On Wed, Nov 19, 2014 at 07:30:52AM +0100, Stephan Mueller wrote: > > - these AD scatterlist chunks cannot be released after a normal encryption > operation. The associated data must be available for multiple operations. So, > while plaintext data is still flowing in, we need to keep operating with the > same AD. We don't start an AEAD operation until the entire input has been received. Unlike ciphers you cannot process AEAD requests as you go. So there is no need to special-case AD chunks since you will have everything at your disposal before you can feed the request to the crypto API. > Thus I am wondering how the rather static nature of the AD can fit with the > dynamic nature of the plaintext given the current implementation on how > plaintext is handled in the kernel. > > To me, AD in league with an IV considering its rather static nature. Having > said that, the IV is also not transported via the plaintext interface, but via > a setsockopt. Shouldn't the AD be handled the same way? AD is not like an IV at all. An IV is a fixed-size (and small) input while AD can be of any length. Think about how this is used in real life. For IPsec AD is the part of the packet that we don't encrypt. So there is nothing fundamentally different between AD and the plain-text that we do encrypt except that you don't encrypt it :) Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html