| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <VI1PR0402MB34851CC70E092F598E9BF32298E70@VI1PR0402MB3485.eurprd04.prod.outlook.com>
Date: Mon, 2 Mar 2020 09:36:32 +0000
From: Horia Geanta <horia.geanta@....com>
To: "Andrei Botila (OSS)" <andrei.botila@....nxp.com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
CC: "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Andrei Botila <andrei.botila@....com>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
"dm-devel@...hat.com" <dm-devel@...hat.com>
Subject: Re: [PATCH] crypto: caam - update xts sector size for large input
length
+ dm-devel
On 2/28/2020 12:47 PM, Andrei Botila (OSS) wrote:
> From: Andrei Botila <andrei.botila@....com>
>
> Since in the software implementation of XTS-AES there is
> no notion of sector every input length is processed the same way.
> CAAM implementation has the notion of sector which causes different
> results between the software implementation and the one in CAAM
> for input lengths bigger than 512 bytes.
> Increase sector size to maximum value on 16 bits.
>
> Fixes: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)")
> Cc: <stable@...r.kernel.org> # v4.12+
> Signed-off-by: Andrei Botila <andrei.botila@....com>
Reviewed-by: Horia Geantă <horia.geanta@....com>
Thanks,
Horia
> ---
> This patch needs to be applied from v4.12+ because dm-crypt has added support
> for 4K sector size at that version. The commit was
> 8f0009a225171 ("dm-crypt: optionally support larger encryption sector size").
>
> drivers/crypto/caam/caamalg_desc.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c
> index aa9ccca67045..8ebbbd28b1f7 100644
> --- a/drivers/crypto/caam/caamalg_desc.c
> +++ b/drivers/crypto/caam/caamalg_desc.c
> @@ -1518,7 +1518,13 @@ EXPORT_SYMBOL(cnstr_shdsc_skcipher_decap);
> */
> void cnstr_shdsc_xts_skcipher_encap(u32 * const desc, struct alginfo *cdata)
> {
> - __be64 sector_size = cpu_to_be64(512);
> + /*
> + * Set sector size to a big value, practically disabling
> + * sector size segmentation in xts implementation. We cannot
> + * take full advantage of this HW feature with existing
> + * crypto API / dm-crypt SW architecture.
> + */
> + __be64 sector_size = cpu_to_be64(BIT(15));
> u32 *key_jump_cmd;
>
> init_sh_desc(desc, HDR_SHARE_SERIAL | HDR_SAVECTX);
> @@ -1571,7 +1577,13 @@ EXPORT_SYMBOL(cnstr_shdsc_xts_skcipher_encap);
> */
> void cnstr_shdsc_xts_skcipher_decap(u32 * const desc, struct alginfo *cdata)
> {
> - __be64 sector_size = cpu_to_be64(512);
> + /*
> + * Set sector size to a big value, practically disabling
> + * sector size segmentation in xts implementation. We cannot
> + * take full advantage of this HW feature with existing
> + * crypto API / dm-crypt SW architecture.
> + */
> + __be64 sector_size = cpu_to_be64(BIT(15));
> u32 *key_jump_cmd;
>
> init_sh_desc(desc, HDR_SHARE_SERIAL | HDR_SAVECTX);
>
Powered by blists - more mailing lists