On Fri, 21 Jun 2019 at 10:09, Ard Biesheuvel <ard.biesheuvel@xxxxxxx> wrote: > > From: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > ... > > - given that hardware already exists that can perform en/decryption including > ESSIV generation of a range of blocks, it would be useful to encapsulate > this in the ESSIV template, and teach at least dm-crypt how to use it > (given that it often processes 8 512-byte sectors at a time) I thought about this a bit more, and it occurred to me that the capability of issuing several sectors at a time and letting the lower layers increment the IV between sectors is orthogonal to whether ESSIV is being used or not, and so it probably belongs in another wrapper. I.e., if we define a skcipher template like dmplain64le(), which is defined as taking a sector size as part of the key, and which increments a 64 LE counter between sectors if multiple are passed, it can be used not only for ESSIV but also for XTS, which I assume can be h/w accelerated in the same way. So with that in mind, I think we should decouple the multi-sector discussion and leave it for a followup series, preferably proposed by someone who also has access to some hardware to prototype it on.