Re: Test AEAD/authenc algorithms from userspace

From: Harsh Jain <harshjain.prof@gmail.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: linux-crypto@vger.kernel.org
Subject: Re: Test AEAD/authenc algorithms from userspace
Date: Tue, 31 May 2016 14:45:27 +0530	[thread overview]
Message-ID: <CAFXBA=mfw3tcftwo9nEihJHVKQzdRVg3HXJOkn8CT5VtYNxbxQ@mail.gmail.com> (raw)
In-Reply-To: <2892187.M1JfTODgdh@tauon.atsec.com>

Hi,

Thanks Stephen, I will check the same.1 suggestion for kcapi tool. Add
some switch cases in tool to test digest and finup path of crypto
driver. Current implementation triggers only init/update/final.

Regards
Harsh Jain

On Tue, May 31, 2016 at 2:29 PM, Stephan Mueller <smueller@chronox.de> wrote:
> Am Dienstag, 31. Mai 2016, 14:10:20 schrieb Harsh Jain:
>
> Hi Harsh,
>
>> Hi,
>>
>> You means to say like this
>>
>> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
>> 48981da18e4bb9ef7e2e3162d16b19108b19050f66582cb7f7e4b6c873819b71 -k
>> 8d7dd9b0170ce0b5f2f8e1aa768e01e91da8bfc67fd486d081b28254c99eb423 -i
>> 7fbc02ebf5b93322329df9bfccb635af -a afcd7202d621e06ca53b70c2bdff7fb2
>> -l 16f4a3eacfbdadd3b1a17117b1d67ffc1f1e21efbbc6d83724a8c296e3bb8cda0c44
>>
>> It gives following error with kernel 4.5.2
>> Symmetric cipher setkey failed
>> Failed to invoke testing
>>
>
> Please see testmgr.h for usage (especially the key encoding):
>
> invocation:
> ./kcapi -x 2 -e -c "authenc(hmac(sha1),cbc(aes))" -p
> 53696e676c6520626c6f636b206d7367 -k
> 0800010000000010000000000000000000000000000000000000000006a9214036b8a15b512e03d534120006
> -i 3dafba429d9eb430b422da802c9fac41 -a 3dafba429d9eb430b422da802c9fac41 -l 20
>
> return:
> e353779c1079aeb82708942dbe77181a1b13cbaf895ee12c13c52ea3cceddcb50371a206
>
> This is the first test of hmac_sha1_aes_cbc_enc_tv_temp (RFC3601 case 1).
> Note, the input string of "Single block msg" was converted to hex
> 53696e676c6520626c6f636b206d7367 as my tool always treats all input data as
> hex data.
>
>>
>>
>> Regards
>> Harsh Jain
>>
>> On Tue, May 31, 2016 at 12:35 PM, Stephan Mueller <smueller@chronox.de>
> wrote:
>> > Am Dienstag, 31. Mai 2016, 12:31:16 schrieb Harsh Jain:
>> >
>> > Hi Harsh,
>> >
>> >> Hi All,
>> >>
>> >> How can we open socket of type "authenc(hmac(sha256),cbc(aes))" from
>> >> userspace program.I check libkcapi library. It has test programs for
>> >> GCM/CCM. There are 3 types of approaches to Authenticated Encryption,
>> >> Which of them is supported in crypto framework.
>> >>
>> >> 1) Encrypt-then-MAC (EtM)
>> >>
>> >>      The plaintext is first encrypted, then a MAC is produced based on
>> >>
>> >> the resulting ciphertext. The ciphertext and its MAC are sent
>> >> together.
>> >> 2) Encrypt-and-MAC (E&M)
>> >>
>> >>      A MAC is produced based on the plaintext, and the plaintext is
>> >>
>> >> encrypted without the MAC. The plaintext's MAC and the ciphertext are
>> >> sent together.
>> >>
>> >> 3) MAC-then-Encrypt (MtE)
>> >>
>> >>      A MAC is produced based on the plaintext, then the plaintext and
>> >>
>> >> MAC are together encrypted to produce a ciphertext based on both. The
>> >> ciphertext (containing an encrypted MAC) is sent.
>> >
>> > The cipher types you mention refer to the implementation of authenc().
>> > IIRC, authenc implements EtM as this is mandated by IPSEC.
>> >
>> > When you use libkcapi, you should simply be able to use your cipher name
>> > with the AEAD API. I.e. use the examples you see for CCM or GCM and use
>> > those with the chosen authenc() cipher. Do you experience any issues?
>> >
>> > Ciao
>> > Stephan
>
>
> Ciao
> Stephan