Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3817851pxj; Tue, 11 May 2021 12:32:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJHduw1XRmYvPiIiPt7Pog0yZd6Eblnp4O2TcNFIClgqV60Oysenh3STAOhrl+xOXiAUff X-Received: by 2002:a05:6830:1605:: with SMTP id g5mr26831677otr.22.1620761553875; Tue, 11 May 2021 12:32:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620761553; cv=none; d=google.com; s=arc-20160816; b=tiVk1DqbHouYd/JJgdoulKUlX8iKiX5HILc9gBS3/CFJfdO5cCUKriAQDEypjK+mTA jKjpsLsTOjbu8sTBG+BQz+Tap1jhEM0B+MVbstTHYkV3ehJ7iyRUD2ZwtGJUqpFwMb8S HSlkEqiofWPJyZB5vp8/vzTnY0d8Fdtd7C1TzKiJZulW9VutGaCo1gviCvE0UcR0rINJ R4J9oBAD1NPSy01JH+xrFzPgARL9vwDYrgYnTdP/2u1o7gVc8fAmJ2X4SSlsM2IXIqVb EmAQWjHvrWiLoZteVtoi+vqFkVX4bgtv6o21pSqT525woD30NPSuZy97ujEj93jdXQOn niUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=em1wj2HSNEmjVOOFwzKtLRI8mXz6QV7Yooka9Os2g8Q=; b=R0gFD5EnYiX0dEocgJZ99An8TCftLojg/wfFhJrIvpIDSZv+BXVRKf120fR1K72Ap5 QLfEQgm3CNvSMN5SUY5eaBkbE+VecEPqsCZlyRrDqRNre4YL2S5crTtkfgwfIrXSMUZ6 tT1b/1qTOK7VkFI9XEP9Luf3olIufK3SppvL72bVsGCJXaHLsuQ0t0LWimvu9Afvk+lF Zu65h27URc1sL8kOZFvWtGFaegqx9ikMl1MUeBoGEjMe6QABCPQ4MhTcLjPti+roXtlD fVNmoVlSuLxmfxOOOGGqtRWnERX9iug97aveoTaOPtuu0FTlz87M2nXFDrm5eJi7h+MR ldBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W+58nwv+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b128si20687110oif.208.2021.05.11.12.32.07; Tue, 11 May 2021 12:32:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=W+58nwv+; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231851AbhEKTc0 (ORCPT + 99 others); Tue, 11 May 2021 15:32:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:32782 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231454AbhEKTc0 (ORCPT ); Tue, 11 May 2021 15:32:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4EACE6162B; Tue, 11 May 2021 19:31:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620761479; bh=ltm7Qvvsrf9/bNVssnd1NXrjG9EJr/zjqPxJ0d5MSn8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=W+58nwv+UKr/4MKHZ6S0NvZSGAaMy/btFugbvHAF/TPc0ww0yrt+BRLQiAxa0ClUm o9gGZxgdJ4LvQAvR7xkp/CuEoxAmTQ9noA5Bi7WnSSm8DOaP1PMZIBb0JtstfbfZbC iA407iWshf8p3TnoXYo2fplV1v8YAIEtEEgCj2ZU26+rh9qUt0GG0z0EHJnhUCgXMW oW+Yeg0CFziBDSF6/DIrohcXJkkejmG05i00l6lDJ60bji32alVzpefS7avHxuVx2u MV1K0MdP/c2iaW7+WQe5w5tM9wnm18Q6pMNbdnWYcwlhpjZtGnpOBNIb8jHcgol2qb t1D6wiTQGyYJg== Date: Tue, 11 May 2021 12:31:17 -0700 From: Eric Biggers To: Mike Brooks Cc: Ard Biesheuvel , Kestrel seventyfour , Herbert Xu , Linux Crypto Mailing List Subject: Re: or should block size for xts.c set to 1 instead of AES block size? Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, May 11, 2021 at 11:01:11AM -0700, Mike Brooks wrote: > xst(ecb()) can only produce a minimum of AES_BLOCK_SIZE of data - > sending in a smaller dataset will still return AES_BLOCK_SIZE of data. > If you try and pass in lets say 4 bytes - and then you truncate the > response to 4 bytes you'll lose data. > > Moving to a smaller size is asking for trouble. IMHO. > > -Michael Brooks > > On Tue, May 11, 2021 at 8:48 AM Ard Biesheuvel wrote: > > > > On Fri, 7 May 2021 at 08:12, Kestrel seventyfour > > wrote: > > > > > > Hi, > > > > > > one more thought, shouldn't the block size for generic xts set to 1 in > > > order to reflect that any input size length is allowed to the > > > algorithm? > > > > > > > I think this was discussed at some point on the list, and Herbert > > seemed to suggest that 1 was a better choice than AES_BLOCK_SIZE. > > You'd have to set the chunksize, though, to ensure that the input is > > presented in the right granularity, i.e., to ensure that the skcipher > > walk layer never presents less than chunksize bytes unless it is the > > end of the input. > > > > However, this is a flag day change, so you'd need to update all > > implementations at the same time. Otherwise, the extended tests (which > > compare accelerated implementations with xts(ecb(aes-generic))) will > > start failing on the cra_blocksize mismatch. Well, the problem is that it isn't well defined what the cra_blocksize property actually means. Depending on the algorithm, it can mean either the minimum input size, the required alignment of the input size, the exact input size that is required (in the case of block ciphers), or the input size that is required by the algorithm's internal compression function (in the case of hashes). "xts" follows the convention of cra_blocksize meaning the "minimum input size", as do "cts" and "adiantum" which have the same constraints on input sizes as "xts". So I'm not sure that changing cra_blocksize for xts to 1 would accomplish anything useful, other than confuse things further. - Eric