lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20190502163821.GA22561@Red>
Date:   Thu, 2 May 2019 18:38:21 +0200
From:   Corentin Labbe <clabbe.montjoie@...il.com>
To:     Kalyani Akula <kalyania@...inx.com>
Cc:     "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
        "kstewart@...uxfoundation.org" <kstewart@...uxfoundation.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "pombredanne@...b.com" <pombredanne@...b.com>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Sarat Chand Savitala <saratcha@...inx.com>
Subject: Re: [RFC PATCH V3 0/4] Add Xilinx's ZynqMP SHA3 driver support

On Thu, May 02, 2019 at 03:12:55PM +0000, Kalyani Akula wrote:
> Hi Corentin,
> 
> Please find my response inline.
> 
> > -----Original Message-----
> > From: Corentin Labbe <clabbe.montjoie@...il.com>
> > Sent: Thursday, May 2, 2019 5:30 PM
> > To: Kalyani Akula <kalyania@...inx.com>
> > Cc: herbert@...dor.apana.org.au; kstewart@...uxfoundation.org;
> > gregkh@...uxfoundation.org; tglx@...utronix.de; pombredanne@...b.com;
> > linux-crypto@...r.kernel.org; linux-kernel@...r.kernel.org;
> > netdev@...r.kernel.org; Sarat Chand Savitala <saratcha@...inx.com>; Kalyani
> > Akula <kalyania@...inx.com>
> > Subject: Re: [RFC PATCH V3 0/4] Add Xilinx's ZynqMP SHA3 driver support
> > 
> > On Thu, May 02, 2019 at 04:04:38PM +0530, Kalyani Akula wrote:
> > > This patch set adds support for
> > > - dt-binding docs for Xilinx ZynqMP SHA3 driver
> > > - Adds communication layer support for sha_hash in zynqmp.c
> > > - Adds Xilinx ZynqMP driver for SHA3 Algorithm
> > > - Adds device tree node for ZynqMP SHA3 driver
> > >
> > > V3 Changes :
> > > - Removed zynqmp_sha_import and export APIs.The reason as follows The
> > > user space code does an accept on an already accepted FD when we
> > > create AF_ALG socket and call accept on it, it calls af_alg_accept and
> > > not hash_accept.
> > > import and export APIs are called from hash_accept.
> > > The flow is as below
> > > accept--> af_alg_accept-->hash_accept_parent-->hash_accept_parent_noke
> > > accept--> y
> > > for hash salg_type.
> > > - Resolved comments from
> > >         https://patchwork.kernel.org/patch/10753719/
> > >
> > 
> > 
> > Your driver still doesnt handle the case where two hash are done in parallel.
> > 
> 
> Our Firmware uses IPI protocol to send this SHA3 requests to SHA3 HW engine, which doesn't support parallel processing of 2 hash requests.
> The flow is 
> SHA3 request from App -> SHA3 driver-> ZynqMp driver-> Firmware (which doesn't support parallel processing of 2 requests) -> SHA3 HW Engine
> 
> 

So your driver will just send bad result in that case.

You need to export and store the intermediate result in a request context.

> > Furthermore, you miss the export/import functions.
> > 
> 
> When user space code does an accept on an already accepted FD as below
> sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
> bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));
> fd = accept(sockfd, NULL, 0);
> 
> where my sockaddr is 
> struct sockaddr_alg sa = {
>         .salg_family = AF_ALG,
>         .salg_type = "hash",
>         .salg_name = "xilinx-sha3-384"
>  };
> 
> Upon calling accept the flow in the kernel is as mentioned
> accept--> af_alg_accept-->hash_accept_parent-->hash_accept_parent_nokey
> for hash salg_type.
> 
> And where import and export functions are called from hash_accept. hence, these functions never be called from the application.
> So, I removed those from the driver.
> 
> Regards
> Kalyani.
> 

Handling your own worflow is not enough.

You need to support two client doing multiple update in parallel.
It seems that your driver is bugged in that case.

Furthermore, i am pretty sure that export and import are mandatory, and without them self-test should fail.
Do you have self test enabled and tryed to load the tcrypt module ?

Regards

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ