On Thu, 14 Sept 2023 at 11:30, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, Sep 14, 2023 at 11:18:00AM +0200, Ard Biesheuvel wrote: > > > > So this means that the base name will be aes, not ecb(aes), right? > > What about cbc and ctr? It makes sense for a single lskcipher to > > implement all three of those at least, so that algorithms like XTS and > > GCM can be implemented cheaply using generic templates, without the > > need to call into the lskcipher for each block of input. > > You can certainly implement all three with arch-specific code > but I didn't think there was a need to do this for the generic > version. > Fair enough. So what should such an arch version implement? aes cbc(aes) ctr(aes) or ecb(aes) cbc(aes) ctr(aes) ?
