Herbert, Eric, While working on the XTS template, I noticed that it is being used (e.g. from testmgr, but also when explictly exported from other drivers) as e.g. "xts(aes)", with the generic driver actually being "xts(ecb(aes-generic))". While what I would expect would be "xts(ecb(aes))", the reason being that plain "aes" is defined as a single block cipher while the XTS template actually efficiently wraps an skcipher (like ecb(aes)). The generic driver reference actually proves this point. The problem with XTS being used without the ecb template in between, is that hardware accelerators will typically advertise an ecb(aes) skcipher and the current approach makes it impossible to leverage that for XTS (while the XTS template *could* actually do that efficiently, from what I understand from the code ...). Advertising a single block "aes" cipher from a hardware accelerator unfortunately defeats the purpose of acceleration. I also wonder what happens if aes-generic is the only AES implementation available? How would the crypto API know it needs to do "xts(aes)" as "xts(ecb(aes))" without some explicit export? (And I don't see how xts(aes) would work directly, considering that only seems to handle single cipher blocks? Or ... will the crypto API actually wrap some multi-block skcipher thing around the single block cipher instance automatically??) Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com
