GnuPG - Gnutls - Dev - Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Classic

List

Threaded

5 messages Options

Read-only notification of GnuTLS library development activities

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

GitLab

Stephan Mueller started a new discussion on lib/accelerated/afalg.c:

  		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
  	memcpy(ctx->iv, iv, iv_size);
 +	if(!ctx->encdec){

Sorry for the nit (and I guess you have tested it), but the afalg_cipher_init parameter is called enc - I would interpret that it contains 1 for encryption and 0 for decryption. If my interpretation would be correct, isn't this here a reversion of the logic?

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel

Read-only notification of GnuTLS library development activities

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

 GitLab










Stephan Mueller
started a new
discussion on lib/accelerated/afalg.c:




116


140


 				void *dst, size_t dst_size)





117


141


 {





118


142


 	struct kcapi_ctx *ctx = _ctx;





 


143


+	struct iovec iov;





119


144


 





120


 


-	if (kcapi_cipher_decrypt(ctx->handle, src, src_size, ctx->iv,





121


 


-				 dst,





122


 


-				 (src_size > dst_size) ? dst_size : src_size,





123


 


-				 0) < 0) {





 


145


+	iov.iov_base = (void *)src;





 


146


+	iov.iov_len = src_size;





 


147


+





 


148


+





 


149


+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {






aead ? I guess you want to use the cipher API?






—


Reply to this email directly or view it on GitLab.


You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
unsubscribe
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_543276187"}}</script>







_______________________________________________

Gnutls-devel mailing list

[hidden email]

http://lists.gnupg.org/mailman/listinfo/gnutls-devel
  				void *dst, size_t dst_size)
+ {
  	struct kcapi_ctx *ctx = _ctx;
 +	struct iovec iov;
 -	if (kcapi_cipher_decrypt(ctx->handle, src, src_size, ctx->iv,
 -				 dst,
 -				 (src_size > dst_size) ? dst_size : src_size,
 -				 0) < 0) {
 +	iov.iov_base = (void *)src;
 +	iov.iov_len = src_size;
++
++
 +	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

Read-only notification of GnuTLS library development activities

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

 				In reply to this post by Read-only notification of GnuTLS library development activities
			
	
		




GitLab










Stephan Mueller
started a new
discussion on lib/accelerated/afalg.c:




100


114


 				void *dst, size_t dst_size)





101


115


 {





102


116


 	struct kcapi_ctx *ctx = _ctx;





 


117


+	struct iovec iov;





 


118


+





 


119


+	iov.iov_base = (void *)src;





 


120


+	iov.iov_len = src_size;





 


121


+





 


122


+





 


123


+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {






Just to clarify: Is the GnuTLS API here only providing access to block cipher modes (e.g. CBC)? Or do we also have stream-cipher modes (CTR, CTS)?
Note, in case of stream ciphers, the call kcapi_cipher_stream_update_last() is necessary to handle the last block that may not be a multiple of the block size any more.
How does GnuTLS the case of stream ciphers when invoking the enc/dec operation multiple times?






—


Reply to this email directly or view it on GitLab.


You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
unsubscribe
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_543279568"}}</script>







_______________________________________________

Gnutls-devel mailing list

[hidden email]

http://lists.gnupg.org/mailman/listinfo/gnutls-devel
  				void *dst, size_t dst_size)
+ {
  	struct kcapi_ctx *ctx = _ctx;
 +	struct iovec iov;
++
 +	iov.iov_base = (void *)src;
 +	iov.iov_len = src_size;
++
++
 +	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

Read-only notification of GnuTLS library development activities

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

 				In reply to this post by Read-only notification of GnuTLS library development activities
			
	
		




GitLab










František Krenželok
commented on a
discussion on lib/accelerated/afalg.c:




100


114


 				void *dst, size_t dst_size)





101


115


 {





102


116


 	struct kcapi_ctx *ctx = _ctx;





 


117


+	struct iovec iov;





 


118


+





 


119


+	iov.iov_base = (void *)src;





 


120


+	iov.iov_len = src_size;





 


121


+





 


122


+





 


123


+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {






You are right, i have made the mistake with using the aead instead of cipher here.
Regarding ..update_last() would it be sufficient to check the size of the message and call it only when it differs from the block size as GnuTLS doesn't indicate last message (as of my knowledge)






—


Reply to this email directly or view it on GitLab.


You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
unsubscribe
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_546345190"}}</script>







_______________________________________________

Gnutls-devel mailing list

[hidden email]

http://lists.gnupg.org/mailman/listinfo/gnutls-devel
  				void *dst, size_t dst_size)
+ {
  	struct kcapi_ctx *ctx = _ctx;
 +	struct iovec iov;
++
 +	iov.iov_base = (void *)src;
 +	iov.iov_len = src_size;
++
++
 +	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

Read-only notification of GnuTLS library development activities

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

In reply to this post by Read-only notification of GnuTLS library development activities

GitLab

František Krenželok commented on a discussion on lib/accelerated/afalg.c:

  		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
  	memcpy(ctx->iv, iv, iv_size);
 +	if(!ctx->encdec){

Actually it is 0 for encryption and 1 for decryption so the inverse logic should be alright.

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel