From: Harsh Jain <harshjain.prof@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Stephan Mueller <smueller@chronox.de>, linux-crypto@vger.kernel.org
Subject: Re: Test AEAD/authenc algorithms from userspace
Date: Fri, 23 Dec 2016 11:16:50 +0530 [thread overview]
Message-ID: <1b6fefca-d174-cd73-434b-7417d857f013@gmail.com> (raw)
In-Reply-To: <20161221085429.GB29501@gondor.apana.org.au>
On 21-12-2016 14:24, Herbert Xu wrote:
> On Mon, Dec 19, 2016 at 04:08:11PM +0530, Harsh Jain wrote:
>> Hi Herbert,
>>
>> TLS default mode of operation is MAC-then-Encrypt for Authenc algos.
>> Currently framework only supports EtM used in IPSec. User space
>> programs like openssl cannot use af-alg interface to encrypt/decrypt
>> in TLS mode.
>> Are we going to support Mac-then-Encrypt mode in future kernel releases?
> If someone finally adds TLS to the kernel then we'll likely do
> something about it.
Till that time we cannot use crypto authenc type algos with AF-ALG socket interface for TLS or MtE( separation into 2 operation always not possible). TLS RFC7366 allow users to decide weather to use EtM or MtE in TLS. We can solve this, If we have some way to communicate drivers to operate in TLS mode like in setsockopt or msghdr of sendmsg.
> Otherwise you can just separate it out into
> two operations via af-alg.
Always not possible. If openssl has software implementation of Authec( Cipher and hash with 1 algo) it expects same from af-alg engine only then he will override. Its like if Openssl has super set(AES+ SHA256) available it expect same super set in engine(af-alg) for comparison.
The machines with instruction set extensions has authenc implemented in user space like intel aes-ni.
>
> Cheers,
prev parent reply other threads:[~2016-12-23 5:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 7:01 Test AEAD/authenc algorithms from userspace Harsh Jain
2016-05-31 7:05 ` Stephan Mueller
2016-05-31 8:40 ` Harsh Jain
2016-05-31 8:59 ` Stephan Mueller
2016-05-31 9:15 ` Harsh Jain
2016-05-31 9:21 ` Stephan Mueller
2016-05-31 10:58 ` Harsh Jain
2016-05-31 11:05 ` Stephan Mueller
2016-05-31 11:52 ` Harsh Jain
2016-05-31 11:55 ` Stephan Mueller
2016-12-19 10:38 ` Harsh Jain
2016-12-21 8:54 ` Herbert Xu
2016-12-23 5:46 ` Harsh Jain [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b6fefca-d174-cd73-434b-7417d857f013@gmail.com \
--to=harshjain.prof@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.