On Wed, Jun 19, 2019 at 06:04:17PM -0700, Eric Biggers wrote: > > > +#define ESSIV_IV_SIZE sizeof(u64) // IV size of the outer algo > > +#define MAX_INNER_IV_SIZE 16 // max IV size of inner algo > > Why does the outer algorithm declare a smaller IV size? Shouldn't it just be > the same as the inner algorithm's? In general we allow outer algorithms to have distinct IV sizes compared to the inner algorithm. For example, rfc4106 has a different IV size compared to gcm. In this case, the outer IV size is the block number so that's presumably why 64 bits is sufficient. Do you forsee a case where we need 128-bit block numbers? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt