Hi, I am writing a kernel driver for hardware crypto offloading for IPsec. I have configured IPsec to use NULL encryption and NON authentication. The ESP packets contain just the encapsulated packet as expected. However, ESP's call to crypto_aead_decrypt() puts the start of the encapsulated packet (first 16 bytes) into the IV field of the AEAD request instead of wholly in the src scatterlist. The dst scatterlist is in fact the same src scatterlist. I guessing that the NULL encryption need to copy the start of the packet from the IV field and join it back up with the end of the packet in src and place the whole packet in the dst. Am I right ? My question is how do I increase the size of the dst scatterlist as it is too small to hold the complete packet ? If I use software encryption then the ESP packets work OK. So there must be special treatment for NULL encryption and NON authentication. Can someone please explain ? Also, I note that tcrypt.ko does not test authenc. Thanks, Dean Jenkins MontaVista Software -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
