mbox series

[0/4] crypto: Fix chaining support for stream ciphers (arc4 only for now)

Message ID ZWbZEnSPIP5aHydB@gondor.apana.org.au
Headers show
Series crypto: Fix chaining support for stream ciphers (arc4 only for now) | expand

Message

Herbert Xu Nov. 29, 2023, 6:24 a.m. UTC 
On Mon, Nov 27, 2023 at 02:28:03PM -0800, Eric Biggers wrote:
>
> As far as I can tell, currently "chaining" is only implemented by CBC and CTR.
> So this really seems like an issue in AF_ALG, not the skcipher API per se.
> AF_ALG should not support splitting up encryption/decryption operations on
> algorithms that don't support it.

Yes I can see your view.  But it really is only a very small number
of algorithms (basically arc4 and chacha) that are currently broken
in this way.  CTS is similarly broken but for a different reason.

Yes we could change the way af_alg operates by removing the ability
to process unlimited amounts of data and instead switching to the
AEAD model where all data is presented together.

However, I think this would be an unnecessary limitation since there
is a way to solve the chaining issue for stream ciphers and others
such as CTS.

So here is my attempt at this, hopefully without causing too much
churn or breakage:

Herbert Xu (4):
  crypto: skcipher - Add internal state support
  crypto: skcipher - Make use of internal state
  crypto: arc4 - Add internal state
  crypto: algif_skcipher - Fix stream cipher chaining

 crypto/algif_skcipher.c   |  71 +++++++++++++++++++++++++--
 crypto/arc4.c             |   8 ++-
 crypto/cbc.c              |   6 ++-
 crypto/ecb.c              |  10 ++--
 crypto/lskcipher.c        |  42 ++++++++++++----
 crypto/skcipher.c         |  64 +++++++++++++++++++++++-
 include/crypto/if_alg.h   |   2 +
 include/crypto/skcipher.h | 100 +++++++++++++++++++++++++++++++++++++-
 8 files changed, 280 insertions(+), 23 deletions(-)