On Thu, Sep 27, 2007 at 03:54:51PM -0500, Joy Latten wrote: > > So, for example, > > ctr(aes,4,8) > > specifies the counter block will be composed of 4 bytes from a > nonce and 8 bytes from the IV and 4 bytes for counter, which is set. Could you please add a check to verify that for ctr(X,Y,Z) we have block_size(X) - Y - Z == 4 Return -EINVAL if this fails. > 2. it is assumed that plaintext is multiple of blocksize. Yes blkcipher will fail if there's any left-over. Sorry, I think I misled you earlier when you asked about the block size and left-overs. The block size of ctr(aes,X,Y) should not be that of the block size of AES. It should instead be 1 as CTR is a stream cipher. The API currently doesn't allow that but I'll patch it so that it does :) > 3. currently nonce is extracted from the last 4 bytes of key. > Thus keys entered through setkey() have an additional 32 bits. > This causes problems for 256-bit keys. For example, > crypto_ablkcipher_setkey() checks the maximum keysize and > complains about keysize. > This issue will be taken cared of with the new > infrastructure/template for combined mode that is planned, > and appropriate changes will be made to crypto_ctr_setkey() > and testcases. You should instead increase min_keysize/max_keysize accordingly. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
