From: Fruhwirth Clemens <clemens@endorphin.org>
To: James Morris <jmorris@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org, michal@logix.cz,
"David S. Miller" <davem@davemloft.net>,
"Adam J. Richter" <adam@yggdrasil.com>
Subject: Re: [PATCH 01/04] Adding cipher mode context information to crypto_tfm
Date: Thu, 10 Feb 2005 10:50:05 +0100 [thread overview]
Message-ID: <1108029005.14335.45.camel@ghanima> (raw)
In-Reply-To: <Xine.LNX.4.44.0502092036200.6541-100000@thoron.boston.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2054 bytes --]
On Wed, 2005-02-09 at 20:42 -0500, James Morris wrote:
> On Thu, 10 Feb 2005, Fruhwirth Clemens wrote:
>
> > Because a tweak is different from an IV. There can be an arbitrary
> > number of tweaks. For instance, EME takes 1 tweak per 512 bytes. If you
> > have a 4k page to encrypt, you have to process 8 tweaks of whatever
> > size.
> > Therefore, you need 3 scatterlists: src, dst and the running along
> > tweak.
>
> The purpose of the scatterlists is to be able to process discontigous data
> at the page level.
>
> The tweak, as I understand it, is something which you generate, and it is
> not inherently likely to be page-level clumps of data. It does not ever
> need to be kmapped.
For LRW, the tweak is exactly as large as the bulk data itself, so
tweaksize = blocksize. Yes, it is usually generated and sequential, but
that may not be the case. I like to put the generation of the tweaks at
the client side, because it knows best where the tweaks come from and if
it likes fragmented tweaks or not.
Further, this interface is more naturally to any other tweakable cipher
mode. In contrast to a regular cipher:
E: {0,1}^k x {0,1}^n -> {0,1}^n
a tweakable cipher is:
E: {0,1}^k x {0,1}^t x {0,1}^n -> {0,1}^n
where k is key size, n block size and t is tweak size.
( http://www.cs.berkeley.edu/%7Edaw/papers/tweak-crypto02.ps )
In the special case of LRW, it would be possible to squeeze it into an
IV styled interface, which does auto-incrementation. But that's flawed.
It would put functionality, where it does not belong. Witha tweakable
mode, the blocks are independent and are not linked in any way. The
interface should reflect this.
> What you really need to do is use an array for the tweak (or possibly a
> structure which maintains state about it if needed).
The LRW cipher mode is stateless. There is context information, but this
only a cache. Same applies for EME, and it's fellows.
--
Fruhwirth Clemens <clemens@endorphin.org> http://clemens.endorphin.org
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-02-10 9:50 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-24 11:56 [PATCH 01/04] Adding cipher mode context information to crypto_tfm Fruhwirth Clemens
2005-01-24 12:31 ` James Morris
2005-01-24 22:31 ` Andrew Morton
2005-01-24 23:12 ` Fruhwirth Clemens
2005-01-25 15:52 ` James Morris
2005-01-25 17:38 ` Fruhwirth Clemens
2005-01-25 18:56 ` James Morris
2005-01-29 18:13 ` Fruhwirth Clemens
2005-01-29 18:23 ` Andrew Morton
2005-01-30 18:07 ` Fruhwirth Clemens
2005-02-02 22:46 ` James Morris
2005-02-02 23:28 ` Fruhwirth Clemens
2005-02-02 23:34 ` David S. Miller
2005-02-03 0:21 ` Fruhwirth Clemens
2005-02-03 0:29 ` David S. Miller
2005-02-03 0:40 ` Michal Ludvig
2005-02-03 8:55 ` Fruhwirth Clemens
2005-02-02 23:46 ` James Morris
2005-02-02 23:47 ` James Morris
2005-02-03 11:47 ` Fruhwirth Clemens
2005-02-08 14:14 ` James Morris
2005-02-05 9:23 ` Fruhwirth Clemens
2005-02-08 14:48 ` James Morris
2005-02-08 16:08 ` Fruhwirth Clemens
2005-02-08 16:39 ` Fruhwirth Clemens
2005-02-08 23:30 ` James Morris
2005-02-08 23:53 ` Fruhwirth Clemens
2005-02-09 0:09 ` James Morris
2005-02-09 9:14 ` Fruhwirth Clemens
2005-02-10 0:30 ` James Morris
2005-02-10 1:02 ` Fruhwirth Clemens
2005-02-10 1:19 ` Andrew Morton
2005-02-10 1:37 ` Christophe Saout
2005-02-10 9:48 ` Fruhwirth Clemens
2005-02-10 10:33 ` Andrew Morton
2005-02-10 11:17 ` Fruhwirth Clemens
2005-02-10 17:02 ` James Morris
2005-02-10 17:29 ` Fruhwirth Clemens
2005-02-10 17:54 ` James Morris
2005-02-14 13:20 ` Fruhwirth Clemens
2005-02-14 15:56 ` David S. Miller
2005-02-14 17:06 ` Fruhwirth Clemens
2005-02-14 17:07 ` David S. Miller
2005-02-14 17:28 ` Fruhwirth Clemens
2005-02-14 18:16 ` Andrew Morton
2005-02-22 19:16 ` Fruhwirth Clemens
2005-02-12 0:24 ` Matt Mackall
2005-02-10 20:30 ` David S. Miller
2005-02-10 1:42 ` James Morris
2005-02-10 9:50 ` Fruhwirth Clemens [this message]
2005-02-02 23:00 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1108029005.14335.45.camel@ghanima \
--to=clemens@endorphin.org \
--cc=adam@yggdrasil.com \
--cc=akpm@osdl.org \
--cc=davem@davemloft.net \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michal@logix.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox