Hi Herbert, TLS default mode of operation is MAC-then-Encrypt for Authenc algos. Currently framework only supports EtM used in IPSec. User space programs like openssl cannot use af-alg interface to encrypt/decrypt in TLS mode. Are we going to support Mac-then-Encrypt mode in future kernel releases? Regards Harsh Jain On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain: > > Hi Harsh, > >> Hi All, >> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from >> userspace program.I check libkcapi library. It has test programs for >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption, >> Which of them is supported in crypto framework. >> >> 1) Encrypt-then-MAC (EtM) >> The plaintext is first encrypted, then a MAC is produced based on >> the resulting ciphertext. The ciphertext and its MAC are sent >> together. >> 2) Encrypt-and-MAC (E&M) >> A MAC is produced based on the plaintext, and the plaintext is >> encrypted without the MAC. The plaintext's MAC and the ciphertext are >> sent together. >> >> 3) MAC-then-Encrypt (MtE) >> A MAC is produced based on the plaintext, then the plaintext and >> MAC are together encrypted to produce a ciphertext based on both. The >> ciphertext (containing an encrypted MAC) is sent. > > The cipher types you mention refer to the implementation of authenc(). IIRC, > authenc implements EtM as this is mandated by IPSEC. > > When you use libkcapi, you should simply be able to use your cipher name with > the AEAD API. I.e. use the examples you see for CCM or GCM and use those with > the chosen authenc() cipher. Do you experience any issues? > > Ciao > Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html