FW: skcipher and aead API question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(+mailing list +davem)

> > Hmmm .... for a HW driver, the HW would have to do the truncation.
> > So it must be capable of doing that AND it must be instructed to do so.
> > I guess big deal is a relative term :-)
> 
> Right for decryption you'd need to use a fallback.
> 
Or I need to tell the HW the size of the tag to compare. Which IS possible.

> You really only need to support the truncation lengths for gcm/ccm.
> AFAICS the users of authenc do not use the setauthsize function at
> all.
> 
> We probably should change authenc to disallow setauthsize in case
> somebody starts doing this in future.
> 
Actually, IPsec uses truncated tags for HMAC's ... so it may be useful
to have that there as well. And I would expect/hope the kernel IPSec 
implementation to actually use the authenc template?

> > If I don't implement that function that I cannot tell my HW how the
> > tag should be truncated ...
> 
> You can just read tfm->authsize as that's what the default
> setauthsize function will set.
> 
I was referring to the case where it actually needed to be configurable.

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux