From: "Horia Geantă" <horia.geanta@freescale.com>
To: Steffen Klassert <steffen.klassert@secunet.com>,
Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: authencesn compatibility problemn between software crypto and talitos driver
Date: Tue, 12 Mar 2013 19:04:42 +0200 [thread overview]
Message-ID: <513F602A.9000201@freescale.com> (raw)
In-Reply-To: <20130311071518.GD21448@secunet.com>
On 3/11/2013 9:15 AM, Steffen Klassert wrote:
> Ccing Horia Geanta, he did the esn implementation for talitos.
>
> On Fri, Mar 08, 2013 at 03:27:48PM +0000, Chaoxing Lin wrote:
>> 1. Can any one point me which RFC describe how exactly authencesn should work?
>>
>
> The ESN algorithm is described in RFC 4303 IP Encapsulating Security
> Payload (ESP).
>
>> 2. I test Ipsec with "esp=aes256-sha512-esn!" options and found compatibility issue between kernel software crypto and talitos driver.
>> Talitos <---->talitos Good
>> Soft crypto<---->soft crypto Good
>> Soft crypto<---->talitos link established but no traffic can pass through.
That's what happens when interop testing is not performed...
>>
>> 3. Looking at source code of latest stable kernel 3.8.2, I found that these two implementations don't agree on what's to be hashed in ESN case.
>> Talitos driver is more intuitive in that "assoc (SPI, SN-hi, SN-low) + IV + payload" are hashed.
>
> The ESN implementation of the talitos driver looks rather scary,
> it just renames authenc to authencesn in talitos_probe(). The
> algorithm pretends to be authencesn but still does authenc, of course.
> authencesn has to be implemented, it is not sufficient to change
> the name, really.
Seems that somehow I got confused, considering the "one/single-pass over
data" description the same as "combined mode algorithm".
I will post a fix or revert the patch if HW does not allow the correct
behaviour.
>
>> Kernel software crypto is counter-intuitive in that "hsg(SPI, SN-low) + sg(IV + payload) + tsg(SN-hi" are hashed.
>
> This might look counterintuitive, but that's what RFC 4303 describes
> for ESN if separate encryption and integrity algorithms are used.
Yes, appending the SN-hi after Payload (Next Header) is the correct way
to handle separate encryption and integrity algos.
For combined ones (AES-CCM, AES-GCM, AES-GMAC etc.), behavior is defined
separately in corresponding RFCs (4309, 4106, 4543). Usually SN-hi is
positioned between SPI and SN-lo.
next prev parent reply other threads:[~2013-03-12 17:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-08 15:27 authencesn compatibility problemn between software crypto and talitos driver Chaoxing Lin
2013-03-11 7:15 ` Steffen Klassert
2013-03-12 17:04 ` Horia Geantă [this message]
2013-03-12 20:57 ` Chaoxing Lin
2013-03-14 10:21 ` Horia Geantă
2013-03-14 23:34 ` Kim Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=513F602A.9000201@freescale.com \
--to=horia.geanta@freescale.com \
--cc=Chaoxing.Lin@ultra-3eti.com \
--cc=linux-crypto@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.