lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <784e0379-ee24-51ea-68c5-de7adf907dfb@linaro.org>
Date:   Tue, 13 Apr 2021 18:46:28 -0400
From:   Thara Gopinath <thara.gopinath@...aro.org>
To:     Bjorn Andersson <bjorn.andersson@...aro.org>
Cc:     herbert@...dor.apana.org.au, davem@...emloft.net,
        ebiggers@...gle.com, ardb@...nel.org, sivaprak@...eaurora.org,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 6/7] crypto: qce: common: Add support for AEAD algorithms



On 4/13/21 6:33 PM, Bjorn Andersson wrote:
> On Tue 13 Apr 17:27 CDT 2021, Thara Gopinath wrote:
> 
>>
>>
>> On 4/5/21 6:18 PM, Bjorn Andersson wrote:
>>> On Thu 25 Feb 12:27 CST 2021, Thara Gopinath wrote:
>>>
>>>> Add register programming sequence for enabling AEAD
>>>> algorithms on the Qualcomm crypto engine.
>>>>
>>>> Signed-off-by: Thara Gopinath <thara.gopinath@...aro.org>
>>>> ---
>>>>    drivers/crypto/qce/common.c | 155 +++++++++++++++++++++++++++++++++++-
>>>>    1 file changed, 153 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/drivers/crypto/qce/common.c b/drivers/crypto/qce/common.c
>>>> index 05a71c5ecf61..54d209cb0525 100644
>>>> --- a/drivers/crypto/qce/common.c
>>>> +++ b/drivers/crypto/qce/common.c
>>>> @@ -15,6 +15,16 @@
>>>>    #include "core.h"
>>>>    #include "regs-v5.h"
>>>>    #include "sha.h"
>>>> +#include "aead.h"
>>>> +
>>>> +static const u32 std_iv_sha1[SHA256_DIGEST_SIZE / sizeof(u32)] = {
>>>> +	SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4, 0, 0, 0
>>>> +};
>>>> +
>>>> +static const u32 std_iv_sha256[SHA256_DIGEST_SIZE / sizeof(u32)] = {
>>>> +	SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
>>>> +	SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7
>>>> +};
>>>>    static inline u32 qce_read(struct qce_device *qce, u32 offset)
>>>>    {
>>>> @@ -96,7 +106,7 @@ static inline void qce_crypto_go(struct qce_device *qce, bool result_dump)
>>>>    		qce_write(qce, REG_GOPROC, BIT(GO_SHIFT));
>>>>    }
>>>> -#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
>>>> +#if defined(CONFIG_CRYPTO_DEV_QCE_SHA) || defined(CONFIG_CRYPTO_DEV_QCE_AEAD)
>>>>    static u32 qce_auth_cfg(unsigned long flags, u32 key_size, u32 auth_size)
>>>>    {
>>>>    	u32 cfg = 0;
>>>> @@ -139,7 +149,9 @@ static u32 qce_auth_cfg(unsigned long flags, u32 key_size, u32 auth_size)
>>>>    	return cfg;
>>>>    }
>>>> +#endif
>>>> +#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
>>>>    static int qce_setup_regs_ahash(struct crypto_async_request *async_req)
>>>>    {
>>>>    	struct ahash_request *req = ahash_request_cast(async_req);
>>>> @@ -225,7 +237,7 @@ static int qce_setup_regs_ahash(struct crypto_async_request *async_req)
>>>>    }
>>>>    #endif
>>>> -#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
>>>> +#if defined(CONFIG_CRYPTO_DEV_QCE_SKCIPHER) || defined(CONFIG_CRYPTO_DEV_QCE_AEAD)
>>>>    static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
>>>>    {
>>>>    	u32 cfg = 0;
>>>> @@ -271,7 +283,9 @@ static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
>>>>    	return cfg;
>>>>    }
>>>> +#endif
>>>> +#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
>>>>    static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
>>>>    {
>>>>    	u8 swap[QCE_AES_IV_LENGTH];
>>>> @@ -386,6 +400,139 @@ static int qce_setup_regs_skcipher(struct crypto_async_request *async_req)
>>>>    }
>>>>    #endif
>>>> +#ifdef CONFIG_CRYPTO_DEV_QCE_AEAD
>>>> +static int qce_setup_regs_aead(struct crypto_async_request *async_req)
>>>> +{
>>>> +	struct aead_request *req = aead_request_cast(async_req);
>>>> +	struct qce_aead_reqctx *rctx = aead_request_ctx(req);
>>>> +	struct qce_aead_ctx *ctx = crypto_tfm_ctx(async_req->tfm);
>>>> +	struct qce_alg_template *tmpl = to_aead_tmpl(crypto_aead_reqtfm(req));
>>>> +	struct qce_device *qce = tmpl->qce;
>>>> +	__be32 enckey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(__be32)] = {0};
>>>> +	__be32 enciv[QCE_MAX_IV_SIZE / sizeof(__be32)] = {0};
>>>> +	__be32 authkey[QCE_SHA_HMAC_KEY_SIZE / sizeof(__be32)] = {0};
>>>> +	__be32 authiv[SHA256_DIGEST_SIZE / sizeof(__be32)] = {0};
>>>> +	__be32 authnonce[QCE_MAX_NONCE / sizeof(__be32)] = {0};
>>>> +	unsigned int enc_keylen = ctx->enc_keylen;
>>>> +	unsigned int auth_keylen = ctx->auth_keylen;
>>>> +	unsigned int enc_ivsize = rctx->ivsize;
>>>> +	unsigned int auth_ivsize;
>>>> +	unsigned int enckey_words, enciv_words;
>>>> +	unsigned int authkey_words, authiv_words, authnonce_words;
>>>> +	unsigned long flags = rctx->flags;
>>>> +	u32 encr_cfg = 0, auth_cfg = 0, config, totallen;
>>>
>>> I don't see any reason to initialize encr_cfg or auth_cfg.
>>>
>>>> +	u32 *iv_last_word;
>>>> +
>>>> +	qce_setup_config(qce);
>>>> +
>>>> +	/* Write encryption key */
>>>> +	qce_cpu_to_be32p_array(enckey, ctx->enc_key, enc_keylen);
>>>> +	enckey_words = enc_keylen / sizeof(u32);
>>>> +	qce_write_array(qce, REG_ENCR_KEY0, (u32 *)enckey, enckey_words);
>>>
>>> Afaict all "array registers" in this function are affected by the
>>> CRYPTO_SETUP little endian bit, but you set this bit before launching
>>> the operation dependent on IS_CCM(). So is this really working for the
>>> !IS_CCM() case?
>>>
>>>> +
>>>> +	/* Write encryption iv */
>>>> +	qce_cpu_to_be32p_array(enciv, rctx->iv, enc_ivsize);
>>>> +	enciv_words = enc_ivsize / sizeof(u32);
>>>> +	qce_write_array(qce, REG_CNTR0_IV0, (u32 *)enciv, enciv_words);
>>>
>>> It would be nice if this snippet was extracted to a helper function.
>>
>> I kind of forgot to type this earlier. So yes I agree in principle.
>> It is more elegant to have something like qce_convert_be32_and_write
>> and in the function do the above three steps. This snippet is prevalent in
>> this driver code across other alogs as well (skcipher and hash).
> 
> Perhaps make qce_cpu_to_be32p_array() (or qce_be32_to_cpu() per the
> other reply), could return the number of words written - that way you
> remove the ugly middle line at least - and can still poke at the data
> when needed.

Right. I will note this down for clean up as it touches other stuff as 
well.

> 
>> Take it up as a separate clean up activity  ?
>>
> 
> Yes, that seems like a good idea.
> 
> Regards,
> Bjorn
> 

-- 
Warm Regards
Thara

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ