From: =?UTF-8?B?SG9yaWEgR2VhbnTEgw==?= Subject: Re: CCM/GCM implementation defect Date: Thu, 23 Apr 2015 12:03:38 +0300 Message-ID: <5538B56A.7060707@freescale.com> References: <20150423032619.GA17648@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit To: Herbert Xu , Steffen Klassert , , "David S. Miller" , Paul Wouters , "Linux Crypto Mailing List" Return-path: Received: from mail-bn1bbn0105.outbound.protection.outlook.com ([157.56.111.105]:10496 "EHLO na01-bn1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754032AbbDWJD4 (ORCPT ); Thu, 23 Apr 2015 05:03:56 -0400 In-Reply-To: <20150423032619.GA17648@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: On 4/23/2015 6:26 AM, Herbert Xu wrote: > Hi: > > It looks like our IPsec implementations of CCM and GCM are buggy This applies also to GMAC (rfc4543), right? > in that they don't include the IV in the authentication calculation. > > This definitely breaks interoperability with anyone who implements > them correctly. The fact that there have been no reports on this > probably means that nobody has run into this in the field yet. Does this mean that even the test vectors (crypto/testmgr.h) are broken? Thanks, Horia