On Thu, Jan 12, 2017 at 12:22:09PM +0100, Stephan Müller wrote: > > When addressing the issue in the algif_aead code, and expect that over time > the AEAD implementations will gain the copy operation, eventually we will copy > the AAD twice. Of course, this could be prevented, if the algif_aead code > somehow uses the same SGL for the src and dst AAD. Why would you copy it twice? You copy everything before you start and then just do in-place crypto. > > BTW, why are you only doing the copy for encryption? > > I was looking at the only AEAD implementation that does the copy operation: > authenc. There, the copy operation is only performed for encryption. I was > thinking a bit about why decryption was not covered. I think the answer is the > following: for encryption, the AAD is definitely needed in the dst buffer as > the dst buffer with the AAD must be sent to the recipient for decryption. The > decryption and the associated authentication only works with the AAD. However, > after decrypting, all the caller wants is the decrypted plaintext only. There > is no further use of the AAD after the decryption step. Hence, copying the AAD > to the dst buffer in the decryption step would not serve the caller. That's just the current implementation. If we're going to make this an API then we should do it for both directions. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html