Hello list, I hope it is ok to ask a question on how to use the crypto API in the Linux kernel, even though the list appears to be mostly PATCH mails. I am currently porting some code from Solaris kernel to Linux, which uses "SUN_CKM_AES_CCM" mech, with ivsize of 12, and hmac computed of len 16. Looking in tcrypt.c tester, which appears to be the only example that I can find, I should be using AEAD. But I must admit I could not get my AEAD example to work. My test code calls crypto_aead_encrypt() and I get -22 back (EINVAL). http://www.lundman.net/ccm-aes-test.c But, since ivsize is 16, and there are no API calls to change it to 12, perhaps I will not be able to use the supplied ccm-aes? Is it a lost cause? Will I be pasting in the entire AES sources that I need into my module? Going over the Solaris sources, they appear to call regular AES, then call the ccm_encrypt_final() function: * For CCM mode, aes_ccm_encrypt_final() will take care of any * left-over unprocessed data, and compute the MAC */ if (aes_ctx->ac_flags & CCM_MODE) { ret = ccm_encrypt_final((ccm_ctx_t *)aes_ctx, ciphertext, AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block); } Which makes me think that perhaps I can do the same on Linux. Ignore AEAD (which I can not get to work) and use blkcipher "cbc(aes)" instead. Then port in the ccm_encrypt_final() sources over, which calls final, and computes the hmac. Could that work? Any examples? I would very much appreciate some hints here, Lund ps. Some peculiarities that I came across are: 1) aead_request_set_assoc() takes a scatterlist *, and a length. And scatterlist is a pointer, and length. Seems redundant, do I set both, or is one ignored? 2) crypto_blkcipher_set_iv() takes a pointer and length, which implies you can set the "ivsize", but length is only used in the iv copy. "->ivsize" is not modified, and remains the original value. Is it useful to be able to only partially set the iv? -- Jorgen Lundman | <lundman@xxxxxxxxxxx> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
