On Mon, Sep 24, 2007 at 07:31:32PM -0500, Joy Latten wrote:
>
> I have another question regarding this change to using a tuple.
> The size of my counter is now, csize = blocksize - (noncesize + ivsize).
> rfc 3686 (CTR-AES for ESP) states in section 4, that the counter
> portion of the counter blo
>> > I suggest that you make these parameters to your CTR template.
>> > So instead of requesting for "ctr(aes)", you could request for
>> > "ctr(aes, 4, 8)" where 4 is the length of the nonce in the
>> > counter block and 8 is the length of the IV. The counter
>> > itself would then be calculated
On Fri, Sep 21, 2007 at 07:15:02PM -0500, Joy Latten wrote:
>
> > I suggest that you make these parameters to your CTR template.
> > So instead of requesting for "ctr(aes)", you could request for
> > "ctr(aes, 4, 8)" where 4 is the length of the nonce in the
> > counter block and 8 is the length of
On Thu, 2007-09-20 at 16:19 +0800, Herbert Xu wrote:
> On Wed, Sep 19, 2007 at 05:51:15PM -0500, Joy Latten wrote:
> >
> > predictability into my sessions? I could truncate the salt
> > in my counter block to 2 bytes and put 2 bytes of the IV for
> > blocksizes of 8... does that sound, ok?
> > Or a
On Wed, Sep 19, 2007 at 05:51:15PM -0500, Joy Latten wrote:
>
> predictability into my sessions? I could truncate the salt
> in my counter block to 2 bytes and put 2 bytes of the IV for
> blocksizes of 8... does that sound, ok?
> Or am I totally misunderstanding it all?
I suggest that you make the
On Wed, 2007-09-19 at 21:06 +0800, Herbert Xu wrote:
> > + do {
> > + /* create keystream */
> > + fn(crypto_cipher_tfm(tfm), dst, ctrblk);
> > + xor_128(dst, src);
>
> You seem to be assuming that the cipher algorithm is AES.
> That's not necessarily the case so
On Thu, Aug 30, 2007 at 11:14:45AM -0500, Joy Latten wrote:
>
> The tcrypt vectors are from rfc 3686. They all pass except for the
> ones with 256-bit keys.
>
> Please let me know if all looks ok or not.
Thanks Joy, it looks pretty good.
Please add a signed-off-by line.
I need to do some surge
This patch implements CTR mode for IPSec.
It is based off of RFC 3686.
Please note:
1. it is assumed that plaintext is multiple of blocksize.
2. currently salt is extracted from the last 4 bytes of key.
Thus keys entered through setkey() have an additional 32 bits.
This causes problems for
