1. Can any one point me which RFC describe how exactly authencesn should work?
2. I test Ipsec with "esp=aes256-sha512-esn!" options and found compatibility issue between kernel software crypto and talitos driver.
Talitos <---->talitos Good
Soft crypto<---->soft crypto Good
Soft crypto<---->talitos link established but no traffic can pass through.
3. Looking at source code of latest stable kernel 3.8.2, I found that these two implementations don't agree on what's to be hashed in ESN case.
Talitos driver is more intuitive in that "assoc (SPI, SN-hi, SN-low) + IV + payload" are hashed.
Kernel software crypto is counter-intuitive in that "hsg(SPI, SN-low) + sg(IV + payload) + tsg(SN-hi" are hashed.
I copy codelet from kernel 3.8.2 in the end.
Please let me know whether I read the code right. And which way is the right way.
Thanks
Chaoxing
Code from latest stable kernel 3.8.2
path: root/drivers/crypto/talitos.c
969: /* hmac data */
970: desc->ptr[1].len = cpu_to_be16(areq->assoclen + ivsize);
if (edesc->assoc_nents) {
int tbl_off = edesc->src_nents + edesc->dst_nents + 2;
struct talitos_ptr *tbl_ptr = &edesc->link_tbl[tbl_off];
to_talitos_ptr(&desc->ptr[1], edesc->dma_link_tbl + tbl_off *
sizeof(struct talitos_ptr));
desc->ptr[1].j_extent = DESC_PTR_LNKTBL_JUMP;
/* assoc_nents - 1 entries for assoc, 1 for IV */
sg_count = sg_to_link_tbl(areq->assoc, edesc->assoc_nents - 1,
areq->assoclen, tbl_ptr);
/* add IV to link table */
tbl_ptr += sg_count - 1;
tbl_ptr->j_extent = 0;
tbl_ptr++;
to_talitos_ptr(tbl_ptr, edesc->iv_dma);
tbl_ptr->len = cpu_to_be16(ivsize);
tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
edesc->dma_len, DMA_BIDIRECTIONAL);
} else {
to_talitos_ptr(&desc->ptr[1], sg_dma_address(areq->assoc));
desc->ptr[1].j_extent = 0;
996: }
path: root/crypto/authencesn.c
372: err = crypto_ahash_init(ahreq);
373: if (err)
return ERR_PTR(err);
ahash_request_set_crypt(ahreq, areq_ctx->hsg, hash, areq_ctx->headlen);
ahash_request_set_callback(ahreq, aead_request_flags(req) & flags,
areq_ctx->update_complete, req);
err = crypto_ahash_update(ahreq);
if (err)
return ERR_PTR(err);
ahash_request_set_crypt(ahreq, areq_ctx->sg, hash, areq_ctx->cryptlen);
ahash_request_set_callback(ahreq, aead_request_flags(req) & flags,
areq_ctx->update_complete2, req);
err = crypto_ahash_update(ahreq);
if (err)
return ERR_PTR(err);
ahash_request_set_crypt(ahreq, areq_ctx->tsg, hash,
areq_ctx->trailen);
ahash_request_set_callback(ahreq, aead_request_flags(req) & flags,
areq_ctx->complete, req);
397: err = crypto_ahash_finup(ahreq);
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
