Re: [PATCH v2 00/26]crypto: AES cleanup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 26 Jun 2019 at 06:11, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> On Sat, Jun 22, 2019 at 09:34:01PM +0200, Ard Biesheuvel wrote:
> > This started out as an attempt to provide synchronous SIMD based GCM
> > on 32-bit ARM, but along the way, I ended up changing and cleaning up
> > so many things that it is more of a general AES cleanup now rather than
> > anything else.
> >

...
>
> I'm seeing the following self-tests failures with this patchset applied:
>
> On arm32:
>
> [   20.956118] alg: skcipher: ctr-aes-ce-sync encryption test failed (wrong result) on test vector 0, cfg="random: inplace use_digest nosimd src_divs=[100.0%@+3650] iv_offset=9"
> [   28.344185] alg: skcipher: ctr-aes-neonbs-sync encryption test failed (wrong result) on test vector 0, cfg="random: inplace use_final nosimd src_divs=[16.88%@+3, <flush>39.11%@+1898, <reimport>44.1%@+5] iv_offset=13"
>
> On arm64:
>
> [   15.528433] alg: skcipher: ctr-aes-ce encryption test failed (wrong result) on test vector 0, cfg="random: use_digest nosimd src_divs=[100.0%@+4078]"
> [   20.080914] alg: skcipher: ctr-aes-neon encryption test failed (wrong result) on test vector 0, cfg="random: inplace use_final nosimd src_divs=[50.90%@+255, <flush,nosimd>49.10%@+25]"
>
> Maybe a bug in crypto_ctr_encrypt_walk()?
>

Yes. I was using the skcipher blocksize rather than the chunksize for
the transformation, which is obviously incorrect.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux