Re: Possible issue with new inauthentic AEAD in extended crypto tests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 7, 2020 at 2:30 PM Stephan Mueller <smueller@xxxxxxxxxx> wrote:
>
> Am Freitag, 7. Februar 2020, 12:50:51 CET schrieb Gilad Ben-Yossef:
>
> Hi Gilad,
>
> >
> > It is correct, but is it smart?
> >
> > Either we require the same IV to be passed twice as we do today, in which
> > case passing different IV should fail in a predictable manner OR we should
> > define the operation is taking two IV like structures - one as the IV and
> > one as bytes in the associated data and have the IPsec code use it in a
> > specific way of happen to pass the same IV in both places.
> >
> > I don't care either way - but right now the tests basically relies on
> > undefined behaviour
> > which is always a bad thing, I think.
>
> I am not sure about the motivation of this discussion: we have exactly one
> user of the RFC4106 implementation: IPSec. Providing the IV/AAD is efficient
> as the rfc4106 template intents to require the data in a format that requires
> minimal processing on the IPSec side to bring it in the right format.
>

The motivation for this discussion is that our current test suite for
RFC4106 generates test messages where req->iv is different than the
copy in the associated data.
This is not per my interpretation of RFC 4106, this is not the API as
is described in the header files and finally it is not per the use
case of the single user of RFC 4106 in the kernel and right now these
tests
causes the ccree driver to fail these tests.

Again, I am *not* suggesting or discussing changing the API.

I am asking the very practical question if it makes sense to me to
delve into understanding why this use case is failing versus fixing
the test suite to  test what we actually use.

Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

values of β will give rise to dom!




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux