[PATCH] Add XTS cipher mode
Stephan Müller
smueller at chronox.de
Wed Jan 4 17:09:31 CET 2017
Am Mittwoch, 4. Januar 2017, 17:15:06 CET schrieb Jussi Kivilinna:
Hi Jussi,
> + case GCRY_CIPHER_MODE_XTS:
> + /* Setup tweak cipher with second part of XTS key. */
> + rc = c->spec->setkey (c->u_mode.xts.tweak_context, key + keylen,
> + keylen);
> + if (!rc)
> + {
> + /* Duplicate initial tweak context. */
> + memcpy (c->u_mode.xts.tweak_context + c->spec->contextsize,
> + c->u_mode.xts.tweak_context, c->spec->contextsize);
> + }
> + else
> + c->marks.key = 0;
> + break;
> +
As libgcrypt is intended to be used in FIPS 140-2 context, can you please add
a check that the key and tweak key are not identical? If they are, setkey
should fail.
See https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/
tree/include/crypto/xts.h#n43 for an example code.
Thanks
Stephan
More information about the Gcrypt-devel
mailing list