Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp556391ybi; Fri, 26 Jul 2019 14:45:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqyakSIadCWDHOXB5uhBH0gHhX3XPYKD1qRw4rMWXvEhJs0KzPI7IzhDper0ojpu111ztlWN X-Received: by 2002:a63:6c4:: with SMTP id 187mr87681263pgg.401.1564177508985; Fri, 26 Jul 2019 14:45:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1564177508; cv=pass; d=google.com; s=arc-20160816; b=NwWuE1S3+GqAr3MOroOlPkmor2HQQqYmL+b2DMwNvcNtucOw3cDGxHJwh2sh22hy05 dhJbxvREc3sxuDTOzbZ41tdJ7vdNGdQ+U8BS/6iLJmfFfVHzfIulfM21rct5d86dVS5V 9XI49hIABGd4q8VI1U8BSJYpGgrbnnr8BIFV2z9ITbjuP7r//1KQeS0ZV7JmrcwvbhdD Eq5zJQLA4EKMAFP2nCpo893F6JcBttPdoHRuEB3UR7fVwtYErf6QpwcJ9bOH8V0HkId6 z7BdODdakNQjyWZQRSu2/jU1blRUQuSuRVXncHJEwfY0SgtNCu0P6kpI18qdyfUQ1gi6 /KHA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=n2LwHDgOo+QVSkS1mFclhpiStrHhEJBsEmk7FZ1Qs9M=; b=Wg6ZlwJ8LG2jEhp3JMPRSeDXTVlnnoWWzzXNrKSTkOO4GJ2RiWunuWN75LO/h6Ty9Z pDb6BNeglzxwuBDB20+H7bX0g6AVLAbtCTZxGSBMePdV7U+jib7FzTtyCnjSok7wM68e HWgDPl0uWth9MBPZp/04V+5ENQMAlCDIrgYG8QNz+VAFbNGH6k6N+S6g4S5V+LfKsWZk dy5PU/zkj1DePQN43hagPrSBFnqI42ehpZBjuufpvEjWGG/IWfRj5iIC7keo6xhfuWCo GX3dXexPEUFhvJuFNRmUIHCuBlZWdRDu2zHYv9ISAlz56i+9pxkMM+vvjynbu7unJ9iv ypEQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@verimatrix.com header.s=selector2 header.b=mlv6nO+B; arc=pass (i=1 spf=pass spfdomain=verimatrix.com dkim=pass dkdomain=verimatrix.com dmarc=pass fromdomain=verimatrix.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=verimatrix.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3si18617338plt.306.2019.07.26.14.44.47; Fri, 26 Jul 2019 14:45:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@verimatrix.com header.s=selector2 header.b=mlv6nO+B; arc=pass (i=1 spf=pass spfdomain=verimatrix.com dkim=pass dkdomain=verimatrix.com dmarc=pass fromdomain=verimatrix.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=verimatrix.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726366AbfGZVnT (ORCPT + 99 others); Fri, 26 Jul 2019 17:43:19 -0400 Received: from mail-eopbgr680049.outbound.protection.outlook.com ([40.107.68.49]:63382 "EHLO NAM04-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727934AbfGZVnT (ORCPT ); Fri, 26 Jul 2019 17:43:19 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ixm93IiYgPRzbg73PTAqFX/nvkJsByeMEXr0+3Fog/YYaCOU564+apwxfhT2FVXJA4lDP1AiyDLbKGjNalaUIgWr8aDiIsLwHwuBmmyx34X55BrChZXrdz1MNF83klwdmYm3ZqrYOAsQe655eDhg05P5ZsYV2nx84FCy5PdCLIKjL22gFwEiIVAInnMA3Z2kM2+6tASxKwVcAAZV23PkqbVz3TO+3kdzBgLOARuso4PdfGG0Vxw9gqAEKqdWKtZ/w5SLic1yWIFZOCNmE/QwnWam4DGokt8b/ti622cLuxe80Wlr/1bUyWohYml9uMBVQ+3cXPMg2ioQA7oZQGRc9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n2LwHDgOo+QVSkS1mFclhpiStrHhEJBsEmk7FZ1Qs9M=; b=TD8SBL4JNs8SaUpbibdnWKhqNAC8qi1o4b8FxLCl1eM1xYJEZ5M6AYhslO6DMOxyvZE6Me8wH0nNa3qS0jG1KAVXwrXkwidDvd9T15TuKWYFBlcnOhD9XHfirIwMhAV64m8M2fFOrB6PolqZBGqKBYYSNBiPjuCTeUrbFnP5vK33ytaj6/e5mFXzAGFJlb/kZ/bywN13EDfXU4d/qpubdkDesj9tc2n1dVMEnLZY2Z7GJr3PV4Hzhgu7wJhzrmQrHihvg5VRbROq5zENXEdQlmRPK86Rx3v1R6yrJMkIDeo6m826+RRQAHNYIhQiloP8RQ0qZ/aF8cThhVYQZz2ozw== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=verimatrix.com;dmarc=pass action=none header.from=verimatrix.com;dkim=pass header.d=verimatrix.com;arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verimatrix.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n2LwHDgOo+QVSkS1mFclhpiStrHhEJBsEmk7FZ1Qs9M=; b=mlv6nO+BYaYY690KSAVfmme7RC0q/4s4kXzfe79gfIest+vSwHsC/o2Hbu0ob8RHn+WdI8GII8vyyiwOe3p2r3rydJWRExQX0iSyfc0MSEFLlKOUgQzhQWJqljRHI5dt4DFur03pTDWAd0vHivYJ8PcLRi1D7lFRqdAGknbds1U= Received: from MN2PR20MB2973.namprd20.prod.outlook.com (52.132.172.146) by MN2PR20MB3151.namprd20.prod.outlook.com (52.132.174.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.14; Fri, 26 Jul 2019 21:43:15 +0000 Received: from MN2PR20MB2973.namprd20.prod.outlook.com ([fe80::68d7:2bbb:af61:2e69]) by MN2PR20MB2973.namprd20.prod.outlook.com ([fe80::68d7:2bbb:af61:2e69%6]) with mapi id 15.20.2094.017; Fri, 26 Jul 2019 21:43:15 +0000 From: Pascal Van Leeuwen To: Horia Geanta , Ard Biesheuvel CC: Milan Broz , Herbert Xu , "dm-devel@redhat.com" , "linux-crypto@vger.kernel.org" Subject: RE: [dm-devel] xts fuzz testing and lack of ciphertext stealing support Thread-Topic: [dm-devel] xts fuzz testing and lack of ciphertext stealing support Thread-Index: AQHVO/5l0aVU4O6KC0WgPIqEsMQCDqbde3tw Date: Fri, 26 Jul 2019 21:43:15 +0000 Message-ID: References: <20190716221639.GA44406@gmail.com> <20190717172823.GA205944@gmail.com> <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au> <20190718072154.m2umem24x4grbf6w@gondor.apana.org.au> <36e78459-1594-6d19-0ab4-95b03a6de036@gmail.com> <20190720065807.GA711@sol.localdomain> <0d4d6387-777c-bfd3-e54a-e7244fde0096@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pvanleeuwen@verimatrix.com; x-originating-ip: [188.204.2.113] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 240da9a0-f306-4dd9-c02a-08d7121243ef x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:MN2PR20MB3151; x-ms-traffictypediagnostic: MN2PR20MB3151: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01106E96F6 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(136003)(39840400004)(366004)(376002)(346002)(396003)(189003)(199004)(13464003)(52536014)(6116002)(446003)(6436002)(3846002)(66946007)(86362001)(5660300002)(76116006)(66446008)(64756008)(66556008)(66476007)(76176011)(6506007)(53546011)(102836004)(7696005)(11346002)(2906002)(229853002)(478600001)(14454004)(14444005)(305945005)(256004)(476003)(8936002)(7736002)(9686003)(71190400001)(71200400001)(68736007)(99286004)(81156014)(8676002)(55016002)(110136005)(54906003)(316002)(81166006)(74316002)(6246003)(15974865002)(186003)(66066001)(4326008)(33656002)(53936002)(26005)(486006)(25786009)(18886075002);DIR:OUT;SFP:1101;SCL:1;SRVR:MN2PR20MB3151;H:MN2PR20MB2973.namprd20.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: verimatrix.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: AK28QrHKKCkOxtqc9kfbYuanZapLXSRiDCm1eW1j/5yHlLX88KuCZflJOLHPTZmKzcMuW0ClPyEXM+NAcTvFNeaJXmwZFwP9lWM17Ry191I94ZeVTjSX3EvOA9rEzh78Ix6kIt//Zsm/d8AYqqAjL3gPR14oBxRjiEatDWkuNZxt0n8aqmOFlOB0xT4X4UTG7FWeoireuuio3M7EO4Crh9sz8lIPLTlxG/JstkQIVcdrapAuVrQvyLFypAPZem1V8/LWChvt69prAY2iyW0vNzmLX2DWRIDfudhYUXQKnpfjOBhhZXMAldXiBF72x3QHiZzuSFU0XLjeIujSKfZCa4cEIc4AxzwcTLyKm4Tplv7M52kY4nacp5yUAHFNn0B6Xr9NNdMGFMow5xfy3XAioA24ib2CdBqb/yDDYIxWGzU= Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: verimatrix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 240da9a0-f306-4dd9-c02a-08d7121243ef X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2019 21:43:15.3742 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: dcb260f9-022d-4495-8602-eae51035a0d0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pvanleeuwen@verimatrix.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR20MB3151 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org > -----Original Message----- > From: Horia Geanta > Sent: Friday, July 26, 2019 9:59 PM > To: Pascal Van Leeuwen ; Ard Biesheuvel > Cc: Milan Broz ; Herbert Xu ; dm-devel@redhat.com; linux- > crypto@vger.kernel.org > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing = support >=20 > On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote: > > Ok, find below a patch file that adds your vectors from the specificati= on > > plus my set of additional vectors covering all CTS alignments combined > > with the block sizes you desired. Please note though that these vectors > > are from our in-house home-grown model so no warranties. > I've checked the test vectors against caam (HW + driver). >=20 > Test vectors from IEEE 1619-2007 (i.e. up to and including "XTS-AES 18") > are fine. >=20 > caam complains when /* Additional vectors to increase CTS coverage */ > section starts: > alg: skcipher: xts-aes-caam encryption test failed (wrong result) on test= vector 9, cfg=3D"in-place" >=20 > (Unfortunately it seems that testmgr lost the capability of dumping > the incorrect output.) >=20 > IMO we can't rely on test vectors if they are not taken > straight out of a spec, or cross-checked with other implementations. >=20 First off, I fully agree with your statement, which is why I did not post t= his as a straight patch. The problem is that specification vectors usually (or actuaclly, alw= ays) don't cover all the relevant corner cases needed for verification. And "reference" impl= ementations=20 by academics are usually shady at best as well. In this particular case, the reference vectors only cover 5 out of 16 possi= ble alignment cases and the current situation proves that this is not sufficient. As we h= ave 2 imple- mentations (or actually more, if you count the models used for vector gener= ation) that are considered to be correct that disagree on results. Which is very interesting, because which one is correct? I know that our mo= del and hardware implementation were independently developed (by 2 different engine= ers) from the IEEE spec and match on results. And our hardware has been used "ou= t in the field" for many years already in disk controllers from major silicon ve= ndors. But that's still not a guarantee .... So how do we resolve this? Majority v= ote? ;-) > Horia >=20 Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com