Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp480665ybm;
        Fri, 29 May 2020 05:02:50 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyhEyZQPxLflE04S7mUr3SI/ZJei4rVPSvbcx3ZbPcy6twiZt8i/MuJVdatu7yiojKECLzR
X-Received: by 2002:a17:906:fb0e:: with SMTP id lz14mr7090081ejb.237.1590753770089;
        Fri, 29 May 2020 05:02:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590753770; cv=none;
        d=google.com; s=arc-20160816;
        b=n6hyHntHqNhRHyeTr728pIlS7wgnj8ylfCnQIi0jAvLWRZlTgmt5VUSDghVONqyQ73
         XQeRnS0223D4Bzwkz4oRCALXBb7fNBG2Jth+7scZdqp4lsJObyCl3n4Mh0JhEfWXaT2i
         W6uozfHsswftdE2BoZbT7deTeNBO4btXKRfNcMgssPjnjOQAAq5HRgqmvyz0tzVu5y1w
         wUPHKI/WeneaZx07GJpIEfL57fuIT/3uepJ7Kp0U18V7pQgh4iRxDN38Lo3OMTNNl6hK
         /1cC7IzUrNBqS/7/obF3QfFRWr790yYjEyE+pVjwysnuohfuq5aaFPRdtewSRlIzc2kL
         136Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=3/n74ORhTLwLbm5uVa8CRmodGoXAztK64oARY6le4EY=;
        b=yxpT23kaAs31HAqRTGfxG87+fEoolrtyZjpLQPWOA4Q7f/HV0bhxuLzraneswcYb0J
         VTDM3R9kpkAu4PcmfVdNKqsTsPhNOJU9RI+45Z0FHBNkOd/mcPkLiE1oSEPhMHFjsFyz
         eJY3HRBIjUQ06P0SykSypjSDmoLvL3A47Az3WRjQUQ9NMcITYUc/AczaIK6qbndqDFAz
         s/UBcrKHsCmQ0JgZ727d2EmHIMf94swC03RtJDDN3O9FPJmCv0qSwwCiSvgc4LTDHr3v
         VpwMw657dqyGSGwboVAelNlZLfSoGfxiIIq5yIkrvCI1JtKdUYTDMRkbi0WUyZqIu6jS
         09Qw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id m22si5290757edp.611.2020.05.29.05.02.23;
        Fri, 29 May 2020 05:02:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726064AbgE2MCV (ORCPT <rfc822;chaib.aymeric@gmail.com>
        + 99 others); Fri, 29 May 2020 08:02:21 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:40712 "EHLO fornost.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725775AbgE2MCU (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 29 May 2020 08:02:20 -0400
Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7])
        by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian))
        id 1jediK-00054o-R7; Fri, 29 May 2020 22:02:17 +1000
Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 29 May 2020 22:02:16 +1000
Date:   Fri, 29 May 2020 22:02:16 +1000
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ard Biesheuvel <ardb@kernel.org>
Cc:     Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Eric Biggers <ebiggers@kernel.org>,
        Stephan Mueller <smueller@chronox.de>
Subject: Re: [RFC/RFT PATCH 0/2] crypto: add CTS output IVs for arm64 and
 testmgr
Message-ID: <20200529120216.GA3752@gondor.apana.org.au>
References: <20200519190211.76855-1-ardb@kernel.org>
 <20200528073349.GA32566@gondor.apana.org.au>
 <CAMj1kXGkvLP1YnDimdLOM6xMXSQKXPKCEBGRCGBRsWKAQR5Stg@mail.gmail.com>
 <20200529080508.GA2880@gondor.apana.org.au>
 <CAMj1kXE43VvEXyYQF=s5HybhF6Wq23wDTrvTfNV9d4fUVZZ8aw@mail.gmail.com>
 <20200529115126.GA3573@gondor.apana.org.au>
 <CAMj1kXFFPKWwwSpLnPmNa_Up1syMb7T5STG7Tw8mRuRqSzc9vw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMj1kXFFPKWwwSpLnPmNa_Up1syMb7T5STG7Tw8mRuRqSzc9vw@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, May 29, 2020 at 02:00:14PM +0200, Ard Biesheuvel wrote:
>
> Even if this is the case, it requires that an skcipher implementation
> stores an output IV in the buffer that skcipher request's IV field
> points to. Currently, we only check whether this is the case for CBC
> implementations, and so it is quite likely that lots of h/w
> accelerators or arch code don't adhere to this today.

They are and have always been broken because algif_skcipher has
always relied on this.

> This might be feasible for the generic CTS driver wrapping h/w
> accelerated CBC. But how is this supposed to work, e.g., for the two
> existing h/w implementations of cts(cbc(aes)) that currently ignore
> this?

They'll have to disable chaining.

The way I'm doing this would allow some implementations to allow
chaining while others of the same algorithm can disable chaining
and require the whole request to be presented together.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt