On Thu, 12 Sep 2013 13:42:05 +0000 Stoica Cristian-B18196 <b18...@freescale.com> wrote:
> Hi Nikos, > > I'm looking at a possibility to add support for composite algorithms > in cryptodev. Basically this means support for algorithms that do for > example AES-CBC and HMAC(SHA1) in one call on platforms that support > it. Hello Cristian, Currently we have something similar with the AUTHCRYPT ioctl that does authenticated encryption in a single kernel call. However, I believe that you mean something like AUTHCRYPT that is done not only in a single kernel call, but also in a hardware call as well? I believe that you can fit that in to the current authcrypt API, possibly by adding an additional flag to the COP_FLAG_AEAD flags. > One solution would be to add new algorithms in cryptodev_crypto_op_t > and then adapt crypto_create_session to ask the kernel for a certain > algorithm (like authenc(hmac(sha1),aes-cbc)). There are some issues > here, one with the proliferation of non-standard algorithms and > another with the way those algorithms would be handled by the kernel > (order of applying authentication and encryption). Another solution > may be to set both the crypto and the mac algorithm in the session > (the same as in tests/cipher-aead.c) with an added new flag saying > how the algorithms would be combined (authenticate then encrypt, > encrypt then authenticate). This flag is missing in session_op but > some of the *BSD distributions added some notes about deprecation of > session_op in current form. Do you have any idea what will replace it? In any case in the current approach in linux-cryptodev you don't need a new session op, the old one will just do. About the proliferation of ciphers, I also don't think that this is a problem. I don't expect all AEAD modes to be in actual use, and in any case the integer range is quite large. regards, Nikos _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
