Re: [PATCH] crypto: doc - improve the skcipher API example code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> Rewrite the skcipher API example, changing it to encrypt a buffer with
> AES-256-XTS.  This addresses various problems with the previous example:
> 
> - It requests a specific driver "cbc-aes-aesni", which is unusual.
>  Normally users ask for "cbc(aes)", not a specific driver.
> 
> - It encrypts only a single AES block.  For the reader, that doesn't
>  clearly distinguish the "skcipher" API from the "cipher" API.
> 
> - Showing how to encrypt something with bare CBC is arguably a poor
>  choice of example, as it doesn't follow modern crypto trends.  Now,
>  usually authenticated encryption is recommended, in which case the
>  user would use the AEAD API, not skcipher.  Disk encryption is still a
>  legitimate use for skcipher, but for that usually XTS is recommended.
> 
> - Many other bugs and poor coding practices, such as not setting
>  CRYPTO_TFM_REQ_MAY_SLEEP, unnecessarily allocating a heap buffer for
>  the IV, unnecessary NULL checks, using a pointless wrapper struct, and
>  forgetting to set an error code in one case.
> 
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> Documentation/crypto/api-samples.rst | 176 ++++++++++++---------------
> 1 file changed, 77 insertions(+), 99 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux