AES padding in the kernel
By izick on Oct 28, 2007
A recent requirement to the ZFS Crypto project is supporting AES CBC PAD in the kernel software provider of the Cryptographic Framework. This is the first algorithms supporting padding in the kernel. The code is now in the zfs-crypto-gate and will be part of OpenSolaris when the ZFS Crypto project integrates, but it's for all to see now.
The code is written with the idea any AES algorithm could have padding, but currently CBC has been the only one implemented and tested. Something else to look at is having softtoken to use this padding instead of it's own to eliminate code duplication.
As with any development code it may not be perfect just yet.. Unit testing has proved it functional for RAW and MBLK modes..