Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Read-only notification of GnuTLS library development activities
GitLab

Stephan Mueller started a new discussion on lib/accelerated/afalg.c:

92 95
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
93 96
 
94 97
 	memcpy(ctx->iv, iv, iv_size);
98
+	if(!ctx->encdec){

Sorry for the nit (and I guess you have tested it), but the afalg_cipher_init parameter is called enc - I would interpret that it contains 1 for encryption and 0 for decryption. If my interpretation would be correct, isn't this here a reversion of the logic?


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Read-only notification of GnuTLS library development activities
GitLab

Stephan Mueller started a new discussion on lib/accelerated/afalg.c:

116 140
 				void *dst, size_t dst_size)
117 141
 {
118 142
 	struct kcapi_ctx *ctx = _ctx;
143
+	struct iovec iov;
119 144
 
120
-	if (kcapi_cipher_decrypt(ctx->handle, src, src_size, ctx->iv,
121
-				 dst,
122
-				 (src_size > dst_size) ? dst_size : src_size,
123
-				 0) < 0) {
145
+	iov.iov_base = (void *)src;
146
+	iov.iov_len = src_size;
147
+
148
+
149
+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

aead ? I guess you want to use the cipher API?


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

Stephan Mueller started a new discussion on lib/accelerated/afalg.c:

100 114
 				void *dst, size_t dst_size)
101 115
 {
102 116
 	struct kcapi_ctx *ctx = _ctx;
117
+	struct iovec iov;
118
+
119
+	iov.iov_base = (void *)src;
120
+	iov.iov_len = src_size;
121
+
122
+
123
+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

Just to clarify: Is the GnuTLS API here only providing access to block cipher modes (e.g. CBC)? Or do we also have stream-cipher modes (CTR, CTS)?

Note, in case of stream ciphers, the call kcapi_cipher_stream_update_last() is necessary to handle the last block that may not be a multiple of the block size any more.

How does GnuTLS the case of stream ciphers when invoking the enc/dec operation multiple times?


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

František Krenželok commented on a discussion on lib/accelerated/afalg.c:

100 114
 				void *dst, size_t dst_size)
101 115
 {
102 116
 	struct kcapi_ctx *ctx = _ctx;
117
+	struct iovec iov;
118
+
119
+	iov.iov_base = (void *)src;
120
+	iov.iov_len = src_size;
121
+
122
+
123
+	if(kcapi_aead_stream_update(ctx->handle, &iov, 1) < 0) {

You are right, i have made the mistake with using the aead instead of cipher here.

Regarding ..update_last() would it be sufficient to check the size of the message and call it only when it differs from the block size as GnuTLS doesn't indicate last message (as of my knowledge)


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|

Re: [gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

Read-only notification of GnuTLS library development activities
In reply to this post by Read-only notification of GnuTLS library development activities
GitLab

František Krenželok commented on a discussion on lib/accelerated/afalg.c:

92 95
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
93 96
 
94 97
 	memcpy(ctx->iv, iv, iv_size);
98
+	if(!ctx->encdec){

Actually it is 0 for encryption and 1 for decryption so the inverse logic should be alright.


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel