On Mon, Mar 9, 2015 at 6:16 AM, Horia Geantă <horia.geanta@xxxxxxxxxxxxx> wrote: > On 3/3/2015 7:44 PM, Martin Hicks wrote: >> On Tue, Mar 3, 2015 at 10:44 AM, Horia Geantă >> <horia.geanta@xxxxxxxxxxxxx> wrote: >>> >>> For talitos, there are two cases: >>> >>> 1. request data size is <= data unit / sector size >>> talitos can handle any IV / tweak scheme >>> >>> 2. request data size > sector size >>> since talitos internally generates the IV for the next sector by >>> incrementing the previous IV, only IV schemes that allocate consecutive >>> IV to consecutive sectors will function correctly. >>> >> >> it's not clear to me that #1 is right. I guess it could be, but the >> IV length would be limited to 8 bytes. > > Yes, there's a limitation in talitos wrt. XTS IV / tweak size - it's up > to 8 bytes. > So I guess ESSIV won't work with talitos-xts, since the encrypted IV > output is 16 bytes. > But as previously said, ESSIV breaks the XTS standard requirement for > having a consecutive IV for consecutive blocks. ESSIV should really be > used only with disk-level encryption schemes that require an > unpredictable IV. Ok. I'll verify that the second half of the IV is zeroed. One last thing that I'm not sure of is what string to place in cra_ablkcipher.geniv field. "eseqiv" seems wrong if plain/plain64 are the IVs that XTS is designed for. Thanks, mh -- Martin Hicks P.Eng. | mort@xxxxxxxx Bork Consulting Inc. | +1 (613) 266-2296 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
