Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
On Mon, 2010-04-05 at 19:04 +0200, Sebastian Andrzej Siewior wrote: +module_init(arc4_init); +module_exit(arc4_exit); I'm feelings uneasy about using the same module init/exit functions names in arc4blk.c and arc4cip.c. Even though it doesn't break for me on x86_64 (whether I'm compiling modules or a solid kernel), and even though the potential name conflict is temporary until arc4cip.c is removed, it could break on some other architecture or maybe with another linker. Let's use arc4blk_init and arc4blk_exit. -- Regards, Pavel Roskin -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
* Herbert Xu | 2010-04-07 08:31:09 [+0800]: On Tue, Apr 06, 2010 at 10:30:02PM +0200, Sebastian Andrzej Siewior wrote: Good point. All arc4 users don't care about return value of setkey so I think that I just change void to int add the check for the valid key length. Actually, how about getting arc4_setup_iv to do all the legwork and turn it into a real IV? Then we don't need any checks on the data path. So arc4_setup_iv() should do what the internal arc4_ivsetup() does and we change void to int and check the keysize in there right? The problem here is that we are bounded to *this* implementation of the algorithm and are not able to replace it with a different implementation. Not that this is likely to happen for RC4 but it may be true for other stream ciphers. While we are here, the .setkey() callback could be removed, couldn't it? It returns 0 even it is doing nothing what looks kinda wrong. However it shouldn't be called at all since min/max key is 0. Any objections on that? I'm pretty sure testmgr will call setkey even for keylen == 0, no? Prior patch #3 it has no test case so it should not test it at all. Patch #3 adds a flag in order to distinguish it. You want to look at patch #3 now :) Thanks, Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
* Pavel Roskin | 2010-04-07 02:19:55 [-0400]: On Mon, 2010-04-05 at 19:04 +0200, Sebastian Andrzej Siewior wrote: +module_init(arc4_init); +module_exit(arc4_exit); I'm feelings uneasy about using the same module init/exit functions names in arc4blk.c and arc4cip.c. Even though it doesn't break for me on x86_64 (whether I'm compiling modules or a solid kernel), and even though the potential name conflict Take a look at - sd_mod_init - via_init - watchdog_init just to name a few. There is no conflict because those functions are not global. The only problem you have is in the backtrace since you can't distinguish them. Sebastian -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
On Wed, Apr 07, 2010 at 10:23:00AM +0200, Sebastian Andrzej Siewior wrote:
So arc4_setup_iv() should do what the internal arc4_ivsetup() does and
we change void to int and check the keysize in there right? The problem
here is that we are bounded to *this* implementation of the algorithm
and are not able to replace it with a different implementation. Not that
this is likely to happen for RC4 but it may be true for other stream
ciphers.
By setting an IV we're already requiring the other implementations
use the IV format used by our arc4. So they would always work with
this arc4_ivsetup anyway.
If and when we do have a piece of hardware that cannot do this
(which I doubt would ever happen, considering how fast arc4 is
already), then we can talk about changing this.
I'm pretty sure testmgr will call setkey even for keylen == 0, no?
Prior patch #3 it has no test case so it should not test it at all.
Patch #3 adds a flag in order to distinguish it. You want to look at
patch #3 now :)
I see.
But still we should at least not crash when crypto_blkcipher_setkey
is called. This might happen in future when we get a user-space
API.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
On Wed, 2010-04-07 at 10:29 +0200, Sebastian Andrzej Siewior wrote: * Pavel Roskin | 2010-04-07 02:19:55 [-0400]: On Mon, 2010-04-05 at 19:04 +0200, Sebastian Andrzej Siewior wrote: +module_init(arc4_init); +module_exit(arc4_exit); I'm feelings uneasy about using the same module init/exit functions names in arc4blk.c and arc4cip.c. Even though it doesn't break for me on x86_64 (whether I'm compiling modules or a solid kernel), and even though the potential name conflict Take a look at - sd_mod_init - via_init - watchdog_init just to name a few. There is no conflict because those functions are not global. The only problem you have is in the backtrace since you can't distinguish them. Touché :-) -- Regards, Pavel Roskin -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
On Mon, Apr 05, 2010 at 07:04:06PM +0200, Sebastian Andrzej Siewior wrote:
+static void arc4_key_to_iv(const u8 *in_key, u32 key_len, struct arc4_iv *iv)
+{
+ int i, j = 0, k = 0;
+
+ iv-iv.x = 1;
+ iv-iv.y = 0;
+
+ for (i = 0; i 256; i++)
+ iv-iv.S[i] = i;
+
+ for (i = 0; i 256; i++)
+ {
+ u8 a = iv-iv.S[i];
+ j = (j + in_key[k] + a) 0xff;
+ iv-iv.S[i] = iv-iv.S[j];
+ iv-iv.S[j] = a;
+ if (++k = key_len)
+ k = 0;
+ }
+}
+
+static void arc4_ivsetup(struct arc4_iv *iv)
+{
+ struct arc4_iv tmp_iv;
+
+ if (iv-type == ARC4_TYPE_IV)
+ return;
+
+ memcpy(tmp_iv, iv, sizeof(tmp_iv));
+ arc4_key_to_iv(tmp_iv.key.key, tmp_iv.key.key_len, iv);
+ iv-type = ARC4_TYPE_IV;
+}
We need to verify that 1 = key_len = 256.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
* Herbert Xu | 2010-04-06 20:44:12 [+0800]:
On Mon, Apr 05, 2010 at 07:04:06PM +0200, Sebastian Andrzej Siewior wrote:
+static void arc4_key_to_iv(const u8 *in_key, u32 key_len, struct arc4_iv
*iv)
+{
+int i, j = 0, k = 0;
+
+iv-iv.x = 1;
+iv-iv.y = 0;
+
+for (i = 0; i 256; i++)
+iv-iv.S[i] = i;
+
+for (i = 0; i 256; i++)
+{
+u8 a = iv-iv.S[i];
+j = (j + in_key[k] + a) 0xff;
+iv-iv.S[i] = iv-iv.S[j];
+iv-iv.S[j] = a;
+if (++k = key_len)
+k = 0;
+}
+}
+
+static void arc4_ivsetup(struct arc4_iv *iv)
+{
+struct arc4_iv tmp_iv;
+
+if (iv-type == ARC4_TYPE_IV)
+return;
+
+memcpy(tmp_iv, iv, sizeof(tmp_iv));
+arc4_key_to_iv(tmp_iv.key.key, tmp_iv.key.key_len, iv);
+iv-type = ARC4_TYPE_IV;
+}
We need to verify that 1 = key_len = 256.
Good point. All arc4 users don't care about return value of setkey so I
think that I just change void to int add the check for the valid key
length.
While we are here, the .setkey() callback could be removed, couldn't it?
It returns 0 even it is doing nothing what looks kinda wrong. However it
shouldn't be called at all since min/max key is 0. Any objections on
that?
Cheers,
Sebastian
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] crypto: add blkcipher implementation of ARC4
On Tue, Apr 06, 2010 at 10:30:02PM +0200, Sebastian Andrzej Siewior wrote:
Good point. All arc4 users don't care about return value of setkey so I
think that I just change void to int add the check for the valid key
length.
Actually, how about getting arc4_setup_iv to do all the legwork
and turn it into a real IV? Then we don't need any checks on the
data path.
While we are here, the .setkey() callback could be removed, couldn't it?
It returns 0 even it is doing nothing what looks kinda wrong. However it
shouldn't be called at all since min/max key is 0. Any objections on
that?
I'm pretty sure testmgr will call setkey even for keylen == 0, no?
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} herb...@gondor.apana.org.au
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v2] crypto: add blkcipher implementation of ARC4
This is a pure blkcipher implementation of ARC4. The internal state is
saved within an IV which is supplied by the user. The goal is that the
cipher does not change its internal state now, only the iv changes during
encryption.
Signed-off-by: Sebastian Andrzej Siewior sebast...@breakpoint.cc
---
crypto/Kconfig| 13
crypto/Makefile |1 +
crypto/arc4blk.c | 150 +
crypto/testmgr.h |3 +-
include/crypto/arc4.h | 26 +
5 files changed, 192 insertions(+), 1 deletions(-)
create mode 100644 crypto/arc4blk.c
create mode 100644 include/crypto/arc4.h
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 81c185a..be9add2 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -570,6 +570,19 @@ config CRYPTO_ARC4
WEP, but it should not be for other purposes because of the
weakness of the algorithm.
+config CRYPTO_ARC4BLK
+ tristate ARC4 cipher algorithm (alternative implemenation)
+ select CRYPTO_BLKCIPHER
+ help
+ ARC4 cipher algorithm. This is an alternative ARC4 implementation
which
+ will replace the other ARC4 implementation once all in-kernel users
are
+ converted.
+
+ ARC4 is a stream cipher using keys ranging from 8 bits to 2048
+ bits in length. This algorithm is required for driver-based
+ WEP, but it should not be for other purposes because of the
+ weakness of the algorithm.
+
config CRYPTO_BLOWFISH
tristate Blowfish cipher algorithm
select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index 1f15112..11300e3 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -68,6 +68,7 @@ obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
obj-$(CONFIG_CRYPTO_ARC4) += arc4cip.o
+obj-$(CONFIG_CRYPTO_ARC4BLK) += arc4blk.o
obj-$(CONFIG_CRYPTO_TEA) += tea.o
obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o
obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
diff --git a/crypto/arc4blk.c b/crypto/arc4blk.c
new file mode 100644
index 000..bdf938a
--- /dev/null
+++ b/crypto/arc4blk.c
@@ -0,0 +1,150 @@
+/*
+ * Cryptographic API
+ *
+ * ARC4 Cipher Algorithm
+ *
+ * Jon Oberheide j...@oberheide.org
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+#include linux/module.h
+#include linux/init.h
+#include crypto/algapi.h
+#include crypto/arc4.h
+
+#define ARC4_MIN_KEY_SIZE 1
+#define ARC4_MAX_KEY_SIZE 256
+#define ARC4_BLOCK_SIZE1
+
+static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+ unsigned int key_len)
+{
+ /*
+* ARC4 is special: The user should supply an IV as struct arc4_iv and
+* fill either the key or the iv.
+*/
+ return 0;
+}
+
+static void arc4_key_to_iv(const u8 *in_key, u32 key_len, struct arc4_iv *iv)
+{
+ int i, j = 0, k = 0;
+
+ iv-iv.x = 1;
+ iv-iv.y = 0;
+
+ for (i = 0; i 256; i++)
+ iv-iv.S[i] = i;
+
+ for (i = 0; i 256; i++)
+ {
+ u8 a = iv-iv.S[i];
+ j = (j + in_key[k] + a) 0xff;
+ iv-iv.S[i] = iv-iv.S[j];
+ iv-iv.S[j] = a;
+ if (++k = key_len)
+ k = 0;
+ }
+}
+
+static void arc4_ivsetup(struct arc4_iv *iv)
+{
+ struct arc4_iv tmp_iv;
+
+ if (iv-type == ARC4_TYPE_IV)
+ return;
+
+ memcpy(tmp_iv, iv, sizeof(tmp_iv));
+ arc4_key_to_iv(tmp_iv.key.key, tmp_iv.key.key_len, iv);
+ iv-type = ARC4_TYPE_IV;
+}
+
+static int arc4_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
+ struct scatterlist *src, unsigned int nbytes)
+{
+ struct blkcipher_walk walk;
+ struct arc4_iv *aiv;
+ u8 *S;
+ u8 x;
+ u8 y;
+ u8 a, b;
+ int ret;
+
+ blkcipher_walk_init(walk, dst, src, nbytes);
+ ret = blkcipher_walk_virt(desc, walk);
+ if (ret)
+ return ret;
+
+ aiv = (struct arc4_iv *)walk.iv;
+ arc4_ivsetup(aiv);
+
+ S = aiv-iv.S;
+ x = aiv-iv.x;
+ y = aiv-iv.y;
+
+ while (walk.nbytes) {
+ u8 *in = walk.src.virt.addr;
+ u8 *out = walk.dst.virt.addr;
+ u32 i;
+
+ for (i = 0; i walk.nbytes; i++) {
+ a = S[x];
+ y = (y + a) 0xff;
+ b = S[y];
+ S[x] = b;
+ S[y] = a;
+ x = (x + 1) 0xff;
+ *out = *in ^ S[(a + b) 0xff];
+
+ in++;
+ out++;
+ }
+
