Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/crypto/aes aes(9): Fix edge case in bitsliced SSE2 AES-C...



details:   https://anonhg.NetBSD.org/src/rev/a2ea7b9773ad
branches:  trunk
changeset: 975939:a2ea7b9773ad
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Tue Sep 08 22:48:24 2020 +0000

description:
aes(9): Fix edge case in bitsliced SSE2 AES-CBC decryption.

Make sure self-tests exercise this edge case.

Discovered by confusion over code inspection of jak's adaptation of
aes_armv8_64.S for big-endian.

diffstat:

 sys/crypto/aes/aes_selftest.c           |  39 ++++++++++++++++++--------------
 sys/crypto/aes/arch/x86/aes_sse2_subr.c |  12 +++++----
 2 files changed, 29 insertions(+), 22 deletions(-)

diffs (103 lines):

diff -r bf6e5a0d6c52 -r a2ea7b9773ad sys/crypto/aes/aes_selftest.c
--- a/sys/crypto/aes/aes_selftest.c     Tue Sep 08 21:41:37 2020 +0000
+++ b/sys/crypto/aes/aes_selftest.c     Tue Sep 08 22:48:24 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: aes_selftest.c,v 1.5 2020/07/25 22:36:42 riastradh Exp $       */
+/*     $NetBSD: aes_selftest.c,v 1.6 2020/09/08 22:48:24 riastradh Exp $       */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_selftest.c,v 1.5 2020/07/25 22:36:42 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_selftest.c,v 1.6 2020/09/08 22:48:24 riastradh Exp $");
 
 #ifdef _KERNEL
 
@@ -210,7 +210,7 @@
        uint8_t in[144];
        uint8_t outbuf[146] = { [0] = 0x1a, [145] = 0x1a }, *out = outbuf + 1;
        uint8_t iv0[16], iv[16];
-       unsigned i;
+       unsigned i, j;
 
        for (i = 0; i < 32; i++)
                key[i] = i;
@@ -237,21 +237,26 @@
                            "AES-%u-CBC dec", aes_keybits[i]);
 
                /* Try incrementally, with IV update.  */
-               memcpy(iv, iv0, 16);
-               impl->ai_cbc_enc(&enc, in, out, 16, iv, aes_nrounds[i]);
-               impl->ai_cbc_enc(&enc, in + 16, out + 16, 128, iv,
-                   aes_nrounds[i]);
-               if (memcmp(out, expected[i], 144))
-                       return aes_selftest_fail(impl, out, expected[i], 144,
-                           "AES-%u-CBC enc incremental", aes_keybits[i]);
+               for (j = 0; j < 144; j += 16) {
+                       memcpy(iv, iv0, 16);
+                       impl->ai_cbc_enc(&enc, in, out, j, iv, aes_nrounds[i]);
+                       impl->ai_cbc_enc(&enc, in + j, out + j, 144 - j, iv,
+                           aes_nrounds[i]);
+                       if (memcmp(out, expected[i], 144))
+                               return aes_selftest_fail(impl, out,
+                                   expected[i], 144, "AES-%u-CBC enc inc %u",
+                                   aes_keybits[i], j);
 
-               memcpy(iv, iv0, 16);
-               impl->ai_cbc_dec(&dec, out, out, 128, iv, aes_nrounds[i]);
-               impl->ai_cbc_dec(&dec, out + 128, out + 128, 16, iv,
-                   aes_nrounds[i]);
-               if (memcmp(out, in, 144))
-                       return aes_selftest_fail(impl, out, in, 144,
-                           "AES-%u-CBC dec incremental", aes_keybits[i]);
+                       memcpy(iv, iv0, 16);
+                       impl->ai_cbc_dec(&dec, out, out, j, iv,
+                           aes_nrounds[i]);
+                       impl->ai_cbc_dec(&dec, out + j, out + j, 144 - j, iv,
+                           aes_nrounds[i]);
+                       if (memcmp(out, in, 144))
+                               return aes_selftest_fail(impl, out,
+                                   in, 144, "AES-%u-CBC dec inc %u",
+                                   aes_keybits[i], j);
+               }
        }
 
        if (outbuf[0] != 0x1a)
diff -r bf6e5a0d6c52 -r a2ea7b9773ad sys/crypto/aes/arch/x86/aes_sse2_subr.c
--- a/sys/crypto/aes/arch/x86/aes_sse2_subr.c   Tue Sep 08 21:41:37 2020 +0000
+++ b/sys/crypto/aes/arch/x86/aes_sse2_subr.c   Tue Sep 08 22:48:24 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: aes_sse2_subr.c,v 1.3 2020/07/25 22:29:56 riastradh Exp $      */
+/*     $NetBSD: aes_sse2_subr.c,v 1.4 2020/09/08 22:48:24 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_sse2_subr.c,v 1.3 2020/07/25 22:29:56 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_sse2_subr.c,v 1.4 2020/09/08 22:48:24 riastradh Exp $");
 
 #ifdef _KERNEL
 #include <sys/systm.h>
@@ -200,11 +200,13 @@
                case 48:
                        w = _mm_loadu_epi8(in + nbytes - 32);
                        q[1] = aes_sse2_interleave_in(w);
-                       /*FALLTHROUGH*/
-               case 32:
                        w = _mm_loadu_epi8(in + nbytes - 48);
                        q[0] = aes_sse2_interleave_in(w);
-                       /*FALLTHROUGH*/
+                       break;
+               case 32:
+                       w = _mm_loadu_epi8(in + nbytes - 32);
+                       q[0] = aes_sse2_interleave_in(w);
+                       break;
                case 16:
                        break;
                }



Home | Main Index | Thread Index | Old Index