From: Jitendra Lulla Subject: RE: RFC: Crypto API User-interface Date: Fri, 30 May 2014 16:52:53 +0530 Message-ID: Reply-To: lullajd@yahoo.com Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 To: linux-crypto Return-path: Received: from mail-ig0-f172.google.com ([209.85.213.172]:50291 "EHLO mail-ig0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751745AbaE3LXN (ORCPT ); Fri, 30 May 2014 07:23:13 -0400 Received: by mail-ig0-f172.google.com with SMTP id uy17so658081igb.5 for ; Fri, 30 May 2014 04:23:13 -0700 (PDT) Sender: linux-crypto-owner@vger.kernel.org List-ID: Hi, http://lwn.net/Articles/410848/ The following code is taken from the above page: int main(void) { int opfd; int tfmfd; struct sockaddr_alg sa = { .salg_family = AF_ALG, .salg_type = "skcipher", .salg_name = "cbc(aes)" }; struct msghdr msg = {}; struct cmsghdr *cmsg; char cbuf[CMSG_SPACE(4) + CMSG_SPACE(20)]; char buf[16]; struct af_alg_iv *iv; struct iovec iov; int i; tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)); setsockopt(tfmfd, SOL_ALG, ALG_SET_KEY, "\x06\xa9\x21\x40\x36\xb8\xa1\x5b" "\x51\x2e\x03\xd5\x34\x12\x00\x06", 16); opfd = accept(tfmfd, NULL, 0); msg.msg_control = cbuf; msg.msg_controllen = sizeof(cbuf); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_level = SOL_ALG; cmsg->cmsg_type = ALG_SET_OP; cmsg->cmsg_len = CMSG_LEN(4); *(__u32 *)CMSG_DATA(cmsg) = ALG_OP_ENCRYPT; cmsg = CMSG_NXTHDR(&msg, cmsg); cmsg->cmsg_level = SOL_ALG; cmsg->cmsg_type = ALG_SET_IV; cmsg->cmsg_len = CMSG_LEN(20); iv = (void *)CMSG_DATA(cmsg); iv->ivlen = 16; memcpy(iv->iv, "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", 16); iov.iov_base = "Single block msg"; iov.iov_len = 16; msg.msg_iov = &iov; msg.msg_iovlen = 1; sendmsg(opfd, &msg, 0); read(opfd, buf, 16); for (i = 0; i < 16; i++) { printf("%02x", (unsigned char)buf[i]); } printf("\n"); close(opfd); close(tfmfd); return 0; } Here the following small change is needed for this program to work: memset(cbuf, 0, CMSG_SPACE(4) + CMSG_SPACE(20)); This memset is required otherwise the CMSG_NXTHDR may return a NULL causing a seg fault in the following line: cmsg->cmsg_level = SOL_ALG; I have tried this on 3.3.4-5.fc17.x86_64. Posting this as it may help people who want to use/refer this example code. However, can somebody please point me to some more examples which use af_alg socket (without Openssl! as the af_alg engine for openssl (http://src.carnivore.it/users/common/af_alg/) is incomplete supporting only aes-cbc,sha1,sha2 only as of today. No other aes variants supported in af_alg engine.) I am particulart wanting to know how I can compute hmac and aes-xts or ctr modes with af_alg without having to go via openssl. ~Jitendra