From: Nicolas Brunie <nicolas.brunie@kalray.eu>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: a few questions on AF_ALG specification (AEAD, socket/connection, ...)
Date: Tue, 26 Jul 2016 13:48:21 +0200 [thread overview]
Message-ID: <57974E05.3030502@kalray.eu> (raw)
Hi All,
I am developping a driver for a crypto offloading solution which
uses the AF_ALG interface. I am trying to stay as close as possible to
the specification but apart from the kernel crypto source code and a few
documents (such as
https://www.kernel.org/doc/htmldocs/crypto-API/ch04s06.html ) I have not
found a lot of details on AF_ALG specification and many points are not
very clear to me, it someone could point me towards reference to answer
the following questions it will be deeply appreciated.
*
**
Socket / Connection :
Is it legal to open multiple connections on an AF_ALG socket ? How is
the behavior defined
*From what I could test, at least for digests, multiple connections are
OK, but it seems odd to allow multiple connection to a cipher while
using a**shared key and multiple IVs. One of the use I could think of
will be parallelizing several encryption/decryption with the same
symmetric key.
*
Is it true that the key (defined via setsockopt) is common to all the
connections but the IV (defined through message control header) is
specific to each connection ?
*
*
Send/Recv interleaving
When computing a digest (e.g. sha256) it seems the recv call is
triggering the end of the digest accumulation, such a behavior can be
obtained by using/not using MSG_MORE flags, which *of the two*the
canonical way to compute a hash over several send messages ? It does not
seem possible to compute a partial digest (through a recv call) and then
continue accumulating through other send calls (apart from the security
risk of exposing a te*mporary digest, is there a reason why the recv
ends a digest computation ?)*.*
*
AES-GCM / AEAD
Does the aead_assoclen must be set once and for all for each stream or
is it a by message option ?
Option 0: set aead_assoclen during the first sendmsg and then stream
accross several sendmsg the full AAD and then the full plaintext/ciphertext
Option 1: set aead_assoclen for each of the first sendmsg containing aad
data. Once the aead_assoclen is strictly less than the msg’s data length
then the next messages must have aead_assoclen set to 0
*
best regards,
Nicolas Brunie
next reply other threads:[~2016-07-26 11:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 11:48 Nicolas Brunie [this message]
2016-07-26 11:54 ` a few questions on AF_ALG specification (AEAD, socket/connection, ...) Stephan Mueller
2016-07-26 14:37 ` Tadeusz Struk
2016-08-01 9:14 ` Nicolas Brunie
2016-08-01 9:27 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57974E05.3030502@kalray.eu \
--to=nicolas.brunie@kalray.eu \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox