lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aLK7eiozc2F-kM_z@gondor.apana.org.au>
Date: Sat, 30 Aug 2025 16:51:06 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: T Pratham <t-pratham@...com>
Cc: "David S . Miller" <davem@...emloft.net>, Rob Herring <robh@...nel.org>,
	Krzysztof Kozlowski <krzk+dt@...nel.org>,
	Conor Dooley <conor+dt@...nel.org>, linux-crypto@...r.kernel.org,
	devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
	Kamlesh Gurudasani <kamlesh@...com>,
	Manorit Chawdhry <m-chawdhry@...com>,
	Vignesh Raghavendra <vigneshr@...com>,
	Praneeth Bajjuri <praneeth@...com>,
	Vishal Mahaveer <vishalm@...com>,
	Kavitha Malarvizhi <k-malarvizhi@...com>
Subject: Re: [PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto
 Engine

On Wed, Aug 20, 2025 at 02:42:25PM +0530, T Pratham wrote:
> Data Transform and Hashing Engine (DTHE) v2 is a new cryptography engine
> introduced i TI AM62L SoC. DTHEv2 consists of multiple crypto IPs[1] (such
> as AES Engine, hashing engine, TRNG, etc.) which can be used for
> offloading cryptographic operations off of the CPU. The primary benefit
> of DTHEv2 is enhanced side-channel attack resistance, with AES and PKE
> engine being DPA and EMA resistant. These side-channel resistances are
> the underlying requirement for various certifications like SESIP, PSA,
> and IEC62443 (lvl 3+). Thus, DTHEv2 provides critical security benefits
> for embedded systems that require protection against passive physical
> attacks.
> 
> The AES Engine of DTHEv2 supports multiple AES modes (ECB, CBC, CTR,
> CFB, f8), several protocols (GCM, CCM, XTS) and authentication modes
> (CBC-MAC and f9). The hashing engine supports MD5, SHA1, and SHA2 (224,
> 256, 384, 512) algorithms along with HMAC. This patch series introduces
> basic driver support for DTHEv2 engine, beginning with suporting AES-ECB
> and AES-CBC algorithms. Other algorithms are planned to be added
> gradually in phases after initial suppport is added.
> 
> The driver is tested using full kernel crypto selftests (CRYPTO_SELFTESTS)
> which all pass successfully [2].
> 
> Signed-off-by: T Pratham <t-pratham@...com>
> ---
> [1]: Section 14.6.3 (DMA Control Registers -> DMASS_DTHE)
> Link: https://www.ti.com/lit/ug/sprujb4/sprujb4.pdf
> 
> [2]: DTHEv2 AES-ECB and AES-CBC kernel self-tests logs
> Link: https://gist.github.com/Pratham-T/aaa499cf50d20310cb27266a645bfd60
> 
> Change log:
> v7:
>  - Dropped redundant crypto_engine_stop() calls.
>  - Corrected Reviewed-by tag.
> v6:
>  - Reworded the cover letter and commit messages to name DTHEv2 as a
>    crypto engine instead of crypto accelerator.
>  - Reworded the cover letter completely to emphasise more on the utility
>    of DTHEv2 as better resistance against physical attacks
>  - Reworded DTHEv2 description (help text) in KConfig
>  - Added dma_terminate_sync calls to ensure DMA requests are removed in
>    case when completion times-out.
>  - Some rearrangement of fields between dthe_tfm_ctx and dthe_aes_req_ctx
>    struct, so that per tfm members are correctly placed in tfm_ctx and per
>    request members are in req_ctx. Subsequently setkey, encrypt and
>    decrypt functions are also changed.
>  - Removed exit_tfm function which was useless and not required.
>  - Removed unnecessary zeroing of tfm_ctx object in init_tfm.
>  - Corrected return value in dthe_aes_run function.
>  - Reduced cra_priority of DTHEv2 algorithms.
> v5:
>  - Simplified tfm ctx struct
>  - Set cra_reqsize instead of using crypto_skcipher_set_reqsize()
>  - Move setting sysconfig and irqenable registers to dthe_aes_run
> v4:
>  - Corrected dt-bindings example indentation
>  - Simplified dt-bindings example, removing the node surrounding crypto
>  - Fixed typo in dthev2-common.h header guard
>  - Removed unused ctx field in dev_data struct
>  - Moved per-op data into request context
> v3:
>  - Corrected dt-bindings reg length is too long error
>  - Converted AES driver code to use crypto_engine APIs for using
>    internal crypto queue instead of mutex.
>  - Removed calls to skcipher_request_complete in paths not returning
>    -EINPROGRESS before.
>  - Added missing KConfig import, which was accidentally removed in v2.
> 
> v2:
>  - Corrected dt-bindings syntax errors and other review comments in v1.
>  - Completely changed driver code structure, splitting code into
>    multiple files
> 
> Link to previous versions:
> v6: https://lore.kernel.org/all/20250819065844.3337101-1-t-pratham@ti.com/
> v5: https://lore.kernel.org/all/20250603124217.957116-1-t-pratham@ti.com/
> v4: https://lore.kernel.org/all/20250508101723.846210-2-t-pratham@ti.com/
> v3: https://lore.kernel.org/all/20250502121253.456974-2-t-pratham@ti.com/
> v2: https://lore.kernel.org/all/20250411091321.2925308-1-t-pratham@ti.com/
> v1: https://lore.kernel.org/all/20250206-dthe-v2-aes-v1-0-1e86cf683928@ti.com/
> ---
> 
> T Pratham (2):
>   dt-bindings: crypto: Add binding for TI DTHE V2
>   crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)
> 
>  .../bindings/crypto/ti,am62l-dthev2.yaml      |  50 +++
>  MAINTAINERS                                   |   7 +
>  drivers/crypto/Kconfig                        |   1 +
>  drivers/crypto/Makefile                       |   1 +
>  drivers/crypto/ti/Kconfig                     |  14 +
>  drivers/crypto/ti/Makefile                    |   3 +
>  drivers/crypto/ti/dthev2-aes.c                | 411 ++++++++++++++++++
>  drivers/crypto/ti/dthev2-common.c             | 217 +++++++++
>  drivers/crypto/ti/dthev2-common.h             | 101 +++++
>  9 files changed, 805 insertions(+)
>  create mode 100644 Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
>  create mode 100644 drivers/crypto/ti/Kconfig
>  create mode 100644 drivers/crypto/ti/Makefile
>  create mode 100644 drivers/crypto/ti/dthev2-aes.c
>  create mode 100644 drivers/crypto/ti/dthev2-common.c
>  create mode 100644 drivers/crypto/ti/dthev2-common.h
> 
> -- 
> 2.43.0

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ