Thanks ! On Tue, Dec 8, 2009 at 2:58 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Dec 08, 2009 at 02:54:43PM +0200, avital sela wrote: >> Hello, >> >> I am testing a AES HW crypto driver I wrote. I test by setting up a >> tunnel between the board and a Linux server and pinging packets from >> the board to the server. >> With my driver loaded everything works fine with small packets but >> large packets (>1500) fail (100% packet loss). >> I added some debug code to the standard crypto/cbc.c and noticed that >> when I ping using -s1500 the encryption (aes-cbc) gets broken up to 3 >> chuncks >> sized 1456 , 16, 64. I also noticed that the iv for each of the >> chunks is different. >> Questions: >> 1. Why are there 3 chunks with these sizes? Is this related to the >> crypto subsystem or the ipsec one? > > The chunks 1456/64 is a product of the TCP stack. 16 is the IV > added on by IPsec. > >> 2. How is the iv computed between each subsequent chunk? > > The last cipher (encrypted) block of a chunk should be used as > the IV for the next chunk. > > Cheers, > -- > Visit Openswan at http://www.openswan.org/ > Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
