Am Dienstag, 26. Mai 2015, 15:21:52 schrieb Herbert Xu: Hi Herbert, >On Tue, May 26, 2015 at 08:39:56AM +0200, Stephan Mueller wrote: >> May I also ask where I can find the generated IV when using >> rfc4106(gcm(aes))? >You need to use the IV generator, seqniv(rfc4106(gcm(aes))) Thank you, that simple change does the trick. However, now, may I ask you how the following shall be handled: - the current IKE implementations use rfc4106(gcm(aes)). They would need to use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have a clear change in the user space API where the old configuration even works (i.e. no error), but does not produce the correct encryption that is required. - For outbound encryption of IPSEC, we need seqniv() as the IV needs to be generated. But for inbound, we do not need seqniv() as the IV is already given (before the patch, only esp_output used the givcrypt API whereas esp_input used the "normal" AEAD API). I would be interested on how that difference is to be handled. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html