Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp216473ybm; Thu, 28 May 2020 00:36:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwf+OlT5V4sO+okLfrmVdb5RChLfvRFyvV55cnXUrBHouax7My8CofhDsVfHt5D8wDebOlp X-Received: by 2002:a17:906:4d42:: with SMTP id b2mr1795257ejv.34.1590651393605; Thu, 28 May 2020 00:36:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590651393; cv=none; d=google.com; s=arc-20160816; b=sBQGV4TQYWfLKFFisH4h3i0oGwOrIUVn/Wyyg8vYUYD2Ls+GCzz/kWtSE33nSmIKil ZGA5yHt3Sf1k1qWjU8srDxvrf+azzPvZennU4RSVC0ffkklmdEgSgfKYrD6p6bTadMgJ nAY4N3IfS4oE9UqIvmPD9ACc6NB59OBjy/UH88jG3Rh0+JjGTPGLrZDAKyoWkfTj++In a/j2NmDskZF3gIefMRYVs5e76SV6VUYOmdgK3Y2Mjxlb4YLq6YNAJW0LYEIPmBHyS5U/ DX1kEXPTHxP5MEIzTEpVDqFDgyXA2/mYxeDx03gN6CU47UI+MmY8JQ7mNrs1/QhTpcFB vMtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:message-id:subject:cc:to:from:date; bh=LFc7dHQcBUPbnB0u18KjEjpv+3a+v+9T20Cf4X7mkTk=; b=NBwgSPecL5VjR65WY9CUrxTYR3bFETU6DCDZrEdAH6gzQoVOmySmVbQ0kXIK3TEVXM V/9FeZ2kiZaRAEb8xRiTKBH4ZF65UCJdgpPr2FGYZnfalkysyfVYxsf2A1sC6z1oodOj W0HQUTK1bj5Jg6WQpDkPBr77uIKNAgzAsj+BtmfmjnJEzvop+qwmf65Ostf8hef/entS B5XrUCcKfSLcJLbL8wbSmzCWwCEfh27PyJhkaHbsacF3nwVym6cVKoqplLRxEoKvWHLF ChEzstFcEgRTKYkc5Cyumj2QCSSAcuN6U2TbgG/mQ0vMiYBFCTn1gymZrA0Rke5tdiq1 miqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id se23si3066966ejb.247.2020.05.28.00.36.10; Thu, 28 May 2020 00:36:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725839AbgE1Hd6 (ORCPT + 99 others); Thu, 28 May 2020 03:33:58 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:35218 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725811AbgE1Hd6 (ORCPT ); Thu, 28 May 2020 03:33:58 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1jeD2z-0000me-Rz; Thu, 28 May 2020 17:33:50 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Thu, 28 May 2020 17:33:49 +1000 Date: Thu, 28 May 2020 17:33:49 +1000 From: Herbert Xu To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, ebiggers@kernel.org, ardb@kernel.org, smueller@chronox.de Subject: Re: [RFC/RFT PATCH 0/2] crypto: add CTS output IVs for arm64 and testmgr Message-ID: <20200528073349.GA32566@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200519190211.76855-1-ardb@kernel.org> X-Newsgroups: apana.lists.os.linux.cryptoapi User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Ard Biesheuvel wrote: > Stephan reports that the arm64 implementation of cts(cbc(aes)) deviates > from the generic implementation in what it returns as the output IV. So > fix this, and add some test vectors to catch other non-compliant > implementations. > > Stephan, could you provide a reference for the NIST validation tool and > how it flags this behaviour as non-compliant? Thanks. I think our CTS and XTS are both broken with respect to af_alg. The reason we use output IVs in general is to support chaining which is required by algif_skcipher to break up large requests into smaller ones. For CTS and XTS that simply doesn't work. So we should fix this by changing algif_skcipher to not do chaining (and hence drop support for large requests like algif_aead) for algorithms like CTS/XTS. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt