From: Joy Latten Subject: Re: [PATCH 1/1]: CTR mode implementation Date: Fri, 21 Sep 2007 19:15:02 -0500 Message-ID: <1190420102.2477.53.camel@faith.austin.ibm.com> References: <200708301614.l7UGEj44031217@faith.austin.ibm.com> <20070919130615.GA20468@gondor.apana.org.au> <1190242276.15699.996.camel@faith.austin.ibm.com> <20070920081920.GA31211@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: linux-crypto@vger.kernel.org, tgraf@suug.ch To: Herbert Xu Return-path: Received: from e3.ny.us.ibm.com ([32.97.182.143]:48424 "EHLO e3.ny.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753084AbXIVASq (ORCPT ); Fri, 21 Sep 2007 20:18:46 -0400 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e3.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id l8M0Ig5p005149 for ; Fri, 21 Sep 2007 20:18:42 -0400 Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v8.5) with ESMTP id l8M0Iggo545382 for ; Fri, 21 Sep 2007 20:18:42 -0400 Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id l8M0IgUe004852 for ; Fri, 21 Sep 2007 20:18:42 -0400 In-Reply-To: <20070920081920.GA31211@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Thu, 2007-09-20 at 16:19 +0800, Herbert Xu wrote: > On Wed, Sep 19, 2007 at 05:51:15PM -0500, Joy Latten wrote: > > > > predictability into my sessions? I could truncate the salt > > in my counter block to 2 bytes and put 2 bytes of the IV for > > blocksizes of 8... does that sound, ok? > > Or am I totally misunderstanding it all? > > I suggest that you make these parameters to your CTR template. > So instead of requesting for "ctr(aes)", you could request for > "ctr(aes, 4, 8)" where 4 is the length of the nonce in the > counter block and 8 is the length of the IV. The counter > itself would then be calculated as block_size - 4 - 8. > Ok, pretty much had this coded up when it dawned on me maybe I should include the nonce as parameter too. Whenever you use ctr, it is a given you need the nonce. Couldn't the user of the api, separate the nonce from the key and pass it in the template? It would solve my problem about sometimes the keylen is bigger than max-key-length for the algorithm with the additional bytes for nonce. So, I could pass in ctr(aes, nonce, noncesize, ivsize). Let me know if this sounds ok or did I miss something important? > > > > +static int crypto_ctr_encrypt(struct blkcipher_desc *desc, > > > > + struct scatterlist *dst, struct scatterlist *src, > > > > + unsigned int nbytes) > > > > +{ > > > > + struct blkcipher_walk walk; > > > > + struct crypto_blkcipher *tfm = desc->tfm; > > > > + struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm); > > > > + struct crypto_cipher *child = ctx->child; > > > > + u8 *counterblk = ctx->ctrblk; > > > > > > We need to support simultaneous calls to the same tfm so you > > > need to allocate this somewhere else. Just use the original > > > IV since it should be of the right length. > > > > Just to make sure I understand what you meant, you mean just use > > ctx->ctrblk directly? > > No I mean that you can't use anything from the ctx as the same > ctx may be used by multiple calls at the same time. You'd have > to allocate it on the stack or via kmalloc. > Ok, I get it. Thanks. :-) I will try using the original IV as you first suggested. Joy