From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Subject: Re: [RFC] DRBG: which shall be default?
Date: Thu, 02 Jun 2016 11:31:22 +0200 [thread overview]
Message-ID: <3243059.jE1At2qco9@tauon.atsec.com> (raw)
In-Reply-To: <20160602084012.GC15226@gondor.apana.org.au>
Am Donnerstag, 2. Juni 2016, 16:40:12 schrieb Herbert Xu:
Hi Herbert,
> On Tue, May 31, 2016 at 01:23:21PM +0200, Stephan Mueller wrote:
> > Hence my question: shall we leave the HMAC DRBG as default or shall we use
> > the CTR DRBG as default?
>
> I don't really care one way or another.
>
> BTW why did you use the crypto_cipher aes interface instead of
> the crypto_skcipher ctr(aes) interface which would likely make
> your code run many orders-of-magnitude faster, especially with
> aesni-intel?
I considered such approach, but the crux is the following: for the CTR DRBG
generate function, our state is 16 bytes (i.e. the AES block length). Out of
those 16 bytes, we generate the random number by encrypting that block,
incrementing the block by one and encrypt it again. In essence what we do here
is the stream cipher part of the CTR mode which generates the data stream we
use to XOR the input data with.
The skcipher API, however, wants to encrypt an entire input data stream. That
means the skcipher API requires the length of the input data stream to
generate an equally sized output data stream. But that is not what we have
here -- there is no input data. I.e. the skcipher API invokes the CTR mode for
the stream cipher and performs the final XOR of the CTR stream with the input
data.
Currently I would not see a way how to access the CTR mode stream cipher part
only via the skcipher API.
Ciao
Stephan
next prev parent reply other threads:[~2016-06-02 9:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 11:11 [PATCH] crypto: DRBG - reduce number of setkey calls Stephan Mueller
2016-05-31 11:23 ` [RFC] DRBG: which shall be default? Stephan Mueller
2016-06-02 8:40 ` Herbert Xu
2016-06-02 9:31 ` Stephan Mueller [this message]
2016-06-02 9:42 ` Herbert Xu
2016-06-02 12:06 ` Stephan Mueller
2016-06-08 2:41 ` Herbert Xu
2016-06-08 7:56 ` Stephan Mueller
2016-06-08 8:00 ` Stephan Mueller
2016-06-08 8:00 ` Herbert Xu
2016-06-08 8:58 ` Stephan Mueller
2016-06-08 9:03 ` Herbert Xu
2016-06-08 9:07 ` Stephan Mueller
2016-06-08 9:15 ` Herbert Xu
2016-06-08 9:32 ` Stephan Mueller
2016-06-02 10:45 ` [PATCH] crypto: DRBG - reduce number of setkey calls Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3243059.jE1At2qco9@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.