Re: IV generation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Montag, 7. Mai 2018, 13:19:47 CEST schrieb Gilad Ben-Yossef:

Hi Gilad,

> ah... so if I have hardware that can implement say, seqiv, I can
> register "seqiv(rfc4106(gcm(aes)))" and, assuming priorities are
> right, it will be used?

That is the question I cannot fully answer. Seqiv is a template and thus not 
subjet to prios by itself. So, you hardware however could register the full 
seqiv(rfc....) cipher. I am not fully sure that such registered cipher is then 
picked up by the IPSec stack.

Look into net/xfrm/xfrm_algos.c -- there you see the individual cipher names 
and the IV generator added separately. What I have not traced yet is whether 
the code assembles the IV generator name and the cipher name before making the 
call to crypto_alloc_aead.

What I can say for sure is that the kernel crypto API knows of the 
seqiv(rfc...) cipher name and generates the IV for your (the invocation field 
that is).


Ciao
Stephan





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux