Re: [PATCH v1] crypto: ccp - Add hash state import and export support

2016-01-26 Thread Herbert Xu 
On Mon, Jan 25, 2016 at 08:58:41AM -0600, Tom Lendacky wrote:
> 
> Many of the fields in the rctx structure are set during the update
> operation and don't matter to the driver from an export and import
> perspective. I included them to make the routines simple, but if
> user-space exposure is a concern I can pare down the amount of data
> that is exported and imported. I can send a follow-on patch to do
> that if you prefer.

I've already merged your patch into cryptodev so it'll eventually
make it into mainline and then percolate back via stable.

Of course any improvements to the export/import functions are
still welcome but I'd prefer to leave the patch in cryptodev
for now.

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1] crypto: ccp - Add hash state import and export support

2016-01-25 Thread Herbert Xu 
On Tue, Jan 12, 2016 at 11:17:38AM -0600, Tom Lendacky wrote:
> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> added a check to prevent ahash algorithms from successfully registering
> if the import and export functions were not implemented. This prevents
> an oops in the hash_accept function of algif_hash. This commit causes
> the ccp-crypto module SHA support and AES CMAC support from successfully
> registering and causing the ccp-crypto module load to fail because the
> ahash import and export functions are not implemented.
> 
> Update the CCP Crypto API support to provide import and export support
> for ahash algorithms.
> 
> Cc:  # 3.14.x-
> Signed-off-by: Tom Lendacky 

Applied.
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1] crypto: ccp - Add hash state import and export support

2016-01-24 Thread Herbert Xu 
On Fri, Jan 22, 2016 at 11:22:48AM -0600, Tom Lendacky wrote:
> On 01/12/2016 11:17 AM, Tom Lendacky wrote:
> > Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> > added a check to prevent ahash algorithms from successfully registering
> > if the import and export functions were not implemented. This prevents
> > an oops in the hash_accept function of algif_hash. This commit causes
> > the ccp-crypto module SHA support and AES CMAC support from successfully
> > registering and causing the ccp-crypto module load to fail because the
> > ahash import and export functions are not implemented.
> > 
> > Update the CCP Crypto API support to provide import and export support
> > for ahash algorithms.
> > 
> > Cc:  # 3.14.x-
> > Signed-off-by: Tom Lendacky 
> 
> Herbert, is it possible this patch can be part of Crypto Fixes for 4.5?

While your patch is probably OK the rctx structure just contains
too much crap for me to feel safe about pushing this in at this
point in time.  So I'd like to have it cook for another cycle.

The reason I'm overly cautious is because import/export is directly
exposed to user-space so if we get this wrong then we may open
up a root hole.

Cheers,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v1] crypto: ccp - Add hash state import and export support

2016-01-22 Thread Tom Lendacky 
On 01/12/2016 11:17 AM, Tom Lendacky wrote:
> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
> added a check to prevent ahash algorithms from successfully registering
> if the import and export functions were not implemented. This prevents
> an oops in the hash_accept function of algif_hash. This commit causes
> the ccp-crypto module SHA support and AES CMAC support from successfully
> registering and causing the ccp-crypto module load to fail because the
> ahash import and export functions are not implemented.
> 
> Update the CCP Crypto API support to provide import and export support
> for ahash algorithms.
> 
> Cc:  # 3.14.x-
> Signed-off-by: Tom Lendacky 

Herbert, is it possible this patch can be part of Crypto Fixes for 4.5?

Thanks,
Tom

> ---
>  drivers/crypto/ccp/ccp-crypto-aes-cmac.c |   23 +++
>  drivers/crypto/ccp/ccp-crypto-sha.c  |   23 +++
>  2 files changed, 46 insertions(+)
> 
> diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
> b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> index d89f20c..00207cf 100644
> --- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> +++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
> @@ -220,6 +220,26 @@ static int ccp_aes_cmac_digest(struct ahash_request *req)
>   return ccp_aes_cmac_finup(req);
>  }
>  
> +static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
> +{
> + struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
> + struct ccp_aes_cmac_req_ctx *state = out;
> +
> + *state = *rctx;
> +
> + return 0;
> +}
> +
> +static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
> +{
> + struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
> + const struct ccp_aes_cmac_req_ctx *state = in;
> +
> + *rctx = *state;
> +
> + return 0;
> +}
> +
>  static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
>  unsigned int key_len)
>  {
> @@ -352,10 +372,13 @@ int ccp_register_aes_cmac_algs(struct list_head *head)
>   alg->final = ccp_aes_cmac_final;
>   alg->finup = ccp_aes_cmac_finup;
>   alg->digest = ccp_aes_cmac_digest;
> + alg->export = ccp_aes_cmac_export;
> + alg->import = ccp_aes_cmac_import;
>   alg->setkey = ccp_aes_cmac_setkey;
>  
>   halg = >halg;
>   halg->digestsize = AES_BLOCK_SIZE;
> + halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
>  
>   base = >base;
>   snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
> diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c 
> b/drivers/crypto/ccp/ccp-crypto-sha.c
> index d14b3f2..3aae58d 100644
> --- a/drivers/crypto/ccp/ccp-crypto-sha.c
> +++ b/drivers/crypto/ccp/ccp-crypto-sha.c
> @@ -207,6 +207,26 @@ static int ccp_sha_digest(struct ahash_request *req)
>   return ccp_sha_finup(req);
>  }
>  
> +static int ccp_sha_export(struct ahash_request *req, void *out)
> +{
> + struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
> + struct ccp_sha_req_ctx *state = out;
> +
> + *state = *rctx;
> +
> + return 0;
> +}
> +
> +static int ccp_sha_import(struct ahash_request *req, const void *in)
> +{
> + struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
> + const struct ccp_sha_req_ctx *state = in;
> +
> + *rctx = *state;
> +
> + return 0;
> +}
> +
>  static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
> unsigned int key_len)
>  {
> @@ -403,9 +423,12 @@ static int ccp_register_sha_alg(struct list_head *head,
>   alg->final = ccp_sha_final;
>   alg->finup = ccp_sha_finup;
>   alg->digest = ccp_sha_digest;
> + alg->export = ccp_sha_export;
> + alg->import = ccp_sha_import;
>  
>   halg = >halg;
>   halg->digestsize = def->digest_size;
> + halg->statesize = sizeof(struct ccp_sha_req_ctx);
>  
>   base = >base;
>   snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html