Re: skcipher and aead API question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 05, 2019 at 09:48:53AM +0000, Pascal Van Leeuwen wrote:
> Hi,
> 
> Just browsing through include/crypto/skcipher.h and include/crypto/aead.h I noticed that
> struct skcipher_alg and struct aead_alg define callbacks named 'init' and 'exit' as well as a
> field called 'chunksize'. The inside-secure driver is currently initializing these fields to NULL
> or 0 and that appears to work fine, but the respective heade files mention that all fields
> should be filled in except for 'ivsize' ...
> 
> >From the code I deduce that init and exit are not called if they are null pointers, which is
> fine for me as I have no need for such callbacks, but can I rely on that going forward?
> 
> I also deduce that if chunksize is set to 0, the chunksize will actually be taken from
> cra_blocksize, which is at least fine for block ciphers. Again, can I rely on that?
> If so, I guess I would  still have to set it for CTR modes which have cra_blocksize is 1?

These fields are indeed optional.

> Finally, I noticed that aead.h defines an additional callback 'setauthsize', which the
> driver currently also keeps at NULL and that *seems* to work fine with all current
> testmgr tests ... so I do wonder whether that is a must implement or not?
> And if so, which subset of auth sizes MUST be implemented?

This however must be implemented *if* the underlying algorithm
(IOW refer to the generic implementation) supports them.  The
set of supported values must not be smaller than that of the
generic algorithm.

In practice this shouldn't be a big deal as it's just a matter
of truncating the ICV.

Note that you don't actually need to supply a setauthsize function
if all values (less than maxauthsize are supported).

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux