Hi Herbert, On 30 December 2016 at 15:57, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > This is just a matter of structuring the key for the IV generator. > The IV generator's key in this case should be a combination of the > key to the underlying CBC plus the set of all keys for the IV > generator itself. It should then allocate the required number of > tfms as is currently done by crypt_alloc_tfms in dm-crypt. Since I used template ciphers for the iv algorithms, I use crypto_spawn_skcipher_alg and skcipher_register_instance for creating the underlying cbc algorithm. I guess you suggest to change that to make use of crypto_alloc_skcipher. Even if ciphers are allocated this way, all the encryption requests for cbc should still go through IV generators? So that should mean, create one instance of IV generator using 'crypto_alloc_skcipher' and create tfms_count instances of the generator depending on the number of keys. Thanks, Binoy -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel