Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain: Hi Harsh, > Hi All, > > How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from > userspace program.I check libkcapi library. It has test programs for > GCM/CCM. There are 3 types of approaches to Authenticated Encryption, > Which of them is supported in crypto framework. > > 1) Encrypt-then-MAC (EtM) > The plaintext is first encrypted, then a MAC is produced based on > the resulting ciphertext. The ciphertext and its MAC are sent > together. > 2) Encrypt-and-MAC (E&M) > A MAC is produced based on the plaintext, and the plaintext is > encrypted without the MAC. The plaintext's MAC and the ciphertext are > sent together. > > 3) MAC-then-Encrypt (MtE) > A MAC is produced based on the plaintext, then the plaintext and > MAC are together encrypted to produce a ciphertext based on both. The > ciphertext (containing an encrypted MAC) is sent. The cipher types you mention refer to the implementation of authenc(). IIRC, authenc implements EtM as this is mandated by IPSEC. When you use libkcapi, you should simply be able to use your cipher name with the AEAD API. I.e. use the examples you see for CCM or GCM and use those with the chosen authenc() cipher. Do you experience any issues? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
