From: "Van Leeuwen, Pascal" <pvanleeuwen@rambus.com>
To: Andrei Botila <andrei.botila@oss.nxp.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-arm-kernel@axis.com" <linux-arm-kernel@axis.com>,
Andrei Botila <andrei.botila@nxp.com>,
Antoine Tenart <antoine.tenart@bootlin.com>
Subject: RE: [PATCH 19/22] crypto: inside-secure - add check for xts input length equal to zero
Date: Mon, 10 Aug 2020 10:20:20 +0000 [thread overview]
Message-ID: <CY4PR0401MB36528610C3ABF802F8CBF35FC3440@CY4PR0401MB3652.namprd04.prod.outlook.com> (raw)
In-Reply-To: <20200807162010.18979-20-andrei.botila@oss.nxp.com>
> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of Andrei Botila
> Sent: Friday, August 7, 2020 6:20 PM
> To: Herbert Xu <herbert@gondor.apana.org.au>; David S. Miller <davem@davemloft.net>
> Cc: linux-crypto@vger.kernel.org; linux-arm-kernel@lists.infradead.org; linux-kernel@vger.kernel.org; linuxppc-dev@lists.ozlabs.org;
> linux-s390@vger.kernel.org; x86@kernel.org; linux-arm-kernel@axis.com; Andrei Botila <andrei.botila@nxp.com>; Antoine Tenart
> <antoine.tenart@bootlin.com>
> Subject: [PATCH 19/22] crypto: inside-secure - add check for xts input length equal to zero
>
> <<< External Email >>>
> From: Andrei Botila <andrei.botila@nxp.com>
>
> Standardize the way input lengths equal to 0 are handled in all skcipher
> algorithms. All the algorithms return 0 for input lengths equal to zero.
>
> Cc: Antoine Tenart <antoine.tenart@bootlin.com>
> Signed-off-by: Andrei Botila <andrei.botila@nxp.com>
> ---
> drivers/crypto/inside-secure/safexcel_cipher.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
> index 1ac3253b7903..03d06556ea98 100644
> --- a/drivers/crypto/inside-secure/safexcel_cipher.c
> +++ b/drivers/crypto/inside-secure/safexcel_cipher.c
> @@ -2533,6 +2533,9 @@ static int safexcel_skcipher_aes_xts_cra_init(struct crypto_tfm *tfm)
>
> static int safexcel_encrypt_xts(struct skcipher_request *req)
> {
> +if (!req->cryptlen)
> +return 0;
> +
> if (req->cryptlen < XTS_BLOCK_SIZE)
> return -EINVAL;
> return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
> @@ -2541,6 +2544,9 @@ static int safexcel_encrypt_xts(struct skcipher_request *req)
>
> static int safexcel_decrypt_xts(struct skcipher_request *req)
> {
> +if (!req->cryptlen)
> +return 0;
> +
> if (req->cryptlen < XTS_BLOCK_SIZE)
> return -EINVAL;
> return safexcel_queue_req(&req->base, skcipher_request_ctx(req),
> --
> 2.17.1
With all due respect, but this makes no sense.
For XTS, any length below 16 is illegal, as applying CTS in order to handle non-cipher
block multiples (16 bytes in case of AES) requires _more_ data than 1 cipher block.
There is no benefit to explicitly check for zero length if there is already a check for
less-than-16. That's just wasting CPU cycles and a branch predictor entry, for no
benefit whatsoever. (except for academic "alignment with other ciphers").
XTS has very specific use cases. No one in their right mind would call it for a
situation where it can't be applied in the first place, e.g. anything < 16 bytes.
Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953
Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.
** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **
Rambus Inc.<http://www.rambus.com>
next prev parent reply other threads:[~2020-08-10 10:27 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-07 16:19 [PATCH 00/22] crypto: add check for xts input length equal to zero Andrei Botila
2020-08-07 16:19 ` [PATCH 01/22] crypto: arm/aes-ce - " Andrei Botila
2020-08-07 16:19 ` [PATCH 02/22] crypto: arm/aes-neonbs " Andrei Botila
2020-08-07 16:19 ` [PATCH 03/22] crypto: arm64/aes " Andrei Botila
2020-08-07 16:19 ` [PATCH 04/22] crypto: arm64/aes-neonbs " Andrei Botila
2020-08-07 16:19 ` [PATCH 05/22] crypto: powerpc/aes-spe " Andrei Botila
2020-08-07 16:19 ` [PATCH 06/22] crypto: s390/aes " Andrei Botila
2020-08-07 16:19 ` [PATCH 07/22] crypto: s390/paes " Andrei Botila
2020-08-07 16:19 ` [PATCH 08/22] crypto: x86/glue_helper " Andrei Botila
2020-08-07 16:19 ` [PATCH 09/22] crypto: xts - add check for block " Andrei Botila
2020-08-07 16:19 ` [PATCH 10/22] crypto: atmel-aes - add check for xts input " Andrei Botila
2020-08-07 18:06 ` kernel test robot
2020-08-07 16:19 ` [PATCH 11/22] crypto: artpec6 " Andrei Botila
2020-08-07 16:20 ` [PATCH 12/22] crypto: bcm " Andrei Botila
2020-08-07 16:20 ` [PATCH 13/22] crypto: cavium/cpt " Andrei Botila
2020-08-07 16:20 ` [PATCH 14/22] crypto: cavium/nitrox " Andrei Botila
2020-08-07 16:20 ` [PATCH 15/22] crypto: ccp " Andrei Botila
2020-08-07 16:20 ` [PATCH 16/22] crypto: ccree " Andrei Botila
2020-08-08 12:10 ` Gilad Ben-Yossef
2020-08-07 16:20 ` [PATCH 17/22] crypto: chelsio " Andrei Botila
2020-08-07 16:20 ` [PATCH 18/22] crypto: hisilicon/sec " Andrei Botila
2020-08-07 16:20 ` [PATCH 19/22] crypto: inside-secure " Andrei Botila
2020-08-10 10:20 ` Van Leeuwen, Pascal [this message]
2020-08-10 13:45 ` Herbert Xu
2020-08-10 14:33 ` Horia Geantă
2020-08-10 17:03 ` Eric Biggers
2020-08-11 15:28 ` Horia Geantă
2020-08-12 0:36 ` Herbert Xu
2020-08-10 21:37 ` Van Leeuwen, Pascal
2020-08-07 16:20 ` [PATCH 20/22] crypto: octeontx " Andrei Botila
2020-08-07 16:20 ` [PATCH 21/22] crypto: qce " Andrei Botila
2020-08-07 17:59 ` Stanimir Varbanov
2020-08-07 16:20 ` [PATCH 22/22] crypto: vmx " Andrei Botila
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR0401MB36528610C3ABF802F8CBF35FC3440@CY4PR0401MB3652.namprd04.prod.outlook.com \
--to=pvanleeuwen@rambus.com \
--cc=andrei.botila@nxp.com \
--cc=andrei.botila@oss.nxp.com \
--cc=antoine.tenart@bootlin.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@axis.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).