git.baikalelectronics.ru Git - kernel.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Tue, 14 Jun 2016 05:34:13 +0000 (07:34 +0200)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Wed, 15 Jun 2016 09:07:53 +0000 (17:07 +0800)
commit	6808f68bea43209bb9b1c9f22a32734428bd9128
tree	f25c7201d6538cebae6a4d5ded1998a2164717de	tree \| snapshot
parent	4cddb37b9cc8f0aca493f9b01ff799e31d813dea	commit \| diff

crypto: drbg - use CTR AES instead of ECB AES

The CTR DRBG derives its random data from the CTR that is encrypted with
AES.

This patch now changes the CTR DRBG implementation such that the
CTR AES mode is employed. This allows the use of steamlined CTR AES
implementation such as ctr-aes-aesni.

Unfortunately there are the following subtile changes we need to apply
when using the CTR AES mode:

- the CTR mode increments the counter after the cipher operation, but
  the CTR DRBG requires the increment before the cipher op. Hence, the
  crypto_inc is applied to the counter (drbg->V) once it is
  recalculated.

- the CTR mode wants to encrypt data, but the CTR DRBG is interested in
  the encrypted counter only. The full CTR mode is the XOR of the
  encrypted counter with the plaintext data. To access the encrypted
  counter, the patch uses a NULL data vector as plaintext to be
  "encrypted".

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/Kconfig		diff \| blob \| history
crypto/drbg.c		diff \| blob \| history
include/crypto/drbg.h		diff \| blob \| history