On Mon, Nov 27, 2023 at 02:28:03PM -0800, Eric Biggers wrote: > > As far as I can tell, currently "chaining" is only implemented by CBC and CTR. > So this really seems like an issue in AF_ALG, not the skcipher API per se. > AF_ALG should not support splitting up encryption/decryption operations on > algorithms that don't support it. Yes I can see your view. But it really is only a very small number of algorithms (basically arc4 and chacha) that are currently broken in this way. CTS is similarly broken but for a different reason. Yes we could change the way af_alg operates by removing the ability to process unlimited amounts of data and instead switching to the AEAD model where all data is presented together. However, I think this would be an unnecessary limitation since there is a way to solve the chaining issue for stream ciphers and others such as CTS. So here is my attempt at this, hopefully without causing too much churn or breakage: Herbert Xu (4): crypto: skcipher - Add internal state support crypto: skcipher - Make use of internal state crypto: arc4 - Add internal state crypto: algif_skcipher - Fix stream cipher chaining crypto/algif_skcipher.c | 71 +++++++++++++++++++++++++-- crypto/arc4.c | 8 ++- crypto/cbc.c | 6 ++- crypto/ecb.c | 10 ++-- crypto/lskcipher.c | 42 ++++++++++++---- crypto/skcipher.c | 64 +++++++++++++++++++++++- include/crypto/if_alg.h | 2 + include/crypto/skcipher.h | 100 +++++++++++++++++++++++++++++++++++++- 8 files changed, 280 insertions(+), 23 deletions(-) -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt