From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754336AbcFPPiW (ORCPT ); Thu, 16 Jun 2016 11:38:22 -0400 Received: from mail.eperm.de ([89.247.134.16]:36650 "EHLO mail.eperm.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753979AbcFPPiS (ORCPT ); Thu, 16 Jun 2016 11:38:18 -0400 From: Stephan Mueller To: Andrew Zaborowski Cc: Mat Martineau , Tadeusz Struk , David Howells , Herbert Xu , linux-api@vger.kernel.org, Marcel Holtmann , linux-kernel@vger.kernel.org, keyrings@vger.kernel.org, Linux Crypto Mailing List , David Woodhouse , davem@davemloft.net Subject: Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface Date: Thu, 16 Jun 2016 17:38:14 +0200 Message-ID: <1696434.oCKeAI3Bfp@tauon.atsec.com> User-Agent: KMail/4.14.10 (Linux/4.4.9-300.fc23.x86_64; KDE/4.14.20; x86_64; ; ) In-Reply-To: References: <20160515041645.15888.94903.stgit@tstruk-mobl1> <10863259.oUiAus9m9y@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Donnerstag, 16. Juni 2016, 16:59:01 schrieb Andrew Zaborowski: Hi Andrew, > Hi Stephan, > > On 16 June 2016 at 10:05, Stephan Mueller wrote: > > Am Dienstag, 14. Juni 2016, 09:42:34 schrieb Andrew Zaborowski: > > > > Hi Andrew, > > > >> > I think we have agreed on dropping the length enforcement at the > >> > interface > >> > level. > >> > >> Separately from this there's a problem with the user being unable to > >> know if the algorithm is going to fail because of destination buffer > >> size != key size (including kernel users). For RSA, the qat > >> implementation will fail while the software implementation won't. For > >> pkcs1pad(...) there's currently just one implementation but the user > >> can't assume that. > > > > If I understand your issue correctly, my initial code requiring the caller > > to provide sufficient memory would have covered the issue, right? > > This isn't an issue with AF_ALG, I should have changed the subject > line perhaps. In this case it's an inconsistency between some > implementations and the documentation (header comment). It affects > users accessing the cipher through AF_ALG but also directly. As I want to send a new version of the algif_akcipher shortly now (hoping for an inclusion into 4.8), is there anything you see that I should prepare for regarding this issue? I.e. do you forsee a potential fix that would change the API or ABI of algif_akcipher? > > > If so, we seem > > to have implementations which can handle shorter buffer sizes and some > > which do not. Should a caller really try to figure the right buffer size > > out? Why not requiring a mandatory buffer size and be done with it? I.e. > > what is the gain to allow shorter buffer sizes (as pointed out by Mat)? > > It's that client code doesn't need an intermediate layer with an > additional buffer and a memcpy to provide a sensible API. If the code > wants to decrypt a 32-byte Digest Info structure with a given key or a > reference to a key it makes no sense, logically or in terms of > performance, for it to provide a key-sized buffer. > > In the case of the userspace interface I think it's also rare for a > recv() or read() on Linux to require a buffer larger than it's going > to use, correct me if i'm wrong. (I.e. fail if given a 32-byte > buffer, return 32 bytes of data anyway) Turning your questino around > is there a gain from requiring larger buffers? That is a good one :-) I have that check removed. Ciao Stephan