Re: [PATCH] crypto: don't raise alarm for no ctr(aes*) tests infips mode

From: Herbert Xu
Date: Mon May 04 2009 - 21:09:06 EST


On Mon, May 04, 2009 at 02:56:58PM -0400, Jarod Wilson wrote:
>
> Ah... Now I think I see... We can provide an initial counter w/o a
> problem, but counter incrementation is implementation-specific, so

Not in Linux. If you're going to provide ctr you'd better increment
in the way the current implementation does it. Otherwise anything
that wraps around it, such as RFC3686 will fail.

Another way to put it, only the counter mode as used in RFC 3686,
CCM and GCM is what we call ctr.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/