On 14 October 2016 at 14:15, Johannes Berg <johan...@sipsolutions.net> wrote:
> On Fri, 2016-10-14 at 14:13 +0100, Ard Biesheuvel wrote:
>> > But if we allocate things anyway, is it worth expending per-CPU
>> > buffers on these?
>> Ehmm, maybe not. I could spin a v2 that allocates a bigger buffer,
>> and copies aad into it as well
> Copies in/out, I guess. Also there's B_0/J_0 for CCM/GCM, and the
> 'zero' thing that GMAC has.
Is the aad actually reused? I would assume it only affects the mac
on encryption, and the verification on decryption but I don't think we
actually need it back from the crypto routines.
>> That does not help the other algos though
> What do you mean?
Exactly what you said above :-) My patch only touches CCM but as you said,
'Also there's B_0/J_0 for CCM/GCM, and the 'zero' thing that GMAC has.