From: "Horia Geantă" <horia.geanta@freescale.com>
To: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: authencesn compatibility problemn between software crypto and talitos driver
Date: Thu, 14 Mar 2013 12:21:20 +0200 [thread overview]
Message-ID: <5141A4A0.1090105@freescale.com> (raw)
In-Reply-To: <BD54DDEB2546894FAB0731EA7B0EDF8D07C58712@RockMX01.rock.corp>
On 3/12/2013 10:57 PM, Chaoxing Lin wrote:
>
>> Seems that somehow I got confused, considering the "one/single-pass over data" description the same as "combined mode algorithm".
>> I will post a fix or revert the patch if HW does not allow the correct behaviour.
>
> Horia,
>
> Do you plan to fix talitos driver to make it ESN capable in the near future? Or just simply remove ESN option completely.
On-going discussion internally, since right now adding proper support
for ESN doesn't seem to be trivial, so right now I don't have an answer.
>
> The freescale crypto engine is still capable of doing AES-CBC + HMAC-SHAxxx in one shot.
> "DESC_HDR_TYPE_IPSEC_ESP" may not able to achieve authencesn.
Correct. And that's why I think reverting "crypto: talitos - add IPsec
ESN support" is the right thing to do.
> But the hmac-snoop-aes should do the job well.
You mean "hmac_snoop_no_afeu" (defined DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU
but not implemented...) ? I doubt this is the straightforward choice.
> 2 descriptors are needed.
Agree.
> The first one is to do AES-CBC,
> The second one snoop the output from the first crypto operation and then does HMAC-SHAxxx.
> The two descriptors are chained and pushed to crypto engine at the same time. Callback is triggered only when both operations are done.
From the looks of it, both descriptors need to be of type
"DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU", first - ablkcipher - doing
aes(cbc), second - ahash - performing hmac(sha).
> Since you are from freescale, I assume you know what I am talking about.
Try searching "AN3645 SEC 2/3x Descriptor Programmer’s Guide", the
application note contains more details than the reference manual I
assume you are using.
next prev parent reply other threads:[~2013-03-14 10:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-08 15:27 authencesn compatibility problemn between software crypto and talitos driver Chaoxing Lin
2013-03-11 7:15 ` Steffen Klassert
2013-03-12 17:04 ` Horia Geantă
2013-03-12 20:57 ` Chaoxing Lin
2013-03-14 10:21 ` Horia Geantă [this message]
2013-03-14 23:34 ` Kim Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5141A4A0.1090105@freescale.com \
--to=horia.geanta@freescale.com \
--cc=Chaoxing.Lin@ultra-3eti.com \
--cc=linux-crypto@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox