Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp43893ybi; Thu, 23 May 2019 23:15:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqyvJ7iKF9cZuXyiWTfU9UC+GU+QVy9rsDKJd90Cvjp18jd0du74+fR5LmSYzde7omFxKvWs X-Received: by 2002:a62:e101:: with SMTP id q1mr109225739pfh.160.1558678556223; Thu, 23 May 2019 23:15:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558678556; cv=none; d=google.com; s=arc-20160816; b=DYQYdaisFlfSPnuR63yXP6zLr7UHmf0v/gaknLNTh5JK4DRrMTb1X85+bThJ4WIwxa Z2DlsZL0rw2sdd15usBPqQ5Bu8jq3hLk8DR25X4RcQbjYg+d4vkIaZc2K3WqTguwLkFd 8zu1Oy2opGuPFpAYQDk+Iq9LrwBg6BOGZKtTFG4UHkuNbo/CGTD4rJllNtSh/ZExeRd1 KIxGmCuPXriiKBZ3JIGibFuycEI2s4cGjGo8UZgOYVma21jnZiKk34Bsy5NPWYQ/nzdx JAtW2IMPgh/tVC9c0suCrFJWRtHbM6u8SPSHusC45O/76Tn0Icppq31VSpew0J3421Jt TqEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:dkim-signature; bh=cw+m3tz0Flfcb4YXmlIzhiDbVioDjBpsx5nAxYfAWIs=; b=AwCiPdR/Inw4S+WrQ3xoEs7qOiBx2J/LlPWZQWkEXjvi5KlfflUNazJ9qG4nftWumn aZj3wCpgvkr5iFaC2HDiZWr5f0OFlFtpNajgSlUTanLo/RAyft6LcKtlR1t38lizxRds R11gsJOwKhAAXXCfGLQUArU3gJt/D095sVT/cKjvGugvCzdlede5OOWgnNLajV7IKq3b bV3X+s7e/jinQ9fSMuXZBkAKLRyBalyVKiv2lvgujWHvxOVGUsmjmtk6H281Zvfw3LRW bXANtkNxbcgY8dTiyCEeUErEk+dj0/vBDefXOgv7cqm3BQkzH/llA1Ub8mLFQd+YZr6A F47g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VZ7DdLz5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f16si2530186plr.340.2019.05.23.23.15.28; Thu, 23 May 2019 23:15:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VZ7DdLz5; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388335AbfEXGOq (ORCPT + 99 others); Fri, 24 May 2019 02:14:46 -0400 Received: from mail-it1-f174.google.com ([209.85.166.174]:53968 "EHLO mail-it1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387936AbfEXGOq (ORCPT ); Fri, 24 May 2019 02:14:46 -0400 Received: by mail-it1-f174.google.com with SMTP id m141so13930209ita.3 for ; Thu, 23 May 2019 23:14:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=cw+m3tz0Flfcb4YXmlIzhiDbVioDjBpsx5nAxYfAWIs=; b=VZ7DdLz5olx8sOu387XGCwU+XLEgpXN69RegyZHdzuebtgqlniwdBTvyyUP0h1umLz mObiPM4Sv8Z4HVArUDIgq5MV5Nahz6HubTIbgHEpf5KwsStQOExGz1+qyrRjff+Mf0v8 onOCet5Md075LH9pVyNhmEgQI8DUmKeqadxmD7f3oKZ7W0VlnivP2VypE5j3jjp3KXVR y2Dj25SY3oXe3jJTa7LSLnbapfHaQ6+eJ9FQyOlUnBjHodUY3p4lHNbhQy00x4L4hncb 7ziAsgqvDp4dwJiier+/skQzDPf8vcoYqiUUhgBB2jAqhG2QF5PE4nKU8bNTxy3pw/s9 w98g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=cw+m3tz0Flfcb4YXmlIzhiDbVioDjBpsx5nAxYfAWIs=; b=RRDUCRtLRrHyfG0wuC503J57j39qWUV8WO6UokhUZq+hNs+oPSjzUMbQatfB9HRj5d 5QHns5IbmVpHYXMQyusqPhsF724gyTe71oi/ff9SpRdRKJW4TPGzz7U1wjVeQuKFyZHs H1OJ96VmHZpRuj/FaR1YG6cuiX8dWfVzYRl0GInW/C28w7v7kf7IIgdoEGbFk6dj6d2/ kI/xMG7PfXQjfnuQ0Ze1S8M8HeieonXMVfuYBae9yGJMBABmmc+z1/BoefEVrsjlBeDQ 1Rwxk1WEKIgLDUxM/cFwtNpJILZKQwss3mUBGBARd51acEpUvB8MDC+CFjb+SZiMjvom 1LZQ== X-Gm-Message-State: APjAAAXPy7MCuOctOMBJIE1LNeVJ+2YtYz6s3T8W/ZXX/BC4b6MHhNoq 0lEIu2M+joTN0t6DTgzfFnQT83xMCc6W215ai+ohiEp0 X-Received: by 2002:a24:440c:: with SMTP id o12mr17076958ita.145.1558678485288; Thu, 23 May 2019 23:14:45 -0700 (PDT) MIME-Version: 1.0 References: <20190523185833.GA243994@google.com> <20190523200557.GA248378@gmail.com> In-Reply-To: <20190523200557.GA248378@gmail.com> Reply-To: noloader@gmail.com From: Jeffrey Walton Date: Fri, 24 May 2019 02:14:11 -0400 Message-ID: Subject: Re: another testmgr question To: Eric Biggers Cc: "linux-crypto@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, May 23, 2019 at 4:06 PM Eric Biggers wrote: > > On Thu, May 23, 2019 at 01:07:25PM +0000, Pascal Van Leeuwen wrote: > > > > I'm running into some trouble with some random vectors that do *zero* > > length operations. Now you can go all formal about how the API does > > not explictly disallow this, but how much sense does it really make > > to essentially encrypt, hash or authenticate absolutely *nothing*? > > > > It makes so little sense that we never bothered to support it in any > > of our hardware developed over the past two decades ... and no > > customer has ever complained about this, to the best of my knowledge. > > > > Can't you just remove those zero length tests? > > For hashes this is absolutely a valid case. Try this: > > $ touch file > $ sha256sum file > e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 file > > That shows the SHA-256 digest of the empty message. > > For AEADs it's a valid case too. You still get an authenticated ciphertext even > if the plaintext and/or AAD are empty, telling you that the (plaintext, AAD) > pair is authentically from someone with the key. > > It's really only skciphers (length preserving encryption) where it's > questionable, since for those an empty input can only map to an empty output. > > Regardless of what we do, I think it's really important that the behavior is > *consistent*, so users see the same behavior no matter what implementation of > the algorithm is used. > > Allowing empty messages works out naturally for most skcipher implementations, > and it also conceptually simplifies the length restrictions of the API (e.g. for > most block cipher modes: just need nbytes % blocksize == 0, as opposed to that > *and* nbytes != 0). So that seems to be how we ended up with it. > > If we do change this, IMO we need to make it the behavior for all > implementations, not make it implementation-defined. > > Note that it's not necessary that your *hardware* supports empty messages, since > you can simply do this in the driver instead: > > if (req->cryptlen == 0) > return 0; +1. It seems like a firmware update in the hardware or a software update to the driver are the ways to proceed. Why isn't the driver able to work around the hardware bugs? I don't think it is wise to remove tests from the Test Manager. Jeff