Re: Test AEAD/authenc algorithms from userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Dienstag, 31. Mai 2016, 14:10:20 schrieb Harsh Jain:

Hi Harsh,

> Hi,
> 
> You means to say like this
> 
> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
> 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
> 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
> 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
> -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44
> 
> It gives following error with kernel 4.5.2
> Symmetric cipher setkey failed
> Failed to invoke testing
> 

Please see testmgr.h for usage (especially the key encoding):

invocation:
./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p 
53696e676c6520626c6f636b206d7367 -k 
0800010000000010000000000000000000000000000000000000000006a9214036b8a15b512e03d534120006 
-i 3dafba429d9eb430b422da802c9fac41 -a 3dafba429d9eb430b422da802c9fac41 -l 20

return:
e353779c1079aeb82708942dbe77181a1b13cbaf895ee12c13c52ea3cceddcb50371a206

This is the first test of hmac_sha1_aes_cbc_enc_tv_temp (RFC3601 case 1). 
Note, the input string of "Single block msg" was converted to hex 
53696e676c6520626c6f636b206d7367 as my tool always treats all input data as 
hex data.

> 
> 
> Regards
> Harsh Jain
> 
> On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smueller@xxxxxxxxxx> 
wrote:
> > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
> > 
> > Hi Harsh,
> > 
> >> Hi All,
> >> 
> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
> >> userspace program.I check libkcapi library. It has test programs for
> >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
> >> Which of them is supported in crypto framework.
> >> 
> >> 1) Encrypt-then-MAC (EtM)
> >> 
> >>      The plaintext is first encrypted, then a MAC is produced based on
> >> 
> >> the resulting ciphertext. The ciphertext and its MAC are sent
> >> together.
> >> 2) Encrypt-and-MAC (E&M)
> >> 
> >>      A MAC is produced based on the plaintext, and the plaintext is
> >> 
> >> encrypted without the MAC. The plaintext's MAC and the ciphertext are
> >> sent together.
> >> 
> >> 3) MAC-then-Encrypt (MtE)
> >> 
> >>      A MAC is produced based on the plaintext, then the plaintext and
> >> 
> >> MAC are together encrypted to produce a ciphertext based on both. The
> >> ciphertext (containing an encrypted MAC) is sent.
> > 
> > The cipher types you mention refer to the implementation of authenc().
> > IIRC, authenc implements EtM as this is mandated by IPSEC.
> > 
> > When you use libkcapi, you should simply be able to use your cipher name
> > with the AEAD API. I.e. use the examples you see for CCM or GCM and use
> > those with the chosen authenc() cipher. Do you experience any issues?
> > 
> > Ciao
> > Stephan


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux