combined mode algorithms

Linux cryptographic layer development
 help / color / mirror / Atom feed

* combined mode algorithms
@ 2007-06-25 22:13 Joy Latten
  2007-06-26  9:09 ` Evgeniy Polyakov
  0 siblings, 1 reply; 7+ messages in thread
From: Joy Latten @ 2007-06-25 22:13 UTC (permalink / raw)
  To: linux-crypto; +Cc: herbert

I have been reading IP Encapsulating Payload-(ESP) RFC4303 where use of
combined mode algorithms are mentioned and accommodated for. 
In trying to determine how I should handle this, I examined the
crypto code and could not readily recognize any combined mode
algorithms. Are there any current plans to implement combined mode
algorithms?  

Thanks!

Regards,
Joy

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
  2007-06-25 22:13 combined mode algorithms Joy Latten
@ 2007-06-26  9:09 ` Evgeniy Polyakov
  2007-06-26 15:02   ` Joy Latten
  0 siblings, 1 reply; 7+ messages in thread
From: Evgeniy Polyakov @ 2007-06-26  9:09 UTC (permalink / raw)
  To: Joy Latten; +Cc: linux-crypto, herbert

On Mon, Jun 25, 2007 at 05:13:58PM -0500, Joy Latten (latten@austin.ibm.com) wrote:
> I have been reading IP Encapsulating Payload-(ESP) RFC4303 where use of
> combined mode algorithms are mentioned and accommodated for. 
> In trying to determine how I should handle this, I examined the
> crypto code and could not readily recognize any combined mode
> algorithms. Are there any current plans to implement combined mode
> algorithms?  

I think it should be first supported by ipsec stack at least with state,
where SA cold be configured, integrity check for the data/header is not 
a problem after that changes are stable. sha1/encryption is a poor man's
combined algo after all with hash data being ICV :)

-- 
	Evgeniy Polyakov

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
  2007-06-26  9:09 ` Evgeniy Polyakov
@ 2007-06-26 15:02   ` Joy Latten
  2007-07-18  4:46     ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Joy Latten @ 2007-06-26 15:02 UTC (permalink / raw)
  To: Evgeniy Polyakov; +Cc: herbert, linux-crypto

On Tue, 2007-06-26 at 13:09 +0400, Evgeniy Polyakov wrote:
> On Mon, Jun 25, 2007 at 05:13:58PM -0500, Joy Latten (latten@austin.ibm.com) wrote:
> > I have been reading IP Encapsulating Payload-(ESP) RFC4303 where use of
> > combined mode algorithms are mentioned and accommodated for. 
> > In trying to determine how I should handle this, I examined the
> > crypto code and could not readily recognize any combined mode
> > algorithms. Are there any current plans to implement combined mode
> > algorithms?  
> 
> I think it should be first supported by ipsec stack at least with state,
> where SA cold be configured, integrity check for the data/header is not 
> a problem after that changes are stable. sha1/encryption is a poor man's
> combined algo after all with hash data being ICV :)
> 

Ok, thanks. This helps. I can code up the infrastructure for this. I 
am thinking I will eventually need one of the algorithms to test and
complete it though. RFCs 4309 and 4106 specify ESP working with AES-CCM
and AES-GCM.

Regards,
Joy

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
  2007-06-26 15:02   ` Joy Latten
@ 2007-07-18  4:46     ` Herbert Xu
  2007-07-18 22:32       ` Joy Latten
  0 siblings, 1 reply; 7+ messages in thread
From: Herbert Xu @ 2007-07-18  4:46 UTC (permalink / raw)
  To: Joy Latten; +Cc: Evgeniy Polyakov, linux-crypto

On Tue, Jun 26, 2007 at 10:02:36AM -0500, Joy Latten wrote:
>
> Ok, thanks. This helps. I can code up the infrastructure for this. I 
> am thinking I will eventually need one of the algorithms to test and
> complete it though. RFCs 4309 and 4106 specify ESP working with AES-CCM
> and AES-GCM.

Any progress on this Joy?

I'm about to start working on this myself in the next couple of
days.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
  2007-07-18  4:46     ` Herbert Xu
@ 2007-07-18 22:32       ` Joy Latten
  0 siblings, 0 replies; 7+ messages in thread
From: Joy Latten @ 2007-07-18 22:32 UTC (permalink / raw)
  To: Herbert Xu; +Cc: Evgeniy Polyakov, linux-crypto

On Wed, 2007-07-18 at 12:46 +0800, Herbert Xu wrote:
> On Tue, Jun 26, 2007 at 10:02:36AM -0500, Joy Latten wrote:
> >
> > Ok, thanks. This helps. I can code up the infrastructure for this. I 
> > am thinking I will eventually need one of the algorithms to test and
> > complete it though. RFCs 4309 and 4106 specify ESP working with AES-CCM
> > and AES-GCM.
> 
> Any progress on this Joy?
> 
> I'm about to start working on this myself in the next couple of
> days.
> 
Great! I have been distracted with some other things, but will also
start this in the next day or two. 

Regards,
Joy 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
@ 2007-08-20 23:12 Joy Latten
  2007-08-20 23:34 ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Joy Latten @ 2007-08-20 23:12 UTC (permalink / raw)
  To: herbert; +Cc: linux-crypto

>
>The salt will just come from the key field.  So instead of having
>an 128-bit key for example, you'd have 152 bits.

ok, quick question, this 152 bits key will be part
of input to setkey()? 
The reason I am asking is because setkey in ablkcipher and
blkcipher check key length for min and max size.  
Thus for example, aes, when using a 256 bit key, would
pass in 288 bits or 36 octet key. max is 32 bits, so would
result in error. 

If not passed into setkey, then I assume the salt/nonce
would be parsed from key when ipsec daemon passes keys 
into kernel...

Joy

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: combined mode algorithms
  2007-08-20 23:12 Joy Latten
@ 2007-08-20 23:34 ` Herbert Xu
  0 siblings, 0 replies; 7+ messages in thread
From: Herbert Xu @ 2007-08-20 23:34 UTC (permalink / raw)
  To: Joy Latten; +Cc: herbert, linux-crypto

Joy Latten <latten@austin.ibm.com> wrote:
>>
>>The salt will just come from the key field.  So instead of having
>>an 128-bit key for example, you'd have 152 bits.
> 
> ok, quick question, this 152 bits key will be part
> of input to setkey()? 

Yes.

> The reason I am asking is because setkey in ablkcipher and
> blkcipher check key length for min and max size.  
> Thus for example, aes, when using a 256 bit key, would
> pass in 288 bits or 36 octet key. max is 32 bits, so would
> result in error. 

No AES or blkcipher will never see the longer key.  The key
will be broken up by the CCM template (yet to be written)
and part of it goes to AES while the other part gets used
as the nonce.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2007-08-20 23:34 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-25 22:13 combined mode algorithms Joy Latten
2007-06-26  9:09 ` Evgeniy Polyakov
2007-06-26 15:02   ` Joy Latten
2007-07-18  4:46     ` Herbert Xu
2007-07-18 22:32       ` Joy Latten
  -- strict thread matches above, loose matches on Subject: below --
2007-08-20 23:12 Joy Latten
2007-08-20 23:34 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox