From: "Juan Pablo Nariño Mendoza" <jnarino@gmail.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: linux-crypto@vger.kernel.org
Subject: Re: AEAD Question
Date: Thu, 27 Oct 2016 10:05:39 +0200
Message-ID: <CAPSqeoJgcUQc=jE5dy_FkFFf69+7F75yTm4ASRMxXR_b501d9g@mail.gmail.com> (raw)
In-Reply-To: <1536924.VKbsE1YqZP@positron.chronox.de>
Hello Stephan
Thank you for your fast answer
My idea is to do zero copy encryption and the cipher I am using is
authenc(hmac(sha1),cbc(aes).
The layout of my buffer is
espHeader(AD) || IV || plaintext || Integrity (TAG)
As I see it, the SGs do point to the same buffer, but they do not overlap
Below, some parts of my code
// Prepare data
sg_init_table(sg,ARRAY_SIZE(sg));
sg_set_buf(&sg[1],cipherText_p,espHdrLen);
sg_set_buf(&sg[0],cipherText_p+espHdrLen+ivLen,plen+intLen);
// Put plaintext in cipherText + espHdr + ivLen
// put esp header info in ciphertext
req_p = aead_givcrypt_alloc(aead_p,GFP_KERNEL);
aead_givcrypt_set_callback(req_p,0,hwencpoc_testCipher_cb,cipherText_p);
aead_givcrypt_set_crypt(req_p,&sg[0],&sg[0],plen,iv_p);
aead_givcrypt_set_assoc(req_p,&sg[1],espHdrLen);
aead_givcrypt_set_giv(req_p,cipherText_p+espHdrLen,0);
ret=crypto_aead_givencrypt(req_p);
However, when I get the callback, the associated data has been
overwritten (first 8 bytes of the cipherText buffer), and the
integrity is wrong. The IV and the encryption are correct. What I am
doing wrong? Thank you again
Juan
2016-10-26 18:32 GMT+02:00 Stephan Mueller <smueller@chronox.de>:
> Am Mittwoch, 26. Oktober 2016, 18:17:14 CEST schrieb Juan Pablo Nariño
> Mendoza:
>
> Hi Juan,
>
>> Sorry in advance for making what shall be a basic question for this
>> list, but I have really ran out of ideas.
>>
>> Can someone explain me please, how does the memory layout and sg lists
>> work for the IPSec case, with generated IV case?
>>
>> As I understand, it is like this (ascii art)
>>
>> AD | IV Space | Plain Text | Auth Tag
>> ^ ^
>>
>> asg sg
>
> The memory layout is correct when using the RFC4106 cipher.
>
> How you partition your physical memory with the SGL is your choice as long as
> your data in the SGL is lined up as you mentioned above.
>>
>> But I am having the AD overwritten, and the AUTH tag and encryption is
>> not correct? Could someone please point me in the right direction?
>> Thank you again
>
> Maybe the src and dst SGL somehow partially overlap?
>>
>> Regards
>>
>> Juan
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
> Ciao
> Stephan
next prev parent reply index
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-26 16:17 Juan Pablo Nariño Mendoza
2016-10-26 16:32 ` Stephan Mueller
2016-10-27 8:05 ` Juan Pablo Nariño Mendoza [this message]
2019-07-22 12:55 AEAD question Pascal Van Leeuwen
2019-07-22 16:22 ` Eric Biggers
2019-07-22 22:26 ` Pascal Van Leeuwen
2019-08-06 9:20 ` Pascal Van Leeuwen
2019-08-09 2:57 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPSqeoJgcUQc=jE5dy_FkFFf69+7F75yTm4ASRMxXR_b501d9g@mail.gmail.com' \
--to=jnarino@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Crypto Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
linux-crypto@vger.kernel.org
public-inbox-index linux-crypto
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git