On Mon, Nov 22, 2010 at 11:30:14AM +0100, Steffen Klassert wrote:
>
> @@ -205,11 +228,18 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
> skb_to_sgvec(skb, sg,
> esph->enc_data + crypto_aead_ivsize(aead) - skb->data,
> clen + alen);
> - sg_init_one(asg, esph, sizeof(*esph));
> +
> + if ((x->props.flags & XFRM_STATE_ESN)) {
> + sg_init_table(asg, 2);
> + sg_set_buf(asg, esph, sizeof(*esph));
> + *seqhi = htonl(XFRM_SKB_CB(skb)->seq.output.hi);
> + sg_set_buf(asg + 1, seqhi, seqhilen);
> + } else
> + sg_init_one(asg, esph, sizeof(*esph));
I think this is wrong for AEAD algorithms. You want the sequence
number in network byte order for them so the high bits need to be
inserted into the middle of the ESP header.
The other problem is that you're currently requiring the authencesn
user to provide two SG entries which is fine for now. However,
since this might be exported to user-space in future, authenecesn
shouldn't really rely on that, or at least it shouldn't BUG.
So one solution is to do it based on bytes in authencesn. That is,
your associated input should always be 12 bytes long, and then you
simply construct a new SG list for your actual processing with the
middle 4 bytes taken out.
For IPsec it could just provide an SG list with three entries,
of 4 bytes each.
Of course for simplicity, you could require this to be the case in
authencesn and return -EINVAL (not BUG :) if it's not the case.
Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
