On 3/22/2018 12:04 PM, Christophe LEROY wrote:
> Le 16/03/2018 à 15:07, Horia Geantă a écrit :
>> On 3/16/2018 2:42 PM, Christophe LEROY wrote:
>>> Le 16/03/2018 à 09:48, Horia Geantă a écrit :
>>>> For SEC 2.x+, cipher in length must contain only the ciphertext length.
>>>> In case of using hardware ICV checking, the ICV length is provided via
>>>> the "extent" field of the descriptor pointer.
>>>>
>>>> Cc: <sta...@vger.kernel.org> # 4.8+
>>>> Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using
>>>> HMAC_SNOOP_NO_AFEU")
>>>
>>> It looks like the issue comes more from commit fbb22137c4d9b ("crypto:
>>> talitos - fix use of sg_link_tbl_len"), doesn't it ?
>>>
>> No, the first commit that breaks IPsec for SEC 2.x+ is the one I mentioned.
>
> Today without your patch, IPsec works well on my mpc8321E. It was broken
> by 549bd8bc5987 and fixed by fbb22137c4d9b.
> But it seems the fix is not complete as it doesn't work yet in your case.
>
Ok, I checked closer.
It seems the "extent" field is required starting with SEC 3.x, that's why I am
seeing the failure (I am testing on P2020, P1022).
In your case it's working since MPC8321E has a SEC 2.x.
> I have proposed a v2 version of your patch which takes it into
> talitos_sg_map() hence avoiding direct access to ptr[4] without using
> the helpers.
>
Thanks.
Horia
