Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754751AbdFXAKD (ORCPT ); Fri, 23 Jun 2017 20:10:03 -0400 Received: from imap.thunk.org ([74.207.234.97]:38644 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754058AbdFXAKC (ORCPT ); Fri, 23 Jun 2017 20:10:02 -0400 Date: Fri, 23 Jun 2017 20:09:57 -0400 From: "Theodore Ts'o" To: David Gstir Cc: jaegeuk@kernel.org, ebiggers3@gmail.com, richard@sigma-star.at, herbert@gondor.apana.org.au, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, Daniel Walter Subject: Re: [PATCH v5] fscrypt: Add support for AES-128-CBC Message-ID: <20170624000956.s3kpirtcz44ss36z@thunk.org> Mail-Followup-To: Theodore Ts'o , David Gstir , jaegeuk@kernel.org, ebiggers3@gmail.com, richard@sigma-star.at, herbert@gondor.apana.org.au, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, Daniel Walter References: <5565BD72-986F-4338-8562-6B5F9FB72110@sigma-star.at> <20170619072758.8608-1-david@sigma-star.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170619072758.8608-1-david@sigma-star.at> User-Agent: NeoMutt/20170113 (1.7.2) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1544 Lines: 31 On Mon, Jun 19, 2017 at 09:27:58AM +0200, David Gstir wrote: > From: Daniel Walter > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are > implemented. This is a clear case of kernel offers the mechanism and > userspace selects a policy. Similar to what dm-crypt and ecryptfs have. > > This patch adds support for using AES-128-CBC for file contents and > AES-128-CBC-CTS for file name encryption. To mitigate watermarking > attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is > actually slightly less secure than AES-XTS from a security point of view, > there is more widespread hardware support. Using AES-CBC gives us the > acceptable performance while still providing a moderate level of security > for persistent storage. > > Especially low-powered embedded devices with crypto accelerators such as > CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS > is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC > since it has less encryption rounds and yields noticeable better > performance starting from a file size of just a few kB. > > Signed-off-by: Daniel Walter > [david@sigma-star.at: addressed review comments] > Signed-off-by: David Gstir > Reviewed-by: Eric Biggers Thanks, applied. - Ted