From: Nicolas Brunie <nicolas.brunie@kalray.eu>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: a few questions on AF_ALG specification (AEAD, socket/connection, ...)
Date: Tue, 26 Jul 2016 13:48:21 +0200 [thread overview]
Message-ID: <57974E05.3030502@kalray.eu> (raw)
Hi All,
I am developping a driver for a crypto offloading solution which
uses the AF_ALG interface. I am trying to stay as close as possible to
the specification but apart from the kernel crypto source code and a few
documents (such as
https://www.kernel.org/doc/htmldocs/crypto-API/ch04s06.html ) I have not
found a lot of details on AF_ALG specification and many points are not
very clear to me, it someone could point me towards reference to answer
the following questions it will be deeply appreciated.
*
**
Socket / Connection :
Is it legal to open multiple connections on an AF_ALG socket ? How is
the behavior defined
*From what I could test, at least for digests, multiple connections are
OK, but it seems odd to allow multiple connection to a cipher while
using a**shared key and multiple IVs. One of the use I could think of
will be parallelizing several encryption/decryption with the same
symmetric key.
*
Is it true that the key (defined via setsockopt) is common to all the
connections but the IV (defined through message control header) is
specific to each connection ?
*
*
Send/Recv interleaving
When computing a digest (e.g. sha256) it seems the recv call is
triggering the end of the digest accumulation, such a behavior can be
obtained by using/not using MSG_MORE flags, which *of the two*the
canonical way to compute a hash over several send messages ? It does not
seem possible to compute a partial digest (through a recv call) and then
continue accumulating through other send calls (apart from the security
risk of exposing a te*mporary digest, is there a reason why the recv
ends a digest computation ?)*.*
*
AES-GCM / AEAD
Does the aead_assoclen must be set once and for all for each stream or
is it a by message option ?
Option 0: set aead_assoclen during the first sendmsg and then stream
accross several sendmsg the full AAD and then the full plaintext/ciphertext
Option 1: set aead_assoclen for each of the first sendmsg containing aad
data. Once the aead_assoclen is strictly less than the msg’s data length
then the next messages must have aead_assoclen set to 0
*
best regards,
Nicolas Brunie
next reply other threads:[~2016-07-26 11:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 11:48 Nicolas Brunie [this message]
2016-07-26 11:54 ` a few questions on AF_ALG specification (AEAD, socket/connection, ...) Stephan Mueller
2016-07-26 14:37 ` Tadeusz Struk
2016-08-01 9:14 ` Nicolas Brunie
2016-08-01 9:27 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57974E05.3030502@kalray.eu \
--to=nicolas.brunie@kalray.eu \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.