Am Montag, 26. Januar 2015, 08:58:33 schrieb Tadeusz Struk:
Hi Tadeusz,
> On 01/25/2015 04:10 PM, Herbert Xu wrote:
> > On Sun, Jan 25, 2015 at 08:26:50AM -0800, Tadeusz Struk wrote:
> >> > Hi Stephan,
> >> >
> >> > On 01/25/2015 12:58 AM, Stephan Mueller wrote:
> >>>> > >> +static int rfc4106_set_key(struct crypto_aead *parent, const u8
> >>>> > >> *key,
> >>>> > >>
> >>>>> > >> > + unsigned int key_len)
> >>>>> > >> >
> >>>>> > >> > {
> >>>>> > >> >
> >>>>> > >> > struct aesni_rfc4106_gcm_ctx *ctx =
> >>>>> > >> > aesni_rfc4106_gcm_ctx_get(parent);
> >>>>> > >> > struct crypto_aead *cryptd_child =
> >>>>> > >> > cryptd_aead_child(ctx->cryptd_tfm);
> >>>>> > >> >
> >>>>> > >> > + struct aesni_rfc4106_gcm_ctx *child_ctx =
> >>>>> > >> > + aesni_rfc4106_gcm_ctx_get(cryptd_child);
> >>>>> > >> > + int ret;
> >>>>> > >> >
> >>>>> > >> > + ret = common_rfc4106_set_key(parent, key, key_len);
> >>> > >
> >>> > > Shouldn't that one be crypto_aead_setkey, i.e using the regular
> >>> > > crypto API
> >>> > > instead of internal calls?
> >> >
> >> > No, I don't think so. I think that would create an infinite loop.
> >
> > So why does it work for ablk_helper but not for aead?
>
> Here we have two instances of crypto_aead algorithm, one the
> rfc4106(gcm(aes)), whose setkey points to rfc4106_set_key(), and the
> internal helper __gcm-aes-aesni (wrapped in by the cryptd interface),
> whose setkey points to common_rfc4106_set_key(). If we would call
> crypto_aead_setkey() on the parent from rfc4106_set_key() then we would
> invoke the same rfc4106_set_key() function. It would be ok to call the
> crypto_aead_setkey() on the child, but what's the point?
The point is to maintain an onion style framework that is coherent. All other
ciphers implement it (look at the generic gcm.c).
> What we really want to do is to setup the context (authsize and key) for
> both the top level rfc4106(gcm(aes)) and the helper __gcm-aes-aesni. We
> can do it by calling the internal function directly or by the regular
> crypto API crypto_aead_setkey()/set_authsize() on the child, but I don't
> see any difference or benefit of it.
Then, why do we register the internal __driver "cipher" at all. On the one
hand, the kernel crypto API is used for some aspects but not for others. Hm...
> Hope that make sense.
> Thanks,
> Tadeusz
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
