Am Freitag, 24. November 2017, 16:53:26 CET schrieb Dmitry Vyukov: Hi Dmitry, > > You cannot talk to the inner ciphers. You only talk to one cipher that you > > referred to with the name. Remember, the name is ONLY used to tell the > > kernel which parts to put together during allocation. After the > > allocation, you have only one cipher and interact with only one cipher of > > the given type. > I see. Makes sense. I guess an outer template can transitively setup > inner algorithms if necessary. Exactly. See crypto/gcm.c for example. This is a template to invoke a CTR and GHASH implementation. Thus it has no need for a key itself. Hence, a setkey is: static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key, unsigned int keylen) { ... err = crypto_skcipher_setkey(ctr, key, keylen); ... Where ctr is the reference to the CTR block cipher that was allocated with gcm_base(...) or implicitly when using gcm(...) which internally turns into a gcm_base(...). Ciao Stephan