Re: [ACRYPTO] new release of asynchronous crrypto layer.

[Herbert Xu]

Hi Evgeniy:

On Tue, Jul 11, 2006 at 09:31:57AM +0400, Evgeniy Polyakov wrote:
>
> > I noticed a bug in the ESP IV processing.  When you do ESP asynchronously,
> > you can no longer use the last block of the previous packet as the IV of
> > the next.  This is because the next packet may have started processing
> > before the last packet has even been finalised.
> 
> I cought that bug too, so IV being used is always copied into old_iv variable,
> so integrity is stated.

My point is that it is possible for two packets to use the same IV
under this scheme, which defeats the purpose of IVs.

> > A simple solution is to generate a random IV.
> 
> Yes, it could be done too.
> But actually neither random IV, nor IV created from encrypted previous packet, 
> nor IV created from unencrypted previous packet are forbidden by spec. 
> Initial implementation used constant IV there at all.

True.  However, using the same IV more than once is definitely not a good
idea.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/