Thread (41 messages) 41 messages, 3 authors, 2014-11-21

Re: [PATCH v2 01/10] crypto: AF_ALG: add user space interface for AEAD

From: Stephan Mueller <hidden>
Date: 2014-11-19 00:34:27
Also in: linux-crypto, lkml

Am Dienstag, 18. November 2014, 22:06:31 schrieb Herbert Xu:

Hi Herbert,
On Sun, Nov 16, 2014 at 03:23:50AM +0100, Stephan Mueller wrote:
quoted
AEAD requires the following data in addition to normal symmetric

ciphers:
	* Associated authentication data of arbitrary length
	
	* Authentication tag for decryption
	
	* Length of authentication tag for encryption

The authentication tag data is communicated as part of the actual
ciphertext as mandated by the kernel crypto API. Therefore we only need
to provide a user space interface for the associated authentication data
as well as for the authentication tag length.

This patch adds both as a setsockopt interface that is identical to the
AF_ALG interface for setting an IV and for selecting the cipher
operation type (encrypt or decrypt).

Signed-off-by: Stephan Mueller <redacted>
I don't like the fact that we're putting arbitrary limits on
the AD, as well as the fact that the way you're doing it the
AD has to be copied.

How about simply saying that the first X bytes of the input
shall be the AD?
That is a very good idea.

To cover that approach, the kernel needs to be informed about the length of 
the authentication data size to separate the ciphertext/plaintext from the 
authentication data.

To cover that, I would recommend to simply send a u32 value to the kernel for 
the AD size instead of the AD. The kernel then can adjust the pointers as 
necessary.

I will update the patch in the next days to cover that scenario.

Thanks

-- 
Ciao
Stephan
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help