From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [0/11] Add IV generators and givcrypt
Date: Thu, 22 Nov 2007 15:37:02 +0300 [thread overview]
Message-ID: <20071122123701.GA16262@2ka.mipt.ru> (raw)
In-Reply-To: <20071122120937.GA9357@gondor.apana.org.au>
On Thu, Nov 22, 2007 at 08:09:37PM +0800, Herbert Xu (herbert@gondor.apana.org.au) wrote:
> On Thu, Nov 22, 2007 at 02:57:07PM +0300, Evgeniy Polyakov wrote:
> >
> > Somehow you described that to others - just combine things together and
> > put to Documentation/crypto and that will be enough.
>
> Patches are welcome :)
I still do not understand thow whole concept.
> > For example this patchset looks like possible first step in proper
> > chaining mechanism for hardware devices, but if this will be impemented
> > this way, then each hardware completion callback should be wrapped with
> > proper geniv methods (like those which copy iv back to req->info). Is
> > this right approach (for those users who care about correct returned
> > IV), or will it just use software implementation only?
>
> I'm not sure I understand your question.
>
> First of all givcrypt is designed to work for hardware devices too.
> If they can generate their own IVs then they should directly hook
> up to the givcrypt method and use the givcipher type.
But for example chainiv_givcrypt() will not return correct iv when
called fro async device, since when givcrypt() returned operation is not
yet completed.
> If not then they can use one of the precanned geniv wrappers and
> declare their preference in the in crypto_ablkcipher_alg->geniv.
>
> As to chaining, I presume you mean something like encryption
> followed by hashing? If so then this really doesn't have much to
> do with chaining at all.
Yes, that what I meant. And also other possible crypto modes, which can
require iv-based tweaks.
> I think we don't really need chaining in general because the
> hardware doesn't do arbitrary chaining. Instead what they do
> is specific chains that are useful for particular applications.
>
> Case in point would be encryption followed by hashing which is
> designed for IPsec.
>
> Therefore instead of having a general chaining abstraction I've
> chosen to do chaining support on a case-by-case basis. For
> instance, the above chaining is now supported by the new crypto_aead
> transform type.
>
> It just so happens that people are also designing algorithms
> to make crypto_aead useful for software as well which is a
> bonus :)
This sheds some light on, thanks.
--
Evgeniy Polyakov
next prev parent reply other threads:[~2007-11-22 12:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-22 8:47 [0/11] Add IV generators and givcrypt Herbert Xu
2007-11-22 8:48 ` [PATCH 1/11] [CRYPTO] ablkcipher: Add givcrypt operation and givcipher type Herbert Xu
2007-11-22 8:48 ` [PATCH 2/11] [CRYPTO] cryptd: Use geniv of the underlying algorithm Herbert Xu
2007-11-22 8:48 ` [PATCH 3/11] [CRYPTO] blkcipher: Merge ablkcipher and blkcipher into one option/module Herbert Xu
2007-11-22 11:18 ` Evgeniy Polyakov
2007-11-22 11:28 ` Herbert Xu
2007-11-22 11:48 ` Evgeniy Polyakov
2007-11-22 8:48 ` [PATCH 4/11] [CRYPTO] blkcipher: Add givcipher_alloc_inst/givcipher_free_inst Herbert Xu
2007-11-22 8:48 ` [PATCH 5/11] [CRYPTO] chainiv: Add chain IV generator Herbert Xu
2007-11-22 11:17 ` Evgeniy Polyakov
2007-11-22 11:26 ` Herbert Xu
2007-11-22 12:05 ` Evgeniy Polyakov
2007-11-22 12:12 ` Herbert Xu
2007-11-25 12:31 ` Herbert Xu
2007-11-25 12:58 ` Herbert Xu
2007-11-26 11:54 ` Evgeniy Polyakov
2007-11-22 8:48 ` [PATCH 6/11] [CRYPTO] ablkcipher: Added ablkcipher_request_complete Herbert Xu
2007-11-22 8:48 ` [PATCH 7/11] [CRYPTO] eseqiv: Add Encrypted Sequence Number IV Generator Herbert Xu
2007-11-22 8:48 ` [PATCH 8/11] [CRYPTO] blkcipher: Create default givcipher instances Herbert Xu
2007-11-22 8:48 ` [PATCH 9/11] [CRYPTO] seqiv: Add Sequence Number IV Generator Herbert Xu
2007-11-22 8:49 ` [PATCH 10/11] [CRYPTO] aead: Add givcrypt operation Herbert Xu
2007-11-22 15:51 ` Herbert Xu
2007-11-22 8:49 ` [PATCH 11/11] [CRYPTO] authenc: " Herbert Xu
2007-11-23 11:24 ` Herbert Xu
2007-11-22 11:25 ` [0/11] Add IV generators and givcrypt Evgeniy Polyakov
2007-11-22 11:31 ` Herbert Xu
2007-11-22 11:57 ` Evgeniy Polyakov
2007-11-22 12:09 ` Herbert Xu
2007-11-22 12:37 ` Evgeniy Polyakov [this message]
2007-11-22 12:47 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071122123701.GA16262@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox