On 5/6/2019 9:40 AM, Herbert Xu wrote:
> On Fri, May 03, 2019 at 03:05:48PM +0300, Horia Geantă wrote:
>> The detection whether DKP (Derived Key Protocol) is used relies on
>> the setkey callback.
>> Since "aead_setkey" was replaced in some cases with "des3_aead_setkey"
>> (for 3DES weak key checking), the logic has to be updated - otherwise
>> the DMA mapping direction is incorrect (leading to faults in case caam
>> is behind an IOMMU).
>>
>> Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode")
>> Signed-off-by: Horia Geantă <[email protected]>
>> ---
>>
>> This issue was noticed when testing with previously submitted IOMMU support:
>> https://patchwork.kernel.org/project/linux-crypto/list/?series=110277&state=*
>
> Thanks for catching this Horia!
>
> My preference would be to encode this logic separately rather than
> relying on the setkey test. How about this patch?
>
This is probably more reliable.
> ---8<---
> The detection for DKP (Derived Key Protocol) relied on the value
> of the setkey function. This was broken by the recent change which
> added des3_aead_setkey.
>
> This patch fixes this by introducing a new flag for DKP and setting
> that where needed.
>
> Reported-by: Horia Geantă <[email protected]>
> Signed-off-by: Herbert Xu <[email protected]>
Tested-by: Horia Geantă <[email protected]>
Thanks,
Horia
