Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.
Hi Stephan, On Thursday 11 May 2017 05:52 PM, Stephan Müller wrote: > Am Donnerstag, 11. Mai 2017, 14:18:34 CEST schrieb srikanth jampala: > > Hi srikanth, > >> Hi Stephan, >> >> On Wednesday 10 May 2017 07:26 PM, Stephan Müller wrote: >>> Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala: >>> >>> Hi Srikanth, >>> >>> In general: you are using the ablkcipher API. I think it is on its way out >>> and being replaced with skcipher. >>> >>> Maybe it makes sense to replace it here too. It could be as simple as s/ >>> ablkcipher/skcipher/g >> >> Sure, I will do the changes accordingly. >> As per my understanding, I see the following changes, >> 1. CRYPTO_ALG_TYPE_ABLKCIPHER changed to CRYPTO_ALG_TYPE_SKCIPHER >> 2. nitrox_ablkcipher_foo() changed to nitrox_skcipher_foo() >> >> Please let me know, any other changes I have to consider? > > What about all crypto_ablkcipher* function calls / structs? Also all > ablkcipher_request function calls/structs? I will work on the changes suggested. >> +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher *cipher, + int aes_keylen, const u8 *key, + unsigned int keylen) +{ + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); + struct flexi_crypto_context *fctx; + enum flexi_cipher cipher_type; + const char *name; + + name = crypto_tfm_alg_name(tfm); + cipher_type = flexi_cipher_type(name); + if (cipher_type == CIPHER_INVALID) { + pr_err("unsupported cipher: %s\n", name); + return -EINVAL; + } + + /* fill crypto context */ + fctx = inst->u.fctx; + fctx->flags = 0; + fctx->w0.cipher_type = cipher_type; + fctx->w0.aes_keylen = aes_keylen; + fctx->w0.iv_source = IV_FROM_DPTR; + fctx->flags = cpu_to_be64(*(u64 *)>w0); + /* copy the key to context */ + memcpy(fctx->crypto.u.key, key, keylen); >>> >>> Could you help me finding the location where this memory is zeroized upon >>> release? >> >> Currently, we are not zeroized the context in release. >> We are doing it at the time of allocation. > > You store a key in a piece of heap memory. I guess you want to zeroize that > key memory before releasing? > I will do the changes. > > Ciao > Stephan >
Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.
Am Donnerstag, 11. Mai 2017, 14:18:34 CEST schrieb srikanth jampala: Hi srikanth, > Hi Stephan, > > On Wednesday 10 May 2017 07:26 PM, Stephan Müller wrote: > > Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala: > > > > Hi Srikanth, > > > > In general: you are using the ablkcipher API. I think it is on its way out > > and being replaced with skcipher. > > > > Maybe it makes sense to replace it here too. It could be as simple as s/ > > ablkcipher/skcipher/g > > Sure, I will do the changes accordingly. > As per my understanding, I see the following changes, > 1. CRYPTO_ALG_TYPE_ABLKCIPHER changed to CRYPTO_ALG_TYPE_SKCIPHER > 2. nitrox_ablkcipher_foo() changed to nitrox_skcipher_foo() > > Please let me know, any other changes I have to consider? What about all crypto_ablkcipher* function calls / structs? Also all ablkcipher_request function calls/structs? > > >> +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher > >> *cipher, > >> + int aes_keylen, const u8 *key, > >> + unsigned int keylen) > >> +{ > >> + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); > >> + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); > >> + struct flexi_crypto_context *fctx; > >> + enum flexi_cipher cipher_type; > >> + const char *name; > >> + > >> + name = crypto_tfm_alg_name(tfm); > >> + cipher_type = flexi_cipher_type(name); > >> + if (cipher_type == CIPHER_INVALID) { > >> + pr_err("unsupported cipher: %s\n", name); > >> + return -EINVAL; > >> + } > >> + > >> + /* fill crypto context */ > >> + fctx = inst->u.fctx; > >> + fctx->flags = 0; > >> + fctx->w0.cipher_type = cipher_type; > >> + fctx->w0.aes_keylen = aes_keylen; > >> + fctx->w0.iv_source = IV_FROM_DPTR; > >> + fctx->flags = cpu_to_be64(*(u64 *)>w0); > >> + /* copy the key to context */ > >> + memcpy(fctx->crypto.u.key, key, keylen); > > > > Could you help me finding the location where this memory is zeroized upon > > release? > > Currently, we are not zeroized the context in release. > We are doing it at the time of allocation. You store a key in a piece of heap memory. I guess you want to zeroize that key memory before releasing? Ciao Stephan
Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.
Hi Stephan, On Wednesday 10 May 2017 07:26 PM, Stephan Müller wrote: > Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala: > > Hi Srikanth, > > In general: you are using the ablkcipher API. I think it is on its way out > and > being replaced with skcipher. > > Maybe it makes sense to replace it here too. It could be as simple as s/ > ablkcipher/skcipher/g > Sure, I will do the changes accordingly. As per my understanding, I see the following changes, 1. CRYPTO_ALG_TYPE_ABLKCIPHER changed to CRYPTO_ALG_TYPE_SKCIPHER 2. nitrox_ablkcipher_foo() changed to nitrox_skcipher_foo() Please let me know, any other changes I have to consider? >> +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher >> *cipher, >> + int aes_keylen, const u8 *key, >> + unsigned int keylen) >> +{ >> + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); >> + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); >> + struct flexi_crypto_context *fctx; >> + enum flexi_cipher cipher_type; >> + const char *name; >> + >> + name = crypto_tfm_alg_name(tfm); >> + cipher_type = flexi_cipher_type(name); >> + if (cipher_type == CIPHER_INVALID) { >> + pr_err("unsupported cipher: %s\n", name); >> + return -EINVAL; >> + } >> + >> + /* fill crypto context */ >> + fctx = inst->u.fctx; >> + fctx->flags = 0; >> + fctx->w0.cipher_type = cipher_type; >> + fctx->w0.aes_keylen = aes_keylen; >> + fctx->w0.iv_source = IV_FROM_DPTR; >> + fctx->flags = cpu_to_be64(*(u64 *)>w0); >> + /* copy the key to context */ >> + memcpy(fctx->crypto.u.key, key, keylen); > > Could you help me finding the location where this memory is zeroized upon > release? Currently, we are not zeroized the context in release. We are doing it at the time of allocation. +void *crypto_alloc_context(struct nitrox_device *ndev) +{ + struct ctx_hdr *ctx; + void *vaddr; + dma_addr_t dma; + + vaddr = dma_pool_alloc(ndev->ctx_pool, (GFP_ATOMIC | __GFP_ZERO), ); + if (!vaddr) + return NULL; + + /* fill meta data */ + ctx = vaddr; + ctx->pool = ndev->ctx_pool; + ctx->dma = dma; + ctx->ctx_dma = dma + sizeof(struct ctx_hdr); + + return ((u8 *)vaddr + sizeof(struct ctx_hdr)); +} >> + >> + return 0; >> +}
Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.
Hi Srikanth, [auto build test WARNING on cryptodev/master] [also build test WARNING on next-20170510] [cannot apply to v4.11] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Srikanth-Jampala/crypto-cavium-Add-support-for-CNN55XX-adapters/20170510-211638 base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master config: i386-defconfig (attached as .config) compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901 reproduce: # save the attached .config to linux build tree make ARCH=i386 All warnings (new ones prefixed by >>): In file included from drivers/crypto/cavium/nitrox/nitrox_algs.c:12:0: drivers/crypto/cavium/nitrox/nitrox_dev.h: In function 'nitrox_read_csr': drivers/crypto/cavium/nitrox/nitrox_dev.h:159:9: error: implicit declaration of function 'readq' [-Werror=implicit-function-declaration] return readq(ndev->bar_addr + offset); ^ drivers/crypto/cavium/nitrox/nitrox_dev.h: In function 'nitrox_write_csr': drivers/crypto/cavium/nitrox/nitrox_dev.h:171:2: error: implicit declaration of function 'writeq' [-Werror=implicit-function-declaration] writeq(value, (ndev->bar_addr + offset)); ^~ drivers/crypto/cavium/nitrox/nitrox_algs.c: In function 'nitrox_ablkcipher_exit': >> drivers/crypto/cavium/nitrox/nitrox_algs.c:117:23: warning: cast to pointer >> from integer of different size [-Wint-to-pointer-cast] crypto_free_context((void *)inst->u.ctx_handle); ^ cc1: some warnings being treated as errors vim +117 drivers/crypto/cavium/nitrox/nitrox_algs.c 101 ctx = crypto_alloc_context(inst->ndev); 102 if (!ctx) { 103 nitrox_put_device(inst->ndev); 104 return -ENOMEM; 105 } 106 inst->u.ctx_handle = (uintptr_t)ctx; 107 108 return 0; 109 } 110 111 static void nitrox_ablkcipher_exit(struct crypto_tfm *tfm) 112 { 113 struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); 114 115 /* free the crypto context */ 116 if (inst->u.ctx_handle) > 117 crypto_free_context((void *)inst->u.ctx_handle); 118 119 nitrox_put_device(inst->ndev); 120 121 inst->u.ctx_handle = 0; 122 inst->ndev = NULL; 123 } 124 125 static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher *cipher, --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v1 3/3] crypto: cavium - Register the CNN55XX supported crypto algorithms.
Am Mittwoch, 10. Mai 2017, 15:06:40 CEST schrieb Srikanth Jampala: Hi Srikanth, In general: you are using the ablkcipher API. I think it is on its way out and being replaced with skcipher. Maybe it makes sense to replace it here too. It could be as simple as s/ ablkcipher/skcipher/g > +static inline int nitrox_ablkcipher_setkey(struct crypto_ablkcipher > *cipher, > + int aes_keylen, const u8 *key, > + unsigned int keylen) > +{ > + struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); > + struct nitrox_crypto_instance *inst = crypto_tfm_ctx(tfm); > + struct flexi_crypto_context *fctx; > + enum flexi_cipher cipher_type; > + const char *name; > + > + name = crypto_tfm_alg_name(tfm); > + cipher_type = flexi_cipher_type(name); > + if (cipher_type == CIPHER_INVALID) { > + pr_err("unsupported cipher: %s\n", name); > + return -EINVAL; > + } > + > + /* fill crypto context */ > + fctx = inst->u.fctx; > + fctx->flags = 0; > + fctx->w0.cipher_type = cipher_type; > + fctx->w0.aes_keylen = aes_keylen; > + fctx->w0.iv_source = IV_FROM_DPTR; > + fctx->flags = cpu_to_be64(*(u64 *)>w0); > + /* copy the key to context */ > + memcpy(fctx->crypto.u.key, key, keylen); Could you help me finding the location where this memory is zeroized upon release? > + > + return 0; > +} > + > +static int nitrox_3des_setkey(struct crypto_ablkcipher *cipher, const u8 > *key, + unsigned int keylen) > +{ > + if (keylen != DES3_EDE_KEY_SIZE) { > + crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); > + return -EINVAL; > + } Please import the check from __des3_ede_setkey (or better, extract that key check into a generic function like xts_check_key). Ciao Stephan