Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22430253rwd;
        Fri, 30 Jun 2023 07:59:37 -0700 (PDT)
X-Google-Smtp-Source: APBJJlGVRROlNLwy2j6tjaNCQ4PEVwJTkW+FbOK/gRpHRb/yln5wMy4Z699YycDqygqvc+7thnYD
X-Received: by 2002:a17:902:e74b:b0:1af:a349:3f31 with SMTP id p11-20020a170902e74b00b001afa3493f31mr2592639plf.3.1688137177219;
        Fri, 30 Jun 2023 07:59:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688137177; cv=none;
        d=google.com; s=arc-20160816;
        b=SqkUMyM0oqBjeQPnzQvzIHSWFTs5VS010gz11UTGMv4jLFmqEupDC7j95lFkcAWRdB
         oThqsrpGNVl0mCKR1yHy/i2lp1fyIFeR7RUdtonpINmlYoQr+qs5NERxAUhLfLROcGHN
         JVUcIdHPtGWGXyeT1IixjZ0SsglmXzKwXd7kHKTkUvelgpda/h415qN47Ie7o/b7x9xU
         kjg1bkWktNZJyCvx1KUFCGkzvGVYTd2Bs6W29lYmN1dG+vcUuITC2xxz5BsymZV0xYYp
         PRhfrf6Fwhhnak9BQU4sK/IJLNMVuT4IKlRpOv/rknKBGeAnSmk1FVscxAQq8BvmzS6Z
         trcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :feedback-id:references:in-reply-to:message-id:subject:cc:from:to
         :dkim-signature:date;
        bh=WsdGP+L2oYDp+SU/yqBwbM06vYtzjPM1iocWewyvaz8=;
        fh=QtMpdKcKoZF6r/X2XjBSVZ2hqpWe0GejRzZ/MVeJrSU=;
        b=Lc2zges8LdgxlDs++p8EiMIKqzBYM0c0xWFxJMfsN9fEg6rrmttPW+dL/8Gbdu6qHk
         l1jVy4+tPAiltsaExa+nCp4+M38zBQWDD2JP1qqti+l55DKt9KZQVGzq9PakhFGE7srn
         C4AuShRYNeGRaaudGnBQ0K6sE3CUe3U70y3HRpwKy7cOj90kp1smg3fXrkZKpK+hN5zf
         RBM+wuiVtqDHhtwBjGZ+Ab4NmF0da2R7XdN7kUDlNtMzoMTasSgbgtdEkMj9//Q9aoF6
         0r09R6pphucUa39KfRaZuQ3x3wbZkQvwbBaSt20IhRBIAkiQjUrQburjhO9jSnm7nt7z
         Q6TQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@proton.me header.s=protonmail header.b=Ttnmgdyy;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id n14-20020a170902e54e00b001b3ca91e3c6si13441408plf.14.2023.06.30.07.59.14;
        Fri, 30 Jun 2023 07:59:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@proton.me header.s=protonmail header.b=Ttnmgdyy;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=proton.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231501AbjF3Osx (ORCPT <rfc822;proase2022@gmail.com> + 99 others);
        Fri, 30 Jun 2023 10:48:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49266 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231633AbjF3Osw (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 30 Jun 2023 10:48:52 -0400
Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 523D31996;
        Fri, 30 Jun 2023 07:48:48 -0700 (PDT)
Date:   Fri, 30 Jun 2023 14:48:37 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me;
        s=protonmail; t=1688136523; x=1688395723;
        bh=WsdGP+L2oYDp+SU/yqBwbM06vYtzjPM1iocWewyvaz8=;
        h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
         Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
         Message-ID:BIMI-Selector;
        b=TtnmgdyyDxXoJBsWTR6ylN09DdXsbbIu0EdsFOhvsHepp4TCYsBt6DCeXj7NwLzrA
         zQ7qeJh3OUDkfoqIEv4RzpGIgkuHLOZfeeWUZjNLzqUp1J9oO+2ST0BR43U1/Llaev
         /r+aMFmpkgL3nBfLsPjaELxxNLkaktGPNqZkgclV4nguHctzJfi1RrB4C66AgKA5zi
         o96vbq7vRNpJtfL8LvPDEzJqusSB1fim7p9gBwUQAD6xmabMSN7nU2vhkIgmOUhYaY
         wTdjeQe77bEO05LBTwdAlbo2K/vc8cv9ilYu3qtDSxiNLVApRQJYmGfQCerLtqPQhj
         DUputDl/JDgBg==
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>
From:   Benno Lossin <benno.lossin@proton.me>
Cc:     FUJITA Tomonori <fujita.tomonori@gmail.com>,
        rust-for-linux@vger.kernel.org, Gary Guo <gary@garyguo.net>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: [RFC PATCH v2 1/2] rust: add synchronous message digest support
Message-ID: <o6lMzg30KAx1IKuGUzjTWb8ciTkkb_vbseDHu2u5nqLeijQ0vX1QgDOij0HGjQkW4NhJcOMoXHvMCstcByEzjq_CjMuN61l1rUo9DaIf97Y=@proton.me>
In-Reply-To: <0a9af5fa-4df2-11da-b3cb-0a6b1d27fdc2@proton.me>
References: <20230615142311.4055228-1-fujita.tomonori@gmail.com> <20230615142311.4055228-2-fujita.tomonori@gmail.com> <udHI3v-OLUqHQt3fwnH71QuRJjzGxexw2rkIYEfnsChCmrLoJTIL_GL1wLCARf-UotY51jkPT6tC8nVDvjf8LkY2zvddpgeRQ5owysZwJos=@proton.me> <20230622.111419.241422502377572827.ubuntu@gmail.com> <0a9af5fa-4df2-11da-b3cb-0a6b1d27fdc2@proton.me>
Feedback-ID: 71780778:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Dear crypto maintainers,

Fujita Tomonori has created some Rust bindings for the crypto API seen in
this thread. Here is a fragment of my review of said code:

On 25.06.23 12:08, Benno Lossin wrote:
>>>> +    /// Adds data to message digest for processing.
>>>> +    pub fn update(&mut self, data: &[u8]) -> Result {
>>>> +        // SAFETY: The type invariant guarantees that the pointer is =
valid.
>>>> +        to_result(unsafe {
>>>> +            bindings::crypto_shash_update(self.ptr, data.as_ptr(), da=
ta.len() as u32)
>>>> +        })
>>>
>>> What if `data.len() > u32::MAX`?
>>
>> The buffer might not be updated properly, I guess. Should check the case=
?
>=20
> Not sure what we should do in that case, will bring it up at the next
> team meeting. In Rust, `write` and `read` functions often output the
> number of bytes that were actually read/written. So maybe we should also
> do that here? Then you could just return `u32::MAX` and the user would
> have to call again. We could also call the C side multiple times until
> the entire buffer has been processed. But as the C side only supports
> u32 anyway, I think it would be a rare occurrence for `data` to be large.

I noted that in the code segment above that the length of the data
that is to be hashed is cast from a `usize` to a `u32`. Since
`usize =3D uintptr_t` this might be a problem for very large arguments.

Since the C side only accepts an `unsigned int`, it seems as if large input=
s
are never the case. On the Rust side we are forced to use `usize`, since th=
at
is the length of slices (the input type `&[u8]`).

We came up with the following solutions, but could not come to a consensus =
on any
particular one, could you please assist us in making this decision?

1. create a loop that calls the C API multiple times if the input is large
2. panic
3. truncate
4. return an error

Thanks a lot!

--
Cheers,
Benno