Am Mittwoch, 27. Mai 2015, 17:24:41 schrieb Herbert Xu: Hi Herbert, after testing of the new algif_aead interface, I am wondering about the following changes which seem to alter the way how the tag is supposed to be handled: > - return (ctx->used >= (ctx->aead_assoclen + (ctx->enc ? 0 : as))); > + return ctx->used >= ctx->aead_assoclen + as; This change requires that the buffer handed in by user space always has room for the tag, regardless whether it is needed or not. Is that intended? > - /* add the size needed for the auth tag to be created */ > - outlen += as; > - } else { > - /* output data size is input without the authentication tag */ > - outlen = used - as; The removal of these make me wonder: with those missing, the output of the cipher operation does not have CT || tag (in case of encryption) or PT (in case of encryption. Note, I have updated my user space code to require space for the AD in the output buffer. When reverting those changes with the following patch, the code works nicely. If I do not apply the patch, the beginning of the CT or PT is as expected, but the end is bogus. Also, the tag would be missing. diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 38a6cab..b6af158 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -72,7 +72,7 @@ static inline bool aead_sufficient_data(struct aead_ctx *ctx) { unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx- >aead_req)); - return ctx->used >= ctx->aead_assoclen + as; + return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as); } static void aead_put_sgl(struct sock *sk) @@ -403,13 +403,19 @@ static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, if (!aead_sufficient_data(ctx)) goto unlock; - outlen = used; + if (ctx->enc) { + /* add the size needed for the auth tag to be created */ + outlen = used + as; + } else { + /* output data size is input without the authentication tag */ + outlen = used - as; + } /* * The cipher operation input data is reduced by the associated data * length as this data is processed separately later on. */ - used -= ctx->aead_assoclen + (ctx->enc ? as : 0); + used -= ctx->aead_assoclen; /* convert iovecs of output buffers into scatterlists */ while (iov_iter_count(&msg->msg_iter)) { However, when use those changes and I perform the test of libkcapi/test/kcapi -y -s, I get the following strange crash which i have no idea where to look for the cause (normal sendmsg and vmsplice tests with libkcapi/test/kcapi -y and libkcapi/test/kcapi -y -v work flawless) [ 177.112195] Modules linked in: crypto_user ccm algif_aead(E) af_alg nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack cfg80211 ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 glue_helper ablk_helper microcode joydev pcspkr serio_raw virtio_balloon i2c_piix4 acpi_cpufreq qxl virtio_blk virtio_net drm_kms_helper ttm drm virtio_pci virtio_ring virtio [last unloaded: algif_aead] [ 177.112306] CPU: 1 PID: 2012 Comm: kcapi Tainted: G E 4.0.0+ #228 [ 177.112312] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153950- 04/01/2014 [ 177.112319] task: ffff88007aaa3300 ti: ffff88007c0a4000 task.ti: ffff88007c0a4000 [ 177.112324] RIP: 0010:[<ffffffff8118fb6a>] [<ffffffff8118fb6a>] ksize+0x4a/0xf0 [ 177.112337] RSP: 0018:ffff88007c0a7d98 EFLAGS: 00010286 [ 177.112344] RAX: 00000188000680c0 RBX: ffffeb88000680c0 RCX: 0000000000000000 [ 177.112350] RDX: 0000000000000010 RSI: ffffea0001a033c2 RDI: 000077ff80000000 [ 177.112356] RBP: ffff88007c0a7da8 R08: ffffea0001efa2e0 R09: 0000000000000007 [ 177.112361] R10: ffff880079419bb0 R11: ffff88007aac8b10 R12: 0000000000000010 [ 177.112367] R13: 0000000000000010 R14: ffff88007d0bc920 R15: ffff8800796acc00 [ 177.112375] FS: 00007f2e2fd8a700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000 [ 177.112381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.112386] CR2: ffffeb88000680c0 CR3: 000000007c044000 CR4: 00000000000407e0 [ 177.112402] Stack: [ 177.112407] ffff88007c0a7db8 ffffea0001a033c2 ffff88007c0a7dc8 ffffffff811636bc [ 177.112418] ffff88007c0a7de8 ffff88007c278800 ffff88007c0a7de8 ffffffff81563ddf [ 177.112428] ffff88007c278800 ffff88007a404000 ffff88007c0a7e18 ffffffffa028f694 [ 177.112438] Call Trace: [ 177.112452] [<ffffffff811636bc>] kzfree+0x1c/0x40 [ 177.112478] [<ffffffff81563ddf>] sock_kzfree_s+0x1f/0x60 [ 177.112486] [<ffffffffa028f694>] aead_sock_destruct+0x54/0xa0 [algif_aead] [ 177.112492] [<ffffffff815653b3>] __sk_free+0x23/0x140 [ 177.112497] [<ffffffff815654e9>] sk_free+0x19/0x20 [ 177.112504] [<ffffffffa02812f9>] af_alg_release+0x29/0x30 [af_alg] [ 177.112511] [<ffffffff8156065f>] sock_release+0x1f/0x90 [ 177.112517] [<ffffffff815606e2>] sock_close+0x12/0x20 [ 177.112524] [<ffffffff811ab51c>] __fput+0xdc/0x1f0 [ 177.112531] [<ffffffff811ab67e>] ____fput+0xe/0x10 [ 177.112539] [<ffffffff8106f187>] task_work_run+0xb7/0xf0 [ 177.112545] [<ffffffff81002c31>] do_notify_resume+0x51/0x70 [ 177.112553] [<ffffffff816879bc>] int_signal+0x12/0x17 [ 177.112557] Code: 00 ea ff ff 48 83 ec 08 48 01 f8 48 bf 00 00 00 80 ff 77 00 00 48 0f 42 3d b4 d4 a7 00 48 01 f8 48 c1 e8 0c 48 c1 e0 06 48 01 c3 <48> 8b 03 f6 c4 80 75 56 48 8b 03 a8 80 74 57 48 8b 43 30 48 8b [ 177.112630] RIP [<ffffffff8118fb6a>] ksize+0x4a/0xf0 [ 177.112638] RSP <ffff88007c0a7d98> [ 177.112641] CR2: ffffeb88000680c0 [ 177.112646] ---[ end trace 300af93a757958e4 ]--- -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html