RE: [Bug] Rockchip crypto driver sometimes produces wrong ciphertext

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > Then where is this specified? Because I read through all the Kernel
> > Crypto API documentation multiple times, but I have not been able to
> > find ANY reference to any output IV being stored anywhere.
> > Yes, I can infer from the source code that this is what the standard
> > CBC wrapper does, but that may just as well have been a side-effect of
> > that particular implementation.
>
> Patches to improve the documentation are welcome.
>
How should someone who did not architect the API himself know the
documentation is wrong in this regard?  The documentation is the only thing
I have available to go by ...

> Any drivers not obeying this API rule will be broken when used in conjunction
> with algif_skcipher as well as templates such as cts.
>
Ok, so  removing it breaks some existing functionality, that might  be a valid
reason to keep it in ... BUT these may still not be relevant use cases for a
certain hardware accelerator. Which was NOT a problem until the testmgr
started actually *failing* and *disabling* implementations on these features.
(the iv output is just the tip of the iceberg here, really ...)

So now implementors of hw crypto acceleration have 2 options:
1) tell their customers to keep the run-time self-tests disabled, which makes
them look bad
-or-
2) implement some convoluted work-around in the driver that will slow
down their actual main use cases to the point where the HW becomes useless

It would be nice to have some option in testmgr to just test the core algorithm
itself and not all the nitty gritty corners of the API that may not be relevant
i.e. split off the core algorithm cases (e.g. proper straightforward encryption
of a single block of data with a certain key) from the API cases.
Perhaps a driver could advertise this through some flag: "I'm not fully API
compliant, so just test the algorithm and not any API corner cases". Or even
"please don't test me, I will test myself".

An alternative approach would be capability flags to advertise specific API
features, but I can see how you can quickly go overboard with that.

But please do keep in mind that:
a) These crypto accelerators were NOT designed specifically for the Kernel
Crypto API, in fact, the majority of them predate it by quite some margin.
They may have very specific target use cases, like IPsec acceleration or
disk encryption and not be able to (efficiently) support other API features.
b) Some features are simply NOT suitable for HW acceleration. A HW centric
API would not advertise those, but we are where we are now ...
c) Working around a) or b) in the driver is sometimes possible, but you don't
want to do that for exception cases as it slows down the common case.

Regards,
Pascal







[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux