From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Subject: Re: [0/11] Add IV generators and givcrypt
Date: Thu, 22 Nov 2007 14:25:59 +0300
Message-ID: <20071122112558.GE2444@2ka.mipt.ru>
References: <20071122084758.GA7536@gondor.apana.org.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Return-path: <linux-crypto-owner@vger.kernel.org>
Received: from relay.2ka.mipt.ru ([194.85.82.65]:49443 "EHLO 2ka.mipt.ru"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751905AbXKVL0O (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
	Thu, 22 Nov 2007 06:26:14 -0500
Content-Disposition: inline
In-Reply-To: <20071122084758.GA7536@gondor.apana.org.au>
Sender: linux-crypto-owner@vger.kernel.org
List-Id: linux-crypto.vger.kernel.org

Hi Herbert.

On Thu, Nov 22, 2007 at 04:47:58PM +0800, Herbert Xu (herbert@gondor.apana.org.au) wrote:
> This series of patches introduces IV generators which can be
> accessed through the givcrypt operation on block ciphers (other
> than crypto_blkcipher which should not be used for new code).
> 
> The givcrypt operation is identical to encrypt except that the
> IV is generated by the algorithm instead of given by the user.
> 
> Algorithms can either provide their own IV generator or (as
> most will do) use the default IV generators provided by the
> system.  If no IV generator is specified by the system, then
> chainiv will be used for synchronous algorithms and eseqiv will
> be used for asynchronous algorithms.
> 
> Counter mode algorithms (which include some stream ciphers) must
> choose something other than the default to ensure uniqueness for
> the IV.

Idea and implementation look very good, I have couple of comments on
patches and one generic comment here: you absolutely have to write at
least bits of documentation for this new interfaces, how they behave and
who and how should use it :)

-- 
	Evgeniy Polyakov