2008-03-31 18:21:26

by Vasile Marii

[permalink] [raw]
Subject: geode-aes interface with ipsec

I'm trying to write a driver for hardware accelerated aes-cbc crypting
device to use with ipsec. I have a geode-aes and I'm spying on it
trying to understand all the stuff needed to make it work.
Well, when I'm initializing the geode module, I'm sending some test vectors:
Key : 0xc286696d887c9aa0611bbb3e2025a45a
IV : 0x562e17996d093d28ddb3ba695a2e6f58
Plaintext : 0x000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f
Ciphertext expected:
d296cd94 c2cccf8a 3a863028 b5e1dc0a
7586602d 253cfff9 1b8266be a6d61ab1
expecting to see the cipher text on output. I,m just sending the
address of data stored on my local machine to src field on geode-aes
engine AES_SOURCEA_REG, and all the flags needed for CBC encryption,
it work
surely because obtained data is decrypted to the original plain text.
And i recieve this:
c1398353 61a38726 4db45c3f 513bc0cc
a1835114 42f2fdd0 86fc8bdc 5b3aeeef
Where is the problem?
Is the plaintext in ipsec not so "plain"? Is the kernel doing some
modifications on it while trabelling thru blkcipher_walkvirt &
friends?
What is the real interface between ipsec and algorithms?
Thanks in advance!

--
Vasile Marii


Subject: Re: geode-aes interface with ipsec

* Vasile Marii | 2008-03-31 20:21:25 [+0200]:

>I'm trying to write a driver for hardware accelerated aes-cbc crypting
>device to use with ipsec. I have a geode-aes and I'm spying on it
>trying to understand all the stuff needed to make it work.
>Well, when I'm initializing the geode module, I'm sending some test vectors:
> Key : 0xc286696d887c9aa0611bbb3e2025a45a
>IV : 0x562e17996d093d28ddb3ba695a2e6f58
>Plaintext : 0x000102030405060708090a0b0c0d0e0f
> 101112131415161718191a1b1c1d1e1f
>Ciphertext expected:
> d296cd94 c2cccf8a 3a863028 b5e1dc0a
> 7586602d 253cfff9 1b8266be a6d61ab1
This looks like the test vector #2 for cbc enc.

>expecting to see the cipher text on output. I,m just sending the
>address of data stored on my local machine to src field on geode-aes
>engine AES_SOURCEA_REG, and all the flags needed for CBC encryption,
>it work
> surely because obtained data is decrypted to the original plain text.
>And i recieve this:
>c1398353 61a38726 4db45c3f 513bc0cc
>a1835114 42f2fdd0 86fc8bdc 5b3aeeef
Are you using the in kernel module or your own?
Which kernel version do you use?

>Where is the problem?
Try to run the tcrypt module for testing.
modprobe tcrypt mode=10
will test _all_ aes variants, you can ignore them all except the cbc
part.

>Is the plaintext in ipsec not so "plain"? Is the kernel doing some
>modifications on it while trabelling thru blkcipher_walkvirt &
>friends?
No. That one should only walk through the scatterlist and ensures
alignment that is required.

> What is the real interface between ipsec and algorithms?
>Thanks in advance!
Take a look on tcrypt.c. That one is pretty easy. ipsec uses the
asynchronous interface.

>
>--
>Vasile Marii

Sebastian