Re: [Ocf-linux-users] Question regarding the operation of AES 128 CBC mode with OCF
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] Question regarding the operation of AES 128 CBC mode with OCF
|
From: David M. <dav...@mc...> - 2011-12-07 04:13:54
|
Jivin Sundar Subramaniyan lays it down ... > Hi OCF guys, > > I have OCF framework along with the drivers built into the kernel and properly tested with crypto-tools (cmactest and cryptotest). > > My question is particularly about the AES 128 CBC mode. > > The cmactest.c under crypto-tools had test code for sha1 hmac and des hmac. > > I followed the same procedure for testing aes 128 cbc and it seemed to work. > > 1. First I open up a session with keylength and key, etc, > 2. Secondly, encrypt a plain text with an IV. > 3. Then decrypt the cipher text that is obtained in step two. > 4. Close the session > > In CBC mode, the IV is fed only the first time. The encryption of forthcoming plaintext is done with the previous ciphertext as the IV. > Should I keep the previous ciphertext somewhere in the userland application and feed it the next time as the IV for next encryption? I think you need to take care of that but I haven't had time to check it out properly. > Or this chaining is taken care by OCF/driver in the kernel? > > If it happens in the OCF in kernel space, then is it ok that i close the session for every encryption/decryption? > I guess the session should be kept till all the encryption/decryption is over. If you can, open the session once and close it when you are finished. Opening/closing all the time will just slow you down :-) Cheers, Davidm -- David McCullough, dav...@mc..., Ph:+61 734352815 McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org |
