On Thu, Jul 18, 2019 at 04:35:26PM +0000, Pascal Van Leeuwen wrote: > > Tthen there's still the issue of advancing that last tweak. From what I've seen, > the xts implementation does not output the last tweak so you would have to > recompute it locally in cts.c as block_cipher_enc(iv) * alpha^j. Which is wasteful. > Of course this could be solved by redefining xts to output the last tweak > like CBC/CTR output their last IV ... Which would probably give us HW guys > trouble again because our HW cannot do *that* ... (While the HW very likely > *does* implement the cipher text stealing properly, just to be able to boast > about IEEE P1619 compliance ...) If your hardware supports XTS properly then you wouldn't even need to use this new template. You would directly export the xts interface. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt