* Moving from blkcipher to skcipher @ 2016-10-03 17:06 Alex Cope 2016-10-03 17:36 ` Stephan Mueller 0 siblings, 1 reply; 4+ messages in thread From: Alex Cope @ 2016-10-03 17:06 UTC (permalink / raw) To: linux-crypto; +Cc: Michael Halcrow, Eric Biggers I'm currently working on implementing HEH encryption, and am in the process of switching from the blkcipher interface to the skcipher interface. All the examples I have found that use skcipher are wrapping another mode of operation I.E. cts in cts(cbc(aes)) rather than being directly above the block cipher I.E. ctr in ctr(aes). Are there any existing examples of the latter type that I could use as a reference? If not, is there an estimate on when that work will be available? Thanks, -Alex ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Moving from blkcipher to skcipher 2016-10-03 17:06 Moving from blkcipher to skcipher Alex Cope @ 2016-10-03 17:36 ` Stephan Mueller 2016-10-03 17:58 ` Alex Cope 0 siblings, 1 reply; 4+ messages in thread From: Stephan Mueller @ 2016-10-03 17:36 UTC (permalink / raw) To: Alex Cope; +Cc: linux-crypto, Michael Halcrow, Eric Biggers Am Montag, 3. Oktober 2016, 10:06:23 CEST schrieb Alex Cope: Hi Alex, > I'm currently working on implementing HEH encryption, and am in the > process of switching from the blkcipher interface to the skcipher > interface. All the examples I have found that use skcipher are > wrapping another mode of operation I.E. cts in cts(cbc(aes)) rather > than being directly above the block cipher I.E. ctr in ctr(aes). Are > there any existing examples of the latter type that I could use as a > reference? If not, is there an estimate on when that work will be > available? The issue is that a blkcipher is a synchronous version of the skcipher. So, you could easily move from blkcipher to skcipher and just rename the invoked API, provided you change the initialization to the following which triggers a synchronous operation: tfm = crypto_alloc_skcipher(kccavs_test->name, 0, CRYPTO_ALG_ASYNC); Note, you can only use ciphers marked as blkcipher or cipher in /proc/crypto with that. If you want to use all symmetric cipher implementation, you must use the async skcipher operation which is identical to the previous ablkcipher API. An example is given in the crypto API documentation, such as http:// www.chronox.de/crypto-API/Code.html#id-1.8.2 Ciao Stephan ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Moving from blkcipher to skcipher 2016-10-03 17:36 ` Stephan Mueller @ 2016-10-03 17:58 ` Alex Cope 2016-10-03 19:22 ` Stephan Mueller 0 siblings, 1 reply; 4+ messages in thread From: Alex Cope @ 2016-10-03 17:58 UTC (permalink / raw) To: Stephan Mueller; +Cc: linux-crypto, Michael Halcrow, Eric Biggers I was unclear in my initial message. I'm implementing a block cipher mode of operation. I'm hoping there is a another block cipher mode of operation that already uses skcipher, so I can use it as a reference and avoid re-inventing the wheel. In particular, it would be helpful if there is some implementation of a block cipher mode of operation that is directly above the underlying block cipher, like CTR or CBC, rather than something like CTS or rfc3686 which wrap around another block cipher mode of operation. On Mon, Oct 3, 2016 at 10:36 AM, Stephan Mueller <smueller@chronox.de> wrote: > Am Montag, 3. Oktober 2016, 10:06:23 CEST schrieb Alex Cope: > > Hi Alex, > >> I'm currently working on implementing HEH encryption, and am in the >> process of switching from the blkcipher interface to the skcipher >> interface. All the examples I have found that use skcipher are >> wrapping another mode of operation I.E. cts in cts(cbc(aes)) rather >> than being directly above the block cipher I.E. ctr in ctr(aes). Are >> there any existing examples of the latter type that I could use as a >> reference? If not, is there an estimate on when that work will be >> available? > > The issue is that a blkcipher is a synchronous version of the skcipher. So, > you could easily move from blkcipher to skcipher and just rename the invoked > API, provided you change the initialization to the following which triggers a > synchronous operation: > > tfm = crypto_alloc_skcipher(kccavs_test->name, 0, CRYPTO_ALG_ASYNC); > > Note, you can only use ciphers marked as blkcipher or cipher in /proc/crypto > with that. > > If you want to use all symmetric cipher implementation, you must use the async > skcipher operation which is identical to the previous ablkcipher API. An > example is given in the crypto API documentation, such as http:// > www.chronox.de/crypto-API/Code.html#id-1.8.2 > > Ciao > Stephan ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Moving from blkcipher to skcipher 2016-10-03 17:58 ` Alex Cope @ 2016-10-03 19:22 ` Stephan Mueller 0 siblings, 0 replies; 4+ messages in thread From: Stephan Mueller @ 2016-10-03 19:22 UTC (permalink / raw) To: Alex Cope; +Cc: linux-crypto, Michael Halcrow, Eric Biggers Am Montag, 3. Oktober 2016, 10:58:03 CEST schrieb Alex Cope: Hi Alex, > I was unclear in my initial message. I'm implementing a block cipher > mode of operation. I'm hoping there is a another block cipher mode of > operation that already uses skcipher, so I can use it as a reference > and avoid re-inventing the wheel. In particular, it would be helpful > if there is some implementation of a block cipher mode of operation > that is directly above the underlying block cipher, like CTR or CBC, > rather than something like CTS or rfc3686 which wrap around another > block cipher mode of operation. See gcm.c with the implementation referenced with crypto_gcm_base_tmpl or crypto_gcm_tmpl -- it uses the aead API which is conceptually similar to the skcipher API. And again you see the same concept applied as in the example I provided below. > > On Mon, Oct 3, 2016 at 10:36 AM, Stephan Mueller <smueller@chronox.de> wrote: > > Am Montag, 3. Oktober 2016, 10:06:23 CEST schrieb Alex Cope: > > > > Hi Alex, > > > >> I'm currently working on implementing HEH encryption, and am in the > >> process of switching from the blkcipher interface to the skcipher > >> interface. All the examples I have found that use skcipher are > >> wrapping another mode of operation I.E. cts in cts(cbc(aes)) rather > >> than being directly above the block cipher I.E. ctr in ctr(aes). Are > >> there any existing examples of the latter type that I could use as a > >> reference? If not, is there an estimate on when that work will be > >> available? > > > > The issue is that a blkcipher is a synchronous version of the skcipher. > > So, > > you could easily move from blkcipher to skcipher and just rename the > > invoked API, provided you change the initialization to the following > > which triggers a synchronous operation: > > > > tfm = crypto_alloc_skcipher(kccavs_test->name, 0, CRYPTO_ALG_ASYNC); > > > > Note, you can only use ciphers marked as blkcipher or cipher in > > /proc/crypto with that. > > > > If you want to use all symmetric cipher implementation, you must use the > > async skcipher operation which is identical to the previous ablkcipher > > API. An example is given in the crypto API documentation, such as http:// > > www.chronox.de/crypto-API/Code.html#id-1.8.2 > > > > Ciao > > Stephan Ciao Stephan ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-10-03 19:24 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-10-03 17:06 Moving from blkcipher to skcipher Alex Cope 2016-10-03 17:36 ` Stephan Mueller 2016-10-03 17:58 ` Alex Cope 2016-10-03 19:22 ` Stephan Mueller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox