RE: [PATCH] crypto: gcm - fix cacheline sharing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Thu, 30 May 2019 at 15:58, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> wrote:
> >
> > On Thu, May 30, 2019 at 01:45:47PM +0000, Iuliana Prodan wrote:
> > >
> > > On the current structure of caamalg, to work, iv needs to be copied
> > > before memcpy(iv, req->iv, ivsize), from skcipher_edesc_alloc
> function.
> > > For this we need edesc, but this cannot be allocated before knowing
> how
> > > much memory we need. So, to make it work, we'll need to modify more in
> CAAM.
> >
> > All the copying does is:
> >
> >         if (ivsize)
> >                 scatterwalk_map_and_copy(req->iv, req->src, req-
> >cryptlen -
> >                                          ivsize, ivsize, 0);
> >
> > Why do you need to allocate the edesc before doing this?
> >
> 
> Because that is where the incoming iv is currently consumed. Copying
> it out like this wipes the input IV from memory.

I had a similar problem for the Inside Secure driver: for decrypt operations,
you need to copy the output IV from your input data buffer (it's the last 
input data cipher block) but you need to do that *before* you start the
hardware, as for in-place operations, it is overwritten.

At the same time, you cannot store it to req->iv yet, because that still
contains the input IV that you need for processing the first block.

The only solution I could come up with, is to park it in some temporary
buffer in the skcipher_request_ctx *before* starting the hardware and copy 
it to req->iv *after* the operation completes.

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Inside Secure
www.insidesecure.com




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux