Re: [dm-devel] Desynchronizing dm-raid1

2008-05-23 Thread Mikulas Patocka 

On Thu, May 22, 2008 at 08:32:45AM -0400, Mikulas Patocka wrote:


There may be external modules.


Sorry but we don't support external modules.  They should be merged
upstream rather than distributed in the wild.

Cheers,


If you want to negate the meaning of the flag, then you have to write it 
yourself. I, as non-developer of crypto code, can prove that on given path 
the input data are read only once --- but I can't prove that on all paths 
and all possible chaining modes of algorithms the data are read once, 
because I don't know about all of them.


Mikulas
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [dm-devel] Desynchronizing dm-raid1

2008-05-23 Thread Herbert Xu 
On Fri, May 23, 2008 at 10:59:33AM -0400, Mikulas Patocka wrote:

 If you want to negate the meaning of the flag, then you have to write it 
 yourself. I, as non-developer of crypto code, can prove that on given path 
 the input data are read only once --- but I can't prove that on all paths 
 and all possible chaining modes of algorithms the data are read once, 
 because I don't know about all of them.

Huh? Inverting it would give exactly the same result as your current
patch.  If you're not confident with it inverted, then I can't see
how you could be confident about the patch as it is.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode

2008-05-23 Thread Herbert Xu 
Hi Neil:

On Fri, May 23, 2008 at 04:18:55PM -0400, Neil Horman wrote:
 Patch to add checking of DES3 test vectors using CBC mode.  FIPS-1402-2
 compliance mandates that any supported mode of oepration must include a self
 test.  This satisfies that requirement for cbc(des_ebe).  Tested successfully 
 by
 me

Could you document the source of these vectors in the patch
description please?

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode

2008-05-23 Thread Neil Horman 
On Sat, May 24, 2008 at 10:06:25AM +1000, Herbert Xu wrote:
 Could you document the source of these vectors in the patch
 description please?

Sure, reposting

Patch to add checking  of DES3 test vectors using CBC mode.  FIPS-140-2
compliance mandates that any supported mode of operation must include a self
test.  This satisfies that requirement for cbc(des3_ede).  The included test
vector was generated by me using openssl.  Key/IV was generated with the
following command: 
openssl enc -des_ede_cbc -P
input and output values were generated by repeating the string Too many
secrets a few times over, truncating it to 128 bytes, and encrypting it with
openssl using the aformentioned key.  Tested successfully by myself

Regards
Neil


Signed-off-by: Neil Horman [EMAIL PROTECTED]


tcrypt.c |8 +
tcrypt.h |   93 ---
2 files changed, 98 insertions(+), 3 deletions(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6beabc5..649a8e4 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1180,6 +1180,14 @@ static void do_test(void)
test_cipher(ecb(des3_ede), DECRYPT, des3_ede_dec_tv_template,
DES3_EDE_DEC_TEST_VECTORS);
 
+   test_cipher(cbc(des3_ede), ENCRYPT,
+   des3_ede_cbc_enc_tv_template,
+   DES3_EDE_CBC_ENC_TEST_VECTORS);
+
+   test_cipher(cbc(des3_ede), DECRYPT,
+   des3_ede_cbc_dec_tv_template,
+   DES3_EDE_CBC_DEC_TEST_VECTORS);
+
test_hash(md4, md4_tv_template, MD4_TEST_VECTORS);
 
test_hash(sha224, sha224_tv_template, SHA224_TEST_VECTORS);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 47bc0ec..8893733 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1442,6 +1442,8 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
 #define DES_CBC_DEC_TEST_VECTORS   4
 #define DES3_EDE_ENC_TEST_VECTORS  3
 #define DES3_EDE_DEC_TEST_VECTORS  3
+#define DES3_EDE_CBC_ENC_TEST_VECTORS  1
+#define DES3_EDE_CBC_DEC_TEST_VECTORS  1
 
 static struct cipher_testvec des_enc_tv_template[] = {
{ /* From Applied Cryptography */
@@ -1680,9 +1682,6 @@ static struct cipher_testvec des_cbc_dec_tv_template[] = {
},
 };
 
-/*
- * We really need some more test vectors, especially for DES3 CBC.
- */
 static struct cipher_testvec des3_ede_enc_tv_template[] = {
{ /* These are from openssl */
.key= \x01\x23\x45\x67\x89\xab\xcd\xef
@@ -1745,6 +1744,94 @@ static struct cipher_testvec des3_ede_dec_tv_template[] 
= {
},
 };
 
+static struct cipher_testvec des3_ede_cbc_enc_tv_template[] = {
+   { /* Generated from openssl */
+   .key= \xE9\xC0\xFF\x2E\x76\x0B\x64\x24
+ \x44\x4D\x99\x5A\x12\xD6\x40\xC0
+ \xEA\xC2\x84\xE8\x14\x95\xDB\xE8,
+   .klen   = 24,
+   .iv = \x7D\x33\x88\x93\x0F\x93\xB2\x42,
+   .input  = \x6f\x54\x20\x6f\x61\x4d\x79\x6e
+ \x53\x20\x63\x65\x65\x72\x73\x74
+ \x54\x20\x6f\x6f\x4d\x20\x6e\x61
+ \x20\x79\x65\x53\x72\x63\x74\x65
+ \x20\x73\x6f\x54\x20\x6f\x61\x4d
+ \x79\x6e\x53\x20\x63\x65\x65\x72
+ \x73\x74\x54\x20\x6f\x6f\x4d\x20
+ \x6e\x61\x20\x79\x65\x53\x72\x63
+ \x74\x65\x20\x73\x6f\x54\x20\x6f
+ \x61\x4d\x79\x6e\x53\x20\x63\x65
+ \x65\x72\x73\x74\x54\x20\x6f\x6f
+ \x4d\x20\x6e\x61\x20\x79\x65\x53
+ \x72\x63\x74\x65\x20\x73\x6f\x54
+ \x20\x6f\x61\x4d\x79\x6e\x53\x20
+ \x63\x65\x65\x72\x73\x74\x54\x20
+ \x6f\x6f\x4d\x20\x6e\x61\x0a\x79,
+   .ilen   = 128,
+   .result = \x15\x8d\x5d\x34\x1b\x3f\xda\xda
+ \x4f\xce\x21\x82\x12\x54\x21\x0d
+ \xb2\x36\xda\xcc\xff\xb2\xff\x79
+ \x30\xe9\x95\xf4\x52\xf6\xf1\x43
+ \xf2\x88\xe1\x1c\x42\xa1\x6a\x11
+ \xda\x8f\xbd\x94\x5e\xe5\xa8\x43
+ \xe4\x4f\xbd\x0d\x1e\x67\xa1\x89
+ \x9a\x4e\x66\x62\x50\xb3\x07\x3e
+ \xc8\xc1\x87\x3d\x96\x62\xf7\xe7
+ \x96\x15\xa8\x34\xb6\x94\x1a\x17
+ \x05\xde\x62\xd6\xd8\x73\xd6\xb4
+ \x24\x1f\x57\xb6\x80\x9a\x65\x50
+ \xa0\xee\x2f\x8b\x4c\x80\x86\xfb
+ \xbb\xda\xa0\xa2\x4b\x49\x6c\x72
+ \x69\x83\xe9\xaa\x92\x56\x33\x95
+ \xbc\x80\x88\x04\xde\xd5\x74\x9f,
+   .rlen   =