I've had a chance to reflect some more on the question that Girish had asked (as well as those asked by others previously).
On 2011-05-27 15:47, Lev Novikov wrote: > In fact, CICM does not define functions for simply moving data into > the crypto. Therefore, you are free to use whatever transport > mechanism works for you (e.g., POSIX socket). On 2011-05-27 18:35, Girish Nanjundiah wrote: > [...] while we can define the actual mechanism to reflect back the > packets outside of the driver, the driver still needs to call the > function/mechanism that we define within its decrypt() function before > it can expect the packet to appear. [...] Two points: 1. The specification for decrypt() says: > Read plaintext data off of decrypt channel stream. The method > blocks until data becomes available. See http://tools.ietf.org/html/draft-lanz-cicm-cm-00#section-10.2.2 Therefore, decrypt() should be called *before* there is data and only returns when there is data (or an error occurs). 2. My initial response to your question was based on a misunderstanding; I thought you were asking "What function--on the unprotected side-- pushes the data into the module?" Our current design does not have anything like that, but perhaps it should. I will address the relevant issues in a separate email. Lev _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm
