Re: problems with kerneli patch?

[Marc Mutz <Marc.Mutz@uni-bielefeld.de>]

Robert Varga wrote:
> 
<snip>
> Could somebody summarize the known problems and wether they are being worked
> on? If not, I could take a look at them.
<snip> 

Do you mean conceptional or implementation-dependent?

For the first, a starting point would be - of course - Applied
Cryptography by B. Schneier. There is quite an extensive references
section there, but the book is now more than six years old.

For the second, here's a list of bug/inconvenients for the linux
loopback device crypto and the cryptoapi, as far as i know and recall
them:

- 2G limit in the loopback device
  (2.2+2.4, axboe maybe has a patch for 2.4?)
- deadlocks in the loopback device
  (2.4, axboe has a patch)
- blowfish (and other ciphers) have endian-issues (2.2+2.4)
  This is mostly because
  a. no-one has really defined what the ciphers should
     return and accept (cryptoapi)
  b. the authors of ciphers often did not pay attention
     themselves
  c. no-one has tested the ciphers (due to a.)
- blowfish (and others) have a problem with demand-module
  loading (2.2.18.4pre+2.4)

For the third point: Alex, Gisle, should we define the input and output
of *_{en,de}crypt functions to expect/provide an octet stream? Then all
endian issues (except bit-endianess, which is a non-issue on platforms
Linux runs on) go away. One then has to check (like Brian Gladman did in
his paper on the subject he submitted to the AES comments last year) the
papers and check the implementations in the kernel against that.

Additions to this list are welcome.

Marc

-- 
Marc Mutz <Marc@Mutz.com>     http://EncryptionHOWTO.sourceforge.net/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics

PGP-keyID's:   0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/