From: Stephan Mueller <smueller@chronox.de>
To: Harsh Jain <harshjain.prof@gmail.com>
Cc: linux-crypto@vger.kernel.org
Subject: Re: Test AEAD/authenc algorithms from userspace
Date: Tue, 31 May 2016 10:59:43 +0200 [thread overview]
Message-ID: <2892187.M1JfTODgdh@tauon.atsec.com> (raw)
In-Reply-To: <CAFXBA=mHcTorQaTfgkk-gfXf0LSae1hetPe=pJ_05sHJydaJcw@mail.gmail.com>
Am Dienstag, 31. Mai 2016, 14:10:20 schrieb Harsh Jain:
Hi Harsh,
> Hi,
>
> You means to say like this
>
> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
> 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
> 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
> 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
> -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44
>
> It gives following error with kernel 4.5.2
> Symmetric cipher setkey failed
> Failed to invoke testing
>
Please see testmgr.h for usage (especially the key encoding):
invocation:
./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
53696e676c6520626c6f636b206d7367 -k
0800010000000010000000000000000000000000000000000000000006a9214036b8a15b512e03d534120006
-i 3dafba429d9eb430b422da802c9fac41 -a 3dafba429d9eb430b422da802c9fac41 -l 20
return:
e353779c1079aeb82708942dbe77181a1b13cbaf895ee12c13c52ea3cceddcb50371a206
This is the first test of hmac_sha1_aes_cbc_enc_tv_temp (RFC3601 case 1).
Note, the input string of "Single block msg" was converted to hex
53696e676c6520626c6f636b206d7367 as my tool always treats all input data as
hex data.
>
>
> Regards
> Harsh Jain
>
> On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smueller@chronox.de>
wrote:
> > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
> >
> > Hi Harsh,
> >
> >> Hi All,
> >>
> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
> >> userspace program.I check libkcapi library. It has test programs for
> >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
> >> Which of them is supported in crypto framework.
> >>
> >> 1) Encrypt-then-MAC (EtM)
> >>
> >> The plaintext is first encrypted, then a MAC is produced based on
> >>
> >> the resulting ciphertext. The ciphertext and its MAC are sent
> >> together.
> >> 2) Encrypt-and-MAC (E&M)
> >>
> >> A MAC is produced based on the plaintext, and the plaintext is
> >>
> >> encrypted without the MAC. The plaintext's MAC and the ciphertext are
> >> sent together.
> >>
> >> 3) MAC-then-Encrypt (MtE)
> >>
> >> A MAC is produced based on the plaintext, then the plaintext and
> >>
> >> MAC are together encrypted to produce a ciphertext based on both. The
> >> ciphertext (containing an encrypted MAC) is sent.
> >
> > The cipher types you mention refer to the implementation of authenc().
> > IIRC, authenc implements EtM as this is mandated by IPSEC.
> >
> > When you use libkcapi, you should simply be able to use your cipher name
> > with the AEAD API. I.e. use the examples you see for CCM or GCM and use
> > those with the chosen authenc() cipher. Do you experience any issues?
> >
> > Ciao
> > Stephan
Ciao
Stephan
next prev parent reply other threads:[~2016-05-31 8:59 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 7:01 Test AEAD/authenc algorithms from userspace Harsh Jain
2016-05-31 7:05 ` Stephan Mueller
2016-05-31 8:40 ` Harsh Jain
2016-05-31 8:59 ` Stephan Mueller [this message]
2016-05-31 9:15 ` Harsh Jain
2016-05-31 9:21 ` Stephan Mueller
2016-05-31 10:58 ` Harsh Jain
2016-05-31 11:05 ` Stephan Mueller
2016-05-31 11:52 ` Harsh Jain
2016-05-31 11:55 ` Stephan Mueller
2016-12-19 10:38 ` Harsh Jain
2016-12-21 8:54 ` Herbert Xu
2016-12-23 5:46 ` Harsh Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2892187.M1JfTODgdh@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=harshjain.prof@gmail.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox