Hi, You means to say like this ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2 -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44 It gives following error with kernel 4.5.2 Symmetric cipher setkey failed Failed to invoke testing Regards Harsh Jain On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain: > > Hi Harsh, > >> Hi All, >> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from >> userspace program.I check libkcapi library. It has test programs for >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption, >> Which of them is supported in crypto framework. >> >> 1) Encrypt-then-MAC (EtM) >> The plaintext is first encrypted, then a MAC is produced based on >> the resulting ciphertext. The ciphertext and its MAC are sent >> together. >> 2) Encrypt-and-MAC (E&M) >> A MAC is produced based on the plaintext, and the plaintext is >> encrypted without the MAC. The plaintext's MAC and the ciphertext are >> sent together. >> >> 3) MAC-then-Encrypt (MtE) >> A MAC is produced based on the plaintext, then the plaintext and >> MAC are together encrypted to produce a ciphertext based on both. The >> ciphertext (containing an encrypted MAC) is sent. > > The cipher types you mention refer to the implementation of authenc(). IIRC, > authenc implements EtM as this is mandated by IPSEC. > > When you use libkcapi, you should simply be able to use your cipher name with > the AEAD API. I.e. use the examples you see for CCM or GCM and use those with > the chosen authenc() cipher. Do you experience any issues? > > Ciao > Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
