Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1494857ybh;
        Mon, 13 Jul 2020 22:18:07 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyhu3v6JGnF+HZaGFt/dUBUpIoxJR8WRWdCf2wXuHdShCaw9QGN1TY5MTsfIOaDDmCkcYXg
X-Received: by 2002:a17:906:d92a:: with SMTP id rn10mr135327ejb.169.1594703887708;
        Mon, 13 Jul 2020 22:18:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594703887; cv=none;
        d=google.com; s=arc-20160816;
        b=DzqccgDwb4VmFdli5Lfm+b5PFLeBTlUhzBBnu416O6R4wxocuqGRK5Tm7K6CU968Rq
         nJz5fqcmxpH38JjEtrhsgm5+zidLehjGrfNB2Mg8qkqG25NQIbff+JYul+FAwmkuvMey
         tqBsZ0qnD76m13mlXKIJ9iKF0MTHvnnL3o5jA0x/t7ao+C1a6BShs/Bx3Hc5Avntw7CZ
         SHG8PEX+05PB5qWvovSs0OH1JP0JJHyDI4c3oFbIbRhR1O3zyJfGIDBsMPp+xYrE0Vek
         jc0PxPEJKMHSCN+Qkmwgwg3de7Yrg6xiohYvwngr/UdpTqw9I+ogrWSN8YMAvJylbr8v
         +MFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=HZATrvvag4q6gQHDw4QCFWHtrPGHPPXwIKMxcmxUGEs=;
        b=G54AKlByAKjGI4AfTcdZSGCHfZsSxfq9TKlFTUtdovSyS5WaM1iOQ7eKmk0bqUdgxb
         AnoCI+6QqhCZevj+P/57xU1TgGbnMjtlMhLVv/0OKMOi+gpFxMQ459jtk4Apq6MjWTK2
         HkZgRtv3d6yRLWRJjHXsjC706RP9IZWbYeSqIQ7eMgHZTuYR5jEitHBkDFmeTcnwesQ9
         CXWUsXj5JV+LHnvv0Se5s9EU3vbAlUAdt2gcrKpEkEHZbrCuoxDtaS+RtNoRKxTAd+/M
         SEC0cI7v/VNFCxBhJb0HTmuXd4eW80zGMeSoOTH/aAB0/vQcpzjyc+CdvKv6kUr5vGVM
         1tuA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="XhAH/lbZ";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id jt18si10073348ejb.445.2020.07.13.22.17.32;
        Mon, 13 Jul 2020 22:18:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b="XhAH/lbZ";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725793AbgGNFRa (ORCPT <rfc822;p.pan48711@gmail.com>
        + 99 others); Tue, 14 Jul 2020 01:17:30 -0400
Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.163]:11019 "EHLO
        mo4-p00-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725306AbgGNFR2 (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 14 Jul 2020 01:17:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1594703846;
        s=strato-dkim-0002; d=chronox.de;
        h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:
        X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
        bh=HZATrvvag4q6gQHDw4QCFWHtrPGHPPXwIKMxcmxUGEs=;
        b=XhAH/lbZXYZM0bVRHN7jIia1JKUO3hOS9RZJaZXEj9pGfVSKERKlkh9Zyv/YSayxnE
        SiZ/mmCdvvkx1KOqv3VNldKHHzulLgt0tyEFz7JElr6CqWDaLvfzDTdwW54FxmgFE6dz
        A9nkGuBjmIDRzIzwPw1MIzlBpO8mB+SD9RHsnP9vIsijXKRGUCfJV7q+81yzwwFI5zxz
        Vr9RMkKNQGZEsnEVAxTCiH5PEQeTzTxsctFzj+WCUV96PcUGPyop2dvvkizkbk9NgN2N
        vjIvsnIta8zY58Hq2ylb2CcjgP6nLfPawwIu2YPtWfrauiZL/92dDebVQ1+E5DMo6Cw4
        4ptA==
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaI/SfxmJ+"
X-RZG-CLASS-ID: mo00
Received: from tauon.chronox.de
        by smtp.strato.de (RZmta 46.10.5 DYNA|AUTH)
        with ESMTPSA id y0546bw6E5HLpia
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
        Tue, 14 Jul 2020 07:17:21 +0200 (CEST)
From:   Stephan Mueller <smueller@chronox.de>
To:     linux-crypto@vger.kernel.org, Elena Petrova <lenaptr@google.com>
Cc:     Elena Petrova <lenaptr@google.com>,
        Eric Biggers <ebiggers@kernel.org>,
        Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH 0/1] crypto: af_alg - add extra parameters for DRBG interface
Date:   Tue, 14 Jul 2020 07:17:20 +0200
Message-ID: <2941213.7s5MMGUR32@tauon.chronox.de>
In-Reply-To: <20200713164857.1031117-1-lenaptr@google.com>
References: <20200713164857.1031117-1-lenaptr@google.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Am Montag, 13. Juli 2020, 18:48:56 CEST schrieb Elena Petrova:

Hi Elena,

> This patch extends the userspace RNG interface to make it usable for
> CAVS testing. This is achieved by adding ALG_SET_DRBG_ENTROPY
> option to the setsockopt interface for specifying the entropy, and using
> sendmsg syscall for specifying the additional data.
> 
> See libkcapi patch [1] to test the added functionality. The libkcapi
> patch is not intended for merging into libkcapi as is: it is only a
> quick plug to manually verify that the extended AF_ALG RNG interface
> generates the expected output on DRBG800-90A CAVS inputs.

As I am responsible for developing such CAVS/ACVP harness as well, I played 
with the idea of going through AF_ALG. I discarded it because I do not see the 
benefit why we should add an interface solely for the purpose of testing. 
Further, it is a potentially dangerous one because the created instance of the 
DRBG is "seeded" from data provided by the caller.

Thus, I do not see the benefit from adding that extension, widening a user 
space interface solely for the purpose of CAVS testing. I would not see any 
other benefit we have with this extension. In particular, this interface would 
then be always there. What I could live with is an interface that can be 
enabled at compile time for those who want it.

Besides, when you want to do CAVS testing, the following ciphers are still not 
testable and thus this patch would only be a partial solution to get the 
testing covered:

- AES KW (you cannot get the final IV out of the kernel - I played with the 
idea to return the IV through AF_ALG, but discarded it because of the concern 
above)

- OFB/CFB MCT testing (you need the IV from the last round - same issue as for 
AES KW)

- RSA

- DH

- ECDH

With these issues, I would assume you are better off creating your own kernel 
module just like I did that externalizes the crypto API to user space but is 
only available on your test kernel and will not affect all other users.

Ciao
Stephan