Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp844080rwb; Thu, 6 Oct 2022 05:23:27 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4tZ/QtIWiB6MkvGhTRMjqcCVDnLBZ9WjxQM/aIM27rvgHSjUq7pobHtfjJ8TXdd5iKwbtu X-Received: by 2002:a17:903:230d:b0:178:29a3:df38 with SMTP id d13-20020a170903230d00b0017829a3df38mr4415682plh.10.1665059006977; Thu, 06 Oct 2022 05:23:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665059006; cv=none; d=google.com; s=arc-20160816; b=N9XpQ/qfnSr4v65wzFX0T0251LPQYWuaGb6quuhaf302GR3hXL3r5oKx2DCD9M9CD0 0jK59vy5bgdblt5+d4a076/V8j3dbym27nyWkkE8fLHVoAXp8wzNuzT8Jc7w3gU9mTow AL/bMPzjiebKrQGNU0+Kmnx7gawBvvmQfXrH2Sz5Tv3gCRJJ20P0PnN9d+wGzwRFWB3J ypmwCfxrAYgq1/Km8D9jQcjXtzbp6YtUeacbFgegG8Lp8S3nwvnJiTKEgwI7i2BRMWNH RvSSqPyYbNtrWJK8McZTJsqWmAy/UyB0fTnWctF8Q6KMmS9yWSTS6Ctue7zm0vlKzFm7 i/Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KsJfT/Bnin2F30N41L+qWDH1JTuo90DwAy9AmvSNz4U=; b=Be7FYyEzt0LSebaz76cFQNOIx822kuVN2BQtQTJs11bt5tl6Y9gg/WqRfQ53h6DuDS p6Xr6zNBpBx4RBXWorhPHGfZ3c3IeWcIFo63aKKMohO0pYDg/fRm96l7GiKB+OFyp4nL 29het1bWemT/bBIeXCuZbx7BQgKvnMU81I1oIibNWyLupJezVTdJCyMDIoFAfnyDvYPq IZwhJeZaT7OJFcXwqffTQOZHKo3ERbCRm7kbrT89SNTk+PQf02+JqNK4W3tW0gqFz4HI C3rYybbOLoYlL9Bze6HKe3dhfA2aDYi0HxJ5FsnlihB3r1AwYGCMUG6pP1p133PiEQpq orSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Q8J9cG+v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n5-20020a17090a928500b00200668493ffsi4557963pjo.44.2022.10.06.05.23.06; Thu, 06 Oct 2022 05:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Q8J9cG+v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229980AbiJFMKZ (ORCPT + 99 others); Thu, 6 Oct 2022 08:10:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230141AbiJFMKY (ORCPT ); Thu, 6 Oct 2022 08:10:24 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56F3F9AFF9 for ; Thu, 6 Oct 2022 05:10:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 01F57618DE for ; Thu, 6 Oct 2022 12:10:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64A7BC433D6 for ; Thu, 6 Oct 2022 12:10:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1665058218; bh=IXhJ5XogSi9qj7u2IIqiItBdADkkyp6EP2CCBybC9M0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Q8J9cG+vo0zUfJT1IHldp/fWCv0xygnFot2PqU3gssqTf2QhCH0PkvwMpQtl0/ZFB hKGxDvRFLVt2P8og5aXfY1/BPnaQsvlbUBu1MKwkhev0PlFGlLbjhlVyWzpU2+hJ3y XxtjAsRgp5PcX84mx/mXJBP96TsJhPzq1vYa1XonfNG+FSMa08U0031LvT1RpHT74a CTpKVGrE1eWvlM8NmjP96be5SIMX1p33HgBStGODCJu0O43TQU4jcFIZPkTKX8dO/B aHyXqazjAFmk18DMvGJ3ort/6x5V4SVItOpYweVTO8PhWvMYkiDiUMTgjODmol9XOo 8gehZHWZrpXsA== Received: by mail-lf1-f53.google.com with SMTP id 10so2396693lfy.5 for ; Thu, 06 Oct 2022 05:10:18 -0700 (PDT) X-Gm-Message-State: ACrzQf3Ua5MW6IbwE+gMD9ekacWGC8TJNKIty9y8fJsn5DJVgJpCQPMD FhiSzvavgw9d1M6PqI58ea9WA0gnPQ3FzTQZukE= X-Received: by 2002:a05:6512:1047:b0:4a2:4d33:8d68 with SMTP id c7-20020a056512104700b004a24d338d68mr1621271lfb.122.1665058216423; Thu, 06 Oct 2022 05:10:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Thu, 6 Oct 2022 14:10:05 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Early init for few crypto modules for Secure Guests To: "Nikunj A. Dadhania" Cc: herbert@gondor.apana.org.au, davem@davemloft.net, linux-crypto@vger.kernel.org, Tom Lendacky , ketanch@iitk.ac.in Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 6 Oct 2022 at 13:50, Nikunj A. Dadhania wrote: > > > > On 04/10/22 22:47, Ard Biesheuvel wrote: > > On Tue, 4 Oct 2022 at 11:51, Nikunj A. Dadhania wrote: > >> > >>> AES in GCM mode seems like a > >>> thing that we might be able to add to the crypto library API without > >>> much hassle (which already has a minimal implementation of AES) > >> > >> That will be great ! > >> > > > > Try this branch and see if it works for you > > > > https://git.kernel.org/pub/scm/linux/kernel/git/ardb/linux.git/log/?h=libgcm > > Thanks Ard, I had to make few changes to the api to get it working for my usecase. Excellent > The ghash is store/retrieved from the AUTHTAG field of message header as per > "Table 97. Message Header Format" in the SNP ABI document: > https://www.amd.com/system/files/TechDocs/56860.pdf > > Below are the changes I had made in my tree. > > --- > > diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h > index bab85df6df7a..838d1b4e25c3 100644 > --- a/include/crypto/gcm.h > +++ b/include/crypto/gcm.h > @@ -74,9 +74,11 @@ int gcm_setkey(struct gcm_ctx *ctx, const u8 *key, > unsigned int keysize, unsigned int authsize); > > void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, > - int src_len, const u8 *assoc, int assoc_len, const u8 *iv); > + int src_len, const u8 *assoc, int assoc_len, const u8 *iv, > + u8 *authtag); > > int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, > - int src_len, const u8 *assoc, int assoc_len, const u8 *iv); > + int src_len, const u8 *assoc, int assoc_len, const u8 *iv, > + u8 *authtag); This should really be 'const u8 *authtag'. Which means that the encrypt/decrypt path should be split somewhat differently, i.e., something like void gcm_encrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], u8 *authtag) { gcm_crypt(ctx, dst, src, crypt_len, assoc, assoc_len, iv, authtag, true); } int gcm_decrypt(const struct gcm_ctx *ctx, u8 *dst, const u8 *src, int crypt_len, const u8 *assoc, int assoc_len, const u8 iv[GCM_AES_IV_SIZE], const u8 *authtag) { u8 tagbuf[AES_BLOCK_SIZE]; gcm_crypt(ctx, dst, src, crypt_len - ctx->authsize, assoc, assoc_len, iv, tagbuf, false); if (crypto_memneq(authtag, tagbuf, ctx->authsize)) { memzero_explicit(tagbuf, sizeof(tagbuf)); return -EBADMSG; } return 0; } I've updated my branch with these (and some other changes). Now we just need to add some comment blocks to describe the API.