crypto: s390/hmac - Fix counter in export state

Message ID	aDBa8tuSvw1mnnKL@gondor.apana.org.au
State	New
Headers	show Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DB53183CC3 for <linux-crypto@vger.kernel.org>; Fri, 23 May 2025 11:24:38 +0000 (UTC) Date: Fri, 23 May 2025 19:24:34 +0800 From: Herbert Xu <herbert@gondor.apana.org.au> To: Ingo Franzki <ifranzki@linux.ibm.com> Cc: linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>, Harald Freudenberger <freude@linux.ibm.com>, Holger Dengler <dengler@linux.ibm.com> Subject: [PATCH] crypto: s390/hmac - Fix counter in export state Message-ID: <aDBa8tuSvw1mnnKL@gondor.apana.org.au> References: <623a7fcb-b4cb-48e6-9833-57ad2b32a252@linux.ibm.com> <aDAM9LKOWSKBbIUn@gondor.apana.org.au> <152288d2-a034-4594-a5cc-d46faf34ac24@linux.ibm.com> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <152288d2-a034-4594-a5cc-d46faf34ac24@linux.ibm.com>
Series	crypto: s390/hmac - Fix counter in export state \| expand crypto: s390/hmac - Fix counter in export state

Message ID

aDBa8tuSvw1mnnKL@gondor.apana.org.au

State

New

Headers

Date: Fri, 23 May 2025 19:24:34 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Ingo Franzki <ifranzki@linux.ibm.com>
Cc: linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>,
	Harald Freudenberger <freude@linux.ibm.com>,
	Holger Dengler <dengler@linux.ibm.com>
Subject: [PATCH] crypto: s390/hmac - Fix counter in export state
Message-ID: <aDBa8tuSvw1mnnKL@gondor.apana.org.au>
References: <623a7fcb-b4cb-48e6-9833-57ad2b32a252@linux.ibm.com>
 <aDAM9LKOWSKBbIUn@gondor.apana.org.au>
 <152288d2-a034-4594-a5cc-d46faf34ac24@linux.ibm.com>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <152288d2-a034-4594-a5cc-d46faf34ac24@linux.ibm.com>

Series

crypto: s390/hmac - Fix counter in export state | expand

Commit Message

Herbert Xu May 23, 2025, 11:24 a.m. UTC

On Fri, May 23, 2025 at 10:02:18AM +0200, Ingo Franzki wrote:
> 
> Yes, indeed, reverting this commit makes the problem to go away. 

Great.  While I've got your attenttion, could you also test this
patch to see if it makes the hmac errors go away?

Thanks,

---8<---
The hmac export state needs to be one block-size bigger to account
for the ipad.

Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
Fixes: 08811169ac01 ("crypto: s390/hmac - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/s390/crypto/hmac_s390.c b/arch/s390/crypto/hmac_s390.c
index 93a1098d9f8d..58444da9b004 100644
--- a/arch/s390/crypto/hmac_s390.c
+++ b/arch/s390/crypto/hmac_s390.c
@@ -290,6 +290,7 @@  static int s390_hmac_export(struct shash_desc *desc, void *out)
 	struct s390_kmac_sha2_ctx *ctx = shash_desc_ctx(desc);
 	unsigned int bs = crypto_shash_blocksize(desc->tfm);
 	unsigned int ds = bs / 2;
+	u64 lo = ctx->buflen[0];
 	union {
 		u8 *u8;
 		u64 *u64;
@@ -301,9 +302,10 @@  static int s390_hmac_export(struct shash_desc *desc, void *out)
 	else
 		memcpy(p.u8, ctx->param, ds);
 	p.u8 += ds;
-	put_unaligned(ctx->buflen[0], p.u64++);
+	lo += bs;
+	put_unaligned(lo, p.u64++);
 	if (ds == SHA512_DIGEST_SIZE)
-		put_unaligned(ctx->buflen[1], p.u64);
+		put_unaligned(ctx->buflen[1] + (lo < bs), p.u64);
 	return err;
 }
 
@@ -316,14 +318,16 @@  static int s390_hmac_import(struct shash_desc *desc, const void *in)
 		const u8 *u8;
 		const u64 *u64;
 	} p = { .u8 = in };
+	u64 lo;
 	int err;
 
 	err = s390_hmac_sha2_init(desc);
 	memcpy(ctx->param, p.u8, ds);
 	p.u8 += ds;
-	ctx->buflen[0] = get_unaligned(p.u64++);
+	lo = get_unaligned(p.u64++);
+	ctx->buflen[0] = lo - bs;
 	if (ds == SHA512_DIGEST_SIZE)
-		ctx->buflen[1] = get_unaligned(p.u64);
+		ctx->buflen[1] = get_unaligned(p.u64) - (lo < bs);
 	if (ctx->buflen[0] | ctx->buflen[1])
 		ctx->gr0.ikp = 1;
 	return err;

crypto: s390/hmac - Fix counter in export state

Commit Message

Patch