Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp90657imm; Tue, 18 Sep 2018 17:18:07 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZL9ilmaOeGAyiISr9zhEYrU6iLC1qolPhoQMbCvLWWH0Q1oJjOGKL35qRxwkMt1/NxvLQj X-Received: by 2002:a63:dc17:: with SMTP id s23-v6mr29980833pgg.40.1537316287239; Tue, 18 Sep 2018 17:18:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537316287; cv=none; d=google.com; s=arc-20160816; b=i+YSG7AIE6maQL7ExkXk0kZ4GwIvug8TtisOirCp1YS0msYJQzVHZNpTsn+Kk4gZnL EgYULknD1mcVXfZ8RpuNgUGxhDInE6b81fkvFJloVV3CETme+y6nFeMKCnpNtWYdFV8L jzXlAZjpWOvmSFCZXjJECs5S3XFDqtOoTAker1C9jmQjQ4/xmpJ60zMX/SNZWPtNBFKd 67RMIjQQIg+SdhgF+g+xrff5F/pD8n6D5gJddWfdjHgmh9+WUK5lLRZVShM0IGB0f5EM PDdbuBoegibxq5d+75YAdC3M7IAmSXFIjtkZYco7GCPWMCsHDVPmAiu+K4VuwpRSZijH Bkow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=y6JMnmJWTdUoI9mUtM/XGA4msyRrlqYsVs/ngWdoKAo=; b=00ey33NWG4aKiRNn0oPGpiSM3Z1yXR6m88h94MhC1t2iiBL5VuaKxa/5xlyPQ6tIkv 0paRZcQ0vBrOpua0sCXy6/8PtJAfCgL65s0T8ukXufaV9E3e+GHmOqtJQFuQg3zYFgVN TnzGxJCvAuaytLhM73LFNF4xLluYNY7eiNhHWiLTXE0SPTsBNlJSLAVdDHUlKk+L1CUJ SsUgbcSTyWUGTrjKxryB/MaP+TujqccjUYcM2YT724lAnF+ELmqXQBg65wL4kicTV2dt t/99GiRQL9Y4rPZbfP3RN9OxaKni7e8Od7/rxY6aHYY0Q2IvCgnXsBff3piBqEN2U3Dw QvDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=pUBlOf5J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10-v6si21777786pfj.354.2018.09.18.17.17.51; Tue, 18 Sep 2018 17:18:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=pUBlOf5J; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730779AbeISFwb (ORCPT + 99 others); Wed, 19 Sep 2018 01:52:31 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:50591 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727099AbeISFwb (ORCPT ); Wed, 19 Sep 2018 01:52:31 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5e160600; Tue, 18 Sep 2018 23:59:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=uJfxrvGcRqOX2qdPTO8bsB3qGW4=; b=pUBlOf 5JJhNBOmd5kepEBWtotrJUYMwjEpQcqwAB0THyFA+mSKL/vW0QzDtdbSY6Efjaoa AWbova6S6r5CZbE052sXhaHWe8bmSgEWDHtMYEAVwisbxuLzHrNeqYpu0PSEqrm6 30hz5Z/VkT6JlV0l1qLQZKJAaHiaIiIgDkqV/XIz0Qi0ihzPzSmEe0zh4vK9WnAg Htcji14UqxXO7dx2iYj+13au2Sclcjd8mZkn/0AUWuC+IKtP6NA8kW7/iD2PlIlP QsfUrLoDJoou484qpmlGsTxzBzeu0+Yet1Hpnrl36M1fvV6zjXPBtnCixFmVaER/ CmR+rAi+N94OF9jQ== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id acbf6ca5 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Tue, 18 Sep 2018 23:59:45 +0000 (UTC) Received: by mail-oi0-f50.google.com with SMTP id 8-v6so3510944oip.0; Tue, 18 Sep 2018 17:17:22 -0700 (PDT) X-Gm-Message-State: APzg51C/SJ3G4gxZr4X5ONMaoWt2xbviOla0PuAc82nKEwcMNsIRRZc0 sHrw9N28qW9uGaoyLhnsjL6x+yTGdFk+7mdeqbU= X-Received: by 2002:aca:ce02:: with SMTP id e2-v6mr135684oig.225.1537316241844; Tue, 18 Sep 2018 17:17:21 -0700 (PDT) MIME-Version: 1.0 References: <20180918161646.19105-1-Jason@zx2c4.com> <20180918161646.19105-10-Jason@zx2c4.com> <20180918225552.GA74746@gmail.com> In-Reply-To: <20180918225552.GA74746@gmail.com> From: "Jason A. Donenfeld" Date: Wed, 19 Sep 2018 02:17:10 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v5 09/20] zinc: Poly1305 ARM and ARM64 implementations To: Eric Biggers Cc: LKML , Netdev , Linux Crypto Mailing List , David Miller , Greg Kroah-Hartman , Samuel Neves , Andrew Lutomirski , Jean-Philippe Aumasson , Andy Polyakov , Russell King - ARM Linux , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Eric, On Wed, Sep 19, 2018 at 12:55 AM Eric Biggers wrote: > This will compute the wrong digest if called with simd_context=HAVE_FULL_SIMD > and then later with simd_context=HAVE_NO_SIMD, since poly1305_blocks_neon() > converts the accumulator from base 32 to base 26, whereas poly1305_blocks_arm() > assumes it is still in base 32. Is that intentional? I'm sure this is a rare > case, but my understanding is that the existing crypto API doesn't preclude > calling successive steps in different contexts. And I'm concerned that it could > be relevant in some cases, e.g. especially if people are importing a hash state > that was exported earlier. Handling it by silently computing the wrong digest > is not a great idea... Indeed you're right; Samuel and I were just discussing that recently. I'd rather handle this correctly even if the contexts change, so I'll see if I can fix this up properly for that unlikely case in the next revision. Jason