Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp28248rdb; Wed, 29 Nov 2023 18:41:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IGkHRcca+EqEyL3b1kB1iHiQGEoz3IwsjHjHVLjc042y+Hz3BgzEwMQDagWM1coEtnzUvEh X-Received: by 2002:a05:6a00:2a09:b0:6cb:bc1a:dcff with SMTP id ce9-20020a056a002a0900b006cbbc1adcffmr20048103pfb.13.1701312061742; Wed, 29 Nov 2023 18:41:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701312061; cv=none; d=google.com; s=arc-20160816; b=EzfsmonK8rAe4nYrBW3QeJAL8vpkoP1BuSEiYCZAUJlVQSzFXXp5Z1+6SIwIZxgNp9 +Wc1yjicmEI0Yq78Tjnc6CNvFsFpDEpjmvDf5OHfsIWxa8VuTc8bAWdBB0gwWntDvZl4 TCzMJbZ8F5TH8SrGVsQ6qIoIM3tfjlCIKaA0VTDXwfgXZQqEb17EBxpfb+KdfGBdfrdg Rega0RlLnr4iGv2bURjG7TQHUtX8T+d0GQIXNQP6xfJjebmReSjlWQw/vr44YjZBAuiS amuTRygkL4wQOJOAPu9GIdnCinTm/8W9tdtAVoAKNInyM9ycgNlZwr3U0/LyDSqC1t8M 4BZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=7/YKV+KWDXAYQLElg8rq+bk2qPoWpZcgmIgKrPhIUQw=; fh=gvAaTn7V2ako+socwadq3mowY+XpjEU7R+nroQHn0Qk=; b=CddH//+681yQMHAaIfESCRLf4SY4jCigPFpW7GUkWLvXuJ6C0IrUjG84oDZbH1ekoN UJxZkNm1Urswp0LXz/0MJOhCUs46ED+72yFaErLliw/o/45GToZkTsiJ/IJOzi5lCMsw E2hbThBswS6iV4rMYi7MqD0iIQZcqZv033nS28hQH7Mmrb5UvsUB4IogbYDGw//Uaftp BblgcWKTVgb4I3S8Zp0I7eRBEEWarnPVdm5Sf0bcb1uUQtKYsHo9D88IJrRJ97DNP1iC h8dL9CPa5RLpa3KCWjUmds1Wx52GwxmSe1MXL9mifAUNjwzAV8d37L6cUWqdidIDOScp /Y3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-401-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id s21-20020a056a00195500b0068e3f550763si207916pfk.101.2023.11.29.18.41.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 18:41:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-401-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-401-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id AA956B20A7A for ; Thu, 30 Nov 2023 02:41:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 13C6813FFF for ; Thu, 30 Nov 2023 02:40:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=none X-Original-To: linux-crypto@vger.kernel.org Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C07DFD50 for ; Wed, 29 Nov 2023 18:17:25 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1r8WcD-0057u7-7h; Thu, 30 Nov 2023 10:17:22 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Thu, 30 Nov 2023 10:17:30 +0800 Date: Thu, 30 Nov 2023 10:17:30 +0800 From: Herbert Xu To: Eric Biggers Cc: Linux Crypto Mailing List , Ard Biesheuvel Subject: Re: [PATCH 0/4] crypto: Fix chaining support for stream ciphers (arc4 only for now) Message-ID: References: <20230920062551.GB2739@sol.localdomain> <20230922031030.GB935@sol.localdomain> <20231117054231.GC972@sol.localdomain> <20231127222803.GC1463@sol.localdomain> <20231129210421.GD1174@sol.localdomain> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231129210421.GD1174@sol.localdomain> On Wed, Nov 29, 2023 at 01:04:21PM -0800, Eric Biggers wrote: > > I don't think that's accurate. CBC and CTR are the only skciphers for which > this behavior is actually tested. Everything else, not just stream ciphers but > all other skciphers, can be assumed to be broken. Even when I added the tests > for "output IV" for CBC and CTR back in 2019 (because I perhaps > over-simplisticly just considered those to be missing tests), many > implementations failed and had to be fixed. So I think it's fair to say that > this is not really something that has ever actually been important or even > supported, despite what the intent of the algif_skcipher code may have been. We > could choose to onboard new algorithms to that convention one by one, but we'd > need to add the tests and fix everything failing them, which will be a lot. OK I was perhaps a bit over the top, but it is certainly the case that for IPsec encryption algorithms, all the underlying algorithms are able to support chaining. I concede that the majority of disk encryption algorithms do not. I'm not worried about the amount of work here since most of it could be done at the same as the lskcipher conversion which is worthy in and of itself. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt