Re: [RFC][PATCH] XCBC support with new crypto framework

Wed, 09 Aug 2006 04:20:48 -0700 

Thank you for your comment.

OK, I should wait the parameterised CBC change.
I will consider the setkey issue.

On Wed, 9 Aug 2006 20:23:00 +1000
Herbert Xu <[EMAIL PROTECTED]> wrote:

> On Wed, Aug 09, 2006 at 07:14:51PM +0900, Kazunori MIYAZAWA wrote:
> > 
> > I make a patch set of introducing XCBC with your new crypto framework.
> > I checked the patches work well with the tcrypt module.
> > However I can not make sure that I completely understand the API.
> > 
> > So I would appreciate if you would give me some comments.
> 
> It looks great to me!
> 
> > +void crypto_xcbc_digest_final(struct crypto_tfm *parent, u8 *out)
> > +{
> > +   int bs = crypto_tfm_alg_blocksize(parent);
> > +   u8 *prev = crypto_tfm_ctx_aligned(parent);
> > +   u8 *key = prev + bs;
> > +   u8 *consts = key + bs;
> > +   struct crypto_xcbc_ctx *ctx = (struct crypto_xcbc_ctx*)(prev + bs * 5);
> > +   struct crypto_tfm *tfm = ctx->child;
> > +
> > +   if (ctx->len == bs) {
> > +           u8 key2[bs];
> > +
> > +           if ((crypto_cipher_setkey(tfm, key, ctx->keylen)) != 0)
> 
> Setkey is a relatively expensive operation so it's best to not do
> it for every digest operation.  How about keeping two child tfm's,
> one for each key?
> 
> > +   ctx->child = crypto_spawn_tfm(spawn, CRYPTO_TFM_MODE_CBC);
> 
> The mode can go away as soon as I get the parameterised CBC patches
> out (i.e., you'd allocate "cbc(aes)" instead of "aes").
>   
> > diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
> > index 2783d4e..6c48292 100644
> > --- a/net/xfrm/xfrm_algo.c
> > +++ b/net/xfrm/xfrm_algo.c
> > @@ -119,6 +119,24 @@ static struct xfrm_algo_desc aalg_list[]
> >             .sadb_alg_maxbits = 160
> >     }
> >  },
> > +{
> > +   .name = "xcbc(aes)",
> > +   .compat = "aes_xcbc_128",
> 
> No need for a compat name since this never existed before.
> 
> Thanks,
> -- 
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> -
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to [EMAIL PROTECTED]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to