* Stefan Hellermann | 2008-03-13 22:40:50 [+0100]: >Sebastian Siewior schrieb: >> Padlock AES' setkey routine is the same as exported by the generic >> implementation. So we could use it. >> > >I tested this and "[RFC] generic_aes: export generic setkey" on a padlock-enabled Via >board, and did the following test: > >Create, open, write to, read from and close a linux dm-crypt device with aes-cbc-essiv, >aes-lrw-benbi and aes-xts-plain. > >Then I took a huge encrypted disk-image (encrypted without this patches), opened it with >cryptsetup-luks, booted the OS from the disc over iscsi, started a filesystem-check. The >check completed successful. Looks like an interresting setup :) > >So I think this and the other patch are save. That patch uses different (but I hope the same) algorithm for key generation which is only used for keys >128 bit. If your dm-crypt setup used 192 or 256 bit keys than the test should be valid. In the other case (or just to be sure) please run |modprobe tcrypt mode=10 which just does work. Sebastian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
