Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1233314ybp;
        Fri, 11 Oct 2019 10:58:26 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyjkEQ3V5nZMUaBCVWWgTjqOA0ePkzfoYVSFy98oPsubxeJVnxAC0gbLRTPcDjH6s3gJFdb
X-Received: by 2002:a17:906:b781:: with SMTP id dt1mr14951052ejb.221.1570816706631;
        Fri, 11 Oct 2019 10:58:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570816706; cv=none;
        d=google.com; s=arc-20160816;
        b=pHUT/6G4WFFrOFjghW40JD9/vRZgGjS2Ze+lSPR6VEIUggZoKyH3Pu4WapV4uyJlQW
         z9kV6nu4dUUaeIZ8RKNIVJiqfPXryzT8EqrOGTosvzsdXAoDb4RyGPmYr/vKqwqfElgC
         0CZpjlsioGD+dhVOcZroB4ZWLch3CCURhzxqn1pjlKK2eLUsVTnZWKwbnv8YYwnzb8gh
         QiQzRtn7ydW0KaJ9TsaHLaC9XzPiQWp06U3fsP5uSRmUlctLdKu3G1MW9lZbZvvUH5kI
         wzrBgejvX8E5fnlBmTjFUJowSrd52gKyHfsluoI5Bwtm5cOCLyhWBBpo70kGKJNg4fl2
         dAhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature;
        bh=6UTsXNN5GUPT8M8rmtyDPzSvzXXkn5ldg2mvAYYWkhM=;
        b=0DIDnV4aUd9inoYxYLIv+eXINUIuojWBM5nZVWsqG6JBs4woq9H+DBxFAvohjHkL2k
         +S6kdO6zt80VmbHBaQjf7AHJArdBZkVbRrilAB0tye4pxEg84kwRV/yM+vfBHWNrf6F/
         0xOvP31pGAaqBUL9I0z6AKfaC6PAK4ftP6U1szey5Clm8bFjN07ZuhMBpSOEr5UQsIkl
         2EgpdbaOIfB4h8GojONRAaKJCDz9kG1YzeQIXYR0CsznkxnCI81pUAFwV0y7Su5HuZ0A
         K9BoThFQpHfeW7O19DKTLt+fWXOho9KmJVwK7i6O/gM+ZgOhksRctgGvLRYWPd+FEFPc
         lhvg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=arpX6MgI;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o14si5623256ejc.405.2019.10.11.10.57.56;
        Fri, 11 Oct 2019 10:58:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=arpX6MgI;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728474AbfJKR5n (ORCPT <rfc822;corchopanconchocolate@gmail.com>
        + 99 others); Fri, 11 Oct 2019 13:57:43 -0400
Received: from mail.kernel.org ([198.145.29.99]:38410 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728374AbfJKR5m (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 11 Oct 2019 13:57:42 -0400
Received: from gmail.com (unknown [104.132.1.77])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id DC971206A1;
        Fri, 11 Oct 2019 17:57:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1570816662;
        bh=YiI7zF8WltNUYYD6XmKfVSSX4StmUMBNXn8Ha54j4wE=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=arpX6MgIZZaBsDtWlD7eJ3YuDcPPaePYou4jkD0PQ9bTktRV1qK1QqvXfsu6vjFzL
         231IQm7fNJt+/TMhJyN0pkZ4y/2TdTPQlGOCUbvslNB6QTmP5f7zzDITxJKZqlBcN7
         RD5Vdwl6YNn68w3ocp7KzCXXSGWUafEy97ZsuruU=
Date:   Fri, 11 Oct 2019 10:57:40 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     David Sterba <dsterba@suse.com>
Cc:     linux-crypto@vger.kernel.org, ard.biesheuvel@linaro.org
Subject: Re: [PATCH v4 0/5] BLAKE2b generic implementation
Message-ID: <20191011175739.GA235973@gmail.com>
Mail-Followup-To: David Sterba <dsterba@suse.com>,
        linux-crypto@vger.kernel.org, ard.biesheuvel@linaro.org
References: <cover.1570812094.git.dsterba@suse.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <cover.1570812094.git.dsterba@suse.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, Oct 11, 2019 at 06:52:03PM +0200, David Sterba wrote:
> The patchset adds blake2b refrerence implementation and test vectors.
> 
> V4:
> 
> Code changes:
> 
> - removed .finup
> - removed .cra_init
> - dropped redundant sanity checks (key length, output size length)
> - switch blake2b_param from a 1 element array to plain struct
> - direct assignment in blake2b_init, instead of put_unaligned*
> - removed blake2b_is_lastblock
> - removed useless error cases in the blake * helpers
> - replace digest_desc_ctx with blake2b_state
> - use __le32 in blake2b_param
> 
> Added testmgr vectors:
> 
> - all digests covered: 160, 256, 384, 512
> - 4 different keys:
>   - empty
>   - short (1 byte, 'B', 0x42)
>   - half of the default key (32 bytes, sequence 00..1f)
>   - default key (64 bytes, sequence 00..3f)
> - plaintext values:
>   - subsequences of 0..15 and 247..255
>   - the full range 0..255 add up to 4MiB of .h, for all digests and key
>     sizes, so this is not very practical for the in-kernel testsuite
> - official blake2 provided test vectors are only for empty and default key for
>   digest size 512
> - the remaining combinations were obtained from b2sum utility (enhanced to
>   accept a key)

The choice of data lengths seems a bit unusual, as they include every length in
two ranges but nothing in between.  Also, none of the lengths except 0 is a
multiple of the blake2b block size.  Instead, maybe use something like
[0, 1, 7, 15, 64, 247, 256]?

Also, since the 4 variants share nearly all their code, it seems the tests would
be just as effective in practice if we cut the test vectors down by 4x by
distributing the key lengths among each variant.  Like:

          blake2b-160  blake2b-256  blake2b-384  blake2b-512
         ---------------------------------------------------
len=0   | klen=0       klen=1       klen=16      klen=32
len=1   | klen=16      klen=32      klen=0       klen=1
len=7   | klen=32      klen=0       klen=1       klen=16
len=15  | klen=1       klen=16      klen=32      klen=0
len=64  | klen=0       klen=1       klen=16      klen=32
len=247 | klen=16      klen=32      klen=0       klen=1
len=256 | klen=32      klen=0       klen=1       klen=16

> 
> Testing performed:
> 
> - compiled with SLUB_DEBUG and KASAN, plus crypto selftests
>   CONFIG_CRYPTO_MANAGER2=y
>   CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
>   CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
> - module loaded, no errors reported from the tessuite
> - (un)intentionally broken test values were detected
> 
> The test values were produced by b2sum, compiled from the reference
> implementation. The generated values were cross-checked by pyblake2
> based script (ie. not the same sources, built by distro).
> 
> The .h portion of testmgr is completely generated, so in case somebody feels
> like reducing it in size, adding more keys, changing the formatting, it's easy
> to do.

> 
> In case the patches don't make it to the mailinglist, it's in git
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git dev/blake2b-v4

Can you please rebase this onto cryptodev/master?

- Eric