Re: caam - IV source for IPsec decryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 25, 2016 at 04:12:35PM +0000, Horia Ioan Geanta Neag wrote:
> Herbert,
> 
> Commits
> 7021b2e1cddd "esp4: Switch to new AEAD interface"
> 000ae7b2690e "esp6: Switch to new AEAD interface"
> removed the following:
> 	/* Get ivec. This can be wrong, check against another impls. */
> 	iv = esph->enc_data;
> from IPsec decryption - esp{4,6}_input(),
> so the IV in req->iv received by the implementer is no longer valid.
> 
> Thus, the load of IV in caam driver - caamalg.c, init_authenc_job():
>         if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
>                 append_load_as_imm(desc, req->iv, ivsize,
>                                    LDST_CLASS_1_CCB |
>                                    LDST_SRCDST_BYTE_CONTEXT |
>                                    (ivoffset << LDST_OFFSET_SHIFT));
> is not suited for case mentioned above.
> 
> Instead, the IV should be read from the req->src scatterlist
> (which consists of assoc data, iv, ciphertext).
> Please let me know if this is accurate, so I could prepare a fix.

For authenc req->iv will be set by echainiv.  But yes I seem to
have screwed this up for the echainiv ones in caam.  You need to
change aead_givdecrypt to set req->iv.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux