2007-08-29 09:09:31

by Sebastian Siewior

[permalink] [raw]
Subject: Re: [Cbe-oss-dev] [patch 1/1] spufs: SPU-AES support (kspu+ablkcipher user)

* Paul Mackerras | 2007-08-29 09:03:35 [+1000]:

>Sebastian Siewior writes:
>> CBC has one limitiation: The IV is written back in the notification
>> callback. That means that it is not available for crypto requests that
>> depend on the previous IV (as well as crypto requests >16 KiB). Herbert Xu
>> pointer out, that this is currently not the case. For instance:
>> - IPsec brings its own IV on with every packet. A packet is usually <=
>> 1500 bytes. Jumbo frames should not exceed 16 KiB.
>> - EcryptFS changes the IV on page bassis (every enc/dec request is
>> PAGE_SIZE long).
>The page size could be 64kB.

Yes, I am aware of this. That's why I mentioned it here. The only way
way how I could fix it is by caching the IV the same/similar way I do
it for the key. I had no time to implement this so far and it should not
break IPsec or EcryptFS if you don't force it :)