[PATCH] Add XTS cipher mode

Jussi Kivilinna jussi.kivilinna at iki.fi
Wed Jan 4 21:42:14 CET 2017


On 04.01.2017 18:09, Stephan Müller wrote:
> Am Mittwoch, 4. Januar 2017, 17:15:06 CET schrieb Jussi Kivilinna:
> 
> Hi Jussi,
> 
>> +	case GCRY_CIPHER_MODE_XTS:
>> +	  /* Setup tweak cipher with second part of XTS key. */
>> +	  rc = c->spec->setkey (c->u_mode.xts.tweak_context, key + keylen,
>> +				keylen);
>> +	  if (!rc)
>> +	    {
>> +	      /* Duplicate initial tweak context.  */
>> +	      memcpy (c->u_mode.xts.tweak_context + c->spec->contextsize,
>> +		      c->u_mode.xts.tweak_context, c->spec->contextsize);
>> +	    }
>> +	  else
>> +	    c->marks.key = 0;
>> +	  break;
>> +
> 
> As libgcrypt is intended to be used in FIPS 140-2 context, can you please add 
> a check that the key and tweak key are not identical? If they are, setkey 
> should fail.

Sure, I'll add check that is active in FIPS mode.

-Jussi




More information about the Gcrypt-devel mailing list