From: Catalin Vasile Subject: Re: Decrypting data in RX path Date: Mon, 16 May 2016 12:04:19 +0000 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT To: Gadre Nayan , "linux-crypto@vger.kernel.org" Return-path: Received: from mail-db3on0093.outbound.protection.outlook.com ([157.55.234.93]:44576 "EHLO emea01-db3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750726AbcEPMTA convert rfc822-to-8bit (ORCPT ); Mon, 16 May 2016 08:19:00 -0400 In-Reply-To: Content-Language: en-US Sender: linux-crypto-owner@vger.kernel.org List-ID: Inline comments. ________________________________________ From: linux-crypto-owner@vger.kernel.org on behalf of Gadre Nayan Sent: Monday, May 16, 2016 2:54 PM To: linux-crypto@vger.kernel.org Subject: Decrypting data in RX path Hi, I am able to encrypt data using the asynchronous kernel crypto API's. I can observe the encrypted data on the protocol analyzer. I wanted to decry-pt the data now on the receiver side, So I have following questions. 1. What is the best place to decrypt the data, in kernel space (module (pre-routing hook) or driver) OR user space using (maybe using raw sockets or after socket recv). What precautions should be taken in terms of locking while using crypto api's in kernel space in RX path (Softirq context) --> Can someone point to existing sample in kernel where decryption is done in RX path. [Catalin Vasile] Look into net/ipv6/esp6.c. It's related to IPsec. 2. If I encrypt data in kernel space can I decrypt it in User-space using same encryption methods and Keys. [Catalin Vasile] What do you mean by "using same encryption methods" ? Thanks.