On Wed, Dec 07, 2016 at 05:19:38PM +0800, Longpeng (Mike) wrote: > > > On 2016/12/7 16:52, Gonglei (Arei) wrote: > > >> -----Original Message----- > >> From: longpeng > >> Sent: Wednesday, December 07, 2016 4:34 PM > >> To: berra...@redhat.com; ebl...@redhat.com; arm...@redhat.com; > >> Gonglei (Arei) > >> Cc: qemu-devel@nongnu.org; Wubin (H); Zhoujian (jay, Euler); longpeng > >> Subject: [PATCH for-2.9 1/2] crypto: add 3des-ede support when using > >> libgcrypt/nettle > >> > >> Libgcrypt and nettle support 3des-ede, so this patch add 3des-ede > >> support when using libgcrypt or nettle. > >> > >> Signed-off-by: Longpeng(Mike) <longpe...@huawei.com> > >> --- > ...... > >> --- a/qapi/crypto.json > >> +++ b/qapi/crypto.json > >> @@ -63,6 +63,7 @@ > >> # @aes-192: AES with 192 bit / 24 byte keys > >> # @aes-256: AES with 256 bit / 32 byte keys > >> # @des-rfb: RFB specific variant of single DES. Do not use except in VNC. > >> +# @3des-ede: 3DES-EDE with 192 bit / 24 byte keys > > > > Missing since 2.9 here. > > > > Okay, I will add it in V2. > > >> # @cast5-128: Cast5 with 128 bit / 16 byte keys > >> # @serpent-128: Serpent with 128 bit / 16 byte keys > >> # @serpent-192: Serpent with 192 bit / 24 byte keys > ...... > >> + { > >> + /* Borrowed from linux-kernel crypto/testmgr.h */ > >> + .path = "/crypto/cipher/3des-ede-ecb", > >> + .alg = QCRYPTO_CIPHER_ALG_3DES_EDE, > >> + .mode = QCRYPTO_CIPHER_MODE_ECB, > >> + .key = > >> + "0123456789abcdef5555555555555555" > >> + "fedcba9876543210", > >> + .plaintext = > >> + "736f6d6564617461", > >> + .ciphertext = > >> + "18d748e563620572", > >> + }, > >> +#endif > > > > Pls adds the CTR mode test case as well. > > > > Okay! > > But I confuse with the 3DES's iv length now. I saw that cbc(3des-ede)'s iv-len > can be 8 or 16 bytes, and ctr(3des-ede)'s iv-len is 24 bytes(according to > linux-kernel crypto/testmgr.h). > > However, I think qcrypto_cipher_get_iv_len() cannot distinguish a cipher alg > with more than one iv-len. > > Daniel, do you have any idea ?
Both nettle and libgcrypt require that the iv len match the block size of the cipher, so iv-len for 3des must always be 24 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|