From: Yao Dongdong <yaodongdong@huawei.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: <smueller@chronox.de>, <linux-crypto@vger.kernel.org>,
"Lihui (Eric)" <lihui8@huawei.com>
Subject: Re: [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector
Date: Mon, 11 May 2015 16:35:24 +0800 [thread overview]
Message-ID: <555069CC.9060306@huawei.com> (raw)
In-Reply-To: <20150511063509.GA2430@gondor.apana.org.au>
On 2015/5/11 14:35, Herbert Xu wrote:
> On Thu, May 07, 2015 at 05:44:53PM +0800, Yao Dongdong wrote:
>> while we use crypto api for userspace to do vectors test for AEAD(aes-gcm),
>> we encounter a problem. There are some test vector's PTlen is 0,for example:
>> [Keylen = 128]
>> [IVlen = 96]
>> [PTlen = 0]
>> [AADlen = 0]
>> [Taglen = 128]
>>
>> Count = 0
>> Key = 7e93936b2e2188cfa9c9882ad901312f
>> IV = b6879804163b9eaf5bfe5218
>> CT =
>> AAD =
>> Tag = aa77daf382d0d63480ff8c8a2dee149e
>>
>> In testing vectors like that, we will get an error result that the decrypt
>> return is success but the right return is a ghash verify fail.
>> After digging into the kernel(3.10) code, we find the function sock_aio_read
>> in net/socket.c has a judgement of iocb->ki_left which will be 0 when we
>> do an aes-gcm decrypt decribed above.
>>
>> static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
>> unsigned long nr_segs, loff_t pos)
>> {
>> struct sock_iocb siocb, *x;
>>
>> if (pos != 0)
>> return -ESPIPE;
>>
>> if (iocb->ki_left == 0) /* Match SYS5 behaviour */
>> return 0;
>>
>> x = alloc_sock_iocb(iocb, &siocb);
>> if (!x)
>> return -ENOMEM;
>> return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
>> }
>>
>> So it directly return before calling aes-gcm decrypt.
>>
>> How can we deal with that?
> Does this still happen if you use recvmsg?
Yes, it works.
> Cheers,
--
Kind regards,
Yao Dongdong
prev parent reply other threads:[~2015-05-11 8:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-07 9:44 [Question] AEAD crypto api for userspace can't deal with a PTlen=0 vector Yao Dongdong
2015-05-07 11:28 ` Stephan Mueller
2015-05-11 1:51 ` Yao Dongdong
2015-05-11 6:36 ` Herbert Xu
2015-05-11 6:35 ` Herbert Xu
2015-05-11 7:59 ` Stephan Mueller
2015-05-11 8:35 ` Yao Dongdong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=555069CC.9060306@huawei.com \
--to=yaodongdong@huawei.com \
--cc=herbert@gondor.apana.org.au \
--cc=lihui8@huawei.com \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).