From: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
To: Horia Geanta <horia.geanta@nxp.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Milan Broz <gmazyland@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: RE: [dm-devel] xts fuzz testing and lack of ciphertext stealing support
Date: Thu, 8 Aug 2019 13:43:30 +0000 [thread overview]
Message-ID: <MN2PR20MB2973127E4C159A8F5CFDD0C9CAD70@MN2PR20MB2973.namprd20.prod.outlook.com> (raw)
In-Reply-To: <VI1PR0402MB34856F03FCE57AB62FC2257998D40@VI1PR0402MB3485.eurprd04.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 2082 bytes --]
Hi Horia,
This is the best I can do on short notice w.r.t vectors with 8 byte IV.
Format is actually equivalent to that of the XTS specification, with
the sector number being referred to as "H".
Actually, the input keys, plaintext and IV should be the same as before,
with the exception of the IV being truncated to 64 bits, so that should
give you some reference regarding byte order etc.
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
> -----Original Message-----
> From: Horia Geanta <horia.geanta@nxp.com>
> Sent: Wednesday, August 7, 2019 5:52 PM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>
> Cc: Milan Broz <gmazyland@gmail.com>; Herbert Xu <herbert@gondor.apana.org.au>; dm-
> devel@redhat.com; linux-crypto@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing support
>
> On 7/26/2019 10:59 PM, Horia Geantă wrote:
> > On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote:
> >> Ok, find below a patch file that adds your vectors from the specification
> >> plus my set of additional vectors covering all CTS alignments combined
> >> with the block sizes you desired. Please note though that these vectors
> >> are from our in-house home-grown model so no warranties.
> > I've checked the test vectors against caam (HW + driver).
> >
> > Test vectors from IEEE 1619-2007 (i.e. up to and including "XTS-AES 18")
> > are fine.
> >
> > caam complains when /* Additional vectors to increase CTS coverage */
> > section starts:
> > alg: skcipher: xts-aes-caam encryption test failed (wrong result) on test vector 9,
> cfg="in-place"
> >
> I've nailed this down to a caam hw limitation.
> Except for lx2160a and ls1028a SoCs, all the (older) SoCs allow only for
> 8-byte wide IV (sector index).
> Will follow up with 16-byte IV support for the above-mentioned SoCs.
>
> Pascal,
>
> Could you also generate a few test vectors covering CTS with 8-byte IV?
>
> Thanks,
> Horia
[-- Attachment #2: linuxdrv_256enc2.out --]
[-- Type: application/octet-stream, Size: 11229 bytes --]
// Start of Record : 1
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Increment value 00000001
// Output text
K : a1340e4938fd8bf6456067070f50a82b
: a8f1fe7ef4f047cdfd9178f9148b7d27
K2 : 0edccae6f4fcd74f198cd0e69e2ff875
: b5e248004f07d9a142bc9dfc17980048
H : cb35475a7a0628b90000000000000000
P : 0452c87fb05a12c596476bf4bc2edb74
: d2202432e584b6254c2f96c7559c906f
: 0e969468f4
C : 73fa690b1c213a6183885e57e3f2791f
: 6a6479ffa2aaf27067f506f948b296a4
: d7d54826c9
IV res : 17e9f2c5faaa24711ad1de59178c596c
: 2ed2e58bf55549e234a2bdb32e18b3d8
: dba4cb17ebab92c469447b675d3066b1
// End of Record
//////////////////////////////////////////////////
// Start of Record : 2
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : f78775df3620e7cb205d4996813d1d80
: c7187ebf2a0f79ba06b54b6303fbb849
K2 : 932d855b951f78ea7c1ef55d02c6ecb0
: f0aa3d0a04e167802abe4e73c911cc6c
H : ebba5524fc8f257c0000000000000000
P : 40751b722ac8bfef0c923e19c5090738
: 4d875cb8d64f1a398ceea5224112e122
: b54bd7eb02faaaf89447045d8ab54012
: 04623de4198aebb3f9a37db6eb57f9b8
: 7fa8fa2d752d
C : e69e4b1b27f7c00bf939a6fa42514b4f
: 72baeebf3ae697216429cd30ae3866ca
: 2bff1df3d53de1f5a98b7a3ada111371
: 2c1ed32b4373533b6fc7fdfc1f599e99
: 399042cd0c38
IV res : 28f256bc0aec463c7b872383a58fccb4
: d7e4ad7815d88d78f60e47064b1f9969
: aec95bf12ab01bf1ec1d8e0c963e32d3
: db93b7e2556037e2d93b1c192c7d64a6
: 31276fc5abc06ec4b377383258fac84c
// End of Record
//////////////////////////////////////////////////
// Start of Record : 3
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 4809ab48d6ca7db190a000d8338a2079
: 7cbc0c0c5f41bcbc82af41812393cbc7
K2 : 617b831316b13e7cccaedaca78c7ab18
: 69b6583e5c195fed7bcf70b97600d8c9
H : 2e2036f4a3225dd80000000000000000
P : 793c73996521e1b9a0fd22b257c07ff4
: 7f9736aff88d73e10d85e9d53d82b349
: 8925301f0dca5c956431021711088f32
: bc37234f0398914a50e258a89b6409e0
: ce99c9b0a82173b72d4b19ba818399ce
: a07ad09f27f68a
C : 1a87622b05095e069416d1a5aed83486
: 1f1280efb97c007ff8da89d1850c0f79
: 14969a545c0f11e1d82b2028b8e58b73
: 8390b3c61e0007228bc80c5a1d74f1fc
: 31fd80dbfd63c8d88027ccb63b7058c2
: ef52594de49e4e
IV res : 67d7ee744dffd5532bba98d4eac06a0a
: ceaedde99afeaba7567431a9d581d514
: 9c5dbbd335fd574fade86252ab03ab29
: 38bb76a76bfaaf9e5ad1c5a456075653
: 7076ed4ed7f45f3db5a28b49ad0eaca6
: 67ecda9daee9bf7a6a4517935a1d584d
// End of Record
//////////////////////////////////////////////////
// Start of Record : 4
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 8cf44ce5918f72e92ff8c03c877616a4
: 20ab66393410d691f1992cf1d6c3da38
K2 : ed2a4c80f4a556281a1c79726c930886
: 8f8aaacdf18ccae70ae8ee0c1cc2a8ea
H : 9a9ebce4c9f3ef9f0000000000000000
P : c1de661a7e60d33b66d6298699c6d7c8
: 29bf0057ab210624d092efe6b51e20b9
: b77bd71888f8d7e39061cd732ba1b5c7
: 33efb5f245f692539198f85a20754ca8
: f1f60126bcba4caccbc26db62c3c3861
: e3987f3e98bdeccec0b5742343247b7e
: 3fedcbda88676f9a
C : e5b402ac013ba8739e5ba4729e41850f
: 60136bc57edd329c2f955e953ebc7a65
: 1cf60d6158871eff96b801865fe23684
: 61f3992c068d00c3ef07f524f76dac11
: 0d401fe794cd023ed2d8677108ad8c71
: ac21c709923c59d891fb43f22a67ca97
: 3cc37844a990d84b
IV res : ff181a1420e109d2b9f195819af7c2bd
: 7931342840c213a473e32b0335ef857b
: f262685080842748e7c657066ade0bf7
: 63c5d0a000094f90ce8daf0cd4bc17ee
: 418aa14101129e209d1b5f19a8792fdc
: 0514438302243c413a37be3250f35eb8
: 8d28860605487882746e7c65a0e6bd70
// End of Record
//////////////////////////////////////////////////
// Start of Record : 5
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 70180993103a0ca9020b1110ae3498db
: 10b5ee8c49bc528e4bf70a36168af706
K2 : b5945254b9c14d20a2f06e197f671eaa
: 946cee5419fc9695048500537c395feb
H : 36878f9d74e952fb0000000000000000
P : 9508eefe87b24f9301eef3770dbbfb26
: 3eb33420ee51d640b164aed9fd718f93
: a585ff74ccd3fd5ec2fc49daa83a9429
: a259903426bba0345d4733f2a8779098
: 8dfd3860231e50a1674d8d09e07d30e3
: dd3991d47068bb064e11b2260a8573f6
: 37b615d077ee437b7713e9b9842b34ab
: 49c127912ea3cae5a77945ba36974944
: f7579bd7acb3fd6a1cd1fc1cdf6f94ac
: 95f4507ac8c38c603c
C : 91e535f272cc15bb2ea36d8025adb214
: 3e0eb83368c6c03f212b02bc9097eef0
: 720ba95efc95af30145c83ed974fda61
: f353ff6fcd0ab3f55fdd46a9f08a5a8b
: eb992a079f1649a9be4e3b93a3be17a1
: a35187492594278e49387bfbe4aa6ab9
: 85a23aa30e8c0d03a2bfe47d711b4b4f
: ae4ebdff94ee22bcb9470e7c2cd4a8b5
: e2aaa9bfe7addc69fa51950b901053cb
: c48bc9cfec0ec6c34f
IV res : ca72233f2444e1bbcd867b98fc3a9d27
: 94e5467e4888c2779b0df730f9753a4f
: 28cb8dfc901085ef361bee61f2eb749e
: d7961bf921210adf6d36dcc3e4d7e93c
: ae2d37f2434214bedb6cb887c9afd379
: 5c5b6ee48784287cb7d9700f935fa7f3
: 3fb6dcc80f0951f86eb3e11e26bf4ee7
: f96cb9911f12a2f0dd66c33d4c7e9dce
: 75d972233f2444e1bbcd867b98fc3a9d
: 6db2e5467e4888c2779b0df730f9753a
// End of Record
//////////////////////////////////////////////////
// Start of Record : 6
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 5a383f9c0c53176c60722326bafea1b7
: 03a8fea07cff784c7d842f248477ec6f
K2 : 88c836e2cb523cb439ac37fa418bc459
: 2403e151c9547db7a3de91448d169722
H : fb7f3d60260a3a3d0000000000000000
P : fb5697657cd86c3c5dd3eaa6a483f79d
: 9d892c85b8d9d4f01aad
C : 764f628f465093dceeb2920048580f0b
: b047b9701aa3811934ef
IV res : 09be008c8ac82a48549550805db8252d
: 127c011815915590a82aa100bb704b5a
// End of Record
//////////////////////////////////////////////////
// Start of Record : 7
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : c0cf57a23ca24bf65d367bd71d16c32f
: 50c60ab2fde824fc33cf73fde0e9a5d1
K2 : 98fcd616ddfd6dab44bc379dab5b1df2
: 6f5dbe6b1414c774bb91244b52cb7831
H : 5cc13db6a16a2d1f0000000000000000
P : 02953aabac3bcdcd63c74c7ce575ee03
: 94c7ffe8e0e9862ad3c7e4
C : d508321a5d93bc62d61ec48f4212e3c1
: 0eb5990c6b641c40e30f4f
IV res : 5c0d843696fc718285f5b04ed814f4dd
: 3f1a086d2cf9e3040beb619db029e8bb
// End of Record
//////////////////////////////////////////////////
// Start of Record : 8
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 0b5b1dc8b13f8fcd87d2582836c634fb
: 04e8f1b79130da75664a729009390219
K2 : 622de924950e87434cc796e4c9316a13
: 1610ef349b9819f18b14383ff875cc76
H : 0c2c552cda40e1ab0000000000000000
P : be84d3fee6b42967fd2978413de9814e
: 3cf9f4f53fd80ecd637365f3
C : 5ca1215396dceb13f991318a65c6324f
: eaa63e70d2fa37cf9bcbc34a
IV res : 5772f4c7a47f94f8b78819c8825c1204
: aee4e88f49ff28f16f11339005b92408
// End of Record
//////////////////////////////////////////////////
// Start of Record : 9
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : dc4cdc20b13489a4d0b67705ea0ccc68
: b1d6f7fda70a5b812d4da365d0aba102
K2 : 854b33ea511650123b25ba13ba7cbb3a
: e4fdb39c888bb8307a97cf955d697b1d
H : e769edd2545d4a290000000000000000
P : 37221162a0749262404e2b0a8babd828
: 8ad2eba58ee142c849ef9aec1b
C : 51649d924664e1c6b738262b7414243d
: ba17c48f72c2a4013948197469
IV res : 2b7305025e693c4880b5a3ed6235ae1a
: 56e60a04bcd27890006b47dbc56a5c35
// End of Record
//////////////////////////////////////////////////
// Start of Record : 10
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : 729af55355dd0feffc756f0388c8ba88
: b765895d03862122b84287d9a9839e9c
K2 : ca28a1d2b6d0a66cf857427c73fc7b0a
: bc3c577b5a396155b725e9f1c4bb0428
H : 8a3822baea5e1da40000000000000000
P : 06fdbba92e56055ff2a7367626d3b349
: 7ce2e3be1f65d21765e2b30eb193
C : 8583e08c0a4e68b1e43f64030bf87276
: dd9ee092e6ed7efddd8648b18e2d
IV res : 6f838935b62409ed853f411e18d35a2b
: de06136b6c4912da0b7f823c30a6b556
// End of Record
//////////////////////////////////////////////////
// Start of Record : 11
// AES XTS operation with CTS
// Encrypt
// Key
// Key2
// i
// Text
// No j input
// Output text
K : ce0645532581d2b2ddc957febbf68307
: 28d82aff53f857c66350d43e2a543751
K2 : 073b23633c31570dd35920f2d085acc5
: 3fa174900a3ff41012f01b2befcb8674
H : 6d3e6294754374ea0000000000000000
P : 6ae6a3667e78ef428b280824dad4d642
: 3db6487e51a69265988626983742a5
C : 844b141f8ebcede395087d6e5b62f9be
: 82085da2feac39f305fa2478f3966e
IV res : 8da9535ac23b8da12513a56f5fc799b7
: 9d53a7b484771a434b264adfbe8e336f
// End of Record
//////////////////////////////////////////////////
next prev parent reply other threads:[~2019-08-08 13:43 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 17:46 xts fuzz testing and lack of ciphertext stealing support Horia Geanta
2019-07-16 22:16 ` Eric Biggers
2019-07-17 17:09 ` Horia Geanta
2019-07-17 17:28 ` Eric Biggers
2019-07-17 18:08 ` Ard Biesheuvel
2019-07-18 6:52 ` Herbert Xu
2019-07-18 7:15 ` Ard Biesheuvel
2019-07-18 7:21 ` Herbert Xu
2019-07-18 7:28 ` Ard Biesheuvel
2019-07-18 7:50 ` Herbert Xu
2019-07-18 7:40 ` Milan Broz
2019-07-18 10:40 ` Pascal Van Leeuwen
2019-07-18 11:19 ` Milan Broz
2019-07-18 15:27 ` Herbert Xu
2019-07-20 6:58 ` [dm-devel] " Eric Biggers
2019-07-20 7:35 ` Milan Broz
2019-07-21 9:50 ` Ard Biesheuvel
2019-07-22 9:44 ` Pascal Van Leeuwen
2019-07-22 16:43 ` Ard Biesheuvel
2019-07-22 22:46 ` Pascal Van Leeuwen
2019-07-24 12:23 ` Pascal Van Leeuwen
2019-07-24 12:50 ` Pascal Van Leeuwen
2019-07-24 16:10 ` Pascal Van Leeuwen
2019-07-25 6:22 ` Ard Biesheuvel
2019-07-25 7:49 ` Pascal Van Leeuwen
2019-07-25 8:01 ` Ard Biesheuvel
2019-07-26 10:31 ` Pascal Van Leeuwen
2019-07-26 19:59 ` Horia Geanta
2019-07-26 21:43 ` Pascal Van Leeuwen
2019-07-27 5:39 ` Ard Biesheuvel
2019-07-27 12:56 ` Pascal Van Leeuwen
2019-07-27 16:04 ` Milan Broz
2019-08-04 8:36 ` Ard Biesheuvel
[not found] ` <20f4832e-e3af-e3c2-d946-13bf8c367a60@nxp.com>
2019-08-07 15:51 ` Horia Geanta
2019-08-07 20:57 ` Pascal Van Leeuwen
2019-08-08 14:50 ` Horia Geanta
2019-08-09 8:35 ` Pascal Van Leeuwen
2019-08-08 13:43 ` Pascal Van Leeuwen [this message]
2019-08-08 18:01 ` Horia Geanta
2019-08-09 2:48 ` Herbert Xu
2019-08-09 6:45 ` Ard Biesheuvel
2019-08-09 7:44 ` Horia Geanta
2019-08-09 17:49 ` Ard Biesheuvel
2019-08-09 20:57 ` Pascal Van Leeuwen
2019-08-10 4:39 ` Ard Biesheuvel
2019-08-11 11:12 ` Milan Broz
2019-08-11 20:34 ` Eric Biggers
2019-08-11 21:39 ` Pascal Van Leeuwen
2019-08-11 21:29 ` Pascal Van Leeuwen
2019-08-12 4:51 ` Herbert Xu
2019-08-11 21:15 ` Pascal Van Leeuwen
2019-08-11 22:24 ` Ard Biesheuvel
2019-08-12 1:04 ` Pascal Van Leeuwen
2019-07-18 15:29 ` Herbert Xu
2019-07-18 15:43 ` Pascal Van Leeuwen
2019-07-18 15:51 ` Herbert Xu
2019-07-18 16:19 ` Ard Biesheuvel
2019-07-18 16:22 ` Herbert Xu
2019-07-18 17:03 ` Pascal Van Leeuwen
2019-07-19 5:34 ` Ard Biesheuvel
2019-07-19 7:29 ` Pascal Van Leeuwen
2019-07-19 17:14 ` Ard Biesheuvel
2019-07-19 20:07 ` Pascal Van Leeuwen
2019-07-18 16:35 ` Pascal Van Leeuwen
2019-07-19 1:47 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR20MB2973127E4C159A8F5CFDD0C9CAD70@MN2PR20MB2973.namprd20.prod.outlook.com \
--to=pvanleeuwen@verimatrix.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).