Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp3806754pxy; Tue, 4 May 2021 10:18:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJykkWJOYI9heH1ta89mIePYkmpmGSgKh4VAzlrCeF0jB8vg0ASkuwfRMwSRNQ61kCa4HBOD X-Received: by 2002:a17:90a:cf09:: with SMTP id h9mr6364168pju.186.1620148690912; Tue, 04 May 2021 10:18:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620148690; cv=none; d=google.com; s=arc-20160816; b=dXhfMJuexwLfeRJfedOg7TYNAuQjB9Bs/ee9Lav6WcTmhV/UdyEhgIr+20WdvcfDTk TalnSPg9Ledw7jXRcbSTKw7wWvk3ypgyJUHZ9DxYKvLC+qMpqm3bAYsHP6oprwEt17nZ XzdoR66dRg8Y4SoT3xJoT8/PCWcYL8kxsemATBMXDFmyABIuVKeVgvz2Zb0V+h8lTs/V ORi3Kh4/OH0AO+osz1YkGro6ZAgR+/Uisfn7dh+sAoQUa0zRY3wW2wB260CbX9HYgO1Y MHunCmm7OsLMI5dug+hyutWQox3auBFYH7oP+3yyFsVAS2as9BDEa/TK8cwonZF9ru7b bazg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=iZbbFJyAkHWLZykXYOpsQNk2opmLARGRuJ2mqifwy8Q=; b=x5vJofXJZ7VCcZNe1kRSBpPIuonvJ9vrFBvlm43g19XhWbm5X5OCf30ZjECctD5SRd E+s8BD9ybB1c33LczAuD8YsvLYiMFkHoDkC9sG5vgiv7+RDTa1ISzp+sFWIs1u+E+Hi8 BYuHhIFA/07SFjUJ+BYtsONfy/iHX4fi4Svx18ilM6sIJrOYXvskzAYMVjkh7kSwZAlm tARLSr7muYG88fqiDV9JhaSZn2TSpHwXNvHSAtU9PG5LJ51Eqjw2YosJiBiIFINQf6yr gqz/s98VTgUiBQp9FLpL97qqq1pm85hGrjfm0823B436BmsnAgKqyBnIAJwOifxjFJR5 jzng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cqY82zqw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s25si4209044pgk.452.2021.05.04.10.17.46; Tue, 04 May 2021 10:18:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cqY82zqw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230086AbhEDQxc (ORCPT + 99 others); Tue, 4 May 2021 12:53:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:48112 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231645AbhEDQxc (ORCPT ); Tue, 4 May 2021 12:53:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3E04861139; Tue, 4 May 2021 16:52:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620147157; bh=/85iIZ3CVD30Lt/J6ODnC8CNiJB2kCPRILCSbK0AGcA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cqY82zqwARokgfR4+6bspnGhFASk0hieJIlplVyNjPwuPieJx3vF65rQXfIgCyD0v KUy0slTiaOTswu1fLHelbivVstvLIvZ+BduqV+p0ukUR458r7Y8izanxNz3RB0QoMG 20gP7AjakhQ7J1KT7eeqmRaoTFwJplocfDw0/+M6MApwfBoqBuhkiHIz0qt8+Sr2Do O/gBnKphi3tyMrpjCdERNhWYcgrHEDimO7YwyWGnPIXOGIEeL/1ptdT//zfFpGZbWp ROL6jrha958mYOtNSD1wZQLlQoNWXgNt5KEvpjJrq/yKdYct935Xutu9sb1ZPUGaH2 RVCCcuBE/XRcg== Date: Tue, 4 May 2021 09:52:35 -0700 From: Eric Biggers To: Kestrel seventyfour Cc: linux-crypto@vger.kernel.org Subject: Re: cannot pass split cryptomgr tests for aes ctr Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, May 03, 2021 at 09:56:40AM +0200, Kestrel seventyfour wrote: > Hi, > > I am trying to update the old ifxdeu driver to pass the crypto mgr tests. > However, I continously fail to pass the split tests and I wonder what to do. > > For example, I successfully pass the test vector 0 here: > https://elixir.bootlin.com/linux/latest/source/crypto/testmgr.h#L16654 > if there is no split. > > But if the text "Single block msg" is split into two 8 byte blocks > (single even aligned splits), which end up as separate skcipher walks > in the driver, the second block is wrong and does not compare > correctly, to what is hardcoded in testmgr.h. Same if I try it with > online aes-ctr encoders in the web. > I have tried doing the xor manually with the aes encoded iv, but I get > the same result as the hardware and if I use the next last iv, I still > do not get the second 8 bytes that are hardcoded in cryptomgr.h. > > Can someone shed a light on it? > Is it valid to compare a crypto result that was done on a single walk > with 16byte with two separate walks on the 8 byte splits (of the > original 16)? Is the cryptomgr test on the split tests expecting that > I concat the two walks into a single one? > If yes, how to do that on the uneven splits with separations like 15 > 16 5 byte sequences, etc., fill up the walk up to full block size and > spill over into the next walk? > The split test cases expect the same output (same sequence of bytes) as the non-split test cases. The only difference is how the data is split up into scatterlist elements. Yes, that means that a single 16-byte block of the keystream may need to be XOR'ed with data from multiple scatterlist elements. Take a look at how other drivers handle this. - Eric