Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752725AbcCIISX (ORCPT ); Wed, 9 Mar 2016 03:18:23 -0500 Received: from mail-am1on0061.outbound.protection.outlook.com ([157.56.112.61]:52800 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752080AbcCIISQ convert rfc822-to-8bit (ORCPT ); Wed, 9 Mar 2016 03:18:16 -0500 From: Cristian Stoica To: Tadeusz Struk , "herbert@gondor.apana.org.au" CC: "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "davem@davemloft.net" Subject: Re: [PATCH 1/3] crypto: authenc - add TLS type encryption Thread-Topic: [PATCH 1/3] crypto: authenc - add TLS type encryption Thread-Index: AQHRedw41vKlyQ30gUKKQUGAV4pnWg== Date: Wed, 9 Mar 2016 08:18:12 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=nxp.com; x-originating-ip: [192.88.146.1] x-ms-office365-filtering-correlation-id: 87191e24-b296-4169-de41-08d347f35b76 x-microsoft-exchange-diagnostics: 1;AM4PR0401MB1876;5:uxGHkgYDBe6rGJTvHxKS9VYq0xSvBWDbqZ5FboYRJcWgjLCzYtmIVRO0eqboFcANQ4f0fTHAPCi9kLlSWK16wk1UgpMnx7C+/tUFFIY9ePrDT9/BTTvfmu0SNc8eDhnfCjmrlqFfSoQx2OCE+2dYRw==;24:jrOLivgzJ7DAxeaNXDCwh7Ad13F4eWLsAhvybxrco4gWp3CRT2tVJS0Gv7/ZSzFisvFunjzudmd8OJLVXaSVfy9duD1LdzugdfMGF01Jmzg= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0401MB1876; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046);SRVR:AM4PR0401MB1876;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0401MB1876; x-forefront-prvs: 0876988AF0 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(102836003)(3846002)(6116002)(5002640100001)(1220700001)(122556002)(189998001)(77096005)(1096002)(5004730100002)(2906002)(76576001)(2900100001)(5008740100001)(2501003)(586003)(87936001)(3280700002)(92566002)(11100500001)(5003600100002)(66066001)(5001770100001)(54356999)(50986999)(81166005)(86362001)(74316001)(33656002)(4326007)(106116001)(3660700001)(10400500002);DIR:OUT;SFP:1101;SCL:1;SRVR:AM4PR0401MB1876;H:AM4PR0401MB1876.eurprd04.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2016 08:18:12.5107 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0401MB1876 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 807 Lines: 13 Hi Tadeusz, >> SSL/TLS is prone to this implementation issue and many user-space libraries got this wrong. It would be good to see >>some numbers to back-up the claim of timing differences as not being an issue for this one. >It is hard to get the implementation right when the protocol design is error prone. >Later we should run some tests on it and see how relevant will this be for a remote timing attack. Why later and who will do it? If it's only a proof of concept, then it's a bad idea. You are practically advertising a use-it-but-cross-your-fingers implementation. If you intend to submit another hardware driver which _is_ constant time, then it is even more a bad idea. The end-user doesn't know which driver is actually running and if it is resistant or not to timing attacks. Cristian S.