cryptodev: Support ciphers with blocksize != ivsize
AbandonedPublic
Actions

Authored by cem on Mar 17 2018, 4:02 AM.

Details

Reviewers

delphij
cperciva
gordon
markm
jmg
des
markj

Group Reviewers

secteam

Summary

For example, Chacha20 expects a 16 byte IV+nonce but is a stream cipher with
an effective input block size of a single byte.

This change is the bare minimum; some inefficiencies remain in
cryptosoft.c. I plan to address those once there is a cipher to test
them against.

Diff Detail

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 15609
Build 15645: arc lint + arc unit

Event Timeline

cem created this revision.Mar 17 2018, 4:02 AM

Harbormaster completed remote builds in B15609: Diff 40371.Mar 17 2018, 4:02 AM

cem added a reviewer: secteam.Mar 17 2018, 4:02 AM

cem added a child revision: D14717: opencrypto: Integrate Chacha20 algorithm into OCF.Mar 17 2018, 5:12 AM

cem edited the summary of this revision. (Show Details)Mar 19 2018, 8:33 PM

The transform's ivsize is how large an IV is — not its blocksize. Match code with intent.

Summary of existing enc algs:

Skipjack, AES-ICM, Blowfish, CAST-128, Camellia, DES3, Rijndael128, DES: Identical IV and block size (no functional change).

AES-GCM: block len of 1, IV len of 12.

AES-XTS: block len of 16, IV len of 8.

NULL: block 4, IV 0

For all of these it seems like the supplied ivsize is correct, in the cases where it makes a difference.

Also, for Chacha20 (not yet added to OCF): block len 1, IV len 16 (IV + Nonce anyway).

Does this make sense?

r331579

Revision Contents
Changeset List

Path

Size

sys/

opencrypto/

cryptodev.c

10 lines

Diff 40371

View Options

sys/opencrypto/cryptodev.c

cryptodev: Support ciphers with blocksize != ivsizeAbandonedPublicActions