On 25 February 2014 08:16, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Feb 25, 2014 at 08:12:36AM +0100, Ard Biesheuvel wrote: >> >> Do you have any comments specifically about using an inner blkcipher >> instance to implement the aead? > > Indeed, the inner block cipher looks superfluous since it's only > used once by ccm and there is no nesting similar to aesni-intel. > > Inner algorithms are only needed if you want to nest it, e.g., > through fpu(). Otherwise I don't see any difference vs. calling > the underlying functions directly, especially since you seem to > be calling them directly anyway. > Well, the problem is that aead does not provide the blkcipher walk API, which means it is up to the caller to map/unmap the scatterlists and keep track of the in and out pointers etc. For the authenticate-only data, this is manageable as you are only dealing with input, but when dealing with both in- and output, as in the core of CCM, it becomes very tedious. So instead, I have opted for an inner blkcipher instance which takes care of all of that. Could you suggest another approach that if preferable? Thanks, Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
