Am Dienstag, 26. Mai 2015, 15:57:59 schrieb Herbert Xu:
Hi Herbert,
>On Tue, May 26, 2015 at 09:56:17AM +0200, Stephan Mueller wrote:
>> Actually, I mean the real in-kernel crypto API: the IKE daemon would set up
>> the SA via XFRM where the rfc4106(gcm(aes)) cipher is set, is it not? So,
>> user
Am Dienstag, 26. Mai 2015, 16:18:01 schrieb Herbert Xu:
Hi Herbert,
>
>This is all in the patch series that you're responding. So please
>actually read it rather than making assumptions :)
Sorry, you are right -- I overlooked the xfrm_algo_desc change. Thanks for
helping.
Ciao
Stephan
--
To u
On Tue, May 26, 2015 at 10:15:37AM +0200, Stephan Mueller wrote:
>
> I fully understand that. But the current patch set that we discuss modifies
> the IPSEC implementation of esp_ouput to use the new interface. Therefore, to
> use rfc4106(gcm(aes)) *with* the IV generator (i.e. to get the old rem
Am Dienstag, 26. Mai 2015, 15:38:59 schrieb Herbert Xu:
Hi Herbert,
>On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
>> - the current IKE implementations use rfc4106(gcm(aes)). They would need to
>> use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have
>> a
>
On Tue, May 26, 2015 at 09:56:17AM +0200, Stephan Mueller wrote:
>
> Actually, I mean the real in-kernel crypto API: the IKE daemon would set up
> the SA via XFRM where the rfc4106(gcm(aes)) cipher is set, is it not? So,
> user
> space is responsible to set the right IPSEC cipher.
>
> As that u
On Tue, May 26, 2015 at 03:38:58PM +0800, Herbert Xu wrote:
> On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
> >
> > - the current IKE implementations use rfc4106(gcm(aes)). They would need to
> > use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have
> > a
On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
>
> - the current IKE implementations use rfc4106(gcm(aes)). They would need to
> use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have a
> clear change in the user space API where the old configuration even wor
Am Dienstag, 26. Mai 2015, 15:21:52 schrieb Herbert Xu:
Hi Herbert,
>On Tue, May 26, 2015 at 08:39:56AM +0200, Stephan Mueller wrote:
>> May I also ask where I can find the generated IV when using
>> rfc4106(gcm(aes))?
>You need to use the IV generator, seqniv(rfc4106(gcm(aes)))
Thank you, that
On Tue, May 26, 2015 at 08:39:56AM +0200, Stephan Mueller wrote:
>
> May I also ask where I can find the generated IV when using
> rfc4106(gcm(aes))?
You need to use the IV generator, seqniv(rfc4106(gcm(aes)))
Cheers,
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP K
Am Dienstag, 26. Mai 2015, 08:39:56 schrieb Stephan Mueller:
Hi,
>Am Freitag, 22. Mai 2015, 15:19:23 schrieb Herbert Xu:
>
>Hi Herbert,
>
>> On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
>> > Thanks for the pointer, but there I do not really see the functionality I
>> > am look
Am Freitag, 22. Mai 2015, 15:19:23 schrieb Herbert Xu:
Hi Herbert,
> On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
> > Thanks for the pointer, but there I do not really see the functionality I
> > am looking for. I see patch 10/16 which seems to indicate that the geniv
> > logi
On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
>
> Thanks for the pointer, but there I do not really see the functionality I am
> looking for. I see patch 10/16 which seems to indicate that the geniv logic
> is
> now to be invoked as a normal AEAD cipher. I yet fail to see wher
Am Freitag, 22. Mai 2015, 14:45:54 schrieb Herbert Xu:
Hi Herbert,
>On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote:
>> If I may ask, where in your initial patch set is now decided that the IV
>> generator is used (i.e. so that the givcrypt API is not needed any more)?
>
>Please s
On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote:
>
> If I may ask, where in your initial patch set is now decided that the IV
> generator is used (i.e. so that the givcrypt API is not needed any more)?
Please see
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg14270.
Am Donnerstag, 21. Mai 2015, 18:44:03 schrieb Herbert Xu:
Hi Herbert,
>- aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
>- aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
>- aead_givcrypt_set_assoc(req, asg, assoclen);
>- aead_givcrypt_set_giv(req, esph->enc_data,
>
This patch makes use of the new AEAD interface which uses a single
SG list instead of separate lists for the AD and plain text. The
IV generation is also now carried out through normal AEAD methods.
Signed-off-by: Herbert Xu
---
net/ipv6/esp6.c | 197 ++
16 matches
Mail list logo
