Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp557114ybv; Fri, 7 Feb 2020 04:30:22 -0800 (PST) X-Google-Smtp-Source: APXvYqxMMExcE5r7h1sYTzD88Cq7btdfr2Z8diXK9jBcGnYjzDDHWBMioP4c+YDtCuQQ4K0hzwtg X-Received: by 2002:a9d:7315:: with SMTP id e21mr2688502otk.255.1581078621871; Fri, 07 Feb 2020 04:30:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581078621; cv=none; d=google.com; s=arc-20160816; b=njCwTN1BuCUAYOrm59d+Pv5CaeZTKISIq4wXOs4AzOa/kiEgVXavDHXTzknGxQKMkc EPui1tT3T+jCEcmehrmwMJP062Vec+FuxVBimJrpKC2YC0aQ5xMvQaVCgxYTY9yh6Pqp W7G+6SY+O6lHJyFZqDDoVR2fw0IkceO1BEWBn6wnsqY1k8BqymNVfXPTCEEl2pCBvJk7 gBfBs1vLLM/TLT1UceBwbDVm2L3qGu4YlkLk8YSYJTTc8lrXy/GwERO2oaZxXQqki9fB C6rk/+ijUynmxHTAyFsp0OYxEnzIZg0J7P7WlF/VKDPwmygWmcN4RIkI0jxXaedMLAcV 2ZxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KtjZ/hcfzGexdUOqkVZ3eTpPAhXVGcnWWMQFTkp83LE=; b=czhBsWl7FjO/D/sbSrIAUP3xnqpko0HIswGkzdA/adG3UpjriWK0l1XNueiuC8aUVn TKkKix+390MEaK3jAd3P4WEZimgr3y1TSymCP7w+MzNZG0ZXjWe2CAwEUwHSX3HkE8cN dg3bLHSiNY+Akq0E/4CydOaggvRDQt3ZRS1zC11t1vLCHcTrmiFRPtRRsROn65Cy/FnL g+ZOW4hy2aCc3OMihrQhNqe78l0PL8jFiA+JegDvCRDaQJflT03SmzcJMIjoOuhrnNe5 FUmuoOOIQv9aE1COlIoHp/pFijdcmmETc+CXjkVMdn0q+OVgJuS+SuEQc0XnJFUK2ndO o1bQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=risa1OP3; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e20si3779063oig.199.2020.02.07.04.30.04; Fri, 07 Feb 2020 04:30:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=risa1OP3; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726897AbgBGM37 (ORCPT + 99 others); Fri, 7 Feb 2020 07:29:59 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.52]:16623 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726890AbgBGM37 (ORCPT ); Fri, 7 Feb 2020 07:29:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1581078597; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=KtjZ/hcfzGexdUOqkVZ3eTpPAhXVGcnWWMQFTkp83LE=; b=risa1OP3toCV2WvPPw7/yCF9Vi5ImnDeC05ZGhOmXH6W4k3GZdXkM5gQkaIjnIOh77 ZiwlHCT8Wh+rKw8SoO2sERkrqJIKRN1CK0T8l4P79ebg88E29MS9RLmHbVJBW/Cfmr73 DjDpyQ9+5z1MPEUmfXJqef49/g8Oc2kykOoQTn1Z2kGTwtgWmE0qCSYRK4Kfx6DGMDeb SBzB5VKZnDBJ4x4E8Nc9lB8FjKObB/5NeGjjK3q9sgME5aCGgECCWGS05UU8uTHR8qWp YyKeuu6YfisT72TrXN3/CorBYLSFS8DD31JSGTpmanLLQrSyIOl+EELAOYWcXm+3wak1 E7gQ== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaIfScugJ3" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 46.1.12 DYNA|AUTH) with ESMTPSA id 608a92w17CTleTE (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Fri, 7 Feb 2020 13:29:47 +0100 (CET) From: Stephan Mueller To: Gilad Ben-Yossef Cc: Eric Biggers , Herbert Xu , Linux Crypto Mailing List , Geert Uytterhoeven , David Miller , Ofir Drang Subject: Re: Possible issue with new inauthentic AEAD in extended crypto tests Date: Fri, 07 Feb 2020 13:29:47 +0100 Message-ID: <6968686.FA8oO0t0Vk@tauon.chronox.de> In-Reply-To: References: <28236835.Fk5ARk2Leh@tauon.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am Freitag, 7. Februar 2020, 12:50:51 CET schrieb Gilad Ben-Yossef: Hi Gilad, > > It is correct, but is it smart? > > Either we require the same IV to be passed twice as we do today, in which > case passing different IV should fail in a predictable manner OR we should > define the operation is taking two IV like structures - one as the IV and > one as bytes in the associated data and have the IPsec code use it in a > specific way of happen to pass the same IV in both places. > > I don't care either way - but right now the tests basically relies on > undefined behaviour > which is always a bad thing, I think. I am not sure about the motivation of this discussion: we have exactly one user of the RFC4106 implementation: IPSec. Providing the IV/AAD is efficient as the rfc4106 template intents to require the data in a format that requires minimal processing on the IPSec side to bring it in the right format. On the other hand, the cipher implementation should just do the operation regardless of where the data comes from or whether the AAD buffer overlaps with the IV buffer. I.e. the cipher should try to interpret the data but just do the work. So, where is it inefficient? Maybe the API for RFC4106 could be a bit nicer, but it needs to fit into the overall AEAD API as a specific RFC4106-API seems to be overkill. Ciao Stephan