Re: PadLock XSHA - Michal Ludvig

Linux cryptographic layer development
 help / color / mirror / Atom feed

From: Michal Ludvig <michal@logix.cz>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: PadLock XSHA
Date: Sat, 30 Aug 2008 21:55:00 +1200	[thread overview]
Message-ID: <48B918F4.9030604@logix.cz> (raw)
In-Reply-To: <20080830084316.GA19371@gondor.apana.org.au>

Hi Herbert,

> Can you remind me the reason why our PadLock SHA implementation
> copies things into a page before hashing it?
> 
> According to the programming manual, it would seem that the state
> should be recorded in EDI after each 64-byte block so we should
> be able to use the init/update/final model, no?
> 
> Or has the chip changed since we implemented it?

IIRC The first versions of VIA PadLock required the input data to be
aligned on 16-bytes boundaries and more importantly they always
finalised the hash. Therefore we had to collect all data before hashing
them.

The only way to allow for multiple updates before final() was through a
page fault, i.e. have a writable page followed by a non-accessible page,
put all the data that go into update() towards the end of the r/w page
and with some PadLock trickery run or resume hashing and tell it to hash
more than a page of input. As soon as it stepped to the non-accessible
space it would save the current state to memory and raise the page
fault. This has been implemented in OpenSSL padlock engine but am not
sure if we did it in the kernel as well. I doubt it.

AFAIK Recent versions of PadLock don't insist on finalising the hash and
 don't insist on input data alignment either and this workaround isn't
needed anymore. I don't know if VIA still sells their motherboard models
with the older CPUs or not.

HTH,

Michal

next prev parent reply	other threads:[~2008-08-30 10:14 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-30  8:43 PadLock XSHA Herbert Xu
2008-08-30  9:55 ` Michal Ludvig [this message]
2008-08-30 13:21   ` Herbert Xu
2008-08-31  2:09   ` Herbert Xu
2008-09-01  1:32     ` Michal Ludvig
2008-09-01  3:44       ` Herbert Xu
2008-10-01 23:48         ` Harald Welte
2008-10-01 23:45   ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48B918F4.9030604@logix.cz \
    --to=michal@logix.cz \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox