From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751564AbcFWPWd (ORCPT <rfc822;w@1wt.eu>);
	Thu, 23 Jun 2016 11:22:33 -0400
Received: from mail-pa0-f68.google.com ([209.85.220.68]:33418 "EHLO
	mail-pa0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750866AbcFWPWb (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 23 Jun 2016 11:22:31 -0400
Subject: Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface
To: Stephan Mueller <smueller@chronox.de>,
        Mat Martineau <mathew.j.martineau@linux.intel.com>
References: <20160515041645.15888.94903.stgit@tstruk-mobl1>
 <dbcb97e0-35c0-7e6e-9351-d90a0d945bab@intel.com>
 <alpine.OSX.2.20.1606221515040.16377@mjmartin-mac01.local>
 <3250613.UAo0YkFYZb@tauon.atsec.com>
Cc: Tadeusz Struk <tadeusz.struk@intel.com>, dhowells@redhat.com,
        herbert@gondor.apana.org.au, linux-api@vger.kernel.org,
        marcel@holtmann.org, linux-kernel@vger.kernel.org,
        keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
        dwmw2@infradead.org, davem@davemloft.net
From: Denis Kenzior <denkenz@gmail.com>
Message-ID: <576BFEB3.5080009@gmail.com>
Date: Thu, 23 Jun 2016 10:22:27 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.0
MIME-Version: 1.0
In-Reply-To: <3250613.UAo0YkFYZb@tauon.atsec.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Stephan,

 >>
>> This brings me to another proposal for read buffer sizing: AF_ALG akcipher
>> can guarantee that partial reads (where the read buffer is shorter than
>> the output of the crypto op) will work using the same semantics as
>> SOCK_DGRAM/SOCK_SEQPACKET. With those sockets, as much data as will fit is
>> copied in to the read buffer and the remainder is discarded.
>>
>> I realize there's a performance and memory tradeoff, since the crypto
>> algorithm needs a sufficiently large output buffer that would have to be
>> created by AF_ALG akcipher. The user could manage that tradeoff by
>> providing a larger buffer (typically key_size?) if it wants to avoid
>> allocating and copying intermediate buffers inside the kernel.
>
> How shall the user know that something got truncated or that the kernel
> created memory?
>

To the former point, recall the signature of recv:
ssize_t recv(int sockfd, void *buf, size_t len, int flags);

Traditionally, userspace apps can know that the buffer provided to recv 
was too small in two ways:

The return value from recv / recvmsg was >= len.

In the case of recvmsg, the MSG_TRUNC flag is set.

To quote man recv:

"All  three calls return the length of the message on successful comple‐
tion.  If a message is too long to fit in the supplied  buffer,  excess
bytes  may  be discarded depending on the type of socket the message is
received from."

and

"MSG_TRUNC (since Linux 2.2)

	For   raw   (AF_PACKET),   Internet   datagram   (since    Linux
	2.4.27/2.6.8),  netlink  (since Linux 2.6.22), and UNIX datagram
	(since Linux 3.4) sockets: return the real length of the  packet
	or datagram, even when it was longer than the passed buffer.
"

Regards,
-Denis