• Stephan Mueller's avatar
    crypto: drbg - use CTR AES instead of ECB AES · 35591285
    Stephan Mueller authored
    The CTR DRBG derives its random data from the CTR that is encrypted with
    AES.
    
    This patch now changes the CTR DRBG implementation such that the
    CTR AES mode is employed. This allows the use of steamlined CTR AES
    implementation such as ctr-aes-aesni.
    
    Unfortunately there are the following subtile changes we need to apply
    when using the CTR AES mode:
    
    - the CTR mode increments the counter after the cipher operation, but
      the CTR DRBG requires the increment before the cipher op. Hence, the
      crypto_inc is applied to the counter (drbg->V) once it is
      recalculated.
    
    - the CTR mode wants to encrypt data, but the CTR DRBG is interested in
      the encrypted counter only. The full CTR mode is the XOR of the
      encrypted counter with the plaintext data. To access the encrypted
      counter, the patch uses a NULL data vector as plaintext to be
      "encrypted".
    Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    35591285
drbg.c 57 KB