Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1916059ybi; Thu, 18 Jul 2019 00:16:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqw+2YnoGBI62tH6R++aLFwzQxfSRtMzPrKL5K5WUVFBO58w1bAW9qoSofZv3F8lwrbKr+gf X-Received: by 2002:a63:d847:: with SMTP id k7mr44738086pgj.283.1563434201356; Thu, 18 Jul 2019 00:16:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563434201; cv=none; d=google.com; s=arc-20160816; b=vwDdm98x2z2sM97UUDstQ2EVv+vJSNqjFijVU92wbIBUqbfCSGR3tf9HQStXNWf0A5 vQZI72YfqutHR97PSg3PkO7QYI3jc6hXzL27weH6wyhPADZJt3zNN5Fy73Ra6nod2gVL o5YPEv8FJr1TS8e3rLBIOzgHC3AkQqeW7RkcuAt5qfZxDmfISVnk6AvO8Yj6ZuI/o2lc +XIUfHYGF4H/jdsn+DOsQ+WVVTd6N+Hz8G+qsREWiABiC4gmBFd6cJfPXbsJRmrXyzyK ZnAt3niNEUxVlCnrZMf7KV1F7fyqJsC2We0Oi0VxOIVO2tLiq56l9Gk73KB/XxEVlZcc QzLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=IyU7RhLs3nexL5XSfrBFHZGbJqE/bFU1qysLbSwPyVo=; b=VDA7mqb4keWHfjPA2kgGF2GLBsimyMrzBUUFQ7UxceFzn26xw0M/cvAbt3ARJYwAxS q1FjtXjiKfJXZXYuEryJ+ATMFuVRSAxvQnoCGzdR/qHXeAMB6+4gs9wCi6YJMBhujIyU eO60B3i+5mfAHYncr1JVPpcn4D7qhDc23G8/JydFYoLn16ZoUKkaNrwCKej/+N4xqdfs Id6aiRkxJtKzuCg80FxlaHiVzXQlakdvBzfBdfrYPgRmrTWWyLHiMCJrWi3W+7Vyf+nx /gEkSNoJsW5kP2Txt66tJMtvRbZ/d2iwEf0x6s/FP8wir3Axy6qcgoDt3R6rqO+Oz+hx d5fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yMWCjmgP; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l68si24712532plb.416.2019.07.18.00.16.20; Thu, 18 Jul 2019 00:16:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yMWCjmgP; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726482AbfGRHPy (ORCPT + 99 others); Thu, 18 Jul 2019 03:15:54 -0400 Received: from mail-wm1-f42.google.com ([209.85.128.42]:52177 "EHLO mail-wm1-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726423AbfGRHPy (ORCPT ); Thu, 18 Jul 2019 03:15:54 -0400 Received: by mail-wm1-f42.google.com with SMTP id 207so24447148wma.1 for ; Thu, 18 Jul 2019 00:15:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IyU7RhLs3nexL5XSfrBFHZGbJqE/bFU1qysLbSwPyVo=; b=yMWCjmgPhjd+LDHLWy0TfNvmI5s6jQSyQ+ScEsq8JcS355xU1N2kHOoUB29Dl18W13 kD69QetMlfdNdf7hrDns9OJkf6dHuA2uz0TCEFNKMsTTNB5w/cL+sdwVWAqfeNrLMM3U F++1McxJgSCI92IqJvfAqg/wSPOFHVLIGz1ugoyp6r5NRESd/tLRW0saZ6qg977spLjD cx0LcdoNrUUJw0KSjhCEGd0lyEErzRDZszGb28DmpcWzaJ9ltznhSSfK+AhN0aRb+ziX thgs5PMArqzIKuezFcmyLItpmpcBWSsioskwSQuHXP23o5iWrrBx1zbD5TuTeDmAVrmL 6e7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IyU7RhLs3nexL5XSfrBFHZGbJqE/bFU1qysLbSwPyVo=; b=hKx+Waj1rkL+0unCfkOnsJGZ4kITLngMWiMCti6cbmqfD9/9riO2O3VHF+qxUDWC7a tgqDo9qCa5YIR3wvTHpWf6lWqoHvauRpC2hug89qIw7OM89FnywAsQKDMnmzpM5X7WSC qSg8eHUVp8v4+3DTnYQ7TwloZ1miEbHUtbcDffnbIiV5cYAf5ennNbvTXK0YWmJNiMTJ q6l7k+13qStgstwr0hVc2ePq4ndA9L84oUruMMH56kbbdqvi9cncVpm8OQym/a+GX4ia gUfPZdBRkLZKvyZGwbgAdcLWXLosZPhZ1BdbMO2HPuGTmfkuOo1un1i/qKg/lUg5HCU9 4cFw== X-Gm-Message-State: APjAAAUufKcIVVdHzF6MzPqLLrjZ6ZhPNGitbIGFIupfY4F/TYCIKqs4 7baWbvLMKl4Nt9VTZcQ5eFtApe3cwkXSHQK3zzzVVA== X-Received: by 2002:a05:600c:21d4:: with SMTP id x20mr37237828wmj.61.1563434151974; Thu, 18 Jul 2019 00:15:51 -0700 (PDT) MIME-Version: 1.0 References: <20190716221639.GA44406@gmail.com> <20190717172823.GA205944@gmail.com> <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au> In-Reply-To: <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au> From: Ard Biesheuvel Date: Thu, 18 Jul 2019 09:15:39 +0200 Message-ID: Subject: Re: xts fuzz testing and lack of ciphertext stealing support To: Herbert Xu Cc: Horia Geanta , "linux-crypto@vger.kernel.org" , "dm-devel@redhat.com" Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 18 Jul 2019 at 08:52, Herbert Xu wrote: > > On Wed, Jul 17, 2019 at 08:08:27PM +0200, Ard Biesheuvel wrote: > > > > Since the kernel does not support CTS for XTS any way, and since no > > AF_ALG users can portably rely on this, I agree with Eric that the > > only sensible way to address this is to disable this functionality in > > the driver. > > But the whole point of XTS is that it supports sizes that are > not multiples of the block size. So implementing it without > supporting ciphertext stealing is just wrong. > > So let's fix the generic implementation rather than breaking > the caam driver. > Not just the generic implementation: there are numerous synchronous and asynchronous implementations of xts(aes) in the kernel that would have to be fixed, while there are no in-kernel users that actually rely on CTS. Also, in the cbc case, we support CTS by wrapping it into another template, i.e., cts(cbc(aes)). So retroactively redefining what xts(...) means seems like a bad idea to me. If we want to support XTS ciphertext stealing for the benefit of userland, let's do so via the existing cts template, and add support for wrapping XTS to it.