My algs struct now looks like this:
static struct crypto_alg pp_crypto_algs[] = {
{
.cra_name = "authenc(hmac(sha256),cbc(aes))",
.cra_driver_name = "pp_crypto_cbc_hmac_sha256",
.cra_priority = 1, /**TODO set to highest values after
implementing encrypt decrypt functions */
.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct pp_crypto_aead_ctx),
.cra_type = &crypto_nivaead_type,
.cra_u = {
.aead = {
.setkey = pp_crypto_aead_setkey,
.setauthsize = pp_crypto_aead_setauthsize,
.decrypt = pp_crypto_aead_dec,
.encrypt = pp_crypto_aead_enc,
.givencrypt = NULL,
.givdecrypt = NULL,
.ivsize = AES_BLOCK_SIZE,
.maxauthsize = SHA256_DIGEST_SIZE,
},
},
.cra_init = pp_crypto_aead_sha256_init,
.cra_exit = pp_crypto_aead_exit,
.cra_module = THIS_MODULE,
},
{
.cra_name = "authenc(hmac(sha512),cbc(aes))",
.cra_driver_name = "pp_crypto_cbc_hmac_sha512",
.cra_priority = 1, /**TODO set to highest values after
implementing encrypt decrypt functions */
.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct pp_crypto_aead_ctx),
.cra_type = &crypto_nivaead_type,
.cra_u = {
.aead = {
.setkey = pp_crypto_aead_setkey,
.decrypt = pp_crypto_aead_dec,
.encrypt = pp_crypto_aead_enc,
.givencrypt = NULL,
.givdecrypt = NULL,
.ivsize = AES_BLOCK_SIZE,
.maxauthsize = SHA512_DIGEST_SIZE,
},
},
.cra_init = pp_crypto_aead_sha512_init,
.cra_exit = pp_crypto_aead_exit,
.cra_module = THIS_MODULE,
}
};
I issue a ping and see esp_output() getting called. After that, I'm
used to seeing pp_crypto_givaead_enc() in my driver called. Now I see:
ping: sendto: Function not implemented
Please note that I am working with kernel 3.12, where in esp4.c line
266 we have:
err = crypto_aead_givencrypt(req);
On Thu, May 19, 2016 at 9:44 AM, Catalin Vasile <[email protected]> wrote:
> Inline comments
>
> ________________________________________
> From: Denis B <[email protected]>
> Sent: Wednesday, May 18, 2016 5:21 PM
> To: Catalin Vasile
> Cc: [email protected]
> Subject: Re: IV generation in cryptographic driver in AEAD
>
> Forgive my dumbness, but in:
>
> .cra_type = &crypto_aead_type,
> .cra_u = {
> .aead = {
> .setkey = pp_crypto_aead_setkey,
> .setauthsize = pp_crypto_aead_setauthsize,
> .decrypt = pp_crypto_aead_dec,
> .encrypt = pp_crypto_aead_enc,
> .givencrypt = pp_crypto_aead_genivencrypt,
> .givdecrypt = pp_crypto_aead_genivdecrypt,
> .ivsize = AES_BLOCK_SIZE,
> .maxauthsize = SHA256_DIGEST_SIZE,
> },
> },
>
> Just delete the givencrypt and givdecrypt lines (or set to NULL)?
> [Catalin Vasile]
> You need to set it to NULL. If your struct is declared globally, the parts
> that load your code will be set any uninitialized struct elements to NULL.
>
> On Wed, May 18, 2016 at 4:56 PM, Catalin Vasile <[email protected]> wrote:
>> Inline comments.
>>
>> ________________________________________
>> From: [email protected]
>> <[email protected]> on behalf of Denis B
>> <[email protected]>
>> Sent: Wednesday, May 18, 2016 3:06 PM
>> To: [email protected]
>> Subject: IV generation in cryptographic driver in AEAD
>>
>> Hello,
>>
>> In AEAD mode (or in any case, in IPSec ESP IPv4 – esp4.c), in kernel
>> versions prior to 4.2 the cryptographic driver is expected to generate
>> an IV.
>>
>> What if my driver is unable to generate an IV?
>> [Catalin Vasile]
>> Simple: You do not implement the givcrypt() primitive. The kernel will
>> generate the IV in software and then call your encrypt() primitive.
>>
>> Thanks,
>> Dennis.
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
