(+mailing list +davem) > > Hmmm .... for a HW driver, the HW would have to do the truncation. > > So it must be capable of doing that AND it must be instructed to do so. > > I guess big deal is a relative term :-) > > Right for decryption you'd need to use a fallback. > Or I need to tell the HW the size of the tag to compare. Which IS possible. > You really only need to support the truncation lengths for gcm/ccm. > AFAICS the users of authenc do not use the setauthsize function at > all. > > We probably should change authenc to disallow setauthsize in case > somebody starts doing this in future. > Actually, IPsec uses truncated tags for HMAC's ... so it may be useful to have that there as well. And I would expect/hope the kernel IPSec implementation to actually use the authenc template? > > If I don't implement that function that I cannot tell my HW how the > > tag should be truncated ... > > You can just read tfm->authsize as that's what the default > setauthsize function will set. > I was referring to the case where it actually needed to be configurable. Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com