AnsweredAssumed Answered

gcm icv length

Question asked by kevinwhitfield on Sep 20, 2018
Latest reply on Sep 27, 2018 by bpe

# AES GCM ICV

I've encountered an issue exercising the cipher-gcm sample under cryptodev-linux-1.8 of the 1703 SDK:  While performing a decryption with a full-sized ICV works, specifying shorter ICV values (by tweaking cao.len and cao.tag_len) does not consistently work across the documented range of 4-16 bytes.  More specifically:

 

  ICV Length      Result

  16                  SUCCEEDS

  15                  FAILS

  14                  SUCCEEDS

  13                  FAILS

  12                  SUCCEEDS

  11                  FAILS

  10                 SUCCEEDS

   9                  FAILS

   8                  SUCCEEDS

   7                  FAILS

   6                  SUCCEEDS

   5                  FAILS

   4                  SUCCEEDS

 

During the failures, a -EBADMSG failure is reported in the syslog after the caam driver detects an JRSTA_CCBERR_ERRID_ICVCHK error indication from the SEC:

 

Aug 22 17:40:07 c293pcie kernel: cryptodev: cipher-gcm[2479] (waitfor:256): error from async request: -74
Aug 22 17:40:07 c293pcie kernel: cryptodev: cipher-gcm[2479] (auth_n_crypt:681): cryptodev_cipher_decrypt: -74

Outcomes