[Ocf-linux-users] Question regarding the operation of AES 128 CBC mode with OCF
Brought to you by:
david-m
Menu
▾
▴
[Ocf-linux-users] Question regarding the operation of AES 128 CBC mode with OCF
|
From: Sundar S. <sun...@gm...> - 2011-12-09 07:14:13
|
Thanks for the suggestions David, I open up the session only once and continue all my encryption/decryption before closing it, and it works. As you said, opening and closing sessions for each crypto operation costs lot of cpu cycles dearly :) Still am not sure if my crypto driver is supporting the chaining mode by feeding the cipher as the next IV. I don't think it is done by OCF in the kernel space nor in the user space API. It is proper only if chaining is taken care by the driver or the crypto hardware internally, for performance reasons. And also partly because this is specific only to certain algorithms. I'll check with my vendor for clarifications on the chaining mode. I've got another problem with openssl-0.9.8.r OCF patch. Am using an ARM SoC. The problem is that TLS/SSL certificate verification always fails due to ?endianess? issues. There is no "Configure" option in openssl-0.9.8r for armv4 so I compiled with linux-generic32 or linux-elf. It is a little endian ARM machine to be precise. Supports v7a instruction set if that matters. I also tried a custom OCF patch meant for openssl-0.9.8r ported to openssl-1.0.0e but has got some other issues. It crashes for some reason :( Could you please let me know if there is an OCF patch available for openssl-1.0.0x versions? And is known to be working on ARM machines? Thanks in advance! Regards, Sundar On Wed, Dec 7, 2011 at 9:28 AM, David McCullough < dav...@mc...> wrote: > > Jivin Sundar Subramaniyan lays it down ... > > Hi OCF guys, > > > > I have OCF framework along with the drivers built into the kernel and > properly tested with crypto-tools (cmactest and cryptotest). > > > > My question is particularly about the AES 128 CBC mode. > > > > The cmactest.c under crypto-tools had test code for sha1 hmac and des > hmac. > > > > I followed the same procedure for testing aes 128 cbc and it seemed to > work. > > > > 1. First I open up a session with keylength and key, etc, > > 2. Secondly, encrypt a plain text with an IV. > > 3. Then decrypt the cipher text that is obtained in step two. > > 4. Close the session > > > > In CBC mode, the IV is fed only the first time. The encryption of > forthcoming plaintext is done with the previous ciphertext as the IV. > > Should I keep the previous ciphertext somewhere in the userland > application and feed it the next time as the IV for next encryption? > > I think you need to take care of that but I haven't had time to check it > out > properly. > > > Or this chaining is taken care by OCF/driver in the kernel? > > > > If it happens in the OCF in kernel space, then is it ok that i close the > session for every encryption/decryption? > > I guess the session should be kept till all the encryption/decryption is > over. > > If you can, open the session once and close it when you are finished. > Opening/closing all the time will just slow you down :-) > > Cheers, > Davidm > > -- > David McCullough, dav...@mc..., Ph:+61 734352815 > McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org > |
