From: Antoine Tenart <antoine.tenart@bootlin.com>
To: Pascal van Leeuwen <pascalvanl@gmail.com>
Cc: linux-crypto@vger.kernel.org, antoine.tenart@bootlin.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Subject: Re: [PATCH 2/3] crypto: inside-secure - added support for rfc3686(ctr(aes))
Date: Fri, 26 Jul 2019 14:33:05 +0200 [thread overview]
Message-ID: <20190726123305.GD3235@kwain> (raw)
In-Reply-To: <1562309364-942-3-git-send-email-pvanleeuwen@verimatrix.com>
Hi Pascal,
On Fri, Jul 05, 2019 at 08:49:23AM +0200, Pascal van Leeuwen wrote:
> Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com>
Could you add a commit message?
> - /* H/W capabilities selection */
> - val = EIP197_FUNCTION_RSVD;
> - val |= EIP197_PROTOCOL_ENCRYPT_ONLY | EIP197_PROTOCOL_HASH_ONLY;
> - val |= EIP197_PROTOCOL_ENCRYPT_HASH | EIP197_PROTOCOL_HASH_DECRYPT;
> - val |= EIP197_ALG_DES_ECB | EIP197_ALG_DES_CBC;
> - val |= EIP197_ALG_3DES_ECB | EIP197_ALG_3DES_CBC;
> - val |= EIP197_ALG_AES_ECB | EIP197_ALG_AES_CBC;
> - val |= EIP197_ALG_MD5 | EIP197_ALG_HMAC_MD5;
> - val |= EIP197_ALG_SHA1 | EIP197_ALG_HMAC_SHA1;
> - val |= EIP197_ALG_SHA2 | EIP197_ALG_HMAC_SHA2;
> - writel(val, EIP197_PE(priv) + EIP197_PE_EIP96_FUNCTION_EN(pe));
> + /* H/W capabilities selection: just enable everything */
> + writel(EIP197_FUNCTION_ALL,
> + EIP197_PE(priv) + EIP197_PE_EIP96_FUNCTION_EN(pe));
This should be in a separate patch. I'm also not sure about it, as
controlling exactly what algs are enabled in the h/w could prevent
misconfiguration issues in the control descriptors.
> @@ -62,9 +63,9 @@ static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
> u32 length)
> - if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC) {
> + if (ctx->mode != CONTEXT_CONTROL_CRYPTO_MODE_ECB) {
I think it's better for maintenance and readability to have something
like:
if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CBC ||
ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD)
> +struct safexcel_alg_template safexcel_alg_ctr_aes = {
> + .type = SAFEXCEL_ALG_TYPE_SKCIPHER,
Same comment as in patch 1 about the .engines member of the struct.
> + .alg.skcipher = {
> + .setkey = safexcel_skcipher_aesctr_setkey,
> + .encrypt = safexcel_ctr_aes_encrypt,
> + .decrypt = safexcel_ctr_aes_decrypt,
> + /* Add 4 to include the 4 byte nonce! */
> + .min_keysize = AES_MIN_KEY_SIZE + 4,
> + .max_keysize = AES_MAX_KEY_SIZE + 4,
You could use CTR_RFC3686_NONCE_SIZE here (maybe in other places in the
patch as well).
> + .ivsize = 8,
And CTR_RFC3686_IV_SIZE here.
Thanks!
Antoine
--
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-07-26 12:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-05 6:49 [PATCH 0/3] crypto: inside-secure - add more AEAD ciphersuites Pascal van Leeuwen
2019-07-05 6:49 ` [PATCH 1/3] crypto: inside-secure - add support for authenc(hmac(sha1),cbc(des3_ede)) Pascal van Leeuwen
2019-07-26 12:19 ` Antoine Tenart
2019-07-26 12:57 ` Pascal Van Leeuwen
2019-07-26 13:07 ` Antoine Tenart
2019-07-26 13:38 ` Pascal Van Leeuwen
2019-07-30 14:01 ` Pascal Van Leeuwen
2019-07-30 14:09 ` Antoine Tenart
2019-07-05 6:49 ` [PATCH 2/3] crypto: inside-secure - added support for rfc3686(ctr(aes)) Pascal van Leeuwen
2019-07-26 12:33 ` Antoine Tenart [this message]
2019-07-26 13:28 ` Pascal Van Leeuwen
2019-07-26 13:46 ` Antoine Tenart
2019-07-26 14:29 ` Pascal Van Leeuwen
2019-07-30 8:24 ` Antoine Tenart
2019-07-30 10:54 ` Pascal Van Leeuwen
2019-07-05 6:49 ` [PATCH 3/3] crypto: inside-secure - add support for authenc(hmac(sha*),rfc3686(ctr(aes))) suites Pascal van Leeuwen
2019-07-26 12:32 ` [PATCH 0/3] crypto: inside-secure - add more AEAD ciphersuites Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190726123305.GD3235@kwain \
--to=antoine.tenart@bootlin.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=pascalvanl@gmail.com \
--cc=pvanleeuwen@verimatrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).