Am Freitag, 22. Mai 2015, 15:19:23 schrieb Herbert Xu:
Hi Herbert,
On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
Thanks for the pointer, but there I do not really see the functionality I
am looking for. I see patch 10/16 which seems to indicate that the geniv
logic is
On Tue, May 26, 2015 at 08:39:56AM +0200, Stephan Mueller wrote:
May I also ask where I can find the generated IV when using
rfc4106(gcm(aes))?
You need to use the IV generator, seqniv(rfc4106(gcm(aes)))
Cheers,
--
Email: Herbert Xu herb...@gondor.apana.org.au
Home Page:
Am Dienstag, 26. Mai 2015, 15:21:52 schrieb Herbert Xu:
Hi Herbert,
On Tue, May 26, 2015 at 08:39:56AM +0200, Stephan Mueller wrote:
May I also ask where I can find the generated IV when using
rfc4106(gcm(aes))?
You need to use the IV generator, seqniv(rfc4106(gcm(aes)))
Thank you, that
On Tue, May 26, 2015 at 10:15:37AM +0200, Stephan Mueller wrote:
I fully understand that. But the current patch set that we discuss modifies
the IPSEC implementation of esp_ouput to use the new interface. Therefore, to
use rfc4106(gcm(aes)) *with* the IV generator (i.e. to get the old
On Tue, May 26, 2015 at 09:56:17AM +0200, Stephan Mueller wrote:
Actually, I mean the real in-kernel crypto API: the IKE daemon would set up
the SA via XFRM where the rfc4106(gcm(aes)) cipher is set, is it not? So,
user
space is responsible to set the right IPSEC cipher.
As that user
Am Dienstag, 26. Mai 2015, 08:39:56 schrieb Stephan Mueller:
Hi,
Am Freitag, 22. Mai 2015, 15:19:23 schrieb Herbert Xu:
Hi Herbert,
On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
Thanks for the pointer, but there I do not really see the functionality I
am looking for. I
On Tue, May 26, 2015 at 03:38:58PM +0800, Herbert Xu wrote:
On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
- the current IKE implementations use rfc4106(gcm(aes)). They would need to
use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have
a
clear
On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
- the current IKE implementations use rfc4106(gcm(aes)). They would need to
use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have a
clear change in the user space API where the old configuration even works
Am Dienstag, 26. Mai 2015, 15:38:59 schrieb Herbert Xu:
Hi Herbert,
On Tue, May 26, 2015 at 09:37:09AM +0200, Stephan Mueller wrote:
- the current IKE implementations use rfc4106(gcm(aes)). They would need to
use seqniv(rfc4106(gcm(aes))) depending on the kernel version. So, we have
a
clear
Am Dienstag, 26. Mai 2015, 16:18:01 schrieb Herbert Xu:
Hi Herbert,
This is all in the patch series that you're responding. So please
actually read it rather than making assumptions :)
Sorry, you are right -- I overlooked the xfrm_algo_desc change. Thanks for
helping.
Ciao
Stephan
--
To
Am Dienstag, 26. Mai 2015, 15:57:59 schrieb Herbert Xu:
Hi Herbert,
On Tue, May 26, 2015 at 09:56:17AM +0200, Stephan Mueller wrote:
Actually, I mean the real in-kernel crypto API: the IKE daemon would set up
the SA via XFRM where the rfc4106(gcm(aes)) cipher is set, is it not? So,
user space
On Fri, May 22, 2015 at 09:16:08AM +0200, Stephan Mueller wrote:
Thanks for the pointer, but there I do not really see the functionality I am
looking for. I see patch 10/16 which seems to indicate that the geniv logic
is
now to be invoked as a normal AEAD cipher. I yet fail to see where
Am Freitag, 22. Mai 2015, 14:45:54 schrieb Herbert Xu:
Hi Herbert,
On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote:
If I may ask, where in your initial patch set is now decided that the IV
generator is used (i.e. so that the givcrypt API is not needed any more)?
Please see
On Fri, May 22, 2015 at 08:40:25AM +0200, Stephan Mueller wrote:
If I may ask, where in your initial patch set is now decided that the IV
generator is used (i.e. so that the givcrypt API is not needed any more)?
Please see
Am Donnerstag, 21. Mai 2015, 18:44:03 schrieb Herbert Xu:
Hi Herbert,
- aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
- aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
- aead_givcrypt_set_assoc(req, asg, assoclen);
- aead_givcrypt_set_giv(req, esph-enc_data,
-
15 matches
Mail list logo