On Tue, Dec 05, 2023 at 12:17:57PM -0800, Eric Biggers wrote: > > Note that 'cryptsetup benchmark' uses AF_ALG, and there are recommendations > floating around the internet to use it to benchmark the various algorithms that > can be used with dm-crypt, including Adiantum. Perhaps it's a bit late to take > away support for algorithms that are already supported? AFAICS, algif_skcipher > only splits up operations if userspace does something like write(8192) followed > by read(4096), i.e. reading less than it wrote. Why not just make > algif_skcipher return an error in that case if the algorithm doesn't support it? Yes that should be possible to implement. Also I've changed my mind on the two-pass strategy. I think I am going to try to implement it at least internally in the layer between skcipher and lskcihper. Let me see whether this is worth persuing or not for adiantum. The reason is because after everything else switches over to lskcipher, it'd be silly to have adiantum remain as skcipher only. But if adiantum moves over to lskcipher, then we'd need to disable the skcipher version of it or linearise the input. Both seem unpalatable and perhaps a two-pass approach won't be that bad. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt