caam - IV source for IPsec decryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Herbert,

Commits
7021b2e1cddd "esp4: Switch to new AEAD interface"
000ae7b2690e "esp6: Switch to new AEAD interface"
removed the following:
	/* Get ivec. This can be wrong, check against another impls. */
	iv = esph->enc_data;
from IPsec decryption - esp{4,6}_input(),
so the IV in req->iv received by the implementer is no longer valid.

Thus, the load of IV in caam driver - caamalg.c, init_authenc_job():
        if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
                append_load_as_imm(desc, req->iv, ivsize,
                                   LDST_CLASS_1_CCB |
                                   LDST_SRCDST_BYTE_CONTEXT |
                                   (ivoffset << LDST_OFFSET_SHIFT));
is not suited for case mentioned above.

Instead, the IV should be read from the req->src scatterlist
(which consists of assoc data, iv, ciphertext).
Please let me know if this is accurate, so I could prepare a fix.

Thanks,
Horia
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux