Am Dienstag, 5. Mai 2020, 09:58:35 CEST schrieb Herbert Xu:
Hi Herbert,
> On Tue, Apr 21, 2020 at 10:08:14AM +0200, Ondrej Mosnáček wrote:
> > Hi all,
> >
> > the libkcapi [1] tests are failing on kernels 5.5-rc1 and above [2].
> > All encryption/decryption tests that use 'ctr(aes)' and a message size
> > that is not a multiple of 16 fail due to kcapi-enc returning different
> > output than expected.
> >
> > It seems that it started with:
> > commit 5b0fe9552336338acb52756daf65dd7a4eeca73f
> > Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> > Date: Tue Sep 10 11:42:05 2019 +1000
> >
> > crypto: algif_skcipher - Use chunksize instead of blocksize
> >
> > Reverting the above commit makes the tests pass again.
> >
> > Here is a one-line reproducer:
> > head -c 257 /dev/zero | kcapi-enc -vvv --pbkdfiter 1 -p "passwd" -s
> > "123" -e -c "ctr(aes)" --iv "0123456789abcdef0123456789abcdef"
> >
> > >/dev/null
> >
> > Output without revert:
> > [...]
> > libkcapi - Debug: AF_ALG: recvmsg syscall returned 256
> > kcapi-enc - Verbose: Removal of padding disabled
> > kcapi-enc - Verbose: 256 bytes of ciphertext created
>
> OK, I tried it here and the problem is that kcapi-enc is setting
> the flag SPLICE_F_MORE:
>
> splice(4, NULL, 6, NULL, 257, SPLICE_F_MORE) = 257
> write(2, "libkcapi - Debug: AF_ALG: splice"..., 54libkcapi - Debug: AF_ALG:
> splice syscall returned 257 ) = 54
> write(2, "kcapi-enc - Debug: Data size exp"..., 59kcapi-enc - Debug: Data
> size expected to be generated: 257 ) = 59
> recvmsg(6, {msg_name=NULL, msg_namelen=0,
> msg_iov=[{iov_base="\363\212\340S\r\231\371+\234\320\"\360}%\244\242.\365iJ
> \304\257\210\f\366\20\257'F\5EP"..., iov_len=257}], msg_iovlen=1,
> msg_controllen=0, msg_flags=0}, 0) = 256
>
> That flag means that the request is not finished and because of
> the way CTR works we must wait for more input before returning
> the next block (or partial block).
>
> So kcapi-enc needs to unset the SPLICE_F_MORE to finish a request.
Thanks a lot, let me work on that.
>
> Cheers,
Ciao
Stephan
