Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1464636ybt; Mon, 15 Jun 2020 00:30:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFyMeYc5Xy7QJkLDGVrOrACdllZZIbfO3Mlp44w0bhZxwqgI2S+awkk/FAwGwt5hibhWqt X-Received: by 2002:a17:906:4548:: with SMTP id s8mr23405368ejq.519.1592206257280; Mon, 15 Jun 2020 00:30:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592206257; cv=none; d=google.com; s=arc-20160816; b=gDPO7p4A1oVk/NmWi4SRO8YBifsnFTSTySXZzCNjE/g1q+VxIBh1Kt5vSLiqFA+F39 DaO8aDOua6kkMrFNvTQUEvwd/VDVggwkLwzUJhmDT6yzADsOl9PiwfZR2z/iwn+oIb0R sQi7mveZo3sllorlFtNdrhbJ4IjnnWfXbFa28Cl3I7XhvqcZMgeSzv2z4DoOX8mbcDh5 G6VjXRLfFilWQHPPQdl+11Fa4JU517M7KdOuF42Wml/DKYqssVG/u2njzmLx3WXfxaDY m8xsH/J9Kc2Hwlnof4kMuB+zqNqXFGYDKV/akkhgerP4N9pe/UKZHFUhZaMgCyFcXHH7 p7Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=aMIVPH2p6eqFWuaV/m+mxJ37SCc8MMWAss97hKpVeFo=; b=umBd/oe4ZOG58ilumpPnnkJ2JjNRpRzC8WgJCN88lOBPA5de2muhP2QYpa6RgCTvVq fi4cDmWAfIu3V+fN4/wAwQy+ecKEpFMpndBNtWVW0NVGZIRzcX/saPrjxZ2UueA25PUn IE2o1U1fbLV+gjBsSvRlkHtz/e9jjXQWQ8UPFc3MzrHMxKF7B6Nqoc6lvV7ZxZCy5Cy8 IqC7bojpOYYZV0lJXsQgZ7XcdiSIMPtKJwqAoaiVj/KiKp3wM8EzE2yk+176mFiA8CxS XpyFeuctcn2bOBkZjEeHcR4n5sg63zxdfrpXO+WcK8V8bqqm3GEcPK/8CHOB/f7wXibW J/og== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i18si8854143ejx.488.2020.06.15.00.30.33; Mon, 15 Jun 2020 00:30:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728380AbgFOHa2 (ORCPT + 99 others); Mon, 15 Jun 2020 03:30:28 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:48780 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728369AbgFOHa2 (ORCPT ); Mon, 15 Jun 2020 03:30:28 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1jkjZY-00036T-Me; Mon, 15 Jun 2020 17:30:25 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Mon, 15 Jun 2020 17:30:24 +1000 Date: Mon, 15 Jun 2020 17:30:24 +1000 From: Herbert Xu To: Ard Biesheuvel Cc: Stephan Mueller , Linux Crypto Mailing List , Eric Biggers Subject: Re: [v2 PATCH 0/3] crypto: skcipher - Add support for no chaining and partial chaining Message-ID: <20200615073024.GA27015@gondor.apana.org.au> References: <20200612120643.GA15724@gondor.apana.org.au> <1688262.LSb4nGpegl@tauon.chronox.de> <20200612121651.GA15849@gondor.apana.org.au> <20200612122105.GA18892@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Jun 12, 2020 at 06:10:57PM +0200, Ard Biesheuvel wrote: > > First of all, the default fcsize for all existing XTS implementations > should be -1 as well, given that chaining is currently not supported > at all at the sckipher interface layer for any of them (due to the > fact that the IV gets encrypted with a different key at the start of Sure. I was just too lazy to actually set the -1 everywhere. I'll try to do that before I repost again. > the operation). This also means it is going to be rather tricky to > implement for h/w accelerated XTS implementations, and it seems to me > that the only way to deal with this is to decrypt the IV in software > before chaining the next operation, which is rather horrid and needs > to be implemented by all of them. I don't think we should support chaining for XTS at all so I don't see why we need to worry about the hardware accelerated XTS code. > Given that > > a) this is wholly an AF_ALG issue, as there are no in-kernel users > currently suffering from this afaik, > b) using AF_ALG to get access to software implementations is rather > pointless in general, given that userspace can simply issue the same > instructions directly > c) fixing all XTS and CTS implementation on all arches and all > accelerators is not a small task > > wouldn't it be better to special case XTS and CBC-CTS in > algif_skcipher instead, rather than polluting the skipcher API this > way? As I said we need to be able to differentiate between the ones that can chain vs. the ones that can't. Putting this knowledge directly into algif_skcipher is just too horrid. The alternative is to add this marker into the algorithms. My point was that if you're going to do that you might as well go a step further and allow cts to chain as it is so straightforward. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt