On Sun, Aug 11, 2019 at 09:29:38PM +, Pascal Van Leeuwen wrote:
>
> It will very likely fail with that CAAM h/w, but that only proves that you
> should not use plain64be IV's together with CAAM h/w. Which should be
It doesn't matter whether it's wrong or not.
The fact is that this is an inter
t; > Cc: Horia Geanta ; Herbert Xu
> > > ; Milan
> Broz
> > > ; dm-devel@redhat.com; linux-cry...@vger.kernel.org
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On Fri, 9 Aug 201
evel@redhat.com; linux-cry...@vger.kernel.org
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On Fri, 9 Aug 2019 at 23:57, Pascal Van Leeuwen
> > wrote:
> > >
> > > > -Original Message-
>
> -Original Message-
> From: Eric Biggers
> Sent: Sunday, August 11, 2019 10:34 PM
> To: Milan Broz
> Cc: Ard Biesheuvel ; Pascal Van Leeuwen
> ; dm-devel@redhat.com; Herbert Xu
> ;
> Horia Geanta ; linux-cry...@vger.kernel.org
> Subject: Re: [dm-devel] x
> -Original Message-
> From: Milan Broz
> Sent: Sunday, August 11, 2019 1:13 PM
> To: Ard Biesheuvel ; Pascal Van Leeuwen
>
> Cc: Horia Geanta ; Herbert Xu
> ; dm-
> de...@redhat.com; linux-cry...@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz testing and
gt; Cc: Herbert Xu ; Pascal Van Leeuwen
> > > ; Milan Broz ;
> > > dm-devel@redhat.com;
> linux-
> > > cry...@vger.kernel.org
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On Fr
On Sun, Aug 11, 2019 at 01:12:56PM +0200, Milan Broz wrote:
> On 10/08/2019 06:39, Ard Biesheuvel wrote:
> > Truncated IVs are a huge issue, since we already expose the correct
> > API via AF_ALG (without any restrictions on how many of the IV bits
> > are populated), and apparently, if your AF_ALG
On 10/08/2019 06:39, Ard Biesheuvel wrote:
> Truncated IVs are a huge issue, since we already expose the correct
> API via AF_ALG (without any restrictions on how many of the IV bits
> are populated), and apparently, if your AF_ALG request for xts(aes)
> happens to be fulfilled by the CAAM driver a
redhat.com; linux-
> > cry...@vger.kernel.org
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On Fri, 9 Aug 2019 at 10:44, Horia Geanta wrote:
> > >
> > > On 8/9/2019 9:45 AM, Ard Biesheuvel wrote:
>
> -Original Message-
> From: Ard Biesheuvel
> Sent: Friday, August 9, 2019 7:49 PM
> To: Horia Geanta
> Cc: Herbert Xu ; Pascal Van Leeuwen
> ; Milan Broz ;
> dm-devel@redhat.com; linux-
> cry...@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz testing and
On Fri, 9 Aug 2019 at 10:44, Horia Geanta wrote:
>
> On 8/9/2019 9:45 AM, Ard Biesheuvel wrote:
> > On Fri, 9 Aug 2019 at 05:48, Herbert Xu wrote:
> >>
> >> On Thu, Aug 08, 2019 at 06:01:49PM +, Horia Geanta wrote:
> >>>
> >>> -- >8 --
> >>>
> >>> Subject: [PATCH] crypto: testmgr - Add additi
t;
> >> Cc: Milan Broz ; Herbert Xu
> >> ; dm-
> >> de...@redhat.com; linux-cry...@vger.kernel.org
> >> Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> >> support
> >>
> >> On 7/26/2019 10:59 PM, Horia Gean
On 8/9/2019 9:45 AM, Ard Biesheuvel wrote:
> On Fri, 9 Aug 2019 at 05:48, Herbert Xu wrote:
>>
>> On Thu, Aug 08, 2019 at 06:01:49PM +, Horia Geanta wrote:
>>>
>>> -- >8 --
>>>
>>> Subject: [PATCH] crypto: testmgr - Add additional AES-XTS vectors for
>>> covering
>>> CTS (part II)
>>
>> Patc
On Fri, 9 Aug 2019 at 05:48, Herbert Xu wrote:
>
> On Thu, Aug 08, 2019 at 06:01:49PM +, Horia Geanta wrote:
> >
> > -- >8 --
> >
> > Subject: [PATCH] crypto: testmgr - Add additional AES-XTS vectors for
> > covering
> > CTS (part II)
>
> Patchwork doesn't like it when you do this and it'll
On Thu, Aug 08, 2019 at 06:01:49PM +, Horia Geanta wrote:
>
> -- >8 --
>
> Subject: [PATCH] crypto: testmgr - Add additional AES-XTS vectors for covering
> CTS (part II)
Patchwork doesn't like it when you do this and it'll discard
your patch. To make it into patchwork you need to put the ne
On 8/8/2019 4:43 PM, Pascal Van Leeuwen wrote:
> Hi Horia,
>
> This is the best I can do on short notice w.r.t vectors with 8 byte IV.
> Format is actually equivalent to that of the XTS specification, with
> the sector number being referred to as "H".
>
> Actually, the input keys, plaintext and I
com; linux-cry...@vger.kernel.org
>> Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
>> support
>>
>> On 7/26/2019 10:59 PM, Horia Geantă wrote:
>>> On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote:
>>>> Ok, find below a patch file
, 2019 5:52 PM
> To: Pascal Van Leeuwen ; Ard Biesheuvel
>
> Cc: Milan Broz ; Herbert Xu
> ; dm-
> de...@redhat.com; linux-cry...@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> support
>
> On 7/26/2019 10:59 PM, Horia Gean
> -Original Message-
> From: Horia Geanta
> Sent: Wednesday, August 7, 2019 5:52 PM
> To: Pascal Van Leeuwen ; Ard Biesheuvel
>
> Cc: Milan Broz ; Herbert Xu
> ; dm-
> de...@redhat.com; linux-cry...@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz tes
On 7/26/2019 10:59 PM, Horia Geantă wrote:
> On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote:
>> Ok, find below a patch file that adds your vectors from the specification
>> plus my set of additional vectors covering all CTS alignments combined
>> with the block sizes you desired. Please note though
On Sat, 27 Jul 2019 at 19:04, Milan Broz wrote:
>
> On 27/07/2019 07:39, Ard Biesheuvel wrote:
> > Thanks for the additional test vectors. They work fine with my SIMD
> > implementations for ARM [0], so this looks like it might be a CAAM
> > problem, not a problem with the test vectors.
> >
> > I
On 27/07/2019 07:39, Ard Biesheuvel wrote:
> Thanks for the additional test vectors. They work fine with my SIMD
> implementations for ARM [0], so this looks like it might be a CAAM
> problem, not a problem with the test vectors.
>
> I will try to find some time today to run them through OpenSSL t
sheuvel
> > >
> > > Cc: Milan Broz ; Herbert Xu
> > > ; dm-devel@redhat.com; linux-
> > > cry...@vger.kernel.org
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On 7/26/
redhat.com; linux-
> > cry...@vger.kernel.org
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote:
> > > Ok, find below a patch file that adds your vectors from t
> -Original Message-
> From: Horia Geanta
> Sent: Friday, July 26, 2019 9:59 PM
> To: Pascal Van Leeuwen ; Ard Biesheuvel
>
> Cc: Milan Broz ; Herbert Xu
> ; dm-devel@redhat.com; linux-
> cry...@vger.kernel.org
> Subject: Re: [dm-devel] xts fuzz testing and
On 7/26/2019 1:31 PM, Pascal Van Leeuwen wrote:
> Ok, find below a patch file that adds your vectors from the specification
> plus my set of additional vectors covering all CTS alignments combined
> with the block sizes you desired. Please note though that these vectors
> are from our in-house home
Ard,
> -Original Message-
> From: Ard Biesheuvel
> Sent: Thursday, July 25, 2019 10:02 AM
> To: Pascal Van Leeuwen
> Cc: Milan Broz ; Herbert Xu
> ; dm-devel@redhat.com; linux-
> cry...@vger.kernel.org; Horia Geanta
> Subject: Re: [dm-devel] xts fuzz testin
-
> > cry...@vger.kernel.org; Horia Geanta
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > > >
> > > > Actually, that spec has a couple of test vectors. Unfortunately, they
> > > > are all r
> -Original Message-
> From: Ard Biesheuvel
> Sent: Thursday, July 25, 2019 8:22 AM
> To: Pascal Van Leeuwen
> Cc: Milan Broz ; Herbert Xu
> ; dm-devel@redhat.com; linux-
> cry...@vger.kernel.org; Horia Geanta
> Subject: Re: [dm-devel] xts fuzz testing and lac
com; linux-
> > cry...@vger.kernel.org; Horia Geanta
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On Mon, 22 Jul 2019 at 12:44, Pascal Van Leeuwen
> > wrote:
> > >
> > > > -Original Mes
> Cc: Pascal Van Leeuwen ; Herbert Xu
> > > ; dm-devel@redhat.com; linux-
> > > cry...@vger.kernel.org; Horia Geanta
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On Sat, 20 Jul 2019 at
> > ; dm-devel@redhat.com; linux-
> > cry...@vger.kernel.org; Horia Geanta
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On Mon, 22 Jul 2019 at 12:44, Pascal Van Leeuwen
> > wrote:
> > >
> > &g
> Cc: Pascal Van Leeuwen ; Herbert Xu
> > > ; dm-devel@redhat.com; linux-
> > > cry...@vger.kernel.org; Horia Geanta
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On Sat, 20 Jul
t; Cc: Pascal Van Leeuwen ; Herbert Xu
> > > ; dm-devel@redhat.com;
> linux-
> > > cry...@vger.kernel.org; Horia Geanta
> > > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > > support
> > >
> > > On Sat, 20 Jul 2019
gt; > cry...@vger.kernel.org; Horia Geanta
> > Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing
> > support
> >
> > On Sat, 20 Jul 2019 at 10:35, Milan Broz wrote:
> > >
> > > On 20/07/2019 08:58, Eric Biggers wrote:
> > > &g
> -Original Message-
> From: Ard Biesheuvel
> Sent: Sunday, July 21, 2019 11:50 AM
> To: Milan Broz
> Cc: Pascal Van Leeuwen ; Herbert Xu
> ; dm-devel@redhat.com; linux-
> cry...@vger.kernel.org; Horia Geanta
> Subject: Re: [dm-devel] xts fuzz testing and lac
On Sat, 20 Jul 2019 at 10:35, Milan Broz wrote:
>
> On 20/07/2019 08:58, Eric Biggers wrote:
> > On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
> >> Also, I would like to avoid another "just because it is nicer" module
> >> dependence (XTS->XEX->ECB).
> >> Last time (when XTS was rei
Thanks for tellimg me as a user :-)
... learned something :-)
Am 20.07.19 um 09:35 schrieb Milan Broz:
>
> If it is visible to users, it needs some work in userspace - XEX (as XTS)
> need two keys,
> people are already confused enough that 256bit key in AES-XTS means AES-128...
> So the examples
On 20/07/2019 08:58, Eric Biggers wrote:
> On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
>> Also, I would like to avoid another "just because it is nicer" module
>> dependence (XTS->XEX->ECB).
>> Last time (when XTS was reimplemented using ECB) we have many reports with
>> initramfs
On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
>
> > From that perspective - to prevent people from doing cryptographically
> > stupid things -
> > IMHO it would be better to just pull the CTS into the XTS implementation
> > i.e. make
> > xts natively support blocks that are not a m
> -Original Message-
> From: linux-crypto-ow...@vger.kernel.org
> On Behalf Of Milan Broz
> Sent: Thursday, July 18, 2019 9:40 AM
> To: Herbert Xu ; Ard Biesheuvel
>
> Cc: Horia Geanta ; linux-cry...@vger.kernel.org;
> dm-devel@redhat.com
> Subject: Re: xts fuzz testing and lack of cip
> -Original Message-
> From: Ard Biesheuvel
> Sent: Friday, July 19, 2019 7:35 AM
> To: Pascal Van Leeuwen
> Cc: Herbert Xu ; Milan Broz
> ; Horia Geanta ; linux-
> cry...@vger.kernel.org; dm-devel@redhat.com
> Subject: Re: xts fuzz testing and lack of ciphertext stealing support
>
> I
> > In fact, using the current cts template around the current xts template
> > actually does NOT
> > implement standards compliant XTS at all, as the CTS *implementation* for
> > XTS is
> > different from the one for CBC as implemented by the current CTS template.
>
> The template is just a nam
> > > For XTS, you have this additional curve ball being thrown in called the
> > > "tweak".
> > > For encryption, the underlying "xts" would need to be able to chain the
> > > tweak,
> > > from what I've seen of the source the implementation cannot do that.
> >
> > You simply use the underlying
> >
> > Hmmm ... so the generic CTS template would have to figure out whether it is
> > wrapped
> > around ECB, CBC, XTS or whatever and then adjust to that?
>
> That's not hard to do. Right now cts only supports cbc. IOW
> if you pass it anything else it will refuse to instantiate.
>
Ah, I s
On Thu, Jul 18, 2019 at 06:19:24PM +0200, Ard Biesheuvel wrote:
>
> Note that for software algorithms such as the bit sliced NEON
> implementation of AES, which can only operate on 8 AES blocks at a
> time, doing the final 2 blocks sequentially is going to seriously
> impact performance. This means
On Thu, 18 Jul 2019 at 08:52, Herbert Xu wrote:
>
> On Wed, Jul 17, 2019 at 08:08:27PM +0200, Ard Biesheuvel wrote:
> >
> > Since the kernel does not support CTS for XTS any way, and since no
> > AF_ALG users can portably rely on this, I agree with Eric that the
> > only sensible way to address th
On Wed, Jul 17, 2019 at 08:08:27PM +0200, Ard Biesheuvel wrote:
>
> Since the kernel does not support CTS for XTS any way, and since no
> AF_ALG users can portably rely on this, I agree with Eric that the
> only sensible way to address this is to disable this functionality in
> the driver.
But the
48 matches
Mail list logo
