On Thu, Sep 27, 2007 at 03:54:51PM -0500, Joy Latten wrote:
>
> So, for example,
>
> ctr(aes,4,8)
>
> specifies the counter block will be composed of 4 bytes from a
> nonce and 8 bytes from the IV and 4 bytes for counter, which is set.
Could you please add a check to verify that for
ctr(X,Y,Z)
we have
block_size(X) - Y - Z == 4
Return -EINVAL if this fails.
> 2. it is assumed that plaintext is multiple of blocksize.
Yes blkcipher will fail if there's any left-over.
Sorry, I think I misled you earlier when you asked about the
block size and left-overs.
The block size of ctr(aes,X,Y) should not be that of the block
size of AES. It should instead be 1 as CTR is a stream cipher.
The API currently doesn't allow that but I'll patch it so
that it does :)
> 3. currently nonce is extracted from the last 4 bytes of key.
> Thus keys entered through setkey() have an additional 32 bits.
> This causes problems for 256-bit keys. For example,
> crypto_ablkcipher_setkey() checks the maximum keysize and
> complains about keysize.
> This issue will be taken cared of with the new
> infrastructure/template for combined mode that is planned,
> and appropriate changes will be made to crypto_ctr_setkey()
> and testcases.
You should instead increase min_keysize/max_keysize accordingly.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
