On 09/16/2013 10:18 AM, Stoica Cristian-B18196 wrote: >> AFAIK, AEAD is supported by a few crypto engines and their drivers. >> So simply using the AEAD interface of cryptodev-linux should >> suffice if appropriate hardware is present. > [] > > Authenticated encryption *dedicated schemes* (algorithms like > AES-CCM, AES-GCM) require only one key. This is what cryptodev is > giving to the kernel through cryptodev_cipher_init -> > crypto_aead_setkey. *Generic composition* schemes require two keys, > one for crypto and one for keyed authentication (eg. AES-CBC + > HMAC(SHA1)). This is what the kernel expects through > authenc.c:crypto_authenc_setkey. I believe these schemes don't work > now through cryptodev since the kernel always receives just a single > key (the crypto one) from cryptodev.
Not really. Check how examples/aes-sha1.c uses AES with HMAC-SHA1 in a single ioctl. Both keys are passed (as key and mackey). > There is a second issue with what authenc does in the kernel. Since > it was designed for IPsec, the composition scheme won't work for > example with TLS and new algorithms may be required in the kernel to > accommodate "authenticate then encrypt". There are already hooks for TLS in cryptodev-linux (check above). regards, Nikos _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
