Re: [PATCH] crypto: gcm - fix cacheline sharing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/31/2019 1:00 AM, Iuliana Prodan wrote:
> On 5/30/2019 6:05 PM, Ard Biesheuvel wrote:
>> On Thu, 30 May 2019 at 16:34, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>>>
>>> On Thu, May 30, 2019 at 04:31:09PM +0200, Ard Biesheuvel wrote:
>>>>
>>>> This might work:
>>>
>>> Looks good to me.
>>>
>>
>> Thanks Herbert,
>>
>> But given your remark regarding CBC being the only algo that has this
>> requirement, I wonder if this might be sufficient as well.
>>
>> diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
>> index c0ece44f303b..65b050e3742f 100644
>> --- a/drivers/crypto/caam/caamalg.c
>> +++ b/drivers/crypto/caam/caamalg.c
>> @@ -1844,7 +1844,7 @@ static int skcipher_decrypt(struct skcipher_request *req)
>>           * The crypto API expects us to set the IV (req->iv) to the last
>>           * ciphertext block.
>>           */
>> -       if (ivsize)
>> +       if (ctx->cdata.algtype & OP_ALG_AAI_CBC)
>>                  scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen -
>>                                           ivsize, ivsize, 0);
>>
>>
>> Iulia, Horia?
>>
> I can confirm that gcm (and ccm), with ctr-aes-caam, is passing with the 
> above fix.
> 
The check should be:
	if ((ctx->cdata.algtype & OP_ALG_AAI_MASK) == OP_ALG_AAI_CBC)

Having this workaround is probably ok, until we properly fix the IV update for
CTR mode.

Thanks,
Horia




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux