From: Herbert Xu Subject: Re: CTS (cipher text stealing mode) and short packets Date: Wed, 1 Oct 2008 23:55:09 +0800 Message-ID: <20081001155509.GA14952@gondor.apana.org.au> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kwc@citi.umich.edu, linux-crypto@vger.kernel.org To: Russ Dill Return-path: Received: from rhun.apana.org.au ([64.62.148.172]:35582 "EHLO arnor.apana.org.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752541AbYJAPzR (ORCPT ); Wed, 1 Oct 2008 11:55:17 -0400 Content-Disposition: inline In-Reply-To: Sender: linux-crypto-owner@vger.kernel.org List-ID: On Tue, Sep 30, 2008 at 09:41:04AM -0700, Russ Dill wrote: > > I'm just not sure how to best fit that into an API. In the case of > number of bytes being greater than the underlying block size, > everything works "normally". But in the case of the number of bytes > being less than or equal to the block size, the IV sent to the remote > end needs to be modified. I see. I think the easiest way right now is to use the givencrypt interface. The only time you can modify the IV is when you are able to send the IV to the other side, in which case givencrypt should be a reasonable interface. If the user calls you through encrypt then you just fail any requests <= block_size. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt