| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <880516db-5939-d4cd-100c-69cd85532d39@pengutronix.de>
Date: Tue, 23 Mar 2021 17:41:06 +0100
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Horia Geantă <horia.geanta@....com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
Cc: "kernel@...gutronix.de" <kernel@...gutronix.de>,
James Bottomley <jejb@...ux.ibm.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Udit Agarwal <udit.agarwal@....com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
David Gstir <david@...ma-star.at>,
Franck Lenormand <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1 1/3] crypto: caam - add in-kernel interface for blob
generator
Hello Horia,
On 21.03.21 21:46, Horia Geantă wrote:
> On 3/16/2021 7:01 PM, Ahmad Fatoum wrote:
>> + init_job_desc(desc, 0);
>> + append_key_as_imm(desc, keymod, keymod_len, keymod_len,
>> + CLASS_2 | KEY_DEST_CLASS_REG);
>> + append_seq_in_ptr(desc, dma_in, length - CAAM_BLOB_OVERHEAD, 0);
>> + append_seq_out_ptr(desc, dma_out, length, 0);
> In case length is known to be < 2^16, it's recommended to use instead
> append_seq_in_ptr_intlen, append_seq_out_ptr_intlen.
Didn't know about this one. Will look into using it for v2.
>> +#define CAAM_BLOB_KEYMOD_LENGTH 16
> The define isn't used here or on patch 3/3.
Will drop and adjust the function docs to note the maximum modifier length.
>> +#define CAAM_BLOB_OVERHEAD (32 + 16)
>> +#define CAAM_BLOB_MAX_LEN 4096
>> +
>> +struct caam_blob_priv;
>> +
>> +/** caam_blob_gen_init - initialize blob generation
>> + *
>> + * returns either pointer to new caam_blob_priv instance
>> + * or error pointer
>> + */
>> +struct caam_blob_priv *caam_blob_gen_init(void);
>> +
>> +/** caam_blob_gen_init - free blob generation resources
>> + *
>> + * @priv: instance returned by caam_blob_gen_init
>> + */
>> +void caam_blob_gen_exit(struct caam_blob_priv *priv);
>> +
>> +/** caam_encap_blob - encapsulate blob
>> + *
>> + * @priv: instance returned by caam_blob_gen_init
>> + * @keymod: string to use as key modifier for blob encapsulation
>> + * @input: buffer which CAAM will DMA from
>> + * @output: buffer which CAAM will DMA to
> Is it guaranteed that input, output can be DMA-mapped?
It's expected callers ensure that this is the case. Trusted key buffers
are allocated with kmalloc and can be DMA-mapped.
Thanks for the review,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists