Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp3690123ybk; Tue, 19 May 2020 10:36:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfyl0eKT5VUG5+324/YKfK4CklwyLHvPiC8gVo32HA0nwwEnFRff5xwtiFslbf/CXNdlWZ X-Received: by 2002:a17:906:17d1:: with SMTP id u17mr328301eje.242.1589909760685; Tue, 19 May 2020 10:36:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589909760; cv=none; d=google.com; s=arc-20160816; b=ls7hIv+eXlnRPxkW7cuZGA+Hwth4OOpO0CcuTjjW/JQwJSXrrAWxx7netPjFmUWu3J UVv60vMqSsvGnkNZfq0mCNzf0B81cWZLuIRcIW1k5JLkpPydPfTgNlyCxE6MqKAI1d80 lq+oL1eFFEKWoPYn3rzdnlM0PdOFncmxamXbWCkUzaCsyWznjCsodLef40tSHjzZPARO z+CKX3gugsRWMz4Xhv58R9wuckjTC61opZMb3XAN3TwRnp67X/nPhqSwo6d7NZ5EMSOn dYndjEASErnBN5zIKMt3bhsHx/tOB9DC2jJfkHOlXy0zm4ti7CYYPK0UfCLPeeeuxvq/ 73oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=wmPnuRb8wgLctMH02vVbbie34eu8rrlWcgiQCxWFX7M=; b=DKxpt33JJg4LZo0KLZZ34MdLdKH4uObPonpiBD7ChqsQAPYUUlE6hWrC25XrlZCX0K eC7x/Vo49XjkhH/McxipOR7GU6xldK6171wn2kjURciAvAmwzj/JdrFRra8uP9ulGNIX FqfPv7ix6BnYWS73nXi2TjqLIe7/eAJErABzgdKgfXtgATNOMSZjtKoJYPoa95ZwozcP 5FCLTY3k+2S3dpQQ22KMjOEV7NQFYhiYAmEvnr7mo4zCqwW7IwVS6Qswst/7UMCifdJG oFA5AdpzPV9KtJwBXTasqgZss2aqdFYMvc30frtRUeQmub2rDFv/hRtQb0LCyC9miQvl vEBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=CDv9RkUP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l10si67080edv.152.2020.05.19.10.35.31; Tue, 19 May 2020 10:36:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=CDv9RkUP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729258AbgESRf0 (ORCPT + 99 others); Tue, 19 May 2020 13:35:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729001AbgESRf0 (ORCPT ); Tue, 19 May 2020 13:35:26 -0400 Received: from mo6-p01-ob.smtp.rzone.de (mo6-p01-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5301::7]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5304C08C5C0 for ; Tue, 19 May 2020 10:35:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1589909722; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=wmPnuRb8wgLctMH02vVbbie34eu8rrlWcgiQCxWFX7M=; b=CDv9RkUPD6+j1oJIQz9/5PVSQsYcOAc/NuDaDH1DgnL3eLyb54ezBJbjLH4GccsLGe 9s8zFH0sPB891CTMzRcKk6wPOtLmUTOIx+wlXyS6g0abBf7Skne/6tetAY4ThwE1/zUl 0+dBV32XUFMmh/F42J5qUHfWNmCoLZkbn8taB7ZI8XzmNObM44R68dEaxsHAx596WAiP CSKtHgxycKlYHkDG1ooK783TVhkOeNHkHpvygw8mhKricCb4OQNFhdLHXs3BTmJBanfb YywYPGE+DPzL4XZCvU0kfgLgEfQV9ZD1sGIm481DtizOiZ4ymzfNQN0dEtzPFaXaQz2D o26g== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPbI/Sc5g==" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 46.7.0 DYNA|AUTH) with ESMTPSA id k09005w4JHZM0wa (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 19 May 2020 19:35:22 +0200 (CEST) From: Stephan Mueller To: Ard Biesheuvel Cc: Eric Biggers , Ard Biesheuvel , Linux Crypto Mailing List Subject: Re: ARM CE: CTS IV handling Date: Tue, 19 May 2020 19:35:22 +0200 Message-ID: <8691076.XE7dyB1q2z@tauon.chronox.de> In-Reply-To: References: <4311723.JCXmkh6OgN@tauon.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am Dienstag, 19. Mai 2020, 18:21:01 CEST schrieb Ard Biesheuvel: Hi Ard, > > To be honest, this looks like the API is being used incorrectly. Is > this a similar issue to the one Herbert spotted recently with the CTR > code? > > When you say 'leaving the TFM untouched' do you mean the skcipher > request? The TFM should not retain any per-request state in the first > place. > > The skcipher request struct is not meant to retain any state either - > the API simply does not support incremental encryption if the input is > not a multiple of the chunksize. > > Could you give some sample code on how you are using the API in this case? What I am doing technically is to allocate a new tfm and request at the beginning and then reuse the TFM and request. In that sense, I think I violate that constraint. But in order to implement such repetition, I can surely clear / allocate a new TFM. But in order to get that right, I need the resulting IV after the cipher operation. This IV that I get after the cipher operation completes is different between C and CE. Ciao Stephan