On Mon, Oct 22, 2007 at 04:01:18PM -0500, Joy Latten wrote: > > So ctr(aes,0,16,4) would indicate to use last 4 bytes > of IV for counter. > > Does this seem ok? Yeah that looks fine. Although GCM also has a salt/IV split so it'd use ctr(aes,4,12,4). > Would there be some concern of user initializing counter, > because it could be initialized to a high number... then > counter could rapidly rollover? Would this be a problem? > If so, then we could use entire counterblock for counter > in this instance and not allow user to specify countersize... Rolling over is not the issue. What would be a problem is if it rolls over to the same value. However, that would require (for a 4-byte counter block) 2^32 blocks of data. I think it's sufficient to let the caller worry about issues like this. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
