From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [0/11] Add IV generators and givcrypt
Date: Thu, 22 Nov 2007 15:37:02 +0300 [thread overview]
Message-ID: <20071122123701.GA16262@2ka.mipt.ru> (raw)
In-Reply-To: <20071122120937.GA9357@gondor.apana.org.au>
On Thu, Nov 22, 2007 at 08:09:37PM +0800, Herbert Xu (herbert@gondor.apana.org.au) wrote:
> On Thu, Nov 22, 2007 at 02:57:07PM +0300, Evgeniy Polyakov wrote:
> >
> > Somehow you described that to others - just combine things together and
> > put to Documentation/crypto and that will be enough.
>
> Patches are welcome :)
I still do not understand thow whole concept.
> > For example this patchset looks like possible first step in proper
> > chaining mechanism for hardware devices, but if this will be impemented
> > this way, then each hardware completion callback should be wrapped with
> > proper geniv methods (like those which copy iv back to req->info). Is
> > this right approach (for those users who care about correct returned
> > IV), or will it just use software implementation only?
>
> I'm not sure I understand your question.
>
> First of all givcrypt is designed to work for hardware devices too.
> If they can generate their own IVs then they should directly hook
> up to the givcrypt method and use the givcipher type.
But for example chainiv_givcrypt() will not return correct iv when
called fro async device, since when givcrypt() returned operation is not
yet completed.
> If not then they can use one of the precanned geniv wrappers and
> declare their preference in the in crypto_ablkcipher_alg->geniv.
>
> As to chaining, I presume you mean something like encryption
> followed by hashing? If so then this really doesn't have much to
> do with chaining at all.
Yes, that what I meant. And also other possible crypto modes, which can
require iv-based tweaks.
> I think we don't really need chaining in general because the
> hardware doesn't do arbitrary chaining. Instead what they do
> is specific chains that are useful for particular applications.
>
> Case in point would be encryption followed by hashing which is
> designed for IPsec.
>
> Therefore instead of having a general chaining abstraction I've
> chosen to do chaining support on a case-by-case basis. For
> instance, the above chaining is now supported by the new crypto_aead
> transform type.
>
> It just so happens that people are also designing algorithms
> to make crypto_aead useful for software as well which is a
> bonus :)
This sheds some light on, thanks.
--
Evgeniy Polyakov
next prev parent reply other threads:[~2007-11-22 12:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-22 8:47 [0/11] Add IV generators and givcrypt Herbert Xu
2007-11-22 8:48 ` [PATCH 1/11] [CRYPTO] ablkcipher: Add givcrypt operation and givcipher type Herbert Xu
2007-11-22 8:48 ` [PATCH 2/11] [CRYPTO] cryptd: Use geniv of the underlying algorithm Herbert Xu
2007-11-22 8:48 ` [PATCH 3/11] [CRYPTO] blkcipher: Merge ablkcipher and blkcipher into one option/module Herbert Xu
2007-11-22 11:18 ` Evgeniy Polyakov
2007-11-22 11:28 ` Herbert Xu
2007-11-22 11:48 ` Evgeniy Polyakov
2007-11-22 8:48 ` [PATCH 4/11] [CRYPTO] blkcipher: Add givcipher_alloc_inst/givcipher_free_inst Herbert Xu
2007-11-22 8:48 ` [PATCH 5/11] [CRYPTO] chainiv: Add chain IV generator Herbert Xu
2007-11-22 11:17 ` Evgeniy Polyakov
2007-11-22 11:26 ` Herbert Xu
2007-11-22 12:05 ` Evgeniy Polyakov
2007-11-22 12:12 ` Herbert Xu
2007-11-25 12:31 ` Herbert Xu
2007-11-25 12:58 ` Herbert Xu
2007-11-26 11:54 ` Evgeniy Polyakov
2007-11-22 8:48 ` [PATCH 6/11] [CRYPTO] ablkcipher: Added ablkcipher_request_complete Herbert Xu
2007-11-22 8:48 ` [PATCH 7/11] [CRYPTO] eseqiv: Add Encrypted Sequence Number IV Generator Herbert Xu
2007-11-22 8:48 ` [PATCH 8/11] [CRYPTO] blkcipher: Create default givcipher instances Herbert Xu
2007-11-22 8:48 ` [PATCH 9/11] [CRYPTO] seqiv: Add Sequence Number IV Generator Herbert Xu
2007-11-22 8:49 ` [PATCH 10/11] [CRYPTO] aead: Add givcrypt operation Herbert Xu
2007-11-22 15:51 ` Herbert Xu
2007-11-22 8:49 ` [PATCH 11/11] [CRYPTO] authenc: " Herbert Xu
2007-11-23 11:24 ` Herbert Xu
2007-11-22 11:25 ` [0/11] Add IV generators and givcrypt Evgeniy Polyakov
2007-11-22 11:31 ` Herbert Xu
2007-11-22 11:57 ` Evgeniy Polyakov
2007-11-22 12:09 ` Herbert Xu
2007-11-22 12:37 ` Evgeniy Polyakov [this message]
2007-11-22 12:47 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071122123701.GA16262@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.