Commit a19b882c authored by Andy Lutomirski's avatar Andy Lutomirski Committed by Greg Kroah-Hartman

wusb: Stop using the stack for sg crypto scratch space

Pointing an sg list at the stack is verboten and, with
CONFIG_VMAP_STACK=y, will malfunction.  Use kmalloc for the wusb
crypto stack space instead.

Untested -- I'm not entirely convinced that this hardware exists in
the wild.
Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 1001354c
...@@ -133,6 +133,13 @@ static void bytewise_xor(void *_bo, const void *_bi1, const void *_bi2, ...@@ -133,6 +133,13 @@ static void bytewise_xor(void *_bo, const void *_bi1, const void *_bi2,
bo[itr] = bi1[itr] ^ bi2[itr]; bo[itr] = bi1[itr] ^ bi2[itr];
} }
/* Scratch space for MAC calculations. */
struct wusb_mac_scratch {
struct aes_ccm_b0 b0;
struct aes_ccm_b1 b1;
struct aes_ccm_a ax;
};
/* /*
* CC-MAC function WUSB1.0[6.5] * CC-MAC function WUSB1.0[6.5]
* *
...@@ -197,16 +204,15 @@ static void bytewise_xor(void *_bo, const void *_bi1, const void *_bi2, ...@@ -197,16 +204,15 @@ static void bytewise_xor(void *_bo, const void *_bi1, const void *_bi2,
* what sg[4] is for. Maybe there is a smarter way to do this. * what sg[4] is for. Maybe there is a smarter way to do this.
*/ */
static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
struct crypto_cipher *tfm_aes, void *mic, struct crypto_cipher *tfm_aes,
struct wusb_mac_scratch *scratch,
void *mic,
const struct aes_ccm_nonce *n, const struct aes_ccm_nonce *n,
const struct aes_ccm_label *a, const void *b, const struct aes_ccm_label *a, const void *b,
size_t blen) size_t blen)
{ {
int result = 0; int result = 0;
SKCIPHER_REQUEST_ON_STACK(req, tfm_cbc); SKCIPHER_REQUEST_ON_STACK(req, tfm_cbc);
struct aes_ccm_b0 b0;
struct aes_ccm_b1 b1;
struct aes_ccm_a ax;
struct scatterlist sg[4], sg_dst; struct scatterlist sg[4], sg_dst;
void *dst_buf; void *dst_buf;
size_t dst_size; size_t dst_size;
...@@ -218,16 +224,17 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, ...@@ -218,16 +224,17 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
* These checks should be compile time optimized out * These checks should be compile time optimized out
* ensure @a fills b1's mac_header and following fields * ensure @a fills b1's mac_header and following fields
*/ */
WARN_ON(sizeof(*a) != sizeof(b1) - sizeof(b1.la)); WARN_ON(sizeof(*a) != sizeof(scratch->b1) - sizeof(scratch->b1.la));
WARN_ON(sizeof(b0) != sizeof(struct aes_ccm_block)); WARN_ON(sizeof(scratch->b0) != sizeof(struct aes_ccm_block));
WARN_ON(sizeof(b1) != sizeof(struct aes_ccm_block)); WARN_ON(sizeof(scratch->b1) != sizeof(struct aes_ccm_block));
WARN_ON(sizeof(ax) != sizeof(struct aes_ccm_block)); WARN_ON(sizeof(scratch->ax) != sizeof(struct aes_ccm_block));
result = -ENOMEM; result = -ENOMEM;
zero_padding = blen % sizeof(struct aes_ccm_block); zero_padding = blen % sizeof(struct aes_ccm_block);
if (zero_padding) if (zero_padding)
zero_padding = sizeof(struct aes_ccm_block) - zero_padding; zero_padding = sizeof(struct aes_ccm_block) - zero_padding;
dst_size = blen + sizeof(b0) + sizeof(b1) + zero_padding; dst_size = blen + sizeof(scratch->b0) + sizeof(scratch->b1) +
zero_padding;
dst_buf = kzalloc(dst_size, GFP_KERNEL); dst_buf = kzalloc(dst_size, GFP_KERNEL);
if (!dst_buf) if (!dst_buf)
goto error_dst_buf; goto error_dst_buf;
...@@ -235,9 +242,9 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, ...@@ -235,9 +242,9 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
memset(iv, 0, sizeof(iv)); memset(iv, 0, sizeof(iv));
/* Setup B0 */ /* Setup B0 */
b0.flags = 0x59; /* Format B0 */ scratch->b0.flags = 0x59; /* Format B0 */
b0.ccm_nonce = *n; scratch->b0.ccm_nonce = *n;
b0.lm = cpu_to_be16(0); /* WUSB1.0[6.5] sez l(m) is 0 */ scratch->b0.lm = cpu_to_be16(0); /* WUSB1.0[6.5] sez l(m) is 0 */
/* Setup B1 /* Setup B1
* *
...@@ -246,12 +253,12 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, ...@@ -246,12 +253,12 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
* 14'--after clarification, it means to use A's contents * 14'--after clarification, it means to use A's contents
* for MAC Header, EO, sec reserved and padding. * for MAC Header, EO, sec reserved and padding.
*/ */
b1.la = cpu_to_be16(blen + 14); scratch->b1.la = cpu_to_be16(blen + 14);
memcpy(&b1.mac_header, a, sizeof(*a)); memcpy(&scratch->b1.mac_header, a, sizeof(*a));
sg_init_table(sg, ARRAY_SIZE(sg)); sg_init_table(sg, ARRAY_SIZE(sg));
sg_set_buf(&sg[0], &b0, sizeof(b0)); sg_set_buf(&sg[0], &scratch->b0, sizeof(scratch->b0));
sg_set_buf(&sg[1], &b1, sizeof(b1)); sg_set_buf(&sg[1], &scratch->b1, sizeof(scratch->b1));
sg_set_buf(&sg[2], b, blen); sg_set_buf(&sg[2], b, blen);
/* 0 if well behaved :) */ /* 0 if well behaved :) */
sg_set_buf(&sg[3], bzero, zero_padding); sg_set_buf(&sg[3], bzero, zero_padding);
...@@ -276,11 +283,12 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc, ...@@ -276,11 +283,12 @@ static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
* POS Crypto API: size is assumed to be AES's block size. * POS Crypto API: size is assumed to be AES's block size.
* Thanks for documenting it -- tip taken from airo.c * Thanks for documenting it -- tip taken from airo.c
*/ */
ax.flags = 0x01; /* as per WUSB 1.0 spec */ scratch->ax.flags = 0x01; /* as per WUSB 1.0 spec */
ax.ccm_nonce = *n; scratch->ax.ccm_nonce = *n;
ax.counter = 0; scratch->ax.counter = 0;
crypto_cipher_encrypt_one(tfm_aes, (void *)&ax, (void *)&ax); crypto_cipher_encrypt_one(tfm_aes, (void *)&scratch->ax,
bytewise_xor(mic, &ax, iv, 8); (void *)&scratch->ax);
bytewise_xor(mic, &scratch->ax, iv, 8);
result = 8; result = 8;
error_cbc_crypt: error_cbc_crypt:
kfree(dst_buf); kfree(dst_buf);
...@@ -303,6 +311,7 @@ ssize_t wusb_prf(void *out, size_t out_size, ...@@ -303,6 +311,7 @@ ssize_t wusb_prf(void *out, size_t out_size,
struct aes_ccm_nonce n = *_n; struct aes_ccm_nonce n = *_n;
struct crypto_skcipher *tfm_cbc; struct crypto_skcipher *tfm_cbc;
struct crypto_cipher *tfm_aes; struct crypto_cipher *tfm_aes;
struct wusb_mac_scratch *scratch;
u64 sfn = 0; u64 sfn = 0;
__le64 sfn_le; __le64 sfn_le;
...@@ -329,17 +338,23 @@ ssize_t wusb_prf(void *out, size_t out_size, ...@@ -329,17 +338,23 @@ ssize_t wusb_prf(void *out, size_t out_size,
printk(KERN_ERR "E: can't set AES key: %d\n", (int)result); printk(KERN_ERR "E: can't set AES key: %d\n", (int)result);
goto error_setkey_aes; goto error_setkey_aes;
} }
scratch = kmalloc(sizeof(*scratch), GFP_KERNEL);
if (!scratch)
goto error_alloc_scratch;
for (bitr = 0; bitr < (len + 63) / 64; bitr++) { for (bitr = 0; bitr < (len + 63) / 64; bitr++) {
sfn_le = cpu_to_le64(sfn++); sfn_le = cpu_to_le64(sfn++);
memcpy(&n.sfn, &sfn_le, sizeof(n.sfn)); /* n.sfn++... */ memcpy(&n.sfn, &sfn_le, sizeof(n.sfn)); /* n.sfn++... */
result = wusb_ccm_mac(tfm_cbc, tfm_aes, out + bytes, result = wusb_ccm_mac(tfm_cbc, tfm_aes, scratch, out + bytes,
&n, a, b, blen); &n, a, b, blen);
if (result < 0) if (result < 0)
goto error_ccm_mac; goto error_ccm_mac;
bytes += result; bytes += result;
} }
result = bytes; result = bytes;
kfree(scratch);
error_alloc_scratch:
error_ccm_mac: error_ccm_mac:
error_setkey_aes: error_setkey_aes:
crypto_free_cipher(tfm_aes); crypto_free_cipher(tfm_aes);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment