Implement CTS wrapper for CBC mode required for support of AES
encryption support for Kerberos (rfc3962).
Signed-off-by: Kevin Coffman <[email protected]>
---
crypto/Kconfig | 11 ++
crypto/Makefile | 1
crypto/cts.c | 347 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/tcrypt.c | 16 ++-
crypto/tcrypt.h | 209 +++++++++++++++++++++++++++++++++
5 files changed, 582 insertions(+), 2 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index c3166a1..375d269 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -212,6 +212,17 @@ config CRYPTO_CTR
CTR: Counter mode
This block cipher algorithm is required for IPSec.
+config CRYPTO_CTS
+ tristate "CTS support"
+ select CRYPTO_BLKCIPHER
+ help
+ CTS: Cipher Text Stealing
+ This is the Cipher Text Stealing mode as described by
+ Section 8 of rfc2040 and referenced by rfc3962.
+ (rfc3962 includes errata information in its Appendix A)
+ This mode is required for Kerberos gss mechanism support
+ for AES encryption.
+
config CRYPTO_GCM
tristate "GCM/GMAC support"
select CRYPTO_CTR
diff --git a/crypto/Makefile b/crypto/Makefile
index 48c7583..1b95dec 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -35,6 +35,7 @@ obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
+obj-$(CONFIG_CRYPTO_CTS) += cts.o
obj-$(CONFIG_CRYPTO_LRW) += lrw.o
obj-$(CONFIG_CRYPTO_XTS) += xts.o
obj-$(CONFIG_CRYPTO_CTR) += ctr.o
diff --git a/crypto/cts.c b/crypto/cts.c
new file mode 100644
index 0000000..6fe968a
--- /dev/null
+++ b/crypto/cts.c
@@ -0,0 +1,347 @@
+/*
+ * CTS: Cipher Text Stealing mode
+ *
+ * COPYRIGHT (c) 2008
+ * The Regents of the University of Michigan
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization. If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+/* Derived from various:
+ * Copyright (c) 2006 Herbert Xu <[email protected]>
+ */
+
+/*
+ * This is the Cipher Text Stealing mode as described by
+ * Section 8 of rfc2040 and referenced by rfc3962.
+ * rfc3962 includes errata information in its Appendix A.
+ */
+
+#include <crypto/algapi.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/log2.h>
+#include <linux/module.h>
+#include <linux/scatterlist.h>
+#include <crypto/scatterwalk.h>
+#include <linux/slab.h>
+
+struct crypto_cts_ctx {
+ struct crypto_blkcipher *child;
+};
+
+static int crypto_cts_setkey(struct crypto_tfm *parent, const u8 *key,
+ unsigned int keylen)
+{
+ struct crypto_cts_ctx *ctx = crypto_tfm_ctx(parent);
+ struct crypto_blkcipher *child = ctx->child;
+ int err;
+
+ crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+ crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_blkcipher_setkey(child, key, keylen);
+ crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
+ CRYPTO_TFM_RES_MASK);
+ return err;
+}
+
+static int cts_cbc_encrypt(struct crypto_cts_ctx *ctx,
+ struct blkcipher_desc *desc,
+ struct scatterlist *dst,
+ struct scatterlist *src,
+ unsigned int offset,
+ unsigned int nbytes)
+{
+ int bsize = crypto_blkcipher_blocksize(desc->tfm);
+ u8 tmp[bsize], tmp2[bsize];
+ struct blkcipher_desc lcldesc;
+ struct scatterlist sgsrc[1], sgdst[1];
+ int lastn = nbytes - bsize;
+ u8 iv[bsize];
+ u8 s[bsize * 2], d[bsize * 2];
+ int err;
+
+ if (lastn < 0)
+ return -EINVAL;
+
+ memset(s, 0, sizeof(s));
+ scatterwalk_map_and_copy(s, src, offset, nbytes, 0);
+
+ memcpy(iv, desc->info, bsize);
+
+ lcldesc.tfm = ctx->child;
+ lcldesc.info = iv;
+ lcldesc.flags = desc->flags;
+
+ sg_set_buf(&sgsrc[0], s, bsize);
+ sg_set_buf(&sgdst[0], tmp, bsize);
+ err = crypto_blkcipher_encrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
+
+ memcpy(d + bsize, tmp, lastn);
+
+ lcldesc.info = tmp;
+
+ sg_set_buf(&sgsrc[0], s + bsize, bsize);
+ sg_set_buf(&sgdst[0], tmp2, bsize);
+ err = crypto_blkcipher_encrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
+
+ memcpy(d, tmp2, bsize);
+
+ scatterwalk_map_and_copy(d, dst, offset, nbytes, 1);
+
+ memcpy(desc->info, tmp2, bsize);
+
+ return err;
+}
+
+static int crypto_cts_encrypt(struct blkcipher_desc *desc,
+ struct scatterlist *dst, struct scatterlist *src,
+ unsigned int nbytes)
+{
+ struct crypto_cts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
+ int bsize = crypto_blkcipher_blocksize(desc->tfm);
+ int tot_blocks = (nbytes + bsize - 1) / bsize;
+ int cbc_blocks = tot_blocks > 2 ? tot_blocks - 2 : 0;
+ struct blkcipher_desc lcldesc;
+ int err;
+
+ lcldesc.tfm = ctx->child;
+ lcldesc.info = desc->info;
+ lcldesc.flags = desc->flags;
+
+ if (tot_blocks == 1) {
+ err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, bsize);
+ } else if (nbytes <= bsize * 2) {
+ err = cts_cbc_encrypt(ctx, desc, dst, src, 0, nbytes);
+ } else {
+ /* do normal function for tot_blocks - 2 */
+ err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src,
+ cbc_blocks * bsize);
+ if (err == 0) {
+ /* do cts for final two blocks */
+ err = cts_cbc_encrypt(ctx, desc, dst, src,
+ cbc_blocks * bsize,
+ nbytes - (cbc_blocks * bsize));
+ }
+ }
+
+ return err;
+}
+
+static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
+ struct blkcipher_desc *desc,
+ struct scatterlist *dst,
+ struct scatterlist *src,
+ unsigned int offset,
+ unsigned int nbytes)
+{
+ int bsize = crypto_blkcipher_blocksize(desc->tfm);
+ u8 tmp[bsize];
+ struct blkcipher_desc lcldesc;
+ struct scatterlist sgsrc[1], sgdst[1];
+ int lastn = nbytes - bsize;
+ u8 iv[bsize];
+ u8 s[bsize * 2], d[bsize * 2];
+ int err;
+
+ if (lastn < 0)
+ return -EINVAL;
+
+ scatterwalk_map_and_copy(s, src, offset, nbytes, 0);
+
+ lcldesc.tfm = ctx->child;
+ lcldesc.info = iv;
+ lcldesc.flags = desc->flags;
+
+ /* 1. Decrypt Cn-1 (s) to create Dn (tmp)*/
+ memset(iv, 0, sizeof(iv));
+ sg_set_buf(&sgsrc[0], s, bsize);
+ sg_set_buf(&sgdst[0], tmp, bsize);
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
+ if (err)
+ return err;
+ /* 2. Pad Cn with zeros at the end to create C of length BB */
+ memset(iv, 0, sizeof(iv));
+ memcpy(iv, s + bsize, lastn);
+ /* 3. Exclusive-or Dn (tmp) with C (iv) to create Xn (tmp) */
+ crypto_xor(tmp, iv, bsize);
+ /* 4. Select the first Ln bytes of Xn (tmp) to create Pn */
+ memcpy(d + bsize, tmp, lastn);
+
+ /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
+ memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
+ /* 6. Decrypt En to create Pn-1 */
+ memset(iv, 0, sizeof(iv));
+ sg_set_buf(&sgsrc[0], s + bsize, bsize);
+ sg_set_buf(&sgdst[0], d, bsize);
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
+
+ /* XXX xor with previous block ?? */
+ crypto_xor(d, desc->info, bsize);
+
+ scatterwalk_map_and_copy(d, dst, offset, nbytes, 1);
+
+ memcpy(desc->info, s, bsize);
+ return err;
+}
+
+static int crypto_cts_decrypt(struct blkcipher_desc *desc,
+ struct scatterlist *dst, struct scatterlist *src,
+ unsigned int nbytes)
+{
+ struct crypto_cts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
+ int bsize = crypto_blkcipher_blocksize(desc->tfm);
+ int tot_blocks = (nbytes + bsize - 1) / bsize;
+ int cbc_blocks = tot_blocks > 2 ? tot_blocks - 2 : 0;
+ struct blkcipher_desc lcldesc;
+ int err;
+
+ lcldesc.tfm = ctx->child;
+ lcldesc.info = desc->info;
+ lcldesc.flags = desc->flags;
+
+ if (tot_blocks == 1) {
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, bsize);
+ } else if (nbytes <= bsize * 2) {
+ err = cts_cbc_decrypt(ctx, desc, dst, src, 0, nbytes);
+ } else {
+ /* do normal function for tot_blocks - 2 */
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src,
+ cbc_blocks * bsize);
+ if (err == 0) {
+ /* do cts for final two blocks */
+ err = cts_cbc_decrypt(ctx, desc, dst, src,
+ cbc_blocks * bsize,
+ nbytes - (cbc_blocks * bsize));
+ }
+ }
+ return err;
+}
+
+static int crypto_cts_init_tfm(struct crypto_tfm *tfm)
+{
+ struct crypto_instance *inst = (void *)tfm->__crt_alg;
+ struct crypto_spawn *spawn = crypto_instance_ctx(inst);
+ struct crypto_cts_ctx *ctx = crypto_tfm_ctx(tfm);
+ struct crypto_blkcipher *cipher;
+
+ cipher = crypto_spawn_blkcipher(spawn);
+ if (IS_ERR(cipher))
+ return PTR_ERR(cipher);
+
+ ctx->child = cipher;
+ return 0;
+}
+
+static void crypto_cts_exit_tfm(struct crypto_tfm *tfm)
+{
+ struct crypto_cts_ctx *ctx = crypto_tfm_ctx(tfm);
+ crypto_free_blkcipher(ctx->child);
+}
+
+static struct crypto_instance *crypto_cts_alloc(struct rtattr **tb)
+{
+ struct crypto_instance *inst;
+ struct crypto_alg *alg;
+ int err;
+
+ err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
+ if (err)
+ return ERR_PTR(err);
+
+ alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_BLKCIPHER,
+ CRYPTO_ALG_TYPE_MASK);
+ err = PTR_ERR(alg);
+ if (IS_ERR(alg))
+ return ERR_PTR(err);
+
+ inst = ERR_PTR(-EINVAL);
+ if (!is_power_of_2(alg->cra_blocksize))
+ goto out_put_alg;
+
+ inst = crypto_alloc_instance("cts", alg);
+ if (IS_ERR(inst))
+ goto out_put_alg;
+
+ inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
+ inst->alg.cra_priority = alg->cra_priority;
+ inst->alg.cra_blocksize = alg->cra_blocksize;
+ inst->alg.cra_alignmask = alg->cra_alignmask;
+ inst->alg.cra_type = &crypto_blkcipher_type;
+
+ /* We access the data as u32s when xoring. */
+ inst->alg.cra_alignmask |= __alignof__(u32) - 1;
+
+ inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
+ inst->alg.cra_blkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
+ inst->alg.cra_blkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
+
+ inst->alg.cra_blkcipher.geniv = "seqiv";
+
+ inst->alg.cra_ctxsize = sizeof(struct crypto_cts_ctx);
+
+ inst->alg.cra_init = crypto_cts_init_tfm;
+ inst->alg.cra_exit = crypto_cts_exit_tfm;
+
+ inst->alg.cra_blkcipher.setkey = crypto_cts_setkey;
+ inst->alg.cra_blkcipher.encrypt = crypto_cts_encrypt;
+ inst->alg.cra_blkcipher.decrypt = crypto_cts_decrypt;
+
+out_put_alg:
+ crypto_mod_put(alg);
+ return inst;
+}
+
+static void crypto_cts_free(struct crypto_instance *inst)
+{
+ crypto_drop_spawn(crypto_instance_ctx(inst));
+ kfree(inst);
+}
+
+static struct crypto_template crypto_cts_tmpl = {
+ .name = "cts",
+ .alloc = crypto_cts_alloc,
+ .free = crypto_cts_free,
+ .module = THIS_MODULE,
+};
+
+static int __init crypto_cts_module_init(void)
+{
+ return crypto_register_template(&crypto_cts_tmpl);
+}
+
+static void __exit crypto_cts_module_exit(void)
+{
+ crypto_unregister_template(&crypto_cts_tmpl);
+}
+
+module_init(crypto_cts_module_init);
+module_exit(crypto_cts_module_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("CTS-CBC) CipherText Stealing for CBC");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 1ab8c01..103d9e0 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -82,9 +82,8 @@ static char *check[] = {
"des", "md5", "des3_ede", "rot13", "sha1", "sha224", "sha256",
"blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes",
"cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
- "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
"khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
- "camellia", "seed", "salsa20", "lzo", NULL
+ "camellia", "seed", "salsa20", "lzo", "cts", NULL
};
static void hexdump(unsigned char *buf, unsigned int len)
@@ -1301,6 +1300,12 @@ static void do_test(void)
test_cipher("ecb(seed)", DECRYPT, seed_dec_tv_template,
SEED_DEC_TEST_VECTORS);
+ //CTS
+ test_cipher("cts(cbc(aes))", ENCRYPT, cts_mode_enc_tv_template,
+ CTS_MODE_ENC_TEST_VECTORS);
+ test_cipher("cts(cbc(aes))", DECRYPT, cts_mode_dec_tv_template,
+ CTS_MODE_DEC_TEST_VECTORS);
+
test_hash("sha384", sha384_tv_template, SHA384_TEST_VECTORS);
test_hash("sha512", sha512_tv_template, SHA512_TEST_VECTORS);
test_hash("wp512", wp512_tv_template, WP512_TEST_VECTORS);
@@ -1584,6 +1589,13 @@ static void do_test(void)
AES_CCM_DEC_TEST_VECTORS);
break;
+ case 38:
+ test_cipher("cts(cbc(aes))", ENCRYPT, cts_mode_enc_tv_template,
+ CTS_MODE_ENC_TEST_VECTORS);
+ test_cipher("cts(cbc(aes))", DECRYPT, cts_mode_dec_tv_template,
+ CTS_MODE_DEC_TEST_VECTORS);
+ break;
+
case 100:
test_hash("hmac(md5)", hmac_md5_tv_template,
HMAC_MD5_TEST_VECTORS);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index f785e56..548716b 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -7631,6 +7631,215 @@ static struct cipher_testvec salsa20_stream_enc_tv_template[] = {
};
/*
+ * CTS (Cipher Text Stealing) mode tests
+ */
+#define CTS_MODE_ENC_TEST_VECTORS 6
+#define CTS_MODE_DEC_TEST_VECTORS 6
+static struct cipher_testvec cts_mode_enc_tv_template[] = {
+ { /* from rfc3962 */
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 17,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20 },
+ .rlen = 17,
+ .result = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
+ 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
+ 0x97 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 31,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 },
+ .rlen = 31,
+ .result = { 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
+ 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 32,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 },
+ .rlen = 32,
+ .result = { 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 47,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c },
+ .rlen = 47,
+ .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
+ 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 48,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 },
+ .rlen = 48,
+ .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .ilen = 64,
+ .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
+ 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
+ 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e },
+ .rlen = 64,
+ .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
+ 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 },
+ }
+};
+
+static struct cipher_testvec cts_mode_dec_tv_template[] = {
+ { /* from rfc3962 */
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 17,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20 },
+ .ilen = 17,
+ .input = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
+ 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
+ 0x97 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 31,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 },
+ .ilen = 31,
+ .input = { 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
+ 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 32,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 },
+ .ilen = 32,
+ .input = { 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 47,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c },
+ .ilen = 47,
+ .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
+ 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 48,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 },
+ .ilen = 48,
+ .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 },
+ }, {
+ .klen = 16,
+ .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .rlen = 64,
+ .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
+ 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
+ 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e },
+ .ilen = 64,
+ .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
+ 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 },
+ }
+};
+
+/*
* Compression stuff.
*/
#define COMP_BUF_SIZE 512
On Wed, Feb 20, 2008 at 03:25:43PM -0500, Kevin Coffman wrote:
> Implement CTS wrapper for CBC mode required for support of AES
> encryption support for Kerberos (rfc3962).
>
> Signed-off-by: Kevin Coffman <[email protected]>
Great work! The only problem is that I was slow in merging it
so the tcrypt rework got in the way. I've fixed it up with the
following patch.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 6585df0..47bc0ec 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -7630,204 +7630,204 @@ static struct cipher_testvec salsa20_stream_enc_tv_template[] = {
static struct cipher_testvec cts_mode_enc_tv_template[] = {
{ /* from rfc3962 */
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 17,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20 },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20",
.rlen = 17,
- .result = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
- 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
- 0x97 },
+ .result = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4"
+ "\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
+ "\x97",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 31,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20",
.rlen = 31,
- .result = { 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
- 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 },
+ .result = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1"
+ "\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 32,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43",
.rlen = 32,
- .result = { 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 },
+ .result = "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 47,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c",
.rlen = 47,
- .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
- 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 },
+ .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c"
+ "\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 48,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c\x20",
.rlen = 48,
- .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 },
+ .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
+ "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.ilen = 64,
- .input = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
- 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
- 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e },
+ .input = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74"
+ "\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
.rlen = 64,
- .result = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
- 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 },
+ .result = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x48\x07\xef\xe8\x36\xee\x89\xa5"
+ "\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
+ "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
}
};
static struct cipher_testvec cts_mode_dec_tv_template[] = {
{ /* from rfc3962 */
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 17,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20 },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20",
.ilen = 17,
- .input = { 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
- 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
- 0x97 },
+ .input = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4"
+ "\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
+ "\x97",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 31,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20",
.ilen = 31,
- .input = { 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
- 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 },
+ .input = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1"
+ "\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 32,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43",
.ilen = 32,
- .input = { 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 },
+ .input = "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 47,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c",
.ilen = 47,
- .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
- 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 },
+ .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c"
+ "\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 48,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c\x20",
.ilen = 48,
- .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 },
+ .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
+ "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
}, {
.klen = 16,
- .key = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 },
+ .key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
+ "\x74\x65\x72\x69\x79\x61\x6b\x69",
.rlen = 64,
- .result = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
- 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
- 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e },
+ .result = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
+ "\x6c\x69\x6b\x65\x20\x74\x68\x65"
+ "\x20\x47\x65\x6e\x65\x72\x61\x6c"
+ "\x20\x47\x61\x75\x27\x73\x20\x43"
+ "\x68\x69\x63\x6b\x65\x6e\x2c\x20"
+ "\x70\x6c\x65\x61\x73\x65\x2c\x20"
+ "\x61\x6e\x64\x20\x77\x6f\x6e\x74"
+ "\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
.ilen = 64,
- .input = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
- 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 },
+ .input = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
+ "\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+ "\x39\x31\x25\x23\xa7\x86\x62\xd5"
+ "\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+ "\x48\x07\xef\xe8\x36\xee\x89\xa5"
+ "\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
+ "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
+ "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
}
};
Hi Herbert,
Is there an user space API driver wrap around Linux CryptoAPI? I notice
there is OCF-Linux which has an user interface that works with OpenSSL.
It seems to use Linux CryptoAPI if there is no hardware offload with
OCF. In addition, there is a fellow which developed cryptodev patch
around Linux CryptoAPI but it is limited and doesn't support everything
and not compatible with OpenSSL. Are there anything else?
-Loc
On Mon, Mar 24, 2008 at 04:54:16PM -0700, Loc Ho wrote:
> Hi Herbert,
>
> Is there an user space API driver wrap around Linux CryptoAPI? I notice
> there is OCF-Linux which has an user interface that works with OpenSSL.
> It seems to use Linux CryptoAPI if there is no hardware offload with
> OCF. In addition, there is a fellow which developed cryptodev patch
> around Linux CryptoAPI but it is limited and doesn't support everything
> and not compatible with OpenSSL. Are there anything else?
Evgeniy might have an implementation as well.
I haven't had much time to look at this recently, but an fd-based
scheme involving splice could be interesting.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi.
On Tue, Mar 25, 2008 at 11:07:23AM +0800, Herbert Xu ([email protected]) wrote:
> > Is there an user space API driver wrap around Linux CryptoAPI? I notice
> > there is OCF-Linux which has an user interface that works with OpenSSL.
> > It seems to use Linux CryptoAPI if there is no hardware offload with
> > OCF. In addition, there is a fellow which developed cryptodev patch
> > around Linux CryptoAPI but it is limited and doesn't support everything
> > and not compatible with OpenSSL. Are there anything else?
>
> Evgeniy might have an implementation as well.
What I had for acrypto is not very well suitable for what we have right
now, so better create it from scratch.
> I haven't had much time to look at this recently, but an fd-based
> scheme involving splice could be interesting.
Yes, I belive the simpler it is, the better result.
Like creating tfm per opened file descriptor with ability to change
cipher/mode/whatever via ioctl.
--
Evgeniy Polyakov
Hi,
I want this user interface to be compatible with OpenSSL. Therefore, it
musts have the sample API as OpenSSL. Internally, it would wrap around
Linux CryptoAPI instead OCF-Linux. Each file descriptor would allow you
to create any number of cloned fd to create transformation via I/O CTL
call. Let me summary:
1. One sharable fd to issue I/O ctrl
2. I/O ctrl to create transformation on cloned fd
3. I/O ctrl to encrypt/decript/hash (structure of parameter will
determine type of operation)
4. I/O ctrl as below (taken from OCF-Linux):
/*
* done against open of /dev/crypto, to get a cloned descriptor.
* Please use F_SETFD against the cloned descriptor.
*/
#define CRIOGET _IOWR('c', 100, u_int32_t)
#define CRIOASYMFEAT CIOCASYMFEAT
#define CRIOFINDDEV CIOCFINDDEV
/* the following are done against the cloned descriptor */
#define CIOCGSESSION _IOWR('c', 101, struct session_op)
#define CIOCFSESSION _IOW('c', 102, u_int32_t)
#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op)
#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop)
#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op)
Any comments?
-Loc
-----Original Message-----
From: Evgeniy Polyakov [mailto:[email protected]]
Sent: Tuesday, March 25, 2008 5:27 AM
To: Herbert Xu
Cc: Loc Ho; [email protected]
Subject: Re: User Space API for CryptoAPI
Hi.
On Tue, Mar 25, 2008 at 11:07:23AM +0800, Herbert Xu
([email protected]) wrote:
> > Is there an user space API driver wrap around Linux CryptoAPI? I
> > notice there is OCF-Linux which has an user interface that works
with OpenSSL.
> > It seems to use Linux CryptoAPI if there is no hardware offload with
> > OCF. In addition, there is a fellow which developed cryptodev patch
> > around Linux CryptoAPI but it is limited and doesn't support
> > everything and not compatible with OpenSSL. Are there anything else?
>
> Evgeniy might have an implementation as well.
What I had for acrypto is not very well suitable for what we have right
now, so better create it from scratch.
> I haven't had much time to look at this recently, but an fd-based
> scheme involving splice could be interesting.
Yes, I belive the simpler it is, the better result.
Like creating tfm per opened file descriptor with ability to change
cipher/mode/whatever via ioctl.
--
Evgeniy Polyakov
Hi Herbert,
I have a crypto offload driver that has macro's defined as below. They
are autogenerated by hardware tool. Some of them are quite long - even
longer than below example. Would they be a problem in accepting into the
Linux driver tree. They are formed by concat register name with bit
field definition defined by the hardware tool.
Sample:
=======
#define IPE_TKN_CTRL_ADDR 0x100
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_LSB 0
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_MSB 1
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_WIDTH 2
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_MASK 0x3
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_SHIFT_MASK 0x0
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_READ(data) \
(F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_MASK & (unsigned
int)(data))
#define F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_WRITE(data) \
(F_IPE_TKN_CTRL_STAT_ACTIVE_TOKENS_MASK & (unsigned
int)(data))
-Loc
Hi.
On Tue, Mar 25, 2008 at 10:37:23AM -0700, Loc Ho ([email protected]) wrote:
> I want this user interface to be compatible with OpenSSL. Therefore, it
> musts have the sample API as OpenSSL. Internally, it would wrap around
> Linux CryptoAPI instead OCF-Linux. Each file descriptor would allow you
> to create any number of cloned fd to create transformation via I/O CTL
> call. Let me summary:
>
> 1. One sharable fd to issue I/O ctrl
> 2. I/O ctrl to create transformation on cloned fd
> 3. I/O ctrl to encrypt/decript/hash (structure of parameter will
> determine type of operation)
> 4. I/O ctrl as below (taken from OCF-Linux):
Besides the fact, that it is completely non-understandible for me, idea
might look not that bad.
I believe you will create a tf object for each opened file descriptor
and then setup it via ioctls. Probably it is the easiest and simplest
solution, but there are lots of people who believe ioctls should not
exist and instead new system call has to be implemented... So, cook up
your code to be easily transferred from char device ioctl to syscall
interface.
--
Evgeniy Polyakov
Hi,
While creating user space API for Linux Crypto, I have a problem with
large buffer. I am look for suggestion as to how to handle large user
buffer greater than PAGE_SIZE. In the event, call issues an operation
with data larger than PAGE_SIZE, must I create an array of page size
scatterlist? Or can I using just one scatterlist entry?
Would Linux allocates non-continuous memory but use TLB to make them
look continous when calling kmalloc?
-Loc
Hi.
On Thu, Mar 27, 2008 at 02:50:47PM -0700, Loc Ho ([email protected]) wrote:
> While creating user space API for Linux Crypto, I have a problem with
> large buffer. I am look for suggestion as to how to handle large user
> buffer greater than PAGE_SIZE. In the event, call issues an operation
> with data larger than PAGE_SIZE, must I create an array of page size
> scatterlist? Or can I using just one scatterlist entry?
>
> Would Linux allocates non-continuous memory but use TLB to make them
> look continous when calling kmalloc?
With page tables it will be vmalloc(), but that is not what we want,
since hardware requires physical pages and thus will not work with
vmalloced area (without knowing that it was vmalloced), so better split
buffer into pages and link them into scatterlists.
--
Evgeniy Polyakov