On Jan 16, 2008 4:13 PM, Joy Latten <latten@xxxxxxxxxxxxxx> wrote: > On Tue, 2008-01-15 at 15:28 -0500, Kevin Coffman wrote: > > Hello, > > I need to implement AES with CTS mode for NFSv4 (rfc3962 & rfc4121). > > > > I have implemented CTS starting with a copy of CBC (crypto/cbc.c), > > since CTS is the same as CBC except for the last two blocks. > > > > I am not sure I understand, but couldn't you use the CTS in cryptoapi? > > regards, > Joy Thanks for the reply! It may be me that doesn't understand. I'm currently stuck at 2.6.24-rc3. I do see messages about CTR mode being added -- which I think is different than CTS? If CTS is already available, please give me more details of where to find it and ignore the rest of this rambling! To (hopefully) better explain my problem, because of data placement and alignment issues, we currently call crypto_blkcipher_encrypt_iv() multiple times for a single RPC request (i.e. a large data write). This works fine with CBC mode (used by DES and 3DES) since there is no difference in how any of the blocks are treated, as long as the IV is carried forward correctly. When trying to do the same for AES with CTS, each trip into crypto_blkcipher_encrypt_iv() treats the last two blocks of that "chunk" differently. So what I think I need is a way to tell the code up front that I'm going to be calling it several times and not to do the CTS trick until the last "chunk" containing the last two blocks. (That is simplifying it a bit, since the last chunk may not be two blocks long... Also, the last block may not be a complete block.) Thanks! K.C. - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
