From: Stephan Mueller <smueller@chronox.de>
To: Harsh Jain <harshjain.prof@gmail.com>
Cc: linux-crypto@vger.kernel.org
Subject: Re: Test AEAD/authenc algorithms from userspace
Date: Tue, 31 May 2016 09:05:33 +0200 [thread overview]
Message-ID: <2943969.IiWKeGvEyD@tauon.atsec.com> (raw)
In-Reply-To: <CAFXBA=kStufh3TDe=+qQYmd2tNCj9hgXLUKBeoZHBs2VxRBRbQ@mail.gmail.com>
Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
Hi Harsh,
> Hi All,
>
> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
> userspace program.I check libkcapi library. It has test programs for
> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
> Which of them is supported in crypto framework.
>
> 1) Encrypt-then-MAC (EtM)
> The plaintext is first encrypted, then a MAC is produced based on
> the resulting ciphertext. The ciphertext and its MAC are sent
> together.
> 2) Encrypt-and-MAC (E&M)
> A MAC is produced based on the plaintext, and the plaintext is
> encrypted without the MAC. The plaintext's MAC and the ciphertext are
> sent together.
>
> 3) MAC-then-Encrypt (MtE)
> A MAC is produced based on the plaintext, then the plaintext and
> MAC are together encrypted to produce a ciphertext based on both. The
> ciphertext (containing an encrypted MAC) is sent.
The cipher types you mention refer to the implementation of authenc(). IIRC,
authenc implements EtM as this is mandated by IPSEC.
When you use libkcapi, you should simply be able to use your cipher name with
the AEAD API. I.e. use the examples you see for CCM or GCM and use those with
the chosen authenc() cipher. Do you experience any issues?
Ciao
Stephan
next prev parent reply other threads:[~2016-05-31 7:05 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 7:01 Test AEAD/authenc algorithms from userspace Harsh Jain
2016-05-31 7:05 ` Stephan Mueller [this message]
2016-05-31 8:40 ` Harsh Jain
2016-05-31 8:59 ` Stephan Mueller
2016-05-31 9:15 ` Harsh Jain
2016-05-31 9:21 ` Stephan Mueller
2016-05-31 10:58 ` Harsh Jain
2016-05-31 11:05 ` Stephan Mueller
2016-05-31 11:52 ` Harsh Jain
2016-05-31 11:55 ` Stephan Mueller
2016-12-19 10:38 ` Harsh Jain
2016-12-21 8:54 ` Herbert Xu
2016-12-23 5:46 ` Harsh Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2943969.IiWKeGvEyD@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=harshjain.prof@gmail.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox