From: Stephan Mueller <smueller@chronox.de>
To: Alex Cope <alexcope@google.com>
Cc: linux-crypto@vger.kernel.org,
Michael Halcrow <mhalcrow@google.com>,
Eric Biggers <ebiggers@google.com>
Subject: Re: Moving from blkcipher to skcipher
Date: Mon, 03 Oct 2016 21:22:44 +0200 [thread overview]
Message-ID: <1837285.G4LEF3q2Kz@tauon.atsec.com> (raw)
In-Reply-To: <CA+cSK116PYracoP=tDhNg_q5+S-JLo+6H3rRAmuORErwW1EM5w@mail.gmail.com>
Am Montag, 3. Oktober 2016, 10:58:03 CEST schrieb Alex Cope:
Hi Alex,
> I was unclear in my initial message. I'm implementing a block cipher
> mode of operation. I'm hoping there is a another block cipher mode of
> operation that already uses skcipher, so I can use it as a reference
> and avoid re-inventing the wheel. In particular, it would be helpful
> if there is some implementation of a block cipher mode of operation
> that is directly above the underlying block cipher, like CTR or CBC,
> rather than something like CTS or rfc3686 which wrap around another
> block cipher mode of operation.
See gcm.c with the implementation referenced with crypto_gcm_base_tmpl or
crypto_gcm_tmpl -- it uses the aead API which is conceptually similar to the
skcipher API. And again you see the same concept applied as in the example I
provided below.
>
> On Mon, Oct 3, 2016 at 10:36 AM, Stephan Mueller <smueller@chronox.de>
wrote:
> > Am Montag, 3. Oktober 2016, 10:06:23 CEST schrieb Alex Cope:
> >
> > Hi Alex,
> >
> >> I'm currently working on implementing HEH encryption, and am in the
> >> process of switching from the blkcipher interface to the skcipher
> >> interface. All the examples I have found that use skcipher are
> >> wrapping another mode of operation I.E. cts in cts(cbc(aes)) rather
> >> than being directly above the block cipher I.E. ctr in ctr(aes). Are
> >> there any existing examples of the latter type that I could use as a
> >> reference? If not, is there an estimate on when that work will be
> >> available?
> >
> > The issue is that a blkcipher is a synchronous version of the skcipher.
> > So,
> > you could easily move from blkcipher to skcipher and just rename the
> > invoked API, provided you change the initialization to the following
> > which triggers a synchronous operation:
> >
> > tfm = crypto_alloc_skcipher(kccavs_test->name, 0, CRYPTO_ALG_ASYNC);
> >
> > Note, you can only use ciphers marked as blkcipher or cipher in
> > /proc/crypto with that.
> >
> > If you want to use all symmetric cipher implementation, you must use the
> > async skcipher operation which is identical to the previous ablkcipher
> > API. An example is given in the crypto API documentation, such as http://
> > www.chronox.de/crypto-API/Code.html#id-1.8.2
> >
> > Ciao
> > Stephan
Ciao
Stephan
prev parent reply other threads:[~2016-10-03 19:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 17:06 Moving from blkcipher to skcipher Alex Cope
2016-10-03 17:36 ` Stephan Mueller
2016-10-03 17:58 ` Alex Cope
2016-10-03 19:22 ` Stephan Mueller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1837285.G4LEF3q2Kz@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=alexcope@google.com \
--cc=ebiggers@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=mhalcrow@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox