On Wed, Aug 26, 2020 at 02:58:02PM +0200, Andrew Zaborowski wrote:
>
> Running iwd's and ell's unit tests I can see that at least the
> following algorithms give EINVAL errors:
> ecb(aes)
> cbc(aes)
> ctr(aes)
>
> The first one fails in recv() and only for some input lengths. The
> latter two fail in send(). The relevant ell code starts at
> https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c#n271
>
> The tests didn't get to the point where aead is used.
Yes ell needs to set MSG_MORE after sending the control message.
Any sendmsg(2) without a MSG_MORE will be interpreted as the end
of a request.
I'll work around this in the kernel though for the case where there
is no actual data, with a WARN_ON_ONCE.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
On 8/26/20 8:00 AM, Herbert Xu wrote:
> On Wed, Aug 26, 2020 at 02:58:02PM +0200, Andrew Zaborowski wrote:
>>
>> Running iwd's and ell's unit tests I can see that at least the
>> following algorithms give EINVAL errors:
>> ecb(aes)
>> cbc(aes)
>> ctr(aes)
>>
>> The first one fails in recv() and only for some input lengths. The
>> latter two fail in send(). The relevant ell code starts at
>> https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c#n271
>>
>> The tests didn't get to the point where aead is used.
>
> Yes ell needs to set MSG_MORE after sending the control message.
> Any sendmsg(2) without a MSG_MORE will be interpreted as the end
> of a request.
I'm just waking up now, so I might seem dense, but for my education, can you
tell me why we need to set MSG_MORE when we issue just a single sendmsg followed
immediately by recv/recvmsg? ell/iwd operates on small buffers, so we don't
really feed the kernel data in multiple send operations. You can see this in
the ell git tree link referenced in Andrew's reply.
According to https://www.kernel.org/doc/html/latest/crypto/userspace-if.html:
The send system call family allows the following flag to be specified:
MSG_MORE: If this flag is set, the send system call acts like a cipher
update function where more input data is expected with a subsequent invocation
of the send system call.
So given what I said above, the documentation seems to indicate that MSG_MORE
flag should not be used in our case?
Regards,
-Denis
>
> I'll work around this in the kernel though for the case where there
> is no actual data, with a WARN_ON_ONCE.
>
> Thanks,
>
On Wed, Aug 26, 2020 at 08:57:17AM -0500, Denis Kenzior wrote:
>
> I'm just waking up now, so I might seem dense, but for my education, can you
> tell me why we need to set MSG_MORE when we issue just a single sendmsg
> followed immediately by recv/recvmsg? ell/iwd operates on small buffers, so
> we don't really feed the kernel data in multiple send operations. You can
> see this in the ell git tree link referenced in Andrew's reply.
You obviously don't need MSG_MORE if you're doing a single sendmsg.
The problematic code is in l_cipher_set_iv. It does a sendmsg(2)
that expects to be followed by more sendmsg(2) calls before a
recvmsg(2). That's the one that needs a MSG_MORE.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
On 8/26/20 9:19 AM, Herbert Xu wrote:
> On Wed, Aug 26, 2020 at 08:57:17AM -0500, Denis Kenzior wrote:
>>
>> I'm just waking up now, so I might seem dense, but for my education, can you
>> tell me why we need to set MSG_MORE when we issue just a single sendmsg
>> followed immediately by recv/recvmsg? ell/iwd operates on small buffers, so
>> we don't really feed the kernel data in multiple send operations. You can
>> see this in the ell git tree link referenced in Andrew's reply.
>
> You obviously don't need MSG_MORE if you're doing a single sendmsg.
>
> The problematic code is in l_cipher_set_iv. It does a sendmsg(2)
> that expects to be followed by more sendmsg(2) calls before a
> recvmsg(2). That's the one that needs a MSG_MORE.
>
Gotcha. I fixed the set_iv part now in ell:
https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=87c76bbc85fe286925cbdb53d733fc9f9fd2ed12
Regards,
-Denis
On Wed, 26 Aug 2020 at 17:33, Denis Kenzior <[email protected]> wrote:
>
> Hi Herbert,
>
> On 8/26/20 9:19 AM, Herbert Xu wrote:
> > On Wed, Aug 26, 2020 at 08:57:17AM -0500, Denis Kenzior wrote:
> >>
> >> I'm just waking up now, so I might seem dense, but for my education, can you
> >> tell me why we need to set MSG_MORE when we issue just a single sendmsg
> >> followed immediately by recv/recvmsg? ell/iwd operates on small buffers, so
> >> we don't really feed the kernel data in multiple send operations. You can
> >> see this in the ell git tree link referenced in Andrew's reply.
> >
> > You obviously don't need MSG_MORE if you're doing a single sendmsg.
> >
> > The problematic code is in l_cipher_set_iv. It does a sendmsg(2)
> > that expects to be followed by more sendmsg(2) calls before a
> > recvmsg(2). That's the one that needs a MSG_MORE.
> >
>
> Gotcha. I fixed the set_iv part now in ell:
> https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=87c76bbc85fe286925cbdb53d733fc9f9fd2ed12
>
Interestingly, that change alone (without the kernel side fix that
Herbert just provided) is not sufficient to make the self tests work
again.
I still get a failure in aes_siv_encrypt(), which does not occur with
the kernel side fix applied.
On Wed, Aug 26, 2020 at 05:42:27PM +0200, Ard Biesheuvel wrote:
>
> I still get a failure in aes_siv_encrypt(), which does not occur with
> the kernel side fix applied.
Where is this test from? I can't find it in the ell git tree.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt