Am Dienstag, 21. April 2020, 10:08:14 CEST schrieb Ondrej Mosnáček:
Hi Ondrej,
> Hi all,
>
> the libkcapi [1] tests are failing on kernels 5.5-rc1 and above [2].
> All encryption/decryption tests that use 'ctr(aes)' and a message size
> that is not a multiple of 16 fail due to kcapi-enc returning different
> output than expected.
Confirmed.
On the recent kernels, the data generated by kcapi-enc contains trailing zero
bytes for data that is a fraction of the block size.
I think the issue is in the following kernel code in _skcipher_recvmsg:
unsigned int bs = crypto_skcipher_chunksize(tfm);
/*
* If more buffers are to be expected to be processed, process only
* full block size buffers.
*/
if (ctx->more || len < ctx->used)
len -= len % bs;
The kernel truncates the size to be processed to the chunk size. As the
chunksize returns the block size of the underlying cipher (e.g. AES -> 16),
the kernel code will not process non-aligned data.
Herbert, could you help me identifying what exactly was the root cause for the
patch 5b0fe9552336338acb52756daf65dd7a4eeca73f ? I.e. it seems that stream
ciphers made out of a block cipher would not generate the data part that is a
fraction of the block size (e.g. CTR, CTS).
Ciao
Stephan
