XTS template wrapping question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Herbert, Eric,

While working on the XTS template, I noticed that it is being used 
(e.g. from testmgr, but also when explictly exported from other drivers)
as e.g. "xts(aes)", with the generic driver actually being 
"xts(ecb(aes-generic))". 

While what I would expect would be "xts(ecb(aes))", the reason being
that plain "aes" is defined as a single block cipher while the XTS
template actually efficiently wraps an skcipher (like ecb(aes)).
The generic driver reference actually proves this point.

The problem with XTS being used without the ecb template in between,
is that hardware accelerators will typically advertise an ecb(aes)
skcipher and the current approach makes it impossible to leverage
that for XTS (while the XTS template *could* actually do that
efficiently, from what I understand from the code ...).
Advertising a single block "aes" cipher from a hardware accelerator
unfortunately defeats the purpose of acceleration.

I also wonder what happens if aes-generic is the only AES 
implementation available? How would the crypto API know it needs to 
do "xts(aes)" as "xts(ecb(aes))" without some explicit export?
(And I don't see how xts(aes) would work directly, considering 
that only seems to handle single cipher blocks? Or ... will
the crypto API actually wrap some multi-block skcipher thing 
around the single block cipher instance automatically??)

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux