lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 May 2017 15:56:56 +0200
From:   Stephan Müller <smueller@...onox.de>
To:     Srikanth Jampala <Jampala.Srikanth@...ium.com>
Cc:     herbert@...dor.apana.org.au, davem@...emloft.net,
        linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
        George.Cherian@...ium.com, Nidadavolu.Murthy@...ium.com,
        Sreerama.Gadam@...ium.com, Ram.Kumar@...ium.com
Subject: Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.

Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala:

Hi Srikanth,

In general: you are using the ablkcipher API. I think it is on its way out and 
being replaced with skcipher.

Maybe it makes sense to replace it here too. It could be as simple as s/
ablkcipher/skcipher/g

> +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher
> *cipher,
> +                                          int aes_keylen, const u8 *key,
> +                                          unsigned int keylen)
> +{
> +       struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
> +       struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm);
> +       struct flexi_crypto_context *fctx;
> +       enum flexi_cipher cipher_type;
> +       const char *name;
> +
> +       name = crypto_tfm_alg_name(tfm);
> +       cipher_type = flexi_cipher_type(name);
> +       if (cipher_type == CIPHER_INVALID) {
> +               pr_err("unsupported cipher: %s\n", name);
> +               return -EINVAL;
> +       }
> +
> +       /* fill crypto context */
> +       fctx = inst->u.fctx;
> +       fctx->flags = 0;
> +       fctx->w0.cipher_type = cipher_type;
> +       fctx->w0.aes_keylen = aes_keylen;
> +       fctx->w0.iv_source = IV_FROM_DPTR;
> +       fctx->flags = cpu_to_be64(*(u64 *)&fctx->w0);
> +       /* copy the key to context */
> +       memcpy(fctx->crypto.u.key, key, keylen);

Could you help me finding the location where this memory is zeroized upon 
release?
> +
> +       return 0;
> +}.

> +
> +static int nitrox_3des_setkey(struct crypto_ablkcipher *cipher, const u8
> *key, +			      unsigned int keylen)
> +{
> +	if (keylen != DES3_EDE_KEY_SIZE) {
> +		crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
> +		return -EINVAL;
> +	}

Please import the check from __des3_ede_setkey (or better, extract that key 
check into a generic function like xts_check_key).

Ciao
Stephan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ