Hi, > > ivseed = key_table[64] is nowhere declared. > > This is an implementation detail of Loop-AES, so I don't consider it > belonging to the description of the modes here. difficult to draw the line, but as it is something supplied as "external parameter" to the dm-crypt layer I think it is certainly worth mentioning where it comes from. > > > + The input IV supplied to lmk2 or lmk3 is expected to be the > > > + sector number in 64-bit little endian as supplied by the > > > + plain64 dm-crypt IV generator. It gets truncated to 56 bits > > > + with the most significant byte set to 0x80: > > > > I believe preceding paragraoh can be completely omitted, is not easier to > > understand than the pseudocode. > > OK. I'll drop the last sentence, the first one describing where the > IV is expected to come from seems relevant. actually the first sentence does not make any sense to me as it is now. > > > +Mode multi-key-v2 (lmk2-plain64-multi:64): > > > + > > > + key = keys[sectornum % 64] > > > + > > > + encrypt: > > > + IV = MD5(plaintext[16..511] || > > > + le64(truncated-sector-number) || > > > + le32(format-magic)) > > > > no need to repeat the IV description here, could use the v2/v3IV in the pseudocode > > bellow. > > I think repeating it makes it clearer which parts happen at > which time, so I'd leave this as is. at the very least I would use v2IV etc like in the earlier description. But I think the duplication can be avoided. Richard - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
