[PATCH 0/2] crypto: talitos: Add AES-XTS mode
Martin Hicks
mort at bork.org
Tue Mar 3 09:09:24 AEDT 2015
On Mon, Mar 02, 2015 at 03:37:28PM +0100, Milan Broz wrote:
>
> If crypto API allows to encrypt more sectors in one run
> (handling IV internally) dmcrypt can be modified of course.
>
> But do not forget we can use another IV (not only sequential number)
> e.g. ESSIV with XTS as well (even if it doesn't make much sense, some people
> are using it).
Interesting, I'd not considered using XTS with an IV other than plain/64.
The talitos hardware would not support aes/xts in any mode other than
plain/plain64 I don't think...Although perhaps you could push in an 8-byte
IV and the hardware would interpret it as the sector #.
> Maybe the following question would be if the dmcrypt sector IV algorithms
> should moved into crypto API as well.
> (But because I misused dmcrypt IVs hooks for some additional operations
> for loopAES and old Truecrypt CBC mode, it is not so simple...)
Speaking again with talitos in mind, there would be no advantage for this
hardware. Although larger requests are possible only a single IV can be
provided per request, so for algorithms like AES-CBC and dm-crypt 512byte IOs
are the only option (short of switching to 4kB block size).
mh
--
Martin Hicks P.Eng. | mort at bork.org
Bork Consulting Inc. | +1 (613) 266-2296
More information about the Linuxppc-dev
mailing list