From: Eric Biggers <firstname.lastname@example.org> To: Stephan Mueller <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Re: [PATCH 0/5] Add KDF implementations to crypto API Date: Wed, 6 Jan 2021 22:59:24 -0800 [thread overview] Message-ID: <X/axTBTMGpJ07tft@sol.localdomain> (raw) In-Reply-To: <email@example.com> On Thu, Jan 07, 2021 at 07:37:05AM +0100, Stephan Mueller wrote: > Am Montag, dem 04.01.2021 um 14:20 -0800 schrieb Eric Biggers: > > On Mon, Jan 04, 2021 at 10:45:57PM +0100, Stephan Müller wrote: > > > The HKDF addition is used to replace the implementation in the filesystem > > > crypto extension. This code was tested by using an EXT4 encrypted file > > > system that was created and contains files written to by the current > > > implementation. Using the new implementation a successful read of the > > > existing files was possible and new files / directories were created > > > and read successfully. These newly added file system objects could be > > > successfully read using the current code. Yet if there is a test suite > > > to validate whether the invokcation of the HKDF calculates the same > > > result as the existing implementation, I would be happy to validate > > > the implementation accordingly. > > > > See https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#tests > > for how to run the fscrypt tests. 'kvm-xfstests -c ext4 generic/582' should > > be > > enough for this, though you could run all the tests if you want. > > I ran the $(kvm-xfstests -c encrypt -g auto) on 5.11-rc2 with and without my > HKDF changes. I.e. the testing shows the same results for both kernels which > seems to imply that my HKDF changes do not change the behavior. > > I get the following errors in both occasions - let me know if I should dig a > bit more. The command you ran runs almost all xfstests with the test_dummy_encryption mount option enabled, which is different from running the encryption tests -- and in fact it skips the real encryption tests, so it doesn't test the correctness of HKDF at all. It looks like you saw some unrelated test failures. Sorry if I wasn't clear -- by "all tests" I meant all encryption tests, i.e. 'kvm-xfstests -c ext4 -g encrypt'. Also, even the single test generic/582 should be sufficient to test HKDF, as I mentioned. - Eric
next prev parent reply other threads:[~2021-01-07 7:00 UTC|newest] Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-01-04 21:45 Stephan Müller 2021-01-04 21:47 ` [PATCH 1/5] crypto: Add key derivation self-test support code Stephan Müller 2021-01-04 21:47 ` [PATCH 2/5] crypto: add SP800-108 counter key derivation function Stephan Müller 2021-01-04 21:49 ` [PATCH 3/5] crypto: add RFC5869 HKDF Stephan Müller 2021-01-07 7:30 ` Eric Biggers 2021-01-07 7:53 ` Stephan Mueller 2021-01-07 18:53 ` Eric Biggers 2021-01-04 21:49 ` [PATCH 4/5] security: DH - use KDF implementation from crypto API Stephan Müller 2021-01-12 1:34 ` Jarkko Sakkinen 2021-01-04 21:50 ` [PATCH 5/5] fs: use HKDF implementation from kernel " Stephan Müller 2021-01-07 7:19 ` Eric Biggers 2021-01-07 7:49 ` Stephan Mueller 2021-01-07 18:47 ` Eric Biggers 2021-01-04 22:20 ` [PATCH 0/5] Add KDF implementations to " Eric Biggers 2021-01-07 6:37 ` Stephan Mueller 2021-01-07 6:59 ` Eric Biggers [this message] 2021-01-07 7:12 ` Eric Biggers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=X/axTBTMGpJ07tft@sol.localdomain \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH 0/5] Add KDF implementations to crypto API' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.