Am Donnerstag, 23. April 2015, 09:46:09 schrieb Herbert Xu: Hi Herbert, > On Thu, Apr 23, 2015 at 03:39:11AM +0200, Stephan Mueller wrote: > > The KW does not return an IV. The IV is used for encryption to stir the > > encryption a bit. The resulting ciphertext now contains the mixed in IV. > > For decryption, the IV is only used to verify that the one block in the > > decryption operation matches the IV. > > > > So, there is no IV returned by the encryption. > > Of course there is. The first 8 bytes of the ciphertext is the > output IV. Well, you can see it as IV, but I have not seen other implementations of the KW where that first block is handled separately from the ciphertext. So, when our implementations returns ciphertext minus the first block and the first block separately, it will deviate from other implementations significantly. And KW is not standalone in the kernel. The idea is that user space wraps some key with their implementation, and hands the wrapped key down to the kernel. When the kernel needs it, it can unwrap it. But it will be kept wrapped for the time it is not used. > > If you really want to pedantic then make a function wrapper around > the whole thing and copy the IV in there. So we have another memcpy just to copy that block into the IV field just to have the KW cipher implementation copy it to some other location again? I do not see the value of it. > > Cheers, -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html