Re: IV generation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 7, 2018 at 2:02 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> Am Montag, 7. Mai 2018, 08:26:08 CEST schrieb Gilad Ben-Yossef:
>
> Hi Gilad,
>
>> Hi,
>>
>> A quick question: am I correct in my understanding that there is now
>> no automatic IV generation support for either skcipher nor aead?
>> And if I'm wrong, can someone point to an example of a driver that
>> implements either, as all the ones I see are the deprecated ablkcipher
>> interface.
>>
>> BTW, I'm perfectly fine with not having one, I just want to understand
>> I am not missing something...
>
> The automated IV generation is implemented with the generators such as seqiv
> or chainiv.
>
> For example, AES-GCM as used for IPSec compliant with RFC4106 generates the IV
> (the invocation field part of the IV) with the seqiv. This is handled by the
> IPSec stack to initialize the cipher of, say, seqiv(rfc4106(gcm(aes))).
>
> The CTR mode uses the chainiv implementation to manage the IV.

ah... so if I have hardware that can implement say, seqiv, I can
register "seqiv(rfc4106(gcm(aes)))" and, assuming priorities are
right, it will be used?

Thanks,
Gilad



-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux