On Thu, Aug 25, 2016 at 04:12:35PM +0000, Horia Ioan Geanta Neag wrote: > Herbert, > > Commits > 7021b2e1cddd "esp4: Switch to new AEAD interface" > 000ae7b2690e "esp6: Switch to new AEAD interface" > removed the following: > /* Get ivec. This can be wrong, check against another impls. */ > iv = esph->enc_data; > from IPsec decryption - esp{4,6}_input(), > so the IV in req->iv received by the implementer is no longer valid. > > Thus, the load of IV in caam driver - caamalg.c, init_authenc_job(): > if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt))) > append_load_as_imm(desc, req->iv, ivsize, > LDST_CLASS_1_CCB | > LDST_SRCDST_BYTE_CONTEXT | > (ivoffset << LDST_OFFSET_SHIFT)); > is not suited for case mentioned above. > > Instead, the IV should be read from the req->src scatterlist > (which consists of assoc data, iv, ciphertext). > Please let me know if this is accurate, so I could prepare a fix. For authenc req->iv will be set by echainiv. But yes I seem to have screwed this up for the echainiv ones in caam. You need to change aead_givdecrypt to set req->iv. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html