From: Stephan Mueller <smueller@chronox.de>
To: Yao Dongdong <yaodongdong@huawei.com>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
"Lihui (Eric)" <lihui8@huawei.com>
Subject: Re: [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector
Date: Thu, 07 May 2015 13:28:14 +0200 [thread overview]
Message-ID: <1449423.5ryfY6rDCG@tauon> (raw)
In-Reply-To: <554B3415.3060707@huawei.com>
Am Donnerstag, 7. Mai 2015, 17:44:53 schrieb Yao Dongdong:
Hi Yao,
>while we use crypto api for userspace to do vectors test for AEAD(aes-gcm),
>we encounter a problem. There are some test vector's PTlen is 0,for example:
>[Keylen = 128]
>[IVlen = 96]
>[PTlen = 0]
>[AADlen = 0]
>[Taglen = 128]
>
>Count = 0
>Key = 7e93936b2e2188cfa9c9882ad901312f
>IV = b6879804163b9eaf5bfe5218
>CT =
>AAD =
>Tag = aa77daf382d0d63480ff8c8a2dee149e
>
>In testing vectors like that, we will get an error result that the decrypt
>return is success but the right return is a ghash verify fail.
>After digging into the kernel(3.10) code, we find the function sock_aio_read
>in net/socket.c has a judgement of iocb->ki_left which will be 0 when we
>do an aes-gcm decrypt decribed above.
>
>static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
> unsigned long nr_segs, loff_t pos)
>{
> struct sock_iocb siocb, *x;
>
> if (pos != 0)
> return -ESPIPE;
>
> if (iocb->ki_left == 0) /* Match SYS5 behaviour */
> return 0;
>
> x = alloc_sock_iocb(iocb, &siocb);
> if (!x)
> return -ENOMEM;
> return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
>}
>
>So it directly return before calling aes-gcm decrypt.
>
>How can we deal with that?
You cannot. Currently, the interface is not intended to handle such specific
CAVS conditions (zero CT and AAD). Note, this test effectively only validates
GHASH.
In any case, if you need to perform CAVS testing, you will only be able to do
that with a kernel module for all obscure operations CAVS requests (not only
for AEAD, but also for RNGs).
Or you restrict your usage (and thus the CAVS testing) to CT/AAD lengths > 0.
Ciao
Stephan
next prev parent reply other threads:[~2015-05-07 11:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-07 9:44 [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector Yao Dongdong
2015-05-07 11:28 ` Stephan Mueller [this message]
2015-05-11 1:51 ` Yao Dongdong
2015-05-11 6:36 ` Herbert Xu
2015-05-11 6:35 ` Herbert Xu
2015-05-11 7:59 ` Stephan Mueller
2015-05-11 8:35 ` Yao Dongdong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449423.5ryfY6rDCG@tauon \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=lihui8@huawei.com \
--cc=linux-crypto@vger.kernel.org \
--cc=yaodongdong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).