nkk5MEI3RnIvSGpxMkdUQTFMZ21hWHZWaVFl?= =?utf-8?B?TmpXM1c0UW9mUEpia3I2NkRWd0pSOStJeVlINUo1MXBzOW1xdFBHNzNjZFFY?= =?utf-8?B?NzFqTTNkb3V4dW1idURBVitjOGgvOXhKakRianVCY1NrZ2hPclJMa1VuLy81?= =?utf-8?B?blIycVRTWk8zR3JyVjBsZmYwNWlNSStKQW9QY2lqT28wQ29uS2JBMXlUUHZX?= =?utf-8?B?RlA2US9mN01ONlFNc09makVWMEs1eWxlQURWYzY0WXQ0R29zVW1UZzNVdEdt?= =?utf-8?B?UUthWWJHbVM0WW90Q0R6TUtST1ZRT1hmd1dSRkN6TEFLaWFpbFRxWUR5WFZa?= =?utf-8?B?VEtQREhHOU5yaWUxTm5YQXo0ZDhkeTUzeDR1SzkydklZUVFMMXVXQ1BQRmFt?= =?utf-8?B?V0JhT0xVT1hKYUdwcFVnTUJLd3pJaGxISVVOVi9FNjRINDNDNGN5bGlhVlJT?= =?utf-8?B?cVV6T2JBTnhhV0Z5aVQvbnpSYm9BNWN4Wlp6azVYMmk4VndKSDI2d3RLb0Nr?= =?utf-8?B?dkVmdmUrN2lvc3JrdkRkTlpVZkE0VmNIYVhrT3B4bU1FMFBwMEZjS0ZsTVdq?= =?utf-8?B?UXZTNmkvMkhJR1YyLzhmK2E2aExCTkU1ckE0MGU2SUxJVHdRRGVMUWR3TytM?= =?utf-8?B?NU9lKytzK1Bjc0Z1S2R0RTRINjE1eW5CcVE1MTh3UzlwbmJxQkR1cUxETFU3?= =?utf-8?B?N0RYa2c4MUNRY2svaW9UTXNiOU1kdXhoMDh0czNtK3p2dnNGa3VMNlRNblFp?= =?utf-8?B?Z0dmNE1EK1BvbFNwOWh5citmb0s1Q1pRNlc0ZXU5aFZlZnFKMW0yWVJkcnBU?= =?utf-8?B?YmppekdiMUJKWGF4UDF0N25ZVGZPM3p1M3FTOStCL1FENW41ZjBJK3ZVaHd0?= =?utf-8?B?M2YzWFh5UGl3ZUd3VytYRTlTZTBuVHhIMi85NkZ1M2JrbUVWUEVmeWpTNlZG?= =?utf-8?B?Ykl0TktaZVdsZHN1anVIUmRMSEtYbC9jV0VjOElROElQeEw4bUhXSUJsUlZY?= =?utf-8?B?NkUvckRJRDA0QWpkNXFOK0p4RVNHdWpnd1QzdkxROWVTZGFIaEg1eVVLQjFS?= =?utf-8?B?N3VRZUlBRDdySlhsbFJJZG9qaVluakhKaXVHTnFCcEpqemNaeEdha1ZNa2xw?= =?utf-8?B?bkxjc0JqVC9WelZVb0dzTHc2RHRoNkNVb285eGVBMjV3Q0RkbDZ0TjFBPT0=?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1400; 6:gjWH3OwWISvVGF8Ujt9coRXYDgnq17fEDlqpNTKAuJGyBhSg7uZL1lIKtvlZIBhTVlFm5zzV7W3mx2AE/VSpZI9j01DqqoQpZNQIy4tKL9g64fU+RIoMB4QhhqvkSjTxYVTw1nqkx/+wmRsGqeM/u3XcOOU3RQMTD4QSHy9J7KFfhcR+U4zxhrw0rZI233OFFzurFRNa9JuDbvD3w8KtNfZ9JBwzR7omMqzg2H57TtokP/gJCx4dWBxqtNjpBPFXJOcP0hf9x/jHtDV7tKQ3iSBbBo41iGPEh5a1sL0b7k77CHD3MHPfNeOd53BEmbeHjKjY+WUW/CMDBrEJPt7+79psSNvBUYwS49ZoGHxlXYg=; 5:uzAmvjK0DbJGocXvtvNf5jqmEcoh9O0UFCRmv/O7EX/sR1LUqhtC6v9S1F9kXaoz/v7khJ1ebnXyEm/3oIgQnJIIIwx5UUb+EXGfassm9dyy5cFFtsZpZaprDz2fDFj1SgPB6tsp4b8wI0NTe4dJIg==; 24:GbPdYw6qLlny5nUtYEQcbHIBlqB6H1u8l2dKHTP9K2sOXcGm/gCmEghn+UBhyvi18SKdUZIRmauytxkuIyXBT8HBtUU+Dd8lGubyB6TKeis= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1400; 7:hvh+Wg+Kqmi1Z7E36bgTpso2hbe3u+VAGvqrWuNc+5kzV3g1/1HbsbmXptebBkRM1Ytrz5/YKC6KRKCyvrbGzNMyViPKqKCJR4dojYTvtTXUFPi9ROLQiCcnfebyC/62nUZE/TRDsild7ucB6xUKyCU/GRin+HJJBOEuVSHofGFOKjMNlWP6HnHqJ64z7JjUTTHIa5Kq9wnu1OiFm83MhVgCsQxx7n7fLcRT7TAvJMfbb4Dg1G5BEI/DsA328FW0WKE35tn4K4+CQR0RqYZc5blNh6EHuFg2IeYcW+SFX6Zu6zXO1HR+TBI/10EoCQJt4BRtryJ65dqP0o0R2mVCex8l45IfZMwN4yqkopi6EqE=; 20:LM1jgu6/jgQl2LG92mJtokNpEvUedxuI2uTzpXDOSwvJMkoazGC4d+Xx9lhFXHwlRqspBnSBWkcSdWXQqwHxJizBuA4oMbob1fgLXUT053AadFA0wqb7FqJLxzm3Ww+c6Ctqt61hH3UqMsm5yCpejhIPIJBdC14yA8FSEtDmii8cFYIqIX/cqd6dQwm8xwqKvkiejXhOZdn6vCSEZTNRe9WK5e4wN3DGZ5ZJ/IG67sorrul1iUEvABKEvIVrV8Jf Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk

Gary R Hook Nov. 1, 2016, 7:05 p.m. UTC

The exponent size in the ccp_op structure is in bits. A v5
CCP requires the exponent size to be in bytes, so convert
the size from bits to bytes when populating the descriptor.

The current code references the exponent in memory, but
these fields have not been set since the exponent is
actually store in the LSB. Populate the descriptor with
the LSB location (address).

Signed-off-by: Gary R Hook <gary.hook@amd.com>
---
 drivers/crypto/ccp/ccp-dev-v5.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Herbert Xu Nov. 13, 2016, 9:49 a.m. UTC | #1

On Tue, Nov 01, 2016 at 02:05:05PM -0500, Gary R Hook wrote:
> The exponent size in the ccp_op structure is in bits. A v5
> CCP requires the exponent size to be in bytes, so convert
> the size from bits to bytes when populating the descriptor.
> 
> The current code references the exponent in memory, but
> these fields have not been set since the exponent is
> actually store in the LSB. Populate the descriptor with
> the LSB location (address).
> 
> Signed-off-by: Gary R Hook <gary.hook@amd.com>

Patch applied.  Thanks.

Gary R Hook Nov. 15, 2016, 9:41 p.m. UTC | #2

On 11/13/2016 03:49 AM, Herbert Xu wrote:
> On Tue, Nov 01, 2016 at 02:05:05PM -0500, Gary R Hook wrote:
>> The exponent size in the ccp_op structure is in bits. A v5
>> CCP requires the exponent size to be in bytes, so convert
>> the size from bits to bytes when populating the descriptor.
>>
>> The current code references the exponent in memory, but
>> these fields have not been set since the exponent is
>> actually store in the LSB. Populate the descriptor with
>> the LSB location (address).
>>
>> Signed-off-by: Gary R Hook <gary.hook@amd.com>
>
> Patch applied.  Thanks.
>

Thanks, Herbert.

Is there a possibility of getting this pushed to 4.9, being
it's a bug fix?

Herbert Xu Nov. 16, 2016, 9:01 a.m. UTC | #3

On Tue, Nov 15, 2016 at 03:41:25PM -0600, Gary R Hook wrote:
> On 11/13/2016 03:49 AM, Herbert Xu wrote:
> >On Tue, Nov 01, 2016 at 02:05:05PM -0500, Gary R Hook wrote:
> >>The exponent size in the ccp_op structure is in bits. A v5
> >>CCP requires the exponent size to be in bytes, so convert
> >>the size from bits to bytes when populating the descriptor.
> >>
> >>The current code references the exponent in memory, but
> >>these fields have not been set since the exponent is
> >>actually store in the LSB. Populate the descriptor with
> >>the LSB location (address).
> >>
> >>Signed-off-by: Gary R Hook <gary.hook@amd.com>
> >
> >Patch applied.  Thanks.
> >
> 
> Thanks, Herbert.
> 
> Is there a possibility of getting this pushed to 4.9, being
> it's a bug fix?

I thought ccp doesn't support RSA yet or is there another entry
path into this code?

Thanks,

Gary R Hook Nov. 16, 2016, 5:25 p.m. UTC | #4

On 11/16/2016 03:01 AM, Herbert Xu wrote:
> On Tue, Nov 15, 2016 at 03:41:25PM -0600, Gary R Hook wrote:
>> On 11/13/2016 03:49 AM, Herbert Xu wrote:
>>> On Tue, Nov 01, 2016 at 02:05:05PM -0500, Gary R Hook wrote:
>>>> The exponent size in the ccp_op structure is in bits. A v5
>>>> CCP requires the exponent size to be in bytes, so convert
>>>> the size from bits to bytes when populating the descriptor.
>>>>
>>>> The current code references the exponent in memory, but
>>>> these fields have not been set since the exponent is
>>>> actually store in the LSB. Populate the descriptor with
>>>> the LSB location (address).
>>>>
>>>> Signed-off-by: Gary R Hook <gary.hook@amd.com>
>>>
>>> Patch applied.  Thanks.
>>>
>>
>> Thanks, Herbert.
>>
>> Is there a possibility of getting this pushed to 4.9, being
>> it's a bug fix?
>
> I thought ccp doesn't support RSA yet or is there another entry
> path into this code?

The kernel crypto layer does not yet support RSA, true. However, we
designed the ccp.ko layer to be available to anyone that wants to use
it. The underlying module currently has differing behavior/results
between the v3 and v5 implementations of the RSA command function.
This patch fixes the borked v5 code.

Herbert Xu Nov. 17, 2016, 1:14 p.m. UTC | #5

On Wed, Nov 16, 2016 at 11:25:19AM -0600, Gary R Hook wrote:
>
> The kernel crypto layer does not yet support RSA, true. However, we
> designed the ccp.ko layer to be available to anyone that wants to use
> it. The underlying module currently has differing behavior/results
> between the v3 and v5 implementations of the RSA command function.
> This patch fixes the borked v5 code.

Do you mean that an out-of-tree module could enter the buggy
code path?

Cheers,

Gary R Hook Nov. 17, 2016, 2:22 p.m. UTC | #6

On 11/17/2016 07:14 AM, Herbert Xu wrote:
> On Wed, Nov 16, 2016 at 11:25:19AM -0600, Gary R Hook wrote:
>>
>> The kernel crypto layer does not yet support RSA, true. However, we
>> designed the ccp.ko layer to be available to anyone that wants to use
>> it. The underlying module currently has differing behavior/results
>> between the v3 and v5 implementations of the RSA command function.
>> This patch fixes the borked v5 code.
>
> Do you mean that an out-of-tree module could enter the buggy
> code path?

I mean that anything that can call ccp_run_cmd() (in ccp.ko) can run
into a problem, yes. Is this likely? We don't know, as we don't know
if anyone actually uses this layer. But it _is_ possible to find the
problem.

crypto: ccp - Fix handling of RSA exponent on a v5 device

Commit Message

Comments

Patch