Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

20240511-aes-xts-stream #7522

Merged
merged 10 commits into from
May 15, 2024
Merged

20240511-aes-xts-stream #7522

merged 10 commits into from
May 15, 2024

Conversation

douzzer
Copy link
Contributor

@douzzer douzzer commented May 11, 2024
edited
Loading

add WOLFSSL_AESXTS_STREAM, --enable-aesxts-stream, wc_AesXtsEncryptInit(), wc_AesXtsDecryptInit(), wc_AesXtsEncryptUpdate(), wc_AesXtsDecryptUpdate(), and implement fixes in linuxkm/lkcapi_glue.c to use the streaming API when needed. also added support for 2*192 bit AES-XTS, needed for Linux kernel.

tested with wolfssl-multi-test.sh ... linuxkm-aesxts-cryptonly-aesni-LKCAPI-no-twc-insmod-6.1.73-fortify linuxkm-aesxts-cryptonly-noasm-LKCAPI-no-twc-insmod-6.1.73-fortify super-quick-check, with a 6.1.73-fortify kernel with CONFIG_CRYPTO_MANAGER_DISABLE_TESTS unset and CONFIG_CRYPTO_MANAGER_EXTRA_TESTS set.

note, the Linux kernel crypto test harness tests the new APIs extensively, including fuzz testing.

@douzzer douzzer requested a review from SparkiDev May 11, 2024 07:42
@SparkiDev SparkiDev removed their request for review May 14, 2024 00:10
@douzzer douzzer marked this pull request as ready for review May 14, 2024 06:04
@douzzer
Copy link
Contributor Author

douzzer commented May 14, 2024

retest this please

@douzzer douzzer requested review from dgarske and philljj May 14, 2024 07:02
philljj
philljj previously requested changes May 14, 2024
View reviewed changes
linuxkm/lkcapi_glue.c Show resolved Hide resolved
linuxkm/lkcapi_glue.c Show resolved Hide resolved
linuxkm/lkcapi_glue.c Show resolved Hide resolved
linuxkm/lkcapi_glue.c Outdated Show resolved Hide resolved
wolfcrypt/src/aes.c Show resolved Hide resolved
@dgarske dgarske requested a review from philljj May 14, 2024 17:42
dgarske
dgarske requested changes May 14, 2024
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are the tests for WOLFSSL_AESXTS_STREAM? I see init, update, but not final. What API's are used for that?

@dgarske
Copy link
Contributor

dgarske commented May 14, 2024

add WOLFSSL_AESXTS_STREAM, --enable-aesxts-stream, wc_AesXtsEncryptStart(), wc_AesXtsDecryptStart(), wc_AesXtsEncryptUpdate(), wc_AesXtsDecryptUpdate(), and implement fixes in linuxkm/lkcapi_glue.c to use the streaming API when needed. also added support for 2*192 bit AES-XTS, needed for Linux kernel.

tested with wolfssl-multi-test.sh ... linuxkm-aesxts-cryptonly-aesni-LKCAPI-no-twc-insmod-6.1.73-fortify linuxkm-aesxts-cryptonly-noasm-LKCAPI-no-twc-insmod-6.1.73-fortify super-quick-check, with a 6.1.73-fortify kernel with CONFIG_CRYPTO_MANAGER_DISABLE_TESTS unset and CONFIG_CRYPTO_MANAGER_EXTRA_TESTS set.

note, the Linux kernel crypto test harness tests the new APIs extensively, including fuzz testing.

Please update the PR description. Seems outdated... wc_AesXtsDecryptStart is not the API.

@dgarske
Copy link
Contributor

dgarske commented May 14, 2024

Where are the tests for WOLFSSL_AESXTS_STREAM? I see init, update, but not final. What API's are used for that?

Disregard the final. I see the update does it inline. I see it called in lkcapi_glue.c, but I really want to see a wolfCrypt test added for AES XTS stream before we can merge this.

@dgarske dgarske assigned dgarske and wolfSSL-Bot and unassigned wolfSSL-Bot and SparkiDev May 14, 2024
@douzzer
Copy link
Contributor Author

douzzer commented May 14, 2024

retest this please

douzzer and others added 8 commits May 14, 2024 19:11
@douzzer
add WOLFSSL_AESXTS_STREAM, --enable-aesxts-stream, wc_AesXtsEncryptSt…
70d7b6e 
…art(), wc_AesXtsDecryptStart(), wc_AesXtsEncryptUpdate(), wc_AesXtsDecryptUpdate(), and implement fixes in linuxkm/lkcapi_glue.c to use the streaming API when needed. also added support for 2*192 bit AES-XTS, needed for Linux kernel.
@douzzer
make --enable-linuxkm-lkcapi-register require --enable-experimental, …
3ad5ec4 
…except for the known-good --enable-linuxkm-lkcapi-register="xts(aes)".
@douzzer
wolfcrypt/src/aes.c: add prototypes and linkages for AES_XTS_{encrypt…
9e06524 
…,decrypt}_{start,update}_{avx1,aesni}.
@douzzer
AES-XTS-streaming: refactor API to eliminate caller-supplied tweak_bl…
f874d87 
…ock. instead, caller-supplied iv is used as a readwrite buffer.
@SparkiDev @douzzer
AES-XTS ASM x64: Add Intel x64 implementation of streaming
643f472 
Changed APIs from wc_AesXts*Start -> wc_AesXts*Init.
Enabled ASM for x64 in aes.c.
AesXtsDecryptStart_sw same as AesXtsEncryptStart_sw so changed them to
AesXtsInit_sw.
@douzzer
linuxkm/lkcapi_glue.c: update names of wc_AesXts{En,De}cryptInit().
4f1f7b3 
wolfcrypt/src/aes.c: activate _AesXtsHelper() in AesXts{En,De}cryptUpdate_sw().
@douzzer
wolfcrypt/src/aes.c: de-deduplicate code, AesXts{En,De}crypt_sw() vs …
8392748 
…AesXts{En,De}cryptUpdate_sw().
@douzzer
wolfcrypt/test/test.c: add test coverage for WOLFSSL_AESXTS_STREAM.
2fe366c 
linuxkm/lkcapi_glue.c: typographic cleanups, and failsafe error return constructs when skcipher_walk_virt() returns zero walk.nbytes.

wolfcrypt/src/aes.c: additional comments and inline documentation.

.github/workflows/openvpn.yml: disable test on master branch.
@douzzer
Copy link
Contributor Author

douzzer commented May 15, 2024

retest this please

@douzzer
linuxkm/lkcapi_glue.c: add native test coverage for WOLFSSL_AESXTS_ST…
1469aab 
…REAM.

wolfcrypt/test/test.c:
* add WOLFSSL_AESXTS_STREAM testing to the LARGE_XTS_SZ exercise in aes_xts_128_test().
* add the LARGE_XTS_SZ exercise to aes_xts_256_test().
* add aes_xts_192_test().
* fix -Werror=frame-larger-than=2048 in ed25519_test().
@douzzer douzzer requested a review from dgarske May 15, 2024 06:13
@dgarske dgarske merged commit 92806a6 into wolfSSL:master May 15, 2024
99 checks passed
jefferyq2 pushed a commit to jefferyq2/wolfssl that referenced this pull request Jun 9, 2024
@dgarske @jefferyq2
Merge pull request wolfSSL#7522 from douzzer/20240511-aes-xts-stream
3f1c330 
20240511-aes-xts-stream
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@philljj philljj Awaiting requested review from philljj

Assignees

@dgarske dgarske

@douzzer douzzer

@wolfSSL-Bot wolfSSL-Bot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@douzzer @dgarske @philljj @wolfSSL-Bot @SparkiDev