Comments (12)
from libkcapi.
Thank you for the hint. I tried to split the input data into 4096-byte (= page size) chunks in IOVECs, but got the following error instead; the gap is even larger:
libkcapi - Error: vmsplice: not all data received by kernel (data received: 32583 -- data sent: 66579)
test-gcm: test-gcm.c:56: main: Assertion `kcapi_aead_stream_update_last(handle, iov, iovlen) >= 0' failed.
from libkcapi.
from libkcapi.
Well, do you use update and op operation must be used in the loop?
I construct a single iovec array with many chunks of data, and call kcapi_aead_stream_update_last
just once. Even if I change the call to kcapi_aead_stream_update
(not _last
), I get the same error.
I'm attaching the test program I'm using:
test-gcm2.c.gz.
from libkcapi.
from libkcapi.
Yet, the kernel has only a limited amount of memory available. The maximum
size is defined with /proc/sys/net/core/optmem_max. When using splice, only
meta data about the memory is kept in the kernel. When using sendmsg, the full
data is copied into the kernel.
I see, thank you for looking into it.
That said, just for testing, can you increase the value in
/proc/sys/net/core/optmem_max and see whether this works?
I'm afraid it doesn't work. With the original program attached (test-gcm.c.gz):
$ cat /proc/sys/net/core/optmem_max
81920
$ expr `cat /proc/sys/net/core/optmem_max` '*' 2 | sudo tee /proc/sys/net/core/optmem_max
163840
$ cat /proc/sys/net/core/optmem_max
163840
$ ./test-gcm
libkcapi - Error: vmsplice: not all data received by kernel (data received: 61255 -- data sent: 66579)
test-gcm: test-gcm.c:44: main: Assertion `kcapi_aead_stream_update_last(handle, iov, 2) >= 0' failed.
I'm trying with the loop approach, but I wonder what input/output data format are expected in the loop, in particular:
- should I send AAD with
_update
every time, - does
_op
return tag every time
?
from libkcapi.
from libkcapi.
In practice, 64KB is sufficient for the use with TLS, as the limit of record size is around 2^14 (16KB). On the other hand, as GnuTLS also provides generic crypto API with in-place encryption/decryption, it would be a bit surprising if the operation fails because of the internal limit.
Is there a way to get the limit accurately before sending data to the kernel? If so, we could fallback to the default implementation based on that.
from libkcapi.
from libkcapi.
from libkcapi.
Thank you, that is awesome! I tried the patch and confirmed that all the GnuTLS tests pass now.
from libkcapi.
Thank you, closing the issue.
from libkcapi.
Related Issues (20)
- Questions about dividing data into chunks HOT 5
- key size fixed at 32 bytes (need 52 for CAAM related "black" keys) HOT 3
- AEAD gcm(aes) decrypt failure HOT 15
- AF_ALG bind error HOT 1
- Kernel API patches Status HOT 3
- Specify key length for kcapi-enc HOT 2
- How to configure the cross compiler toolchain? HOT 1
- Where does the function `kcapi_md_final` implement ? HOT 1
- 1.4.0: test suite failis with `error: clang frontend command failed with exit code 139` HOT 19
- Is `kcapi_handle` thread-safe? HOT 4
- Does LibkcAPI support CFB1/CFB8? HOT 2
- vmsplice() with SPLICE_F_GIFT should not be used on memory allocated from the heap (ie. calloc) HOT 2
- Hang on read call in _kcapi_common_read_data
- Can't get `kcapi_akcipher_init` with `rsa` working locally HOT 6
- Why SHA2-256 is the only hash crypto primitive for KDF in linux kernel crypto? HOT 7
- speed-tests: Bench of Asymmetric Cryptographic Algorithms HOT 3
- coreutils, etc. symlinks created in $PREFIX/libexec/libkcapi HOT 3
- 1.4.0: sha*hmac binaries has been removed? 🤔 HOT 9
- DRBG CAVP Issue HOT 2
- Unable to build on busy box HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libkcapi.