1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ANSI_X3.4-1968"><title>Symmetric Cipher API</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="Linux Kernel Crypto API"><link rel="up" href="User.html" title="Chapter&#160;4.&#160;User Space Interface"><link rel="prev" href="ch04s04.html" title="Message Digest API"><link rel="next" href="ch04s06.html" title="AEAD Cipher API"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Symmetric Cipher API</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch04s04.html">Prev</a>&#160;</td><th width="60%" align="center">Chapter&#160;4.&#160;User Space Interface</th><td width="20%" align="right">&#160;<a accesskey="n" href="ch04s06.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp1097360332"></a>Symmetric Cipher API</h2></div></div></div><p>
2     The operation is very similar to the message digest discussion.
3     During initialization, the struct sockaddr data structure must be
4     filled as follows:
5    </p><pre class="programlisting">
6struct sockaddr_alg sa = {
7	.salg_family = AF_ALG,
8	.salg_type = "skcipher", /* this selects the symmetric cipher */
9	.salg_name = "cbc(aes)" /* this is the cipher name */
10};
11    </pre><p>
12     Before data can be sent to the kernel using the write/send system
13     call family, the consumer must set the key. The key setting is
14     described with the setsockopt invocation below.
15    </p><p>
16     Using the sendmsg() system call, the application provides the data that should be processed for encryption or decryption. In addition, the IV is
17     specified with the data structure provided by the sendmsg() system call.
18    </p><p>
19     The sendmsg system call parameter of struct msghdr is embedded into the
20     struct cmsghdr data structure. See recv(2) and cmsg(3) for more
21     information on how the cmsghdr data structure is used together with the
22     send/recv system call family. That cmsghdr data structure holds the
23     following information specified with a separate header instances:
24    </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
25       specification of the cipher operation type with one of these flags:
26      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem"><p>ALG_OP_ENCRYPT - encryption of data</p></li><li class="listitem"><p>ALG_OP_DECRYPT - decryption of data</p></li></ul></div></li><li class="listitem"><p>
27       specification of the IV information marked with the flag ALG_SET_IV
28      </p></li></ul></div><p>
29     The send system call family allows the following flag to be specified:
30    </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
31       MSG_MORE: If this flag is set, the send system call acts like a
32       cipher update function where more input data is expected
33       with a subsequent invocation of the send system call.
34      </p></li></ul></div><p>
35     Note: The kernel reports -EINVAL for any unexpected data. The caller
36     must make sure that all data matches the constraints given in
37     /proc/crypto for the selected cipher.
38    </p><p>
39     With the recv() system call, the application can read the result of
40     the cipher operation from the kernel crypto API. The output buffer
41     must be at least as large as to hold all blocks of the encrypted or
42     decrypted data. If the output data size is smaller, only as many
43     blocks are returned that fit into that output buffer size.
44    </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch04s04.html">Prev</a>&#160;</td><td width="20%" align="center"><a accesskey="u" href="User.html">Up</a></td><td width="40%" align="right">&#160;<a accesskey="n" href="ch04s06.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Message Digest API&#160;</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">&#160;AEAD Cipher API</td></tr></table></div></body></html>
45