| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Aug 2018 15:19:09 +0200
From: Stephan Mueller <smueller@...onox.de>
To: Krzysztof Kozlowski <krzk@...nel.org>
Cc: herbert@...dor.apana.org.au, davem@...emloft.net,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Locking for HW crypto accelerators
Am Donnerstag, 30. August 2018, 15:09:05 CEST schrieb Krzysztof Kozlowski:
Hi Krzysztof,
> Thanks Stephan for hints. Let's assume the each of init, update and
> final are atomic... but how about the relation between update and
> final? I have two concurrent users in user-space but only one HW:
>
> Process A: Process B:
> init() and set_key()
> init() and different key
> update(some_data)
> update(different_data)
> final()
> final()
>
> The final() from process A will now produce the result of hashing/CRC
> of some_data and different_data (and even maybe mixed with init() for
> different key). All because in the meantime process B added its own
> data to the HW.
The question is where is the state of the cipher operation kept that is
produced with each of the init/update/final calls. Your answer implies that
this state is kept in hardware.
But commonly the state is kept in software. Look at ahash_request for example,
the __ctx pointer is intended to point to the memory the driver needs to store
its state.
Pick a random driver implementation and search for ahash_request_ctx, for
example.
>
> Best regards,
> Krzysztof
Ciao
Stephan
Powered by blists - more mailing lists