Hi Nikos, On 10.08.2014 00:06, Nikos Mavrogiannopoulos wrote: > On Wed, 2014-08-06 at 14:23 +0300, Cristian Stoica wrote: > >> I've tested this patch with AES-CBC-HMAC-SHA1 using the tls module that >> I've sent recently on Linux mailing list. That module needs rework for >> Lucky 13 and is a software alternative to the caam driver that does the >> same thing in hardware. >> http://www.mail-archive.com/[email protected]/msg11665.html > > Is that supposed to be used with COP_FLAG_AEAD_TLS_TYPE? I believe I had > added that flag to do exactly the same thing. The implementation is > pretty old though, and should have the same issue with the cbc padding > attacks.
Yes, that kernel patch is used with COP_FLAG_AEAD_TLS_TYPE but there is a difference from the cryptodev implementation (which I used for inspiration) in that it registers an algorithm to do the same work. The reason is that our HW supports AES-CBC-HMAC-SHA1 as a primitive operation and needs that tls(...) algorithm to advertise the capability. Cristian S. _______________________________________________ Cryptodev-linux-devel mailing list [email protected] https://mail.gna.org/listinfo/cryptodev-linux-devel
