On Thu, Nov 22, 2007 at 03:37:02PM +0300, Evgeniy Polyakov wrote: > > > First of all givcrypt is designed to work for hardware devices too. > > If they can generate their own IVs then they should directly hook > > up to the givcrypt method and use the givcipher type. > > But for example chainiv_givcrypt() will not return correct iv when > called fro async device, since when givcrypt() returned operation is not > yet completed. Chainiv is just one possible IV generator. You're right that it cannot possibly work with async ciphers, that's why its alloc function rejects any attempt to apply it to an async cipher :) In any case what I meant above is something different. I'm thinking of hardware that can naturally generate their own IVs as part of the encryption operation, e.g., through a hardware RNG for CBC or a counter for CTR. > Yes, that what I meant. And also other possible crypto modes, which can > require iv-based tweaks. BTW, givcrypt should only be used for generating the entire IV. If you're trying to adjust the IV, e.g. adding bits to it as is done for CTR for IPsec then that should be done through the usual ablkcipher interface by just wrapping around the encrypt and decrypt functions. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
