From: Yao Dongdong <yaodongdong@huawei.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: <herbert@gondor.apana.org.au>, <linux-crypto@vger.kernel.org>,
"Lihui (Eric)" <lihui8@huawei.com>
Subject: Re: [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector
Date: Mon, 11 May 2015 09:51:15 +0800 [thread overview]
Message-ID: <55500B13.2090400@huawei.com> (raw)
In-Reply-To: <1449423.5ryfY6rDCG@tauon>
On 2015/5/7 19:28, Stephan Mueller wrote:
> Am Donnerstag, 7. Mai 2015, 17:44:53 schrieb Yao Dongdong:
>
> Hi Yao,
>
>> while we use crypto api for userspace to do vectors test for AEAD(aes-gcm),
>> we encounter a problem. There are some test vector's PTlen is 0,for example:
>> [Keylen = 128]
>> [IVlen = 96]
>> [PTlen = 0]
>> [AADlen = 0]
>> [Taglen = 128]
>>
>> Count = 0
>> Key = 7e93936b2e2188cfa9c9882ad901312f
>> IV = b6879804163b9eaf5bfe5218
>> CT =
>> AAD =
>> Tag = aa77daf382d0d63480ff8c8a2dee149e
>>
>> In testing vectors like that, we will get an error result that the decrypt
>> return is success but the right return is a ghash verify fail.
>> After digging into the kernel(3.10) code, we find the function sock_aio_read
>> in net/socket.c has a judgement of iocb->ki_left which will be 0 when we
>> do an aes-gcm decrypt decribed above.
>>
>> static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
>> unsigned long nr_segs, loff_t pos)
>> {
>> struct sock_iocb siocb, *x;
>>
>> if (pos != 0)
>> return -ESPIPE;
>>
>> if (iocb->ki_left == 0) /* Match SYS5 behaviour */
>> return 0;
>>
>> x = alloc_sock_iocb(iocb, &siocb);
>> if (!x)
>> return -ENOMEM;
>> return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
>> }
>>
>> So it directly return before calling aes-gcm decrypt.
>>
>> How can we deal with that?
> You cannot. Currently, the interface is not intended to handle such specific
> CAVS conditions (zero CT and AAD). Note, this test effectively only validates
> GHASH.
>
> In any case, if you need to perform CAVS testing, you will only be able to do
> that with a kernel module for all obscure operations CAVS requests (not only
> for AEAD, but also for RNGs).
>
> Or you restrict your usage (and thus the CAVS testing) to CT/AAD lengths > 0.
Thanks for your replay and we will modify our treatment based on your suggestions.
>
> Ciao
> Stephan
>
> .
>
--
Kind regards,
Yao Dongdong
next prev parent reply other threads:[~2015-05-11 1:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-07 9:44 [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector Yao Dongdong
2015-05-07 11:28 ` Stephan Mueller
2015-05-11 1:51 ` Yao Dongdong [this message]
2015-05-11 6:36 ` Herbert Xu
2015-05-11 6:35 ` Herbert Xu
2015-05-11 7:59 ` Stephan Mueller
2015-05-11 8:35 ` Yao Dongdong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55500B13.2090400@huawei.com \
--to=yaodongdong@huawei.com \
--cc=herbert@gondor.apana.org.au \
--cc=lihui8@huawei.com \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.