Re: [PATCH 0/14] crypto: aead - Phase oute seqniv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Samstag, 11. Juli 2015, 10:39:18 schrieb Herbert Xu:

Hi Herbert,

>Weird.  The C version does the very same check:
>
>static int crypto_rfc4106_decrypt(struct aead_request *req)
>{
>        if (req->assoclen != 16 && req->assoclen != 20)
>                return -EINVAL;

I rechecked my test code: I accidentally only used gcm(aes) instead of 
rfc4106(gcm(aes)) for validating the C code. Using rfc4106(gcm(aes-asm)), I 
get the same error. Sorry for the inconsistent description.

Based on the patch to the testmgr.h test vectors for RFC4106, I include the IV 
inbetween the AD and the plaintext.

That code now works with rfc4106(gcm(aes)). But using that code now fails with 
the "regular" GCM implementation as well as CCM. The regular GCM 
implementation works when not providing the IV as part of the SGL/set_ad. Is 
that difference between "regular" AEAD and RFC4106 AEAD intended?

Apart from the GCM vs RFC4106 invocation, the code seemingly requires to 
provide the IV twice -- once with the buffer/set_ad and once with the 
set_crypt call. Is that intended? Providing the IV twice is visible in the 
testmgr.h patch where .assoc now includes the previous .assoc plus the IV data 
which is also set in .iv.

Thanks
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux