Re: [PATCH] crypto: gcm - fix cacheline sharing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/6/2019 9:58 AM, Herbert Xu wrote:
> On Thu, Jun 06, 2019 at 08:53:10AM +0200, Ard Biesheuvel wrote:
>>
>> That same patch 'fixes' CBC, since CBC was never broken to begin with.
>> The CTS driver does not have something like the auth_tag sharing the
>> same cacheline with the IV, so CBC has always worked fine.
> 
> CBC is broken.  Any crypto API user is allowed to place the IV
> in the same position relative to the src/dst buffer.  So the driver
> must deal with it.
> 
That's the theory.
In practice we haven't encountered any issue so far, but yes this case has to be
handled properly.

> It's just that the CTR/ghash combo happened to expose this first.
> 
Yes, and that's what the patch is fixing.

>> So I guess what you are after is a patch that, instead of dodging the
>> issue by limiting the copy to CBC, does not perform the copy at all
>> while anything is mapped for DMA? Then we can leave it up to the NXP
>> engineers to fix CTR mode.
> 
> Right, we definitely need to fix it for CBC, probably in the way that
> you suggested.
> 
Not really.
I am in favor of using the HW to update the IV, which would work for all
skcipher algorithms.
I have the fix ready, will send it in a couple of days.

Thanks,
Horia




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux