Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface

From: Andrew Zaborowski
Date: Thu Jun 16 2016 - 10:59:40 EST

Next message: Tomas Winkler: "[char-misc-next 6/8] mei: add file pointer to the host client structure"
Previous message: Tomas Winkler: "[char-misc-next 8/8] mei: amthif: drop mei_clear_lists function"
In reply to: Stephan Mueller: "Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface"
Next in thread: Stephan Mueller: "Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Stephan,

On 16 June 2016 at 10:05, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> Am Dienstag, 14. Juni 2016, 09:42:34 schrieb Andrew Zaborowski:
>
> Hi Andrew,
>
>> >
>> > I think we have agreed on dropping the length enforcement at the interface
>> > level.
>>
>> Separately from this there's a problem with the user being unable to
>> know if the algorithm is going to fail because of destination buffer
>> size != key size (including kernel users). For RSA, the qat
>> implementation will fail while the software implementation won't. For
>> pkcs1pad(...) there's currently just one implementation but the user
>> can't assume that.
>
> If I understand your issue correctly, my initial code requiring the caller to
> provide sufficient memory would have covered the issue, right?

This isn't an issue with AF_ALG, I should have changed the subject
line perhaps. In this case it's an inconsistency between some
implementations and the documentation (header comment). It affects
users accessing the cipher through AF_ALG but also directly.

> If so, we seem
> to have implementations which can handle shorter buffer sizes and some which
> do not. Should a caller really try to figure the right buffer size out? Why
> not requiring a mandatory buffer size and be done with it? I.e. what is the
> gain to allow shorter buffer sizes (as pointed out by Mat)?

It's that client code doesn't need an intermediate layer with an
additional buffer and a memcpy to provide a sensible API. If the code
wants to decrypt a 32-byte Digest Info structure with a given key or a
reference to a key it makes no sense, logically or in terms of
performance, for it to provide a key-sized buffer.

In the case of the userspace interface I think it's also rare for a
recv() or read() on Linux to require a buffer larger than it's going
to use, correct me if i'm wrong. (I.e. fail if given a 32-byte
buffer, return 32 bytes of data anyway) Turning your questino around
is there a gain from requiring larger buffers?

Best regards

Next message: Tomas Winkler: "[char-misc-next 6/8] mei: add file pointer to the host client structure"
Previous message: Tomas Winkler: "[char-misc-next 8/8] mei: amthif: drop mei_clear_lists function"
In reply to: Stephan Mueller: "Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface"
Next in thread: Stephan Mueller: "Re: [PATCH v6 3/6] crypto: AF_ALG -- add asymmetric cipher interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]