On Thu, Aug 25, 2016 at 04:12:35PM +0000, Horia Ioan Geanta Neag wrote:
> Herbert,
>
> Commits
> 7021b2e1cddd "esp4: Switch to new AEAD interface"
> 000ae7b2690e "esp6: Switch to new AEAD interface"
> removed the following:
> /* Get ivec. This can be wrong, check against another impls. */
> iv = esph->enc_data;
> from IPsec decryption - esp{4,6}_input(),
> so the IV in req->iv received by the implementer is no longer valid.
>
> Thus, the load of IV in caam driver - caamalg.c, init_authenc_job():
> if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
> append_load_as_imm(desc, req->iv, ivsize,
> LDST_CLASS_1_CCB |
> LDST_SRCDST_BYTE_CONTEXT |
> (ivoffset << LDST_OFFSET_SHIFT));
> is not suited for case mentioned above.
>
> Instead, the IV should be read from the req->src scatterlist
> (which consists of assoc data, iv, ciphertext).
> Please let me know if this is accurate, so I could prepare a fix.
For authenc req->iv will be set by echainiv. But yes I seem to
have screwed this up for the echainiv ones in caam. You need to
change aead_givdecrypt to set req->iv.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
