Re: [PATCH/proposal] dm-crypt: add digest-based iv generation mode

From: Jean-Luc Cooke
Date: Tue Feb 24 2004 - 17:57:16 EST


On Tue, Feb 24, 2004 at 05:17:12PM -0500, James Morris wrote:
> On Tue, 24 Feb 2004, Jean-Luc Cooke wrote:
>
> > The two patches are:
> > - http://jlcooke.ca/lkml/ctr_and_omac.patch
> > (added ctr to cipher.c and omac.c)
> > Using the init/update/final interface.
> > - http://jlcooke.ca/lkml/ctr_and_omac2.patch
> > (added ctr to cipher.c and integrated OMAC into all
> > existing modes of operation. If cipher_tfm.cit_omac!=NULL, OMAC is stored
> > into cipher_tfm.cit_omac)
>
> Looks good so far, although the duplicated scatterwalk code needs to be
> put into a separate file (e.g. scatterwalk.c).

OK. So which patch do you want? :) The omac.c with scatterwalk, or the
cipher.c with omac performed in-place when needed?

> > ps. Will crypto_cipher_encrypt/crypto_cipher_decrypt *always* be called in
> > onesies? I need to perform come final() code on the OMAC before it's
> > ready to pass test vectors - how do I know when we're done?
>
> I don't understand what you mean here.

finish_omac() needs to be called once all data is processed. How do I know
for sure the caller is done with this cipher context instance?

For example:
loop {
/* get more data into sgin */
crypto_cipher_encrypt(tfm, sgout, sgin, len);
/* send our data out of sgout */
}
/* get the 128bit OMAC and send it since we're done with all our encryption */

And decryption:
loop {
/* get more data into sgin */
crypto_cipher_decrypt(tfm, sgout, sgin, len);
/* send our data out of sgout */
}
/* get the 128bit OMAC and compare it with transmitted OMAC since we're done
with all our decryption */

There is no explicit/implicit "crypto_cipher_encrypt_final()" to inform the
API to finalise the OMAC.

> Thanks for all this work!

Gladly. Makes the beer at the pub go down with less guilt when I can say my
name has appear in one more kernel source file. :)

JLC

--
http://www.certainkey.com
Suite 4560 CTTC
1125 Colonel By Dr.
Ottawa ON, K1S 5B6
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/