From: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Milan Broz <gmazyland@gmail.com>,
Horia Geanta <horia.geanta@nxp.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>
Subject: RE: xts fuzz testing and lack of ciphertext stealing support
Date: Fri, 19 Jul 2019 07:29:25 +0000 [thread overview]
Message-ID: <MN2PR20MB297371CEE0F60E58E110C6FDCACB0@MN2PR20MB2973.namprd20.prod.outlook.com> (raw)
In-Reply-To: <CAKv+Gu8dE6EO1NOwni91cvEWJvPzieC3wKph73j2jWxzx_xKAw@mail.gmail.com>
> -----Original Message-----
> From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Sent: Friday, July 19, 2019 7:35 AM
> To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>; Milan Broz <gmazyland@gmail.com>; Horia Geanta <horia.geanta@nxp.com>; linux-
> crypto@vger.kernel.org; dm-devel@redhat.com
> Subject: Re: xts fuzz testing and lack of ciphertext stealing support
>
> I would argue that these cases are diametrically opposite: you
> proposed to remove support for zero length input vectors from the
> entire crypto API to prevent your driver from having to deal with
> inputs that the hardware cannot handle.
>
I did not propose any such thing - I just proposed to make zero length hash support *optional*
(i.e. don't fail and disable the driver on it) as it's totally irrelevant for 99.99999% of use cases.
(including *all* use cases I consider relevant for HW acceleration)
> I am proposing not to add support for cases that we have no need for.
>
While you are proposing to stick with an implementation that can only deal with 6.25% (1/16th) of
*legal* input data for XTS and fails on the remaining 93.75%. That's hardly a corner case anymore.
> XTS without CTS is indistinguishable from XTS with CTS if the inputs
> are always a multiple of the block size, and in 12 years, nobody has
> ever raised the issue that our support is limited to that. So what
> problem are we fixing by changing this? dm-crypt does not care,
> fscrypt does not care, userland does not care (given that it does not
> work today and we are only finding out now due to some fuzz test
> failing on CAAM)
>
If it's not supported, then it cannot be used. Most people would not start complaining about that,
they would just roll their own locally or they'd give up and/or use something else.
So the fact that it's currently not being used does not mean a whole lot. Also, it does not mean
that there will not be a relevant use case tomorrow. (and I can assure you there *are* definitely
real-life use cases, so I have to assume these are currently handled outside of the base kernel)
In any case, if you try to use XTS you would *expect* it to work for any input >= 16 bytes as that's
how the algorithm is *specified*. Without the CTS part it's simply not XTS.
> > I pretty much made the same argument about all these driver workarounds
> > slowing down my driver fast path but that was considered a non-issue.
> >
> > In this particular case, it should not need to be more than:
> >
> > if (unlikely(size & 15)) {
> > xts_with_partial_last_block();
> > } else {
> > xts_with_only_full_blocks();
> > }
> >
>
> Of course. But why add this at all if it is known to be dead code?
>
But that's just an assumption and assumptions are the root of all evil ;-)
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
next prev parent reply other threads:[~2019-07-19 7:29 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 17:46 xts fuzz testing and lack of ciphertext stealing support Horia Geanta
2019-07-16 22:16 ` Eric Biggers
2019-07-17 17:09 ` Horia Geanta
2019-07-17 17:28 ` Eric Biggers
2019-07-17 18:08 ` Ard Biesheuvel
2019-07-18 6:52 ` Herbert Xu
2019-07-18 7:15 ` Ard Biesheuvel
2019-07-18 7:21 ` Herbert Xu
2019-07-18 7:28 ` Ard Biesheuvel
2019-07-18 7:50 ` Herbert Xu
2019-07-18 7:40 ` Milan Broz
2019-07-18 10:40 ` Pascal Van Leeuwen
2019-07-18 11:19 ` Milan Broz
2019-07-18 15:27 ` Herbert Xu
2019-07-20 6:58 ` [dm-devel] " Eric Biggers
2019-07-20 7:35 ` Milan Broz
2019-07-21 9:50 ` Ard Biesheuvel
2019-07-22 9:44 ` Pascal Van Leeuwen
2019-07-22 16:43 ` Ard Biesheuvel
2019-07-22 22:46 ` Pascal Van Leeuwen
2019-07-24 12:23 ` Pascal Van Leeuwen
2019-07-24 12:50 ` Pascal Van Leeuwen
2019-07-24 16:10 ` Pascal Van Leeuwen
2019-07-25 6:22 ` Ard Biesheuvel
2019-07-25 7:49 ` Pascal Van Leeuwen
2019-07-25 8:01 ` Ard Biesheuvel
2019-07-26 10:31 ` Pascal Van Leeuwen
2019-07-26 19:59 ` Horia Geanta
2019-07-26 21:43 ` Pascal Van Leeuwen
2019-07-27 5:39 ` Ard Biesheuvel
2019-07-27 12:56 ` Pascal Van Leeuwen
2019-07-27 16:04 ` Milan Broz
2019-08-04 8:36 ` Ard Biesheuvel
[not found] ` <20f4832e-e3af-e3c2-d946-13bf8c367a60@nxp.com>
2019-08-07 15:51 ` Horia Geanta
2019-08-07 20:57 ` Pascal Van Leeuwen
2019-08-08 14:50 ` Horia Geanta
2019-08-09 8:35 ` Pascal Van Leeuwen
2019-08-08 13:43 ` Pascal Van Leeuwen
2019-08-08 18:01 ` Horia Geanta
2019-08-09 2:48 ` Herbert Xu
2019-08-09 6:45 ` Ard Biesheuvel
2019-08-09 7:44 ` Horia Geanta
2019-08-09 17:49 ` Ard Biesheuvel
2019-08-09 20:57 ` Pascal Van Leeuwen
2019-08-10 4:39 ` Ard Biesheuvel
2019-08-11 11:12 ` Milan Broz
2019-08-11 20:34 ` Eric Biggers
2019-08-11 21:39 ` Pascal Van Leeuwen
2019-08-11 21:29 ` Pascal Van Leeuwen
2019-08-12 4:51 ` Herbert Xu
2019-08-11 21:15 ` Pascal Van Leeuwen
2019-08-11 22:24 ` Ard Biesheuvel
2019-08-12 1:04 ` Pascal Van Leeuwen
2019-07-18 15:29 ` Herbert Xu
2019-07-18 15:43 ` Pascal Van Leeuwen
2019-07-18 15:51 ` Herbert Xu
2019-07-18 16:19 ` Ard Biesheuvel
2019-07-18 16:22 ` Herbert Xu
2019-07-18 17:03 ` Pascal Van Leeuwen
2019-07-19 5:34 ` Ard Biesheuvel
2019-07-19 7:29 ` Pascal Van Leeuwen [this message]
2019-07-19 17:14 ` Ard Biesheuvel
2019-07-19 20:07 ` Pascal Van Leeuwen
2019-07-18 16:35 ` Pascal Van Leeuwen
2019-07-19 1:47 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR20MB297371CEE0F60E58E110C6FDCACB0@MN2PR20MB2973.namprd20.prod.outlook.com \
--to=pvanleeuwen@verimatrix.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).