Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp689397ybi; Fri, 7 Jun 2019 15:18:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqy3NlReb4OSpmkf7qxe7pUgxnMWOAqmyVnIBNagFaGhjVicX5dIDMbpFzFw2cSgysAouUK7 X-Received: by 2002:a17:90a:36a9:: with SMTP id t38mr8280580pjb.19.1559945935378; Fri, 07 Jun 2019 15:18:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559945935; cv=none; d=google.com; s=arc-20160816; b=JwqrDw/Yu++UwrftTCxkol6EdBmqhc19VqPF3VNb1fKulrjm+vK8T0vJMYX5F+gNyb shZjxBnFNTxPaRcuy+mQziNnmsf3bTy/zMPWFrv6VJWw6kV61tcdXEPC3KfXiK8rHDZM y12oJLWni9COeu74aQHWb5q2Fe8VB5FlS+dBIGUM+d20/ZiNq5iVMXEOsJtx28re6uGV Luj9pOT6L6s1Ja5C2/tCUVrIpYNlpeOoUiGR3Tmc4EkEnFq3fY5NINmbgcd8mM49aqpc eR10QH0kUoE40weY2OOvItwswgd1cBeZFjBZH7CIsH74kCBNKUgK/rMAcI9nW5glRSoM z5Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=PXtJCf/u3aaG77BbB4kjKVPDWerY/m2GOEswYNOPNa8=; b=lXr68sPLFqdDHil7mn12Gnpt413Ymz5j8HwZJ+pYBbOS/bZL5FajO4qfZAmZPgSWuJ q+l1GcAbHiNfH4H1/8piuOMzvtFyT963otgmLc915Y6+ZN+a9XDPOYQLYQxQ9GNeOGmJ tmTUwo9Z+OfRt6xmtQv5p+wTWJoiygU8VsASCMMdcj2+xrHRaDAwAoPpPvgcQI9dAapL IrWKNQIYoxb8/VHEO8jHtIocIG3ZqRnj39Ljqs/yt1FAJZ/BgZYY6KYasBo+ATkt7QVr TyDBgFJJeBuw5x65EyEiTVNB8UIEAHezXW9EXdIrR9Lvy4sfgujVxfOKA5HNm2UapfHe OBQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="jZ4ud1m/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b2si479768pgm.111.2019.06.07.15.18.33; Fri, 07 Jun 2019 15:18:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="jZ4ud1m/"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729725AbfFGV3C (ORCPT + 99 others); Fri, 7 Jun 2019 17:29:02 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:35682 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729125AbfFGV3B (ORCPT ); Fri, 7 Jun 2019 17:29:01 -0400 Received: by mail-ot1-f65.google.com with SMTP id j19so3189240otq.2; Fri, 07 Jun 2019 14:29:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=PXtJCf/u3aaG77BbB4kjKVPDWerY/m2GOEswYNOPNa8=; b=jZ4ud1m/Sm87Fur1JYuakDSoD3CBD1Mwo9NCJj9Kkol+x76U7pj69m835XOKnX/hQB nWcxtjjzd7dqgevvUQQ1LSJsrnHSfMk/px4b4gpLXSSRF8RcmTS7aVcGY0I33g4IU90m jc3YReN3PAMJyZus79Ei6NmlxvE2ByZPqTPBOpRsCQX70+3qjGVstdx0+v+xGkt7QK1C SaHT75cp2Kl/XwZXqNz69XKSHmXVmC55DA7wna3Ukt8SsVWQsbYwysEv4GNToYYoiTea FPZmoBZK+LvB1HwwoZS0VUBYvFdQ4trZPmeeUa7GUzbsitQsUgIbiEbl2tlLuOTruC6k 1Prg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=PXtJCf/u3aaG77BbB4kjKVPDWerY/m2GOEswYNOPNa8=; b=DktF+Sk0qnONgrOpsiqadcJw5muo65WLHBNNq4bopXN+fACd7LHFFzmO6tTU78czkZ pshwXdOfQcA19fYCig6L2oJESw8C3byFmAnUhryYwk/eTYoW68XuNVbfUzLdHHLZNsRB +jBNY7oE/mw9v3RalkI0hPAXtFC15r2dZ1man03X0bfxqjKo/SgR9K8+IdCaJ3fXbNv6 hVrylOrpIFKACeeeRNy3zI23fgzdmuOSCDw4k2Tk1bNkYW9cQRd1Rfkd6u9LYZSONH9S yVbFMufF4cagfnNMwJbnAORXga7rfIKubmxmfV5+VGv6b1EVQOtbrEschbEuvutFOfru m6Aw== X-Gm-Message-State: APjAAAX6FQbYva0cOZ/Shd9/tv1hO+uR0K6gilh7XUF9F4Y0CvtAIXsv Ofx55y1pZzgLVQnl2yVxWnA= X-Received: by 2002:a9d:2f0:: with SMTP id 103mr11515767otl.182.1559942941161; Fri, 07 Jun 2019 14:29:01 -0700 (PDT) Received: from [192.168.1.249] (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.googlemail.com with ESMTPSA id h2sm1124875otk.25.2019.06.07.14.29.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Jun 2019 14:29:00 -0700 (PDT) Subject: Re: [RFC PATCH 0/3] move WEP implementation to skcipher interface To: Eric Biggers Cc: Ard Biesheuvel , Marcel Holtmann , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Herbert Xu , Johannes Berg , "open list:NFC SUBSYSTEM" , "David S. Miller" References: <20190607144944.13485-1-ard.biesheuvel@linaro.org> <20190607175947.GB648@sol.localdomain> <97BB95F6-4A4C-4984-9EAB-6069E19B4A4F@holtmann.org> <20190607211514.GD648@sol.localdomain> From: Denis Kenzior Message-ID: Date: Fri, 7 Jun 2019 16:28:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20190607211514.GD648@sol.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Eric, On 06/07/2019 04:15 PM, Eric Biggers wrote: > On Fri, Jun 07, 2019 at 03:45:45PM -0500, Denis Kenzior wrote: >> Hi Ard, >> >>> >>> Ah ok, good to know. That does imply that the driver is not entirely >>> broken, which is good news I suppose. >>> >> >> Not entirely, but we did have to resort to using multiple sockets, otherwise >> parallel encrypt/decrypt operations on the socket would result in invalid >> behavior. Probably due to the issue Eric already pointed out. >> >> No such issue with any other ciphers that we use. >> >> Regards, >> -Denis > > Okay, that sucks, so we do have to keep "ecb(arc4)" in the crypto API then. And > we can't fix its name to be just "arc4". It's odd that someone would choose to > use AF_ALG over writing a 20 line arc4_crypt() in userspace, but whatever. > > Yes, "ecb(arc4)" isn't currently thread safe. ARC4 uses a single key whereas > modern stream ciphers use a key + IV. To comply with the crypto API it would > have to copy the key to a stack buffer for each encryption/decryption. But it > doesn't; it just updates the key instead, making it non thread safe. If users > are actually relying on that, we'll have to settle for adding a mutex instead. Well the issue isn't even about being thread safe. We run a single thread in iwd. The details are a bit fuzzy now due to time elapsed, but if I recall correctly, even behavior like: fd = socket(); bind(fd, ecb(arc4)); setsockopt(fd, ...key...); sendmsg(fd, OP_ENCRYPT, ...); sendmsg(fd, OP_DECRYPT, ...); sendmsg(fd, OP_ENCRYPT, ...); would produce different (incorrect) encrypted results compared to sendmsg(fd, OP_ENCRYPT, ...) sendmsg(fd, OP_ENCRYPT, ...) Regards, -Denis