On Thu, Sep 21, 2023 at 08:10:30PM -0700, Eric Biggers wrote: > > Yes, wide-block modes such as Adiantum and HCTR2 require multiple passes over > the data. As do SIV modes such as AES-GCM-SIV (though AES-GCM-SIV isn't yet > supported by the kernel, and it would be an "aead", not an "skcipher"). Right, AEAD algorithms have never supported incremental processing, as one of the first algorithms CCM required two-pass processing. We could support incremental processing if we really wanted to. It would require a model where the user passes the data to the API twice (or more if future algorithms requires so). However, I see no pressing need for this so I'm happy with just marking such algorithms as unsupported with algif_skcipher for now. There is also an alternative of adding an AEAD-like mode fo algif_skcipher for these algorithms but again I don't see the need to do this. As such I'm going to add a field to indicate that adiantum and hctr2 cannot be used by algif_skcipher. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt