[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.9 1/2] crypto: add 3des-ede support when u
From: |
Longpeng (Mike) |
Subject: |
Re: [Qemu-devel] [PATCH for-2.9 1/2] crypto: add 3des-ede support when using libgcrypt/nettle |
Date: |
Wed, 7 Dec 2016 17:19:38 +0800 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 |
On 2016/12/7 16:52, Gonglei (Arei) wrote:
>> -----Original Message-----
>> From: longpeng
>> Sent: Wednesday, December 07, 2016 4:34 PM
>> To: address@hidden; address@hidden; address@hidden;
>> Gonglei (Arei)
>> Cc: address@hidden; Wubin (H); Zhoujian (jay, Euler); longpeng
>> Subject: [PATCH for-2.9 1/2] crypto: add 3des-ede support when using
>> libgcrypt/nettle
>>
>> Libgcrypt and nettle support 3des-ede, so this patch add 3des-ede
>> support when using libgcrypt or nettle.
>>
>> Signed-off-by: Longpeng(Mike) <address@hidden>
>> ---
......
>> --- a/qapi/crypto.json
>> +++ b/qapi/crypto.json
>> @@ -63,6 +63,7 @@
>> # @aes-192: AES with 192 bit / 24 byte keys
>> # @aes-256: AES with 256 bit / 32 byte keys
>> # @des-rfb: RFB specific variant of single DES. Do not use except in VNC.
>> +# @3des-ede: 3DES-EDE with 192 bit / 24 byte keys
>
> Missing since 2.9 here.
>
Okay, I will add it in V2.
>> # @cast5-128: Cast5 with 128 bit / 16 byte keys
>> # @serpent-128: Serpent with 128 bit / 16 byte keys
>> # @serpent-192: Serpent with 192 bit / 24 byte keys
......
>> + {
>> + /* Borrowed from linux-kernel crypto/testmgr.h */
>> + .path = "/crypto/cipher/3des-ede-ecb",
>> + .alg = QCRYPTO_CIPHER_ALG_3DES_EDE,
>> + .mode = QCRYPTO_CIPHER_MODE_ECB,
>> + .key =
>> + "0123456789abcdef5555555555555555"
>> + "fedcba9876543210",
>> + .plaintext =
>> + "736f6d6564617461",
>> + .ciphertext =
>> + "18d748e563620572",
>> + },
>> +#endif
>
> Pls adds the CTR mode test case as well.
>
Okay!
But I confuse with the 3DES's iv length now. I saw that cbc(3des-ede)'s iv-len
can be 8 or 16 bytes, and ctr(3des-ede)'s iv-len is 24 bytes(according to
linux-kernel crypto/testmgr.h).
However, I think qcrypto_cipher_get_iv_len() cannot distinguish a cipher alg
with more than one iv-len.
Daniel, do you have any idea ?
> You'd better split the patch set into two patches so that Denial can take
> this one.
> and I can take the patch 2.
>
Okay, thanks.
> Thanks for your work.
>
> -Gonglei
>
>> {
>> /* RFC 2144, Appendix B.1 */
>> .path = "/crypto/cipher/cast5-128",
>> --
>> 1.8.3.1
>>
>
>
> .
>
--
Regards,
Longpeng(Mike)