From: Eric Biggers <ebiggers@kernel.org>
To: Zhihang Shao <zhihang.shao.iscas@gmail.com>
Cc: linux-crypto@vger.kernel.org, linux-riscv@lists.infradead.org,
herbert@gondor.apana.org.au, paul.walmsley@sifive.com,
alex@ghiti.fr, appro@cryptogams.org, zhang.lyra@gmail.com
Subject: Re: [PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation
Date: Mon, 9 Jun 2025 13:13:06 -0700 [thread overview]
Message-ID: <20250609201306.GD1255@sol> (raw)
In-Reply-To: <20250609074655.203572-3-zhihang.shao.iscas@gmail.com>
On Mon, Jun 09, 2025 at 03:46:57PM +0800, Zhihang Shao wrote:
> From: Zhihang Shao <zhihang.shao.iscas@gmail.com>
>
> This is a straight import of the OpenSSL/CRYPTOGAMS Poly1305
> implementation for riscv authored by Andy Polyakov.
> The file 'poly1305-riscv.pl' is taken straight from this upstream
> GitHub repository [0] at commit 33fe84bc21219a16825459b37c825bf4580a0a7b,
> and this commit fixed a bug in riscv 64bit implementation.
>
> [0] https://github.com/dot-asm/cryptogams
There are a couple minor differences between the CRYPTOGAMS file and the one in
this patch. Please make sure those are documented.
> +config CRYPTO_POLY1305_RISCV
> + tristate
> + default CRYPTO_LIB_POLY1305
> + select CRYPTO_ARCH_HAVE_LIB_POLY1305
Fix the indentation here.
> +void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,
> + unsigned int len, u32 padbit)
> +{
> + len = round_down(len, POLY1305_BLOCK_SIZE);
> + poly1305_blocks(state, src, len, 1);
> +}
> +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);
This is ignoring the padbit and forcing it to 1, so this will compute the wrong
Poly1305 value for messages with length not a multiple of 16 bytes.
chacha20poly1305-selftest still passes, so it must not test this case. We need
to add a self-test for Poly1305 directly, ideally using KUnit.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Zhihang Shao <zhihang.shao.iscas@gmail.com>
Cc: linux-crypto@vger.kernel.org, linux-riscv@lists.infradead.org,
herbert@gondor.apana.org.au, paul.walmsley@sifive.com,
alex@ghiti.fr, appro@cryptogams.org, zhang.lyra@gmail.com
Subject: Re: [PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation
Date: Mon, 9 Jun 2025 13:13:06 -0700 [thread overview]
Message-ID: <20250609201306.GD1255@sol> (raw)
In-Reply-To: <20250609074655.203572-3-zhihang.shao.iscas@gmail.com>
On Mon, Jun 09, 2025 at 03:46:57PM +0800, Zhihang Shao wrote:
> From: Zhihang Shao <zhihang.shao.iscas@gmail.com>
>
> This is a straight import of the OpenSSL/CRYPTOGAMS Poly1305
> implementation for riscv authored by Andy Polyakov.
> The file 'poly1305-riscv.pl' is taken straight from this upstream
> GitHub repository [0] at commit 33fe84bc21219a16825459b37c825bf4580a0a7b,
> and this commit fixed a bug in riscv 64bit implementation.
>
> [0] https://github.com/dot-asm/cryptogams
There are a couple minor differences between the CRYPTOGAMS file and the one in
this patch. Please make sure those are documented.
> +config CRYPTO_POLY1305_RISCV
> + tristate
> + default CRYPTO_LIB_POLY1305
> + select CRYPTO_ARCH_HAVE_LIB_POLY1305
Fix the indentation here.
> +void poly1305_blocks_arch(struct poly1305_block_state *state, const u8 *src,
> + unsigned int len, u32 padbit)
> +{
> + len = round_down(len, POLY1305_BLOCK_SIZE);
> + poly1305_blocks(state, src, len, 1);
> +}
> +EXPORT_SYMBOL_GPL(poly1305_blocks_arch);
This is ignoring the padbit and forcing it to 1, so this will compute the wrong
Poly1305 value for messages with length not a multiple of 16 bytes.
chacha20poly1305-selftest still passes, so it must not test this case. We need
to add a self-test for Poly1305 directly, ideally using KUnit.
- Eric
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2025-06-09 20:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-09 7:46 [PATCH v3] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation Zhihang Shao
2025-06-09 7:46 ` Zhihang Shao
2025-06-09 20:13 ` Eric Biggers [this message]
2025-06-09 20:13 ` Eric Biggers
2025-06-10 6:57 ` Zhihang Shao
2025-06-10 6:57 ` Zhihang Shao
2025-06-10 19:21 ` Eric Biggers
2025-06-10 19:21 ` Eric Biggers
2025-06-10 13:26 ` Andy Polyakov
2025-06-10 13:26 ` Andy Polyakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250609201306.GD1255@sol \
--to=ebiggers@kernel.org \
--cc=alex@ghiti.fr \
--cc=appro@cryptogams.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=paul.walmsley@sifive.com \
--cc=zhang.lyra@gmail.com \
--cc=zhihang.shao.iscas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.