crypto: drbg - use CTR AES instead of ECB AES
The CTR DRBG derives its random data from the CTR that is encrypted with AES. This patch now changes the CTR DRBG implementation such that the CTR AES mode is employed. This allows the use of steamlined CTR AES implementation such as ctr-aes-aesni. Unfortunately there are the following subtile changes we need to apply when using the CTR AES mode: - the CTR mode increments the counter after the cipher operation, but the CTR DRBG requires the increment before the cipher op. Hence, the crypto_inc is applied to the counter (drbg->V) once it is recalculated. - the CTR mode wants to encrypt data, but the CTR DRBG is interested in the encrypted counter only. The full CTR mode is the XOR of the encrypted counter with the plaintext data. To access the encrypted counter, the patch uses a NULL data vector as plaintext to be "encrypted". Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Stephan Mueller
committed by
Herbert Xu
Herbert Xu
parent
e123be1612
commit
3559128521
@@ -1567,6 +1567,7 @@ config CRYPTO_DRBG_HASH
|
||||
config CRYPTO_DRBG_CTR
|
||||
bool "Enable CTR DRBG"
|
||||
select CRYPTO_AES
|
||||
depends on CRYPTO_CTR
|
||||
help
|
||||
Enable the CTR DRBG variant as defined in NIST SP800-90A.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user