From: Dave Watson <davejwatson@fb.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Junaid Shahid <junaids@google.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
<linux-crypto@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Tim Chen <tim.c.chen@linux.intel.com>,
Sabrina Dubroca <sd@queasysnail.net>,
<linux-kernel@vger.kernel.org>,
Ilya Lesokhin <ilyal@mellanox.com>
Subject: Re: [PATCH 14/14] x86/crypto: aesni: Update aesni-intel_glue to use scatter/gather
Date: Tue, 13 Feb 2018 10:42:21 -0800 [thread overview]
Message-ID: <20180213184221.GB2122@davejwatson-mba.local> (raw)
In-Reply-To: <54235286.FU8BX9VrCl@tauon.chronox.de>
On 02/13/18 08:42 AM, Stephan Mueller wrote:
> > +static int gcmaes_encrypt_sg(struct aead_request *req, unsigned int
> > assoclen, + u8 *hash_subkey, u8 *iv, void *aes_ctx)
> > +{
> > + struct crypto_aead *tfm = crypto_aead_reqtfm(req);
> > + unsigned long auth_tag_len = crypto_aead_authsize(tfm);
> > + struct gcm_context_data data AESNI_ALIGN_ATTR;
> > + struct scatter_walk dst_sg_walk = {};
> > + unsigned long left = req->cryptlen;
> > + unsigned long len, srclen, dstlen;
> > + struct scatter_walk src_sg_walk;
> > + struct scatterlist src_start[2];
> > + struct scatterlist dst_start[2];
> > + struct scatterlist *src_sg;
> > + struct scatterlist *dst_sg;
> > + u8 *src, *dst, *assoc;
> > + u8 authTag[16];
> > +
> > + assoc = kmalloc(assoclen, GFP_ATOMIC);
> > + if (unlikely(!assoc))
> > + return -ENOMEM;
> > + scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0);
>
> Have you tested that this code does not barf when assoclen is 0?
>
> Maybe it is worth while to finally add a test vector to testmgr.h which
> validates such scenario. If you would like, here is a vector you could add to
> testmgr:
>
> https://github.com/smuellerDD/libkcapi/blob/master/test/test.sh#L315
I tested assoclen and cryptlen being 0 and it works, yes. Both
kmalloc and scatterwalk_map_and_copy work correctly with 0 assoclen.
> This is a decryption of gcm(aes) with no message, no AAD and just a tag. The
> result should be EBADMSG.
> > +
> > + src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen);
>
> Why do you use assoclen in the map_and_copy, and req->assoclen in the ffwd?
If I understand correctly, rfc4106 appends extra data after the assoc.
assoclen is the real assoc length, req->assoclen is assoclen + the
extra data length. So we ffwd by req->assoclen in the scatterlist,
but use assoclen when memcpy and testing.
> >
> > +static int gcmaes_decrypt_sg(struct aead_request *req, unsigned int
> > assoclen, + u8 *hash_subkey, u8 *iv, void *aes_ctx)
> > +{
>
> This is a lot of code duplication.
I will merge them and send a V2.
> Ciao
> Stephan
>
>
Thanks!
prev parent reply other threads:[~2018-02-13 18:42 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1518211765.git.davejwatson@fb.com>
2018-02-12 19:47 ` [PATCH 01/14] x86/crypto: aesni: Merge INITIAL_BLOCKS_ENC/DEC Dave Watson
2018-02-12 19:48 ` [PATCH 02/14] x86/crypto: aesni: Macro-ify func save/restore Dave Watson
2018-02-12 19:48 ` [PATCH 03/14] x86/crypto: aesni: Add GCM_INIT macro Dave Watson
2018-02-12 19:48 ` [PATCH 04/14] x86/crypto: aesni: Add GCM_COMPLETE macro Dave Watson
2018-02-12 19:49 ` [PATCH 05/14] x86/crypto: aesni: Merge encode and decode to GCM_ENC_DEC macro Dave Watson
2018-02-12 19:49 ` [PATCH 06/14] x86/crypto: aesni: Introduce gcm_context_data Dave Watson
2018-02-12 19:49 ` [PATCH 07/14] x86/crypto: aesni: Split AAD hash calculation to separate macro Dave Watson
2018-02-12 19:49 ` [PATCH 08/14] x86/crypto: aesni: Fill in new context data structures Dave Watson
2018-02-12 19:50 ` [PATCH 09/14] x86/crypto: aesni: Move ghash_mul to GCM_COMPLETE Dave Watson
2018-02-12 19:50 ` [PATCH 10/14] x86/crypto: aesni: Move HashKey computation from stack to gcm_context Dave Watson
2018-02-12 19:50 ` [PATCH 11/14] x86/crypto: aesni: Introduce partial block macro Dave Watson
2018-02-12 19:50 ` [PATCH 12/14] x86/crypto: aesni: Add fast path for > 16 byte update Dave Watson
2018-02-12 19:51 ` [PATCH 13/14] x86/crypto: aesni: Introduce scatter/gather asm function stubs Dave Watson
2018-02-12 19:51 ` [PATCH 14/14] x86/crypto: aesni: Update aesni-intel_glue to use scatter/gather Dave Watson
2018-02-12 23:12 ` Junaid Shahid
2018-02-13 18:22 ` Dave Watson
2018-02-13 19:49 ` Junaid Shahid
2018-02-13 7:42 ` Stephan Mueller
2018-02-13 18:42 ` Dave Watson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180213184221.GB2122@davejwatson-mba.local \
--to=davejwatson@fb.com \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilyal@mellanox.com \
--cc=junaids@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=smueller@chronox.de \
--cc=steffen.klassert@secunet.com \
--cc=tim.c.chen@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.