Re: [PATCH] crypto: s390/hmac - Fix counter in export state

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Franzki <ifranzki@linux.ibm.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>,
	Harald Freudenberger <freude@linux.ibm.com>,
	Holger Dengler <dengler@linux.ibm.com>
Subject: Re: [PATCH] crypto: s390/hmac - Fix counter in export state
Date: Fri, 23 May 2025 13:41:00 +0200	[thread overview]
Message-ID: <4d6617be-2070-4edc-a4ba-98f9667d0fde@linux.ibm.com> (raw)
In-Reply-To: <aDBa8tuSvw1mnnKL@gondor.apana.org.au>

On 23.05.2025 13:24, Herbert Xu wrote:
> On Fri, May 23, 2025 at 10:02:18AM +0200, Ingo Franzki wrote:
>>
>> Yes, indeed, reverting this commit makes the problem to go away. 
> 
> Great.  While I've got your attenttion, could you also test this
> patch to see if it makes the hmac errors go away?

Yes, with your fix below and with commit 18c438b228558e05ede7dccf947a6547516fc0c7 the HMAC failures are no longer seen, but the SHA3 failures are still there (I guess that's as you have expected it). 

> 
> Thanks,
> 
> ---8<---
> The hmac export state needs to be one block-size bigger to account
> for the ipad.
> 
> Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
> Fixes: 08811169ac01 ("crypto: s390/hmac - Use API partial block handling")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/arch/s390/crypto/hmac_s390.c b/arch/s390/crypto/hmac_s390.c
> index 93a1098d9f8d..58444da9b004 100644
> --- a/arch/s390/crypto/hmac_s390.c
> +++ b/arch/s390/crypto/hmac_s390.c
> @@ -290,6 +290,7 @@ static int s390_hmac_export(struct shash_desc *desc, void *out)
>  	struct s390_kmac_sha2_ctx *ctx = shash_desc_ctx(desc);
>  	unsigned int bs = crypto_shash_blocksize(desc->tfm);
>  	unsigned int ds = bs / 2;
> +	u64 lo = ctx->buflen[0];
>  	union {
>  		u8 *u8;
>  		u64 *u64;
> @@ -301,9 +302,10 @@ static int s390_hmac_export(struct shash_desc *desc, void *out)
>  	else
>  		memcpy(p.u8, ctx->param, ds);
>  	p.u8 += ds;
> -	put_unaligned(ctx->buflen[0], p.u64++);
> +	lo += bs;
> +	put_unaligned(lo, p.u64++);
>  	if (ds == SHA512_DIGEST_SIZE)
> -		put_unaligned(ctx->buflen[1], p.u64);
> +		put_unaligned(ctx->buflen[1] + (lo < bs), p.u64);
>  	return err;
>  }
>  
> @@ -316,14 +318,16 @@ static int s390_hmac_import(struct shash_desc *desc, const void *in)
>  		const u8 *u8;
>  		const u64 *u64;
>  	} p = { .u8 = in };
> +	u64 lo;
>  	int err;
>  
>  	err = s390_hmac_sha2_init(desc);
>  	memcpy(ctx->param, p.u8, ds);
>  	p.u8 += ds;
> -	ctx->buflen[0] = get_unaligned(p.u64++);
> +	lo = get_unaligned(p.u64++);
> +	ctx->buflen[0] = lo - bs;
>  	if (ds == SHA512_DIGEST_SIZE)
> -		ctx->buflen[1] = get_unaligned(p.u64);
> +		ctx->buflen[1] = get_unaligned(p.u64) - (lo < bs);
>  	if (ctx->buflen[0] | ctx->buflen[1])
>  		ctx->gr0.ikp = 1;
>  	return err;


-- 
Ingo Franzki
eMail: ifranzki@linux.ibm.com  
Tel: ++49 (0)7031-16-4648
Linux on IBM Z Development, Schoenaicher Str. 220, 71032 Boeblingen, Germany

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
IBM DATA Privacy Statement: https://www.ibm.com/privacy/us/en/

next prev parent reply	other threads:[~2025-05-23 11:41 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-22 14:13 CI: Selftest failures of s390 SHA3 and HMAC on next kernel Ingo Franzki
2025-05-23  5:51 ` Herbert Xu
2025-05-23  8:02   ` Ingo Franzki
2025-05-23 11:24     ` [PATCH] crypto: s390/hmac - Fix counter in export state Herbert Xu
2025-05-23 11:41       ` Ingo Franzki [this message]
2025-05-23 11:41 ` CI: Selftest failures of s390 SHA3 and HMAC on next kernel Herbert Xu
2025-05-23 12:03   ` Ingo Franzki
2025-05-23 12:06     ` Herbert Xu
2025-05-23 12:28     ` [PATCH] crypto: s390/sha3 - Use cpu byte-order when exporting Herbert Xu
2025-05-23 12:54       ` Ingo Franzki
2025-05-23 12:56         ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4d6617be-2070-4edc-a4ba-98f9667d0fde@linux.ibm.com \
    --to=ifranzki@linux.ibm.com \
    --cc=dengler@linux.ibm.com \
    --cc=ebiggers@kernel.org \
    --cc=freude@linux.ibm.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox