From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: crypto: algif_skcipher: check for IV size superfluous?
Date: Sat, 08 Nov 2014 01:32:30 +0100 [thread overview]
Message-ID: <8150359.mtACJVFlUb@tachyon.chronox.de> (raw)
Hi Herbert,
I am in the process to extend algif_skcipher to support AEAD ciphers as well.
The code already works but I want to run final tests before releasing it.
In the course of the development I stumbled over the following code:
static int skcipher_sendmsg(struct kiocb *unused, struct socket *sock,
struct msghdr *msg, size_t size)
{
...
if (con.iv && con.iv->ivlen != ivsize)
return -EINVAL;
This code effectively requires that any user space code trying to use a cipher
must provide an IV that is equal to the blocksize of the cipher.
I am wondering why this check is there or whether we can remove that.
When using the kernel crypto API inside the kernel, there is no such
enforcement. One can take shorter IVs which are implicitly padded with
trailing zeros.
I would like to allow such non-aligned IVs from user space as well. As the
user space interface invokes the kernel crypto API functions that allow the
non-aligned use inside the kernel, I would not anticipate a problem.
However, if we conclude that the check should remain, then I am wondering
whether we have to move it to the various _setiv functions of the kernel
crypto API instead of leaving it in the skcipher interface.
During my testing, I removed the check and provided different sized IVs just
as I would in kernel space. The kernel crypto API processed them normally and
the resulting ciphertext / plaintext is as expected.
An example that I used are the following parameters for a decryption operation
successfully taken from the FIPS 140-2 CAVS tool with an IV shorter than the
blocksize:
AEAD_name_1="gcm(aes)"
AEAD_msg_1="d127b39d365d16246d2866b2ebabd201" # Ciphertext
AEAD_key_1="38bd9eb2cb29cc42ac38d6cdbe116760" # key
AEAD_iv_1="aac774c39e399e7d6371ec1d" # IV
AEAD_tag_1="34a21cc3562f0ba141d73242e5a3b666" # Authentication Tag
AEAD_taglen_1="16"
AEAD_assoc_1="5dbb2884f3fe93664613e863c3bd2572855cf808765880ef1fa5787ceef8c793"
# Associated data
AEAD_exp_1="8f9ec088580c23fc6f5fc011d52f061b" # Expected plaintext
Thank you
--
Ciao
Stephan
next reply other threads:[~2014-11-08 0:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-08 0:32 Stephan Mueller [this message]
2014-11-10 14:00 ` crypto: algif_skcipher: check for IV size superfluous? Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8150359.mtACJVFlUb@tachyon.chronox.de \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).