Sebastian Siewior schrieb: > * Stefan Hellermann | 2008-03-13 22:40:50 [+0100]: > >> Sebastian Siewior schrieb: >>> Padlock AES' setkey routine is the same as exported by the generic >>> implementation. So we could use it. >>> >> I tested this and "[RFC] generic_aes: export generic setkey" on a padlock-enabled Via >> board, and did the following test: >> >> Create, open, write to, read from and close a linux dm-crypt device with aes-cbc-essiv, >> aes-lrw-benbi and aes-xts-plain. >> >> Then I took a huge encrypted disk-image (encrypted without this patches), opened it with >> cryptsetup-luks, booted the OS from the disc over iscsi, started a filesystem-check. The >> check completed successful. > Looks like an interresting setup :) > >> So I think this and the other patch are save. > > That patch uses different (but I hope the same) algorithm for key > generation which is only used for keys >128 bit. If your dm-crypt setup > used 192 or 256 bit keys than the test should be valid. > In the other case (or just to be sure) please run > |modprobe tcrypt mode=10 > which just does work. I used cryptsetup with -s 256, so the cbc and lrw tests should be valid. The tcrypt test succeeds, there's no difference in the dmesg-output with or without padlock-aes loaded. I haven't checked the results with an unpatched kernel yet. > > Sebastian -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
