Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp349665pxj;
        Fri, 7 May 2021 09:59:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJybd8Tg1fuU+y1Y9RE5mIbXfWGzijaVbb2SaP+mYIsI8zrbwLjLXPMHDFwa+3MCQIAYtV2q
X-Received: by 2002:a63:1109:: with SMTP id g9mr11173217pgl.88.1620406744459;
        Fri, 07 May 2021 09:59:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620406744; cv=none;
        d=google.com; s=arc-20160816;
        b=bf+xIyPsH9wc4+yL6qcH7tGSxyk0Ni8dzDxicORrGsYPhoOWdQ5TOloimbWSn0Uk4U
         gQPoHxLRSmytOKvdutTEWMsMhkWDXfRblpDXrTFrlIDEdvxz8lgwWa3ZF56R013ee8PZ
         Bd7goCFn1IBZ0SJ2Cd370nIejdpKFROsvUEbxWExmfVIBc6sz+LI3vL2meUnvZTTeRtd
         QOu0obyJ6OjcD1mhxOGL2idmD43/Ezx2+FEITnXOhdBCvJP2e431Mi4iL9QqCINxwkNu
         FL7LTJbDTbfHFb9p55V2kzXwPHBjBnxy02fmWYfEI8hUs47jSPD+3PE/FUAZDYde4Uvp
         cbag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=sqrFWO6xme0JIYPb3gXMNn77yYlPuy3wGhEbm2jPVuA=;
        b=k4UQ3+lza/U5H7wVEeEg8pLq1bwQ8j18VnNtXOsF1kSFVT8sG8QsgRT3xx1HbiT7Gl
         5zEoEp5DGUmlnhr/DmWjrNDjCQp/8QDTXIqzbpEaGuEE2xHz+UWqmU2jfyBrSAZ1chJ4
         FuBRF5bM1S9rTkecB7Ya5NRYiwUSfaqPG2KIyURUKGx/8j0TngRl+DoWyF7LF7GMt8c0
         5arvPTCLOFe+SanCUEuOhSRbxsb6ezWT2o3v5IBxNUq+tjKoIH7vr7H6t1RX9KJgbVHk
         ITSQD23Z6vUT0hX0x+tYhI3be4yyFeNWOc3BZv8I8pOXud797R6TMy8QOWJWSRr0Ioxh
         4dDA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Q1SrFoOM;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j9si8035670pgq.51.2021.05.07.09.58.42;
        Fri, 07 May 2021 09:59:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Q1SrFoOM;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236446AbhEGNDX (ORCPT <rfc822;kestrelseventyfour@gmail.com>
        + 99 others); Fri, 7 May 2021 09:03:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37254 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235836AbhEGNDW (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 7 May 2021 09:03:22 -0400
Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DAA4DC061574
        for <linux-crypto@vger.kernel.org>; Fri,  7 May 2021 06:02:22 -0700 (PDT)
Received: by mail-qv1-xf2a.google.com with SMTP id dl3so4732632qvb.3
        for <linux-crypto@vger.kernel.org>; Fri, 07 May 2021 06:02:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=sqrFWO6xme0JIYPb3gXMNn77yYlPuy3wGhEbm2jPVuA=;
        b=Q1SrFoOMoPEjGgkZvy3AufZF1psxVG4y7iJ6gq0sbbCxUgxjl1s1GjAop3S9TLRcry
         UEF6KxpOsOhqtX0Xmq+kiNyMkcJDmyXfbG43PPtKCVV3plsDdSNHdq7Upwta5PadPBNA
         xtwbg7pY6s7m2QikOBjmnVJZTgo86iGJuQ0ipz2iRazuMRH+n0510/DoOjkVA1BQayff
         tWlqY9XNRNnEYGr5x5o/zHrr+0zH4O5TRlOXRvQTVMU1PBpk/F4+hjlEKzoZbIbNtQcQ
         cJhd0CDY6LHp/lSyjV3ILdL2d7jTkJMYulmkbv/qKu8Za1Q42TSIWPyupNYJwRP8ePgW
         kVSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=sqrFWO6xme0JIYPb3gXMNn77yYlPuy3wGhEbm2jPVuA=;
        b=DrYlTeIn9jZfZjX4a9EOOJgpcbzelv7q+rV0qYVuiPR30o1AU6qPuS70iSZ8YVi6qm
         o5prb9kcPZPHqtHiLp99KrLiwtrUl7pdA+BcXG70nQ0ClymS/muPj7ZPdFmeLJIKJRrA
         fGL9KGje4SzBcAonKURj01P9FJx6Ey7ooTWGcIrm8UbLbm0WGDcU1sqTjmU6k+E5OTAd
         2loaBPiuOrMGCvn+MOfcVYz5X8y45kyCtuvN3apSC043NU3UkdBv/Oy64OdAoXrc3uEW
         aa/S3d15BsyXdnihsv2Vheh1R1GZTr7edGMbrBmcuLPyIsHnqiG8TOCXF7OGkuXiM1t3
         a5pw==
X-Gm-Message-State: AOAM533yq7lmfNoD5ZARGnyNMe8Xx5kUHDsFFqtpS6r1oejHlA4zAh4m
        VncoKjWcrXoPpAJtqNwtmWHAyHmk71cQsKsoYJjosD32
X-Received: by 2002:a05:6214:a62:: with SMTP id ef2mr9782998qvb.31.1620392541997;
 Fri, 07 May 2021 06:02:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAE9cyGRzwN8AMzdf=E+rBgrhkDxyV52h8t_cBWgiXscvX_2UtQ@mail.gmail.com>
 <YJTkf0F5IZhqiXI5@sol.localdomain> <CAE9cyGTi9YpC9pcu5-MXtmXu_DM5FEVt9DYrM4AQWQMK7f0=zA@mail.gmail.com>
In-Reply-To: <CAE9cyGTi9YpC9pcu5-MXtmXu_DM5FEVt9DYrM4AQWQMK7f0=zA@mail.gmail.com>
From:   Kestrel seventyfour <kestrelseventyfour@gmail.com>
Date:   Fri, 7 May 2021 15:02:11 +0200
Message-ID: <CAE9cyGRCDP5dv1AJ_5LL5e9vJasuc1_AZFLjZnT-hwYE-CUUFQ@mail.gmail.com>
Subject: Fwd: xts.c and block size inkonsistency? cannot pass generic driver
 comparision tests
To:     linux-crypto@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi Eric,

I agree, that it can't be built on top of the kernels CBC. But in the
hardware CBC, e.g. for encryption I set the IV (encrypted tweak), set
the hardwares aes mode to CBC and start the encrypt of a 16 byte
block, then do an additional xor after that -> result of that full
block is the same as XTS. Then I gfmul the tweak and repeat the
previous starting with setting the tweak as iv.
Doing that is much faster and much more efficient than using the
kernels xts on top of ecb(aes). But it introduces the problem that I
have somehow to handle the CTS after my walk loop that just processes
full blocks or multiples of that. And I am trying to figure out, what
the best way is to do that with the least amount of code in my driver.
I cannot set blocksize to 1, because then the block size comparison to
generic xts fails and If I set the walksize to 1, I get the alignment
and split errors and would have to handle the splits and
missalignments manually.
So actually I need a combination of what the walk does (handle
alignment and splits) plus getting the last complete and incomplete
block after walk_skcipher_done returns -EINVAL. At least thats my
current idea. I could just copy most of the code from xts, but there
is a lot of stuff, that is not needed, if I combine the hardware CBC
and xor to be XEX (XTS without the cipher text stealing).

Thanks.

Am Fr., 7. Mai 2021 um 08:56 Uhr schrieb Eric Biggers <ebiggers@kernel.org>:
>
> On Fri, May 07, 2021 at 07:57:01AM +0200, Kestrel seventyfour wrote:
> > Hi,
> >
> > I have also added xts aes on combining the old hardware cbc algorithm
> > with an additional xor and the gfmul tweak handling. However, I
> > struggle to pass the comparision tests to the generic xts
> > implementation.
>
> XTS can't be built on top of CBC, unless you only do 1 block at a time.
>
> It can be built on top of ECB, which is what the template already does.
>
> Before getting too far into your questions, are you sure that what you're trying
> to do actually makes sense?
>
> - Eric