subject:"\[PATCH 1\/1\]\: Add countersize to CTR"

[PATCH 1/1]: Add countersize to CTR

2007-10-23 Thread Joy Latten

This patch adds countersize to CTR mode. 
The template is now ctr(algo,noncesize,ivsize,countersize).

For example, ctr(aes,4,8,4) indicates the counterblock
will be composed of a salt/nonce that is 4 bytes, an iv
that is 8 bytes and the counter is 4 bytes.

When noncesize + ivsize + countersize == blocksize, 
CTR initializes the counter portion of the block and
begins encrypting with counter set to 1.  

If noncesize + ivsize == blocksize, then this indicates that
user is passing in entire counterblock. Thus countersize 
indicates the amount of bytes in counterblock to use as 
the counter for incrementing. CTR will increment counter 
portion by 1, and begin encryption with that value. 

Note that CTR assumes the counter portion of the block that
will be incremented is stored in big endian.

Please let me know if this looks ok.

Regards,
Joy

Signed-off-by: Joy Latten [EMAIL PROTECTED]
 
diff -urpN linux-2.6.22.aead.patch/crypto/ctr.c 
linux-2.6.22.aead.patch2/crypto/ctr.c
--- linux-2.6.22.aead.patch/crypto/ctr.c2007-10-09 12:12:54.0 
-0500
+++ linux-2.6.22.aead.patch2/crypto/ctr.c   2007-10-23 14:41:35.0 
-0500
@@ -23,6 +23,7 @@ struct ctr_instance_ctx {
struct crypto_spawn alg;
unsigned int noncesize;
unsigned int ivsize; 
+   unsigned int countersize;
 };
 
 struct crypto_ctr_ctx {
@@ -186,7 +187,6 @@ static int crypto_ctr_crypt(struct blkci
unsigned long alignmask = crypto_cipher_alignmask(child);
u8 cblk[bsize + alignmask];
u8 *counterblk = (u8 *)ALIGN((unsigned long)cblk, alignmask + 1);
-   unsigned int countersize;
int err;
 
blkcipher_walk_init(walk, dst, src, nbytes);
@@ -198,18 +198,18 @@ static int crypto_ctr_crypt(struct blkci
memcpy(counterblk + ictx-noncesize, walk.iv, ictx-ivsize);
 
/* initialize counter portion of counter block */
-   countersize = bsize - ictx-noncesize - ictx-ivsize;
-   ctr_inc_quad(counterblk + (bsize - countersize), countersize);
+   ctr_inc_quad(counterblk + (bsize - ictx-countersize), 
+ictx-countersize);
 
while (walk.nbytes) {
if (walk.src.virt.addr == walk.dst.virt.addr)
nbytes = crypto_ctr_crypt_inplace(walk, child,
  counterblk,
- countersize);
+ ictx-countersize);
else
nbytes = crypto_ctr_crypt_segment(walk, child,
  counterblk,
- countersize);
+ ictx-countersize);
 
err = blkcipher_walk_done(desc, walk, nbytes);
}
@@ -256,6 +256,7 @@ static struct crypto_instance *crypto_ct
struct ctr_instance_ctx *ictx;
unsigned int noncesize;
unsigned int ivsize;
+   unsigned int countersize;
int err;
 
err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
@@ -275,11 +276,16 @@ static struct crypto_instance *crypto_ct
if (err)
goto out_put_alg;
 
+   err = crypto_attr_u32(tb[4], countersize);
+   if (err)
+   goto out_put_alg;
+
/* verify size of nonce + iv + counter */
err = -EINVAL;
-   if ((noncesize + ivsize) = alg-cra_blocksize)
+   if (((noncesize + ivsize)  alg-cra_blocksize) ||
+   (countersize  alg-cra_blocksize))
goto out_put_alg;
-
+   
inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
err = -ENOMEM;
if (!inst)
@@ -287,20 +293,21 @@ static struct crypto_instance *crypto_ct
 
err = -ENAMETOOLONG;
if (snprintf(inst-alg.cra_name, CRYPTO_MAX_ALG_NAME,
-ctr(%s,%u,%u), alg-cra_name, noncesize,
-ivsize) = CRYPTO_MAX_ALG_NAME) {
+ctr(%s,%u,%u,%u), alg-cra_name, noncesize,
+ivsize, countersize) = CRYPTO_MAX_ALG_NAME) {
goto err_free_inst;
}
 
if (snprintf(inst-alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
-ctr(%s,%u,%u), alg-cra_driver_name, noncesize,
-ivsize) = CRYPTO_MAX_ALG_NAME) {
+ctr(%s,%u,%u,%u), alg-cra_driver_name, noncesize,
+ivsize, countersize) = CRYPTO_MAX_ALG_NAME) {
goto err_free_inst;
}
 
ictx = crypto_instance_ctx(inst);
ictx-noncesize = noncesize;
ictx-ivsize = ivsize;
+   ictx-countersize = countersize;
 
err = crypto_init_spawn(ictx-alg, alg, inst,
CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
diff -urpN linux-2.6.22.aead.patch/crypto/tcrypt.c 
linux-2.6.22.aead.patch2/crypto/tcrypt.c
---

Re: [PATCH 1/1]: Add countersize to CTR

2007-10-23 Thread Michael Halcrow

On Tue, Oct 23, 2007 at 03:26:29PM -0500, Joy Latten wrote:
 + unsigned int countersize;

It's somewhat nicer to just use size_t in the kernel for these sorts
of data types. If you care about the exact number of bytes used by the
variable, types like u32 make the code more parsable.

 + err = crypto_attr_u32(tb[4], countersize);
 + if (err)
 + goto out_put_alg;

It's also nice to have printk's along error paths. Syslogs down the
road tend to be less cryptic.

 - test_cipher(ctr(aes,4,8), ENCRYPT, aes_ctr_enc_tv_template,
 + test_cipher(ctr(aes,4,8,4), ENCRYPT, aes_ctr_enc_tv_template,
   AES_CTR_ENC_TEST_VECTORS);
 - test_cipher(ctr(aes,4,8), DECRYPT, aes_ctr_dec_tv_template,
 + test_cipher(ctr(aes,4,8,4), DECRYPT, aes_ctr_dec_tv_template,
   AES_CTR_DEC_TEST_VECTORS);

I have never been particularly thrilled about the the string-based
method of parameterizing block ciphers for in-kernel API calls.

Mike


signature.asc
Description: Digital signature

Re: [PATCH 1/1]: Add countersize to CTR

2007-10-23 Thread Herbert Xu

On Tue, Oct 23, 2007 at 03:40:08PM -0500, Michael Halcrow wrote:
 On Tue, Oct 23, 2007 at 03:26:29PM -0500, Joy Latten wrote:
  +   unsigned int countersize;
 
 It's somewhat nicer to just use size_t in the kernel for these sorts
 of data types. If you care about the exact number of bytes used by the
 variable, types like u32 make the code more parsable.

I don't see how this makes a difference here at all.

  +   err = crypto_attr_u32(tb[4], countersize);
  +   if (err)
  +   goto out_put_alg;
 
 It's also nice to have printk's along error paths. Syslogs down the
 road tend to be less cryptic.

Please don't.  That's what error return values are for.  Adding
printk's means that we'd have to think about limiting them later
when this is opened up for user-space access.

  -   test_cipher(ctr(aes,4,8), ENCRYPT, aes_ctr_enc_tv_template,
  +   test_cipher(ctr(aes,4,8,4), ENCRYPT, aes_ctr_enc_tv_template,
  AES_CTR_ENC_TEST_VECTORS);
  -   test_cipher(ctr(aes,4,8), DECRYPT, aes_ctr_dec_tv_template,
  +   test_cipher(ctr(aes,4,8,4), DECRYPT, aes_ctr_dec_tv_template,
  AES_CTR_DEC_TEST_VECTORS);
 
 I have never been particularly thrilled about the the string-based
 method of parameterizing block ciphers for in-kernel API calls.

If you have a better suggestion I'd love to hear it!

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1]: Add countersize to CTR

2007-10-23 Thread Herbert Xu

On Tue, Oct 23, 2007 at 07:59:22PM -0500, Michael Halcrow wrote:

 It is usually appropriate to print something to the system log when
 there is an error condition in the kernel code. That can help triage
 down the road when people have troubles.
 
 The only reason I can think of as to why we would *not* want
 explanations in the syslog for failures is if frequent failures are
 expected in a significant fraction of deployments.

These paths can be triggered from user-space in future so printks
are not appropriate.

-   test_cipher(ctr(aes,4,8), ENCRYPT, 
aes_ctr_enc_tv_template,
+   test_cipher(ctr(aes,4,8,4), ENCRYPT, 
aes_ctr_enc_tv_template,
AES_CTR_ENC_TEST_VECTORS);
-   test_cipher(ctr(aes,4,8), DECRYPT, 
aes_ctr_dec_tv_template,
+   test_cipher(ctr(aes,4,8,4), DECRYPT, 
aes_ctr_dec_tv_template,
AES_CTR_DEC_TEST_VECTORS);
   
   I have never been particularly thrilled about the the string-based
   method of parameterizing block ciphers for in-kernel API calls.
  
  If you have a better suggestion I'd love to hear it!
 
 Well, for calls made internally from kernel functions to kernel
 functions, pretty much anything other than writing sequences of
 comma-delimited parameters into to a character string.

Again these parameters ultimately come from user-space so this
doesn't sound very practical.

Even for the kernel users how would you type these parameters?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/1]: Add countersize to CTR

2007-10-23 Thread Michael Halcrow

On Wed, Oct 24, 2007 at 09:19:05AM +0800, Herbert Xu wrote:
 These paths can be triggered from user-space in future so printks
 are not appropriate.

I am familiar with CryptoDev and Cryproc. Will you be implementing
anything similar to what these projects are currently doing? Or do you
have something else entirely in mind?

Mike


signature.asc
Description: Digital signature

[PATCH 1/1]: Add countersize to CTR

Re: [PATCH 1/1]: Add countersize to CTR

Re: [PATCH 1/1]: Add countersize to CTR

Re: [PATCH 1/1]: Add countersize to CTR

Re: [PATCH 1/1]: Add countersize to CTR

5 matches

Site Navigation

Mail list logo

Footer information