On Tue, Dec 08, 2009 at 02:54:43PM +0200, avital sela wrote:
> Hello,
> I am testing a AES HW crypto driver I wrote. I test by setting up a
> tunnel between the board and a Linux server and pinging packets from
> the board to the server.
> With my driver loaded everything works fine with small packets but
> large packets (>1500) fail (100% packet loss).
> I added some debug code to the standard crypto/cbc.c and noticed that
> when I ping using -s1500 the encryption (aes-cbc) gets broken up to 3
> chuncks
> sized 1456 , 16, 64.  I also noticed that the iv for each of the
> chunks is different.
> Questions:
> 1. Why are there 3 chunks with these sizes? Is this related to the
> crypto subsystem or the  ipsec one?

The chunks 1456/64 is a product of the TCP stack.  16 is the IV
added on by IPsec.

> 2. How is the iv computed between each subsequent chunk?

The last cipher (encrypted) block of a chunk should be used as
the IV for the next chunk.

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to