]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8b91dc9) | patch
crypto: testmgr - add iv_out to all CTR test vectors
authorEric Biggers <ebiggers@google.com>
Thu, 14 Feb 2019 08:03:53 +0000 (00:03 -0800)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 22 Feb 2019 04:47:27 +0000 (12:47 +0800)
commit7681452f75a197d1a677a5794f9f3a29ffcf1628
tree6eabf8888e9e2b11a8938864f3a469005d3d854etree | snapshot
parent8b91dc9e06c479162cd09a54963ce569f5d75698commit | diff
crypto: testmgr - add iv_out to all CTR test vectors

Test that all CTR implementations update the IV buffer to contain the
next counter block, aka the IV to continue the encryption/decryption of
a larger message.  When the length processed is a multiple of the block
size, users may rely on this for chaining.

When the length processed is *not* a multiple of the block size, simple
chaining doesn't work.  However, as noted in commit ae405f77ffc7
("crypto: arm64/aes - don't use IV buffer to return final keystream
block"), the generic CCM implementation assumes that the CTR IV is
handled in some sane way, not e.g. overwritten with part of the
keystream.  Since this was gotten wrong once already, it's desirable to
test for it.  And, the most straightforward way to do this is to enforce
that all CTR implementations have the same behavior as the generic
implementation, which returns the *next* counter following the final
partial block.  This behavior also has the advantage that if someone
does misuse this case for chaining, then the keystream won't be
repeated.  Thus, this patch makes the tests expect this behavior.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto/testmgr.h diff | blob | history
Linux Kernel Source Tree.