Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/crypto/aes aes(9): Fix edge case in bitsliced SSE2 AES-C...
details: https://anonhg.NetBSD.org/src/rev/a2ea7b9773ad
branches: trunk
changeset: 975939:a2ea7b9773ad
user: riastradh <riastradh%NetBSD.org@localhost>
date: Tue Sep 08 22:48:24 2020 +0000
description:
aes(9): Fix edge case in bitsliced SSE2 AES-CBC decryption.
Make sure self-tests exercise this edge case.
Discovered by confusion over code inspection of jak's adaptation of
aes_armv8_64.S for big-endian.
diffstat:
sys/crypto/aes/aes_selftest.c | 39 ++++++++++++++++++--------------
sys/crypto/aes/arch/x86/aes_sse2_subr.c | 12 +++++----
2 files changed, 29 insertions(+), 22 deletions(-)
diffs (103 lines):
diff -r bf6e5a0d6c52 -r a2ea7b9773ad sys/crypto/aes/aes_selftest.c
--- a/sys/crypto/aes/aes_selftest.c Tue Sep 08 21:41:37 2020 +0000
+++ b/sys/crypto/aes/aes_selftest.c Tue Sep 08 22:48:24 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: aes_selftest.c,v 1.5 2020/07/25 22:36:42 riastradh Exp $ */
+/* $NetBSD: aes_selftest.c,v 1.6 2020/09/08 22:48:24 riastradh Exp $ */
/*-
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_selftest.c,v 1.5 2020/07/25 22:36:42 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_selftest.c,v 1.6 2020/09/08 22:48:24 riastradh Exp $");
#ifdef _KERNEL
@@ -210,7 +210,7 @@
uint8_t in[144];
uint8_t outbuf[146] = { [0] = 0x1a, [145] = 0x1a }, *out = outbuf + 1;
uint8_t iv0[16], iv[16];
- unsigned i;
+ unsigned i, j;
for (i = 0; i < 32; i++)
key[i] = i;
@@ -237,21 +237,26 @@
"AES-%u-CBC dec", aes_keybits[i]);
/* Try incrementally, with IV update. */
- memcpy(iv, iv0, 16);
- impl->ai_cbc_enc(&enc, in, out, 16, iv, aes_nrounds[i]);
- impl->ai_cbc_enc(&enc, in + 16, out + 16, 128, iv,
- aes_nrounds[i]);
- if (memcmp(out, expected[i], 144))
- return aes_selftest_fail(impl, out, expected[i], 144,
- "AES-%u-CBC enc incremental", aes_keybits[i]);
+ for (j = 0; j < 144; j += 16) {
+ memcpy(iv, iv0, 16);
+ impl->ai_cbc_enc(&enc, in, out, j, iv, aes_nrounds[i]);
+ impl->ai_cbc_enc(&enc, in + j, out + j, 144 - j, iv,
+ aes_nrounds[i]);
+ if (memcmp(out, expected[i], 144))
+ return aes_selftest_fail(impl, out,
+ expected[i], 144, "AES-%u-CBC enc inc %u",
+ aes_keybits[i], j);
- memcpy(iv, iv0, 16);
- impl->ai_cbc_dec(&dec, out, out, 128, iv, aes_nrounds[i]);
- impl->ai_cbc_dec(&dec, out + 128, out + 128, 16, iv,
- aes_nrounds[i]);
- if (memcmp(out, in, 144))
- return aes_selftest_fail(impl, out, in, 144,
- "AES-%u-CBC dec incremental", aes_keybits[i]);
+ memcpy(iv, iv0, 16);
+ impl->ai_cbc_dec(&dec, out, out, j, iv,
+ aes_nrounds[i]);
+ impl->ai_cbc_dec(&dec, out + j, out + j, 144 - j, iv,
+ aes_nrounds[i]);
+ if (memcmp(out, in, 144))
+ return aes_selftest_fail(impl, out,
+ in, 144, "AES-%u-CBC dec inc %u",
+ aes_keybits[i], j);
+ }
}
if (outbuf[0] != 0x1a)
diff -r bf6e5a0d6c52 -r a2ea7b9773ad sys/crypto/aes/arch/x86/aes_sse2_subr.c
--- a/sys/crypto/aes/arch/x86/aes_sse2_subr.c Tue Sep 08 21:41:37 2020 +0000
+++ b/sys/crypto/aes/arch/x86/aes_sse2_subr.c Tue Sep 08 22:48:24 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: aes_sse2_subr.c,v 1.3 2020/07/25 22:29:56 riastradh Exp $ */
+/* $NetBSD: aes_sse2_subr.c,v 1.4 2020/09/08 22:48:24 riastradh Exp $ */
/*-
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_sse2_subr.c,v 1.3 2020/07/25 22:29:56 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_sse2_subr.c,v 1.4 2020/09/08 22:48:24 riastradh Exp $");
#ifdef _KERNEL
#include <sys/systm.h>
@@ -200,11 +200,13 @@
case 48:
w = _mm_loadu_epi8(in + nbytes - 32);
q[1] = aes_sse2_interleave_in(w);
- /*FALLTHROUGH*/
- case 32:
w = _mm_loadu_epi8(in + nbytes - 48);
q[0] = aes_sse2_interleave_in(w);
- /*FALLTHROUGH*/
+ break;
+ case 32:
+ w = _mm_loadu_epi8(in + nbytes - 32);
+ q[0] = aes_sse2_interleave_in(w);
+ break;
case 16:
break;
}
Home |
Main Index |
Thread Index |
Old Index