Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4378161rdh; Tue, 28 Nov 2023 22:36:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IGwH6odPUte83IseV3PnWZOEz2ABtLcKb+WEOfpMcSXFnYiYyHPJw7bAVUJjicTMvEc7JzC X-Received: by 2002:a25:dc46:0:b0:da0:5043:db17 with SMTP id y67-20020a25dc46000000b00da05043db17mr17675770ybe.47.1701239781407; Tue, 28 Nov 2023 22:36:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701239781; cv=none; d=google.com; s=arc-20160816; b=ck+kJQZmzVwk65qBLYekcR3yD1csHdxG7m3Nj+NN0xfhhiaTKC+E8McD69xa95AC6N TiA0f9YJYfQlkHfRG9KxyDEsthvgv6Cd/PZILX4j1tIJPOrWAbRe93KP8wHO1T//3rta Sp9rTBrJVQDoHX/NqRac5uFqfVzTQBz2eBbLBSRSQ8QNad/255NNxDOQ06hr89I7J6vT Vbp8aYJOoKuTXRNlvaALYKmqlOWE1z5/mRZWXkwtfP52K/W73B8aeB7PrypMMJnIReqS LZwt11K1gOBchJZlw8/XJWu9JQFZ/MZhqsyXRWnTUQbV4MdgVMY9Ikrgv2uUsLkWIvyk SiHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=X3FbDu6EWGm47fAyUu8MMnoP6oqcs+66tU7cIQFTRHw=; fh=gvAaTn7V2ako+socwadq3mowY+XpjEU7R+nroQHn0Qk=; b=rNjOEzVZkwMiaON/TsrefBdaUTsng30GUiYn4vOC1wfLMaSJzs7TQlXyFQWbLt3yRY Zv+pzYB/gydcjuTLSq67HaXLW4qBta0//462MgUUJxDefG83zG2TtDkAiXDCcxN6Jf/w hkzYXiR3zST/q6u0HTH96Gfx+mB/g0dHe2gqzCnDQ1grpGiUUakRtu7RIx+LS4nA8ZrI dMZojnIUKQaaBNGkx/3tlKfbiqZ38BNIGICIe/Bt6YajDMlszoiIGccYIww2XYl3N18T JV0lncL/GRo6zz8+Zag0phWWr7byuZ2+in2w8PJCmZ1FK8ACshBHTDixp/DQNO+mFj74 FGcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id jx9-20020a0562142b0900b0067a33cd8957si8505615qvb.351.2023.11.28.22.36.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 22:36:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DC6001C20D4B for ; Wed, 29 Nov 2023 06:36:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4B925101F7 for ; Wed, 29 Nov 2023 06:36:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=none X-Original-To: linux-crypto@vger.kernel.org Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C73C171D for ; Tue, 28 Nov 2023 22:24:16 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1r8DzV-004j9l-SB; Wed, 29 Nov 2023 14:24:11 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Wed, 29 Nov 2023 14:24:18 +0800 Date: Wed, 29 Nov 2023 14:24:18 +0800 From: Herbert Xu To: Eric Biggers Cc: Linux Crypto Mailing List , Ard Biesheuvel Subject: [PATCH 0/4] crypto: Fix chaining support for stream ciphers (arc4 only for now) Message-ID: References: <20230914082828.895403-1-herbert@gondor.apana.org.au> <20230914082828.895403-5-herbert@gondor.apana.org.au> <20230920062551.GB2739@sol.localdomain> <20230922031030.GB935@sol.localdomain> <20231117054231.GC972@sol.localdomain> <20231127222803.GC1463@sol.localdomain> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231127222803.GC1463@sol.localdomain> On Mon, Nov 27, 2023 at 02:28:03PM -0800, Eric Biggers wrote: > > As far as I can tell, currently "chaining" is only implemented by CBC and CTR. > So this really seems like an issue in AF_ALG, not the skcipher API per se. > AF_ALG should not support splitting up encryption/decryption operations on > algorithms that don't support it. Yes I can see your view. But it really is only a very small number of algorithms (basically arc4 and chacha) that are currently broken in this way. CTS is similarly broken but for a different reason. Yes we could change the way af_alg operates by removing the ability to process unlimited amounts of data and instead switching to the AEAD model where all data is presented together. However, I think this would be an unnecessary limitation since there is a way to solve the chaining issue for stream ciphers and others such as CTS. So here is my attempt at this, hopefully without causing too much churn or breakage: Herbert Xu (4): crypto: skcipher - Add internal state support crypto: skcipher - Make use of internal state crypto: arc4 - Add internal state crypto: algif_skcipher - Fix stream cipher chaining crypto/algif_skcipher.c | 71 +++++++++++++++++++++++++-- crypto/arc4.c | 8 ++- crypto/cbc.c | 6 ++- crypto/ecb.c | 10 ++-- crypto/lskcipher.c | 42 ++++++++++++---- crypto/skcipher.c | 64 +++++++++++++++++++++++- include/crypto/if_alg.h | 2 + include/crypto/skcipher.h | 100 +++++++++++++++++++++++++++++++++++++- 8 files changed, 280 insertions(+), 23 deletions(-) -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt