Re: [PATCH 5/6] crypto: arm64/aes-blk - update IV after partial final CTR block

[Eric Biggers <ebiggers@kernel.org>]

On Thu, Feb 14, 2019 at 09:33:51AM +0100, Ard Biesheuvel wrote:
> On Thu, 14 Feb 2019 at 09:28, Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > On Thu, Feb 14, 2019 at 09:14:13AM +0100, Ard Biesheuvel wrote:
> > > On Thu, 14 Feb 2019 at 09:04, Eric Biggers <ebiggers@kernel.org> wrote:
> > > >
> > > > From: Eric Biggers <ebiggers@google.com>
> > > >
> > > > Make the arm64 ctr-aes-neon and ctr-aes-ce algorithms update the IV
> > > > buffer to contain the next counter after processing a partial final
> > > > block, rather than leave it as the last counter.  This makes these
> > > > algorithms pass the updated AES-CTR tests.
> > > >
> > > > Signed-off-by: Eric Biggers <ebiggers@google.com>
> > >
> > > I take it this means we return an output IV even if the algorithm
> > > could never proceed in a meaningful way, given that we throw away some
> > > keystream bits that would be needed in that case.
> > >
> > > That means this change is strictly there to make the test framework
> > > happy, even for cases that can never appear in reality.
> > >
> > > Wouldn't it be better not to set out_iv for input buffers whose size
> > > is not a multiple of the block size?
> > >
> >
> > See the explanation in patch 4 for why the tests test for this.  It's not a
> > super strong argument but this seems like the best thing to do.
> >
> 
> Fair enough.
> 
> Do you have a branch with this stuff that I can drop into kernelci
> again? Preferably one that already has the tests enabled by default,
> and panics on failure.

I pushed it out to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git
branch "iv-out-testing", and added a hack to enable self-tests by default and
panic on test failure.

- Eric