Re: [PATCH] crypto: caam - update xts sector size for large input length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+ dm-devel

On 2/28/2020 12:47 PM, Andrei Botila (OSS) wrote:
> From: Andrei Botila <andrei.botila@xxxxxxx>
> 
> Since in the software implementation of XTS-AES there is
> no notion of sector every input length is processed the same way.
> CAAM implementation has the notion of sector which causes different
> results between the software implementation and the one in CAAM
> for input lengths bigger than 512 bytes.
> Increase sector size to maximum value on 16 bits.
> 
> Fixes: c6415a6016bf ("crypto: caam - add support for acipher xts(aes)")
> Cc: <stable@xxxxxxxxxxxxxxx> # v4.12+
> Signed-off-by: Andrei Botila <andrei.botila@xxxxxxx>
Reviewed-by: Horia Geantă <horia.geanta@xxxxxxx>

Thanks,
Horia

> ---
> This patch needs to be applied from v4.12+ because dm-crypt has added support
> for 4K sector size at that version. The commit was
> 8f0009a225171 ("dm-crypt: optionally support larger encryption sector size").
> 
>  drivers/crypto/caam/caamalg_desc.c | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c
> index aa9ccca67045..8ebbbd28b1f7 100644
> --- a/drivers/crypto/caam/caamalg_desc.c
> +++ b/drivers/crypto/caam/caamalg_desc.c
> @@ -1518,7 +1518,13 @@ EXPORT_SYMBOL(cnstr_shdsc_skcipher_decap);
>   */
>  void cnstr_shdsc_xts_skcipher_encap(u32 * const desc, struct alginfo *cdata)
>  {
> -	__be64 sector_size = cpu_to_be64(512);
> +	/*
> +	 * Set sector size to a big value, practically disabling
> +	 * sector size segmentation in xts implementation. We cannot
> +	 * take full advantage of this HW feature with existing
> +	 * crypto API / dm-crypt SW architecture.
> +	 */
> +	__be64 sector_size = cpu_to_be64(BIT(15));
>  	u32 *key_jump_cmd;
>  
>  	init_sh_desc(desc, HDR_SHARE_SERIAL | HDR_SAVECTX);
> @@ -1571,7 +1577,13 @@ EXPORT_SYMBOL(cnstr_shdsc_xts_skcipher_encap);
>   */
>  void cnstr_shdsc_xts_skcipher_decap(u32 * const desc, struct alginfo *cdata)
>  {
> -	__be64 sector_size = cpu_to_be64(512);
> +	/*
> +	 * Set sector size to a big value, practically disabling
> +	 * sector size segmentation in xts implementation. We cannot
> +	 * take full advantage of this HW feature with existing
> +	 * crypto API / dm-crypt SW architecture.
> +	 */
> +	__be64 sector_size = cpu_to_be64(BIT(15));
>  	u32 *key_jump_cmd;
>  
>  	init_sh_desc(desc, HDR_SHARE_SERIAL | HDR_SAVECTX);
> 




--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel





[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux