On Thu, Aug 25, 2016 at 04:12:35PM +0000, Horia Ioan Geanta Neag wrote:
> Herbert,
> Commits
> 7021b2e1cddd "esp4: Switch to new AEAD interface"
> 000ae7b2690e "esp6: Switch to new AEAD interface"
> removed the following:
>       /* Get ivec. This can be wrong, check against another impls. */
>       iv = esph->enc_data;
> from IPsec decryption - esp{4,6}_input(),
> so the IV in req->iv received by the implementer is no longer valid.
> Thus, the load of IV in caam driver - caamalg.c, init_authenc_job():
>         if (ivsize && (is_rfc3686 || !(alg->caam.geniv && encrypt)))
>                 append_load_as_imm(desc, req->iv, ivsize,
>                                    LDST_CLASS_1_CCB |
>                                    LDST_SRCDST_BYTE_CONTEXT |
>                                    (ivoffset << LDST_OFFSET_SHIFT));
> is not suited for case mentioned above.
> Instead, the IV should be read from the req->src scatterlist
> (which consists of assoc data, iv, ciphertext).
> Please let me know if this is accurate, so I could prepare a fix.

For authenc req->iv will be set by echainiv.  But yes I seem to
have screwed this up for the echainiv ones in caam.  You need to
change aead_givdecrypt to set req->iv.

Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to