Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp2205967ybm; Thu, 23 May 2019 13:06:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqwbsP6uT4PoYkfTzBC7J/9qkeO+IlcpGHSvEAse5E8bSMXfTvWH2clFt420GyqT/S9kM4oj X-Received: by 2002:a63:1f22:: with SMTP id f34mr38894067pgf.248.1558642017467; Thu, 23 May 2019 13:06:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558642017; cv=none; d=google.com; s=arc-20160816; b=mBuxR1gZbi7L29wpBo1j9rLwtBY5b7a2ZV9VmUkmMzXBwQkAK8MS2ILSASAxXo7H4/ 4ZdqJk6sFX7AtHBJ9p6zWHP5F7U3jIWeuDGMYSUlys2zggaVXhfkgnuPdRmJ1XI+TS91 L4Qwya0eYrrZ7Mgx/L7fir2yNnCHyBvVArlB9oajErFJ7Ecw1ADVL2gSOcyWcLMxMqZU L60aSGI5iZK+C0ilYI4eZw1wFfgM6IoROtp+7brsyCJ7yRBQxZthC9UCXD6q+RiE1C/D qt5TtQBCOhvyc9jHJNOMHVSzeupDHEhdIw9rnekooqK01uqFXKYQsikCCUKnzIZ4LW1T bTYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=xpCC+i8QcCElF1NTxtNhwWFQV3/g3ivqYIk2oJYzqTQ=; b=Fs6Cg7/mdi373b7y8rMESem5zrh+aW1E8IrQyS+4mHkW1HvWHelKwOVPUFc+5b0ryt xiYEJCzB9wedsb8IlRa2oVzey6FvpxZpobwgzcLKMLw+fypwV93HLtrL2H6eveSyCoFf jTIaABsBIkP+bslyUwXGdIDhjeldpGY/MxTdmerEbjfe+OxdJaG7CgwQo5SH/Gf8CzqV 4X5iSz1OSmT8IEMA8wbnlzI3fSdE82tvBzKiBT+tbpmtk5cHSqnaasFVD1833m9/r+ta LU08tz9Kt9rZ+XpiVRcycFm8MYMoo8ceryYcylSkA4Cwukzad1cZXnblF3+mXGUxbp1N /odw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="YlEkqE1/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x191si356088pfd.37.2019.05.23.13.06.37; Thu, 23 May 2019 13:06:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="YlEkqE1/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387557AbfEWUGB (ORCPT + 99 others); Thu, 23 May 2019 16:06:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:38346 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387537AbfEWUGB (ORCPT ); Thu, 23 May 2019 16:06:01 -0400 Received: from gmail.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7E9F62133D; Thu, 23 May 2019 20:06:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1558641960; bh=zGwRYvhKESwMZh7VNAD9KXiyxONvee7bw8B/JToOVpc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YlEkqE1/SZBNMLNnWRIAAtrI8ETuyFIH/rWi7D/rZd9EIAXGpl2VUwukRvtXr4Mr9 sAnDJrlXwXtoA4L/797jReGdUKA6oEP50eYJuRY5sJ5pFE9fOIqRbdRsN5o4c/v+k8 M8m0RfFt6TeI/8or+pV3kRmRxHjenhNIO2VrAXag= Date: Thu, 23 May 2019 13:05:59 -0700 From: Eric Biggers To: Pascal Van Leeuwen Cc: "linux-crypto@vger.kernel.org" Subject: Re: another testmgr question Message-ID: <20190523200557.GA248378@gmail.com> References: <20190523185833.GA243994@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, May 23, 2019 at 01:07:25PM +0000, Pascal Van Leeuwen wrote: > Eric, > > I'm running into some trouble with some random vectors that do *zero* > length operations. Now you can go all formal about how the API does > not explictly disallow this, but how much sense does it really make > to essentially encrypt, hash or authenticate absolutely *nothing*? > > It makes so little sense that we never bothered to support it in any > of our hardware developed over the past two decades ... and no > customer has ever complained about this, to the best of my knowledge. > > Can't you just remove those zero length tests? > For hashes this is absolutely a valid case. Try this: $ touch file $ sha256sum file e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 file That shows the SHA-256 digest of the empty message. For AEADs it's a valid case too. You still get an authenticated ciphertext even if the plaintext and/or AAD are empty, telling you that the (plaintext, AAD) pair is authentically from someone with the key. It's really only skciphers (length preserving encryption) where it's questionable, since for those an empty input can only map to an empty output. Regardless of what we do, I think it's really important that the behavior is *consistent*, so users see the same behavior no matter what implementation of the algorithm is used. Allowing empty messages works out naturally for most skcipher implementations, and it also conceptually simplifies the length restrictions of the API (e.g. for most block cipher modes: just need nbytes % blocksize == 0, as opposed to that *and* nbytes != 0). So that seems to be how we ended up with it. If we do change this, IMO we need to make it the behavior for all implementations, not make it implementation-defined. Note that it's not necessary that your *hardware* supports empty messages, since you can simply do this in the driver instead: if (req->cryptlen == 0) return 0; - Eric