From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
To: tobias.polzer@fau.de, herbert@gondor.apana.org.au
Cc: Dominik Paulus <dominik@d-paulus.de>,
linux-crypto@vger.kernel.org, davem@davemloft.net,
linux-kernel@i4.cs.fau.de
Subject: Re: crypto: GCM API usage
Date: Thu, 3 Oct 2013 09:10:01 -0300 [thread overview]
Message-ID: <20131003121001.GC8346@mhcerri.ibm.com> (raw)
In-Reply-To: <b2497b2c434ee21c2c700427f48cc398.squirrel@faumail.uni-erlangen.de>
On Thu, Oct 03, 2013 at 08:03:45AM +0200, tobias.polzer@fau.de wrote:
> > I haven't used the IV generation facility of the Crypto API, but it
> > seems to be very straightforward although there's no documentation
> > about that.
> >
> > You should use aead_givcrypt_set_callback(), aead_givcrypt_set_assoc()
> > and aead_givcrypt_set_crypt() as you would use the regular aead
> > functions, that includes that you have to provide a buffer with length
> > equals to the algorithm block size for the IV. And then you should call
> > aead_givcrypt_set_giv() passing a counter and another IV buffer.
> >
> > The difference between the two IV buffers that you have to provide to
> > aead_givcrypt_set_crypt() and aead_givcrypt_set_giv() is that the first
> > one will be updated by the algorithm during the encryption of each block
> > and the second one will contain the generated IV that you will have to
> > use to decrypt data.
> >
> > The last step is to call crypto_aead_givencrypt() as you would call
> > crypto_aead_encrypt().
>
> We discovered those functions, yet the only way we found how to use them was
> to use one of the ipsec modes, e.g.:
> crypto_alloc_aead("rfc4106(gcm(aes))", 0, 0)
>
> Is this the only way this API should be used, or is there some high level
> interface to use iv generators like seqiv?
In order to use IV generation, the targeted algorithm must specify a
generation method and the "plain" GCM implementation actually doesn't do
it.
Both rfc4106 and rfc4543 (gmac) say that the implementation "can use any
IV generation method that meets the uniqueness requirement without
coordinating with the receiver". I think that is the reason that only
these two variations of GCM explicitly define an IV generation method.
If I'm not wrong the Crypto API was first designed to support ipsec
needs, so it makes sense that it simplify things for it. However, I
don't see any reason for GCM itself not have a default IV generation
method, since regular and giv interfaces can be used.
So you should keep explicitly handling the IV generation or maybe submit
a patch adding a default geniv for GCM. I think Herbert can give us more
information about the "history" behind the geniv support and correct me
if I said anything wrong.
>
> Thank you for your help,
> Dominik Paulus and Tobias Polzer
>
prev parent reply other threads:[~2013-10-03 12:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-16 10:58 crypto: GCM API usage dominik.d.paulus
2013-09-16 18:34 ` Dominik Paulus
2013-09-19 20:33 ` Marcelo Cerri
2013-10-03 6:03 ` tobias.polzer
2013-10-03 12:10 ` Marcelo Cerri [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131003121001.GC8346@mhcerri.ibm.com \
--to=mhcerri@linux.vnet.ibm.com \
--cc=davem@davemloft.net \
--cc=dominik@d-paulus.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@i4.cs.fau.de \
--cc=tobias.polzer@fau.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox