Hi,
I am writing a kernel driver for hardware crypto offloading for IPsec.
I have configured IPsec to use NULL encryption and NON authentication. The ESP
packets contain just the encapsulated packet as expected.
However, ESP's call to crypto_aead_decrypt() puts the start of the
encapsulated packet (first 16 bytes) into the IV field of the AEAD request
instead of wholly in the src scatterlist. The dst scatterlist is in fact the
same src scatterlist.
I guessing that the NULL encryption need to copy the start of the packet from
the IV field and join it back up with the end of the packet in src and place
the whole packet in the dst. Am I right ?
My question is how do I increase the size of the dst scatterlist as it is too
small to hold the complete packet ?
If I use software encryption then the ESP packets work OK. So there must be
special treatment for NULL encryption and NON authentication. Can someone
please explain ?
Also, I note that tcrypt.ko does not test authenc.
Thanks,
Dean Jenkins
MontaVista Software
Dean Jenkins <[email protected]> wrote:
>
> However, ESP's call to crypto_aead_decrypt() puts the start of the
> encapsulated packet (first 16 bytes) into the IV field of the AEAD request
> instead of wholly in the src scatterlist. The dst scatterlist is in fact the
> same src scatterlist.
Well if you're using NULL encryption then the IV size will be zero.
So even though the IV field has the pointer to the start of the
payload so does the src scatterlist.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
Thanks for the clue. I had set the IV size to AES_BLOCK_SIZE in my NULL
crypto registered structure. Now fixed the IV size to 0 and put the
maxauthsize also to 0. Now I have basic Async AEAD NULL enc and NON auth
working with ping over ESP.
Regards,
Dean Jenkins
MontaVista Software