On Mon, Jan 18, 2010 at 05:52:34PM +0100, Max Vozeler wrote: > > The difference is that the IV is derived from the cleartext and > so is not known before decrypt. > > So decrypt could be described using CBC as, I think: > > 1) CBC decrypt with null IV > 2) Derive IV based on cleartext of blocks 1..31 > 3) XOR block 0 with IV Yep, this sounds like the way it should be implemented. > But I'm not sure how to implement it given the difference > described above. It might look something like this: > > - Add IV generators "lmk2", "lmk3" > > - Treat them as "cbc" with null IV internally, then after > decrypt derive IV and xor block 0 with it. > > The second part is why I built this as a mode originally. It > seemed like it was not belonging in dm-crypt. OK, I see what you mean. Let's keep lmk2/lmk3 as separate modes, but implement it as a wrapper around cbc. That is, instead of allocating the cipher, you'd allocate "cbc(cipher)" (as an ablkcipher) and use it to perform the actual encryption/decryption. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html