Subject: Re: crypto(4) and IVs
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Thor Lancelot Simon <>
List: tech-crypto
Date: 05/29/2005 11:43:16
On Sat, May 28, 2005 at 08:57:28PM -0400, der Mouse wrote:
> I've been trying to do useful things with crypto(4) - or more
> precisely, trying to write code to pound on it in the hope of figuring
> out why I'm seeing certain errors when talking to a machine with a
> crypto accelerator in it.
> I find that when I do a CIOCCRYPT, the IV is not modified.  How am I
> supposed to get the correct IV for my next call?  Do I have to go under
> the hood and "know" that for the cipher I'm using (3DES_CBC) it's the
> last block of the encrypted data (output for ENCRYPT, input for
> DECRYPT)?  Or is there something I'm missing?

One good way to see how it all works is to look at the /dev/crypto engine
Jonathan added to our OpenSSL -- it maps from crypto(4)'s packet-at-a-time
way of doing things to the stream-oriented approaches one tends to use
libcrypto for.  Of course, OpenSSL code is not so easy to read, either. :-)