Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp4163651imm; Mon, 8 Oct 2018 16:21:38 -0700 (PDT) X-Google-Smtp-Source: ACcGV625ArciReWSBFe2eya88StVmVWNg+JIxvhFM5XGzBdyk3hVrIf8Lhak6BvXck1jJWKigVys X-Received: by 2002:a65:6409:: with SMTP id a9-v6mr23258267pgv.204.1539040898556; Mon, 08 Oct 2018 16:21:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539040898; cv=none; d=google.com; s=arc-20160816; b=TYPnK8e2ClSV/Uh1HPg+EBfDq5vzh4trC0UcSFOXYdBMi5EZkEfYDqa/Mp344JwqFD qnFXg3x5Ye0+2GsJITsy/w0cBvb5r0PfNhJM7XDFKGw849oNg51I0qMoOrX5vv072Ztj RuzDXR/oYhZrR2JAqDF3q6ZHo0M0KHeOQPOGTv0CNGEoc55LIcsvIQRm57QQi+GtYaH9 jamz5R1Z6bjKUiP60XgHrNzf0UVRPpBvhUPy0yuj5tlTTMkE7Tp0GG/HVFD+2oPgzoIW Da9WjcdC9GhLCcLKjstxJCK/aQi0Gxp4uaY6IOO9GtpmiKLY7JQWOqiADlEOhJTgT4n0 oM7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=tRPxjpPmyc9ft6WySzBGb8g96kNijX8jp7JM0vzJQ/c=; b=uWHbgQdWOnEbbuUAGKfmCMD+d4lB+S//FFQRgBBhOHA8gSkBQKnj0zmyaH5yH+yz1c 9u8x7wvSnXocPsvmr+4y2m/sItCGGfy8l6PxTv+fDHvV5bUFuvQ28xCbnPx9Gm66imfY nlarQZjZ9PMgWPHuL06k8cBkp+NVCEpNcuKLwitJ0njadc8G69BEjhj5zsmPddw1dRcX OPiIEyTuGB3KMu4SQRwTIfpCD7WiJ05XWb62ugY+b9Cym/F7TCq4pMgCRG+NpZTYGon+ 4ac/owLBMha8i3q4Ipl5xB0nkfjq0yTjDmNEeOEqrC/kNq8s50FjN2ASxiwIVaL5PFik yTNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hCXeZ45X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p20-v6si18415855pgm.192.2018.10.08.16.21.23; Mon, 08 Oct 2018 16:21:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hCXeZ45X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726452AbeJIGfH (ORCPT + 99 others); Tue, 9 Oct 2018 02:35:07 -0400 Received: from mail.kernel.org ([198.145.29.99]:41602 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725759AbeJIGfH (ORCPT ); Tue, 9 Oct 2018 02:35:07 -0400 Received: from gmail.com (unknown [104.132.51.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A5BB72089D; Mon, 8 Oct 2018 23:21:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539040861; bh=D0KOIXumy2AIFtaIU+/OeaglhgwOUxXJJxi4G555iYo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=hCXeZ45X+2BoOynuFlYORloD+Ik/TglVZpbs37VtnOU/C+NsJJGAHhaFCjjltKtG+ JzRv4J42KnRt2z6l8+xXLJT/+X1Y3FQrZCYO5gah9SJkUAfSTvtuAfOvoFyV3pkFag pwIAXdI+oQ8xeRfC/k+yw41zD1nk7zu+S8p+FOHQ= Date: Mon, 8 Oct 2018 16:21:00 -0700 From: Eric Biggers To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, davem@davemloft.net, gregkh@linuxfoundation.org, Samuel Neves , Andy Lutomirski , linux-crypto@vger.kernel.org Subject: Re: [PATCH net-next v7 25/28] crypto: port Poly1305 to Zinc Message-ID: <20181008232059.GA164708@gmail.com> References: <20181006025709.4019-1-Jason@zx2c4.com> <20181006025709.4019-26-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181006025709.4019-26-Jason@zx2c4.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 06, 2018 at 04:57:06AM +0200, Jason A. Donenfeld wrote: > diff --git a/crypto/poly1305_zinc.c b/crypto/poly1305_zinc.c > new file mode 100644 > index 000000000000..4794442edf26 > --- /dev/null > +++ b/crypto/poly1305_zinc.c > @@ -0,0 +1,98 @@ > +/* SPDX-License-Identifier: GPL-2.0 > + * > + * Copyright (C) 2018 Jason A. Donenfeld . All Rights Reserved. > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +struct poly1305_desc_ctx { > + struct poly1305_ctx ctx; > + u8 key[POLY1305_KEY_SIZE]; > + unsigned int rem_key_bytes; > +}; > + > +static int crypto_poly1305_init(struct shash_desc *desc) > +{ > + struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); > + dctx->rem_key_bytes = POLY1305_KEY_SIZE; > + return 0; > +} > + > +static int crypto_poly1305_update(struct shash_desc *desc, const u8 *src, > + unsigned int srclen) > +{ > + struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); > + simd_context_t simd_context; > + > + if (unlikely(dctx->rem_key_bytes)) { > + unsigned int key_bytes = min(srclen, dctx->rem_key_bytes); > + memcpy(dctx->key + (POLY1305_KEY_SIZE - dctx->rem_key_bytes), > + src, key_bytes); > + src += key_bytes; > + srclen -= key_bytes; > + dctx->rem_key_bytes -= key_bytes; > + if (!dctx->rem_key_bytes) { > + poly1305_init(&dctx->ctx, dctx->key); > + memzero_explicit(dctx->key, sizeof(dctx->key)); > + } > + if (!srclen) > + return 0; > + } > + > + simd_get(&simd_context); > + poly1305_update(&dctx->ctx, src, srclen, &simd_context); > + simd_put(&simd_context); > + > + return 0; > +} > + > +static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) > +{ > + struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); > + simd_context_t simd_context; > + > + simd_get(&simd_context); > + poly1305_final(&dctx->ctx, dst, &simd_context); > + simd_put(&simd_context); > + return 0; > +} This crashes on very short inputs. crypto_poly1305_final() is missing: if (dctx->rem_key_bytes) return -ENOKEY; - Eric