[gnutls-devel] GnuTLS | WIP: Add Linux kernel AF_ALG backend (!1404)

[Read-only notification of GnuTLS library development activities]

Stephan Mueller commented on a discussion on lib/accelerated/afalg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_531145303

> +	struct kcapi_ctx *ctx = _ctx;
> +
> +	if (iv_size > kcapi_cipher_ivsize(ctx->handle))
> +		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
> +
> +	memcpy(ctx->iv, iv, iv_size);
> +
> +	return 0;
> +}
> +
> +static int afalg_cipher_encrypt(void *_ctx, const void *src, size_t src_size,
> +				void *dst, size_t dst_size)
> +{
> +	struct kcapi_ctx *ctx = _ctx;
> +
> +	if (kcapi_cipher_encrypt(ctx->handle, src, src_size, ctx->iv,

Ahh, yes - the issue is not an alignment, the issue is that each encrypt call is a standalone cipher operation. Thus, the cipher state (i.e. the IV update by CBC) is not "carried over" to the next encrypt operation.

Here is the example using your code that fixes the issue:

```
	assert(kcapi_cipher_init(&handle, "cbc(aes)", 0) == 0);
	assert(kcapi_cipher_setkey(handle, KEY, sizeof(KEY)) == 0);

	iov.iov_base = PLAINTEXT;
	iov.iov_len = 16;
	assert(kcapi_cipher_stream_init_enc(handle, IV, &iov, 1) == 16);

	iov.iov_base = PLAINTEXT + 16;
	assert(kcapi_cipher_stream_update_last(handle, &iov, 1) == 16);

	iov.iov_base = ciphertext;
	iov.iov_len = sizeof(ciphertext);
	assert(kcapi_cipher_stream_op(handle, &iov, 1) == 32);

	kcapi_cipher_destroy(handle);
```

Take a note on kcapi_cipher_stream_update vs kcapi_cipher_stream_update_last! The _last MUST always be invoked as the final operation.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1404#note_531145303
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210317/8ba872ba/attachment.html>