From: Ard Biesheuvel <ardb@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Horia Geantă" <horia.geanta@nxp.com>,
"Aymen Sghaier" <aymen.sghaier@nxp.com>,
"Linux Crypto Mailing List" <linux-crypto@vger.kernel.org>,
"Iuliana Prodan" <iuliana.prodan@nxp.com>
Subject: Re: [PATCH] crypto: caam - Remove broken arc4 support
Date: Thu, 2 Jul 2020 10:12:24 +0200 [thread overview]
Message-ID: <CAMj1kXEgGOihAm_cYjs2_FaTn2KiSh-g3VroTm6Z=SZdG=Jr7g@mail.gmail.com> (raw)
In-Reply-To: <20200702080045.GA4472@gondor.apana.org.au>
On Thu, 2 Jul 2020 at 09:56, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> On Thu, Jul 02, 2020 at 09:51:29AM +0200, Ard Biesheuvel wrote:
> >
> > I'll wait for the code to be posted (please put me on cc), but my
>
> Sure I will.
>
> > suspicion is that carrying opaque state like that is going to bite us
> > down the road.
>
> Well it's only going to be arc4 at first, where it's definitely
> an improvement over modifying the tfm context in encrypt/decrypt.
>
I agree that the current approach is flawed, but starting multiple
requests with the same state essentially comes down to IV reuse in a
stream cipher, which will cause it to fail catastrophically.
(ciphertext1 ^ ciphertext2 == plaintext1 ^ plaintext2)
I wonder if we should simply try to get rid of arc4 in the crypto API,
as you suggested. There are a couple of WEP implementations that could
be switched over to the library interface, and the KerberosV
implementation of RC4-HMAC(md5) was added for Windows 2000
compatibility based on RFC 4757 [0], which was deprecated by RFC 8429
[1], since Windows Domain Controllers running Windows Server 2008r2 or
later can use newer algorithms.
[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429
>
> On Thu, Jul 02, 2020 at 05:56:16PM +1000, Herbert Xu wrote:
> >
> > For XTS I haven't decided whether to go this way or not. If it
> > does work out though we could even extend it to AEAD.
>
> But there is clearly a need for this functionality, and it's
> not just af_alg. Have a look at net/sunrpc/auth_gss/gss_krb5_crypto.c,
> it has three versions of the same crypto code (arc4, cts, and
> everything else), in order to deal with continuing requests just
> like algif_skcipher.
>
> Perhaps at the end of this we could distill it down to just one.
>
I agree that there is a gap here.
Perhaps we can decouple ARC4 from the other cases? ARC4 is too quirky
and irrelevant to model this on top of, I think.
next prev parent reply other threads:[~2020-07-02 8:12 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-02 4:36 [PATCH] crypto: caam - Remove broken arc4 support Herbert Xu
2020-07-02 7:27 ` Ard Biesheuvel
2020-07-02 7:32 ` Ard Biesheuvel
2020-07-02 7:40 ` Ard Biesheuvel
2020-07-02 7:45 ` Herbert Xu
2020-07-02 7:51 ` Ard Biesheuvel
2020-07-02 7:56 ` Herbert Xu
2020-07-02 8:00 ` Herbert Xu
2020-07-02 8:12 ` Ard Biesheuvel [this message]
2020-07-02 7:41 ` Herbert Xu
2020-07-02 7:40 ` Herbert Xu
2020-07-05 19:11 ` Horia Geantă
2020-07-06 13:42 ` Ard Biesheuvel
2020-07-08 16:24 ` Horia Geantă
2020-07-09 0:47 ` Herbert Xu
2020-07-09 8:53 ` Horia Geantă
2020-07-09 9:42 ` Ard Biesheuvel
2020-07-16 8:09 ` Horia Geantă
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMj1kXEgGOihAm_cYjs2_FaTn2KiSh-g3VroTm6Z=SZdG=Jr7g@mail.gmail.com' \
--to=ardb@kernel.org \
--cc=aymen.sghaier@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=iuliana.prodan@nxp.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.