All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: dm-devel@redhat.com, Mikulas Patocka <mpatocka@redhat.com>,
	linux-crypto@vger.kernel.org, agk@redhat.com, mbroz@redhat.com
Subject: Re: [PATCH] crypto/arc4: convert this stream cipher into a block cipher
Date: Sun, 21 Feb 2010 21:01:40 +0100	[thread overview]
Message-ID: <20100221200140.GC11951@Chamillionaire.breakpoint.cc> (raw)
In-Reply-To: <20100216125125.GA390@gondor.apana.org.au>

* Herbert Xu | 2010-02-16 20:51:25 [+0800]:

>On Fri, Feb 12, 2010 at 09:42:28AM +0100, Sebastian Andrzej Siewior wrote:
>>
>> -static void arc4_crypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
>> +static void arc4_ivsetup(struct arc4_ctx *ctx, u8 *iv)
>>  {
>> -	struct arc4_ctx *ctx = crypto_tfm_ctx(tfm);
>> +	if (unlikely(!ctx->new_key))
>> +		return;
>> +	memcpy(iv, &ctx->iv, sizeof(ctx->iv));
>> +	ctx->new_key = 0;
>
>Sorry, but this doesn't work.
>
>A ctx is supposed to be reentrant.  That is, while one thread
>is working away with a given ctx I should be able to use that
>same ctx in a different thread without them clobbering each
>other.
I also destroy the user supplied IV. You don't care about that? :)
So I have to know that someone called setkey() on this ctx but I can't
leave hints.
salsa also does not stick to plan here. ctx->input[6-9] is initialized
in encrypt() path. So two threads sharing a ctx are going to clobber
their state.

What about a new api for the stream cipher? We would merge the ctx part
and the iv into one handle. So the user would call setup_iv() instead of
setkey(). The difference would be that I can access the iv from within
setkey(). And the algorithm can fully express himself since he is no
longer trapped in the wrong body :)

>So that means (in general) you must not modify the ctx in any
>function other than setkey.
That is hard because I have a new state after encryption which I am only
allowed to save in the iv. And the new state may be reset in setkey()
where I can't touch the iv.
salsa does not keep/update its state. So the input[6-9] problem could be
fixed. Who/where is it used anyway? I can't see any user besides the
possible once (i.e. dm-crypt/ipsec).

>This also brings up the bigger question of how we transition to
>this new arc4.  I don't think we need to maintain exactly the
>same behaviour as the existing ecb(arc4).
>
>So what we could do is simply add a new blkcipher arc4, alongside
>the existing cipher arc4.  Then we can convert the existing users
>across, and finally remove the old arc4.
This has worked out before, lets stick to this :)

>Cheers,

Sebastian

  reply	other threads:[~2010-02-21 20:01 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-25 18:29 [PATCH] dm-crypt: disable block encryption with arc4 Mikulas Patocka
2010-01-25 18:39 ` Milan Broz
2010-01-26  9:22   ` Sebastian Andrzej Siewior
2010-01-26 10:48     ` Milan Broz
2010-01-26 12:27       ` Mikulas Patocka
2010-01-26 13:34         ` Sebastian Andrzej Siewior
2010-01-26 17:11           ` Mikulas Patocka
2010-02-09  7:37         ` Herbert Xu
2010-02-09 14:02           ` Mikulas Patocka
2010-02-09 20:42             ` Herbert Xu
2010-02-09 14:57           ` Sebastian Andrzej Siewior
2010-02-09 20:45             ` Herbert Xu
2010-02-09 21:12               ` Sebastian Andrzej Siewior
2010-02-09 21:45                 ` Herbert Xu
2010-02-12  8:42                   ` [PATCH] crypto/arc4: convert this stream cipher into a block cipher Sebastian Andrzej Siewior
2010-02-12  9:34                     ` Adrian-Ken Rueegsegger
2010-02-12  9:57                       ` Sebastian Andrzej Siewior
2010-02-14 20:42                     ` Sebastian Andrzej Siewior
2010-02-15  0:10                       ` Herbert Xu
2010-02-15  8:49                         ` Sebastian Andrzej Siewior
2010-02-16 12:51                     ` Herbert Xu
2010-02-21 20:01                       ` Sebastian Andrzej Siewior [this message]
2010-02-22  0:45                         ` Herbert Xu
2010-02-22  0:52                           ` Herbert Xu
2010-02-22 22:08                             ` Sebastian Andrzej Siewior
2010-02-23  0:32                               ` Herbert Xu
2010-03-14  8:24                                 ` Sebastian Andrzej Siewior
2010-03-14  9:06                                   ` Herbert Xu
     [not found]                       ` <Pine.LNX.4.64.1002221400090.31819@hs20-bc2-1.build.redhat.com>
2010-02-23  0:15                         ` Herbert Xu
2010-01-26 12:59   ` [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4 Alasdair G Kergon
2010-01-25 18:39 ` Mikulas Patocka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100221200140.GC11951@Chamillionaire.breakpoint.cc \
    --to=sebastian@breakpoint.cc \
    --cc=agk@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=mbroz@redhat.com \
    --cc=mpatocka@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.