Re: [PATCH 1/4] dm-crypt: clarify cipher vs. cipher mode

[Richard Zidlicky <rz@linux-m68k.org>]

Hi,

> > ivseed = key_table[64] is nowhere declared. 
> 
> This is an implementation detail of Loop-AES, so I don't consider it 
> belonging to the description of the modes here. 

difficult to draw the line, but as it is something supplied as "external 
parameter" to the dm-crypt layer I think it is certainly worth mentioning 
where it comes from.

> > > +  The input IV supplied to lmk2 or lmk3 is expected to be the
> > > +  sector number in 64-bit little endian as supplied by the
> > > +  plain64 dm-crypt IV generator. It gets truncated to 56 bits
> > > +  with the most significant byte set to 0x80:
> > 
> > I believe preceding paragraoh can be completely omitted, is not easier to 
> > understand than the pseudocode.
> 
> OK. I'll drop the last sentence, the first one describing where the
> IV is expected to come from seems relevant.

actually the first sentence does not make any sense to me as it is now.
 
> > > +Mode multi-key-v2 (lmk2-plain64-multi:64):
> > > +
> > > +  key = keys[sectornum % 64]
> > > +
> > > +  encrypt:
> > > +    IV = MD5(plaintext[16..511] ||
> > > +             le64(truncated-sector-number) ||
> > > +             le32(format-magic))
> > 
> > no need to repeat the IV description here, could use the v2/v3IV in the pseudocode
> > bellow. 
> 
> I think repeating it makes it clearer which parts happen at 
> which time, so I'd leave this as is.

at the very least I would use v2IV etc like in the earlier description. But I think
the duplication can be avoided.

Richard