On Mon, May 7, 2018 at 2:02 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote: > Am Montag, 7. Mai 2018, 08:26:08 CEST schrieb Gilad Ben-Yossef: > > Hi Gilad, > >> Hi, >> >> A quick question: am I correct in my understanding that there is now >> no automatic IV generation support for either skcipher nor aead? >> And if I'm wrong, can someone point to an example of a driver that >> implements either, as all the ones I see are the deprecated ablkcipher >> interface. >> >> BTW, I'm perfectly fine with not having one, I just want to understand >> I am not missing something... > > The automated IV generation is implemented with the generators such as seqiv > or chainiv. > > For example, AES-GCM as used for IPSec compliant with RFC4106 generates the IV > (the invocation field part of the IV) with the seqiv. This is handled by the > IPSec stack to initialize the cipher of, say, seqiv(rfc4106(gcm(aes))). > > The CTR mode uses the chainiv implementation to manage the IV. ah... so if I have hardware that can implement say, seqiv, I can register "seqiv(rfc4106(gcm(aes)))" and, assuming priorities are right, it will be used? Thanks, Gilad -- Gilad Ben-Yossef Chief Coffee Drinker "If you take a class in large-scale robotics, can you end up in a situation where the homework eats your dog?" -- Jean-Baptiste Queru