Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3337273imm; Fri, 19 Oct 2018 08:59:41 -0700 (PDT) X-Google-Smtp-Source: ACcGV618ECnf9LVUPMkBDbPzIzrn0XHJsHNUHcIYTGqqFXeiGninAui2A2lUs42HMu8na//gABYd X-Received: by 2002:a17:902:3181:: with SMTP id x1-v6mr33949226plb.71.1539964781461; Fri, 19 Oct 2018 08:59:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539964781; cv=none; d=google.com; s=arc-20160816; b=xmeEa2x9msbbrt60W6tcQOzkApLoUMW5CKQ6kWWBWQWp5MRrkGhVBDqq5M6ClqMbPz mBbR3B9PMsnaRaeKQ6g6bK/yPJgeqTFOFIHm8Vlb0eVolm+KAFWl7xERxcrZUDdATw5o UfpNQifqL4d7jkz1hAt3PGgNOvl62e0m8cpXn23q+4yyEebx1HnQLdt2S8ce185MosJa hUJxNhiGuTThbpT6pZDotGDM9W2HfXzpoKqB+/BevOt5UStVlgHV0mZ5h7u08fJSqfOG uKD5Rkw3DK5Vnmzm/6SOg/WWPSmiezUWcIOFhKl4Nqyr0OfZ75EPj9K3vEIfIqitzmSK EoBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BoCMY3Zlym35RZFeVEyRHElz5vDqZhNWq/yxkLBdYGg=; b=fmX47cFRcHlWrSMQqwPmumPENBHgNIpduys7kGta0YqmuLfKZMZEkmkQHaPjI+1APw RCDVHV0NYOJYnwoEW50OuqoB14oxgy67Xjn7VYBPOzSZnQU9TGY526E9zcSuLp779NWF t7Zg0TjAouc40HWJVGKsaRpMylbRhuRVGaHphRd4WhFDaXhN/XcakluyvbAzoA4XBFSF BfxvGAOqGMfp5smvnwaHvRCs7W7iH6+DU4Yr313PWQ+XLei61n3qbvaAhaqau4KvbDiz Tg29T69d26IzkocfyRVPFP1lrwQwBN+a59cKx3rj5Q7qdDiDANCGDKJleQq7qBrN+AYT kRzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=aSjdQuG2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j19-v6si24556536pgh.198.2018.10.19.08.59.26; Fri, 19 Oct 2018 08:59:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=aSjdQuG2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727764AbeJTAFe (ORCPT + 99 others); Fri, 19 Oct 2018 20:05:34 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:57833 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727010AbeJTAFe (ORCPT ); Fri, 19 Oct 2018 20:05:34 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 895d9314; Fri, 19 Oct 2018 15:56:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=daGgA772UPnfYGuXtkaT2VNFif8=; b=aSjdQu G2hqBonl0n0bURM+8WnMiTZWsZyKkwNR2747UQbZlG+eW0LGRE6pnzqFO4w5wzZH 5thqKQT0DYiMma6izHNoyweceoeKN5Hg3e8RC16y1baKVfSstsDf51uWKFqTy6NZ 1Wz5IUdifOMkGG1yll+ZUPg4yjteOmoLLcnNuMtXBBHu6PfLM3HRKzfpfN1TBaqY +nhzE1l4oLX10hr4v9zt06A3hE4aHV+2JGsZxsuTRJeFiVl2HLx+bnMweH+7bnsK I/NIXGT/tqwWjCf5Y1fwdjR1iOHAlLwwCEJ9Xa8AI8HZxTJrvpDh4Lo9aMSTRd2F KZO53mcZ8cAqz4Dg== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 71656bb5 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Fri, 19 Oct 2018 15:56:39 +0000 (UTC) Received: by mail-oi1-f180.google.com with SMTP id l197-v6so27184755oib.8; Fri, 19 Oct 2018 08:58:48 -0700 (PDT) X-Gm-Message-State: ABuFfogwh4oYyO+kUEG3dWRE7PR9ISyrVeG0VrmZLXHZC4dFq0zWBT8q znv1/b5+pQrB0yxL3qbGlML7u8+HjLCK2YtLG14= X-Received: by 2002:aca:1111:: with SMTP id 17-v6mr19511053oir.278.1539964727505; Fri, 19 Oct 2018 08:58:47 -0700 (PDT) MIME-Version: 1.0 References: <20181015175424.97147-1-ebiggers@kernel.org> In-Reply-To: <20181015175424.97147-1-ebiggers@kernel.org> From: "Jason A. Donenfeld" Date: Fri, 19 Oct 2018 17:58:35 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v2 00/12] crypto: Adiantum support To: Eric Biggers Cc: Linux Crypto Mailing List , linux-fscrypt@vger.kernel.org, linux-arm-kernel@lists.infradead.org, LKML , Herbert Xu , Paul Crowley , Greg Kaiser , Michael Halcrow , Samuel Neves , Tomer Ashur Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Eric, > As before, some of these patches conflict with the new "Zinc" crypto > library. But I don't know when Zinc will be merged, so for now I've > continued to base this patchset on the current 'cryptodev'. I'd appreciate it if you waited to merge this until you can rebase it on top of Zinc. In fact, if you already want to build it on top of Zinc, I'm happy to work with you on that in a shared repo or similar. We can also hash out the details of that in person in Vancouver in a few weeks. I think pushing this in before will create undesirable churn for both of us. > Therefore, we (well, Paul Crowley did the real work) designed a new > encryption mode, Adiantum. In essence, Adiantum makes it secure to use > the ChaCha stream cipher for disk encryption. Adiantum is specified by > our paper here: https://eprint.iacr.org/2018/720.pdf ("Adiantum: > length-preserving encryption for entry-level processors"). Reference > code and test vectors are here: https://github.com/google/adiantum. > Most of the high-level concepts of Adiantum are not new; similar > existing modes include XCB, HCTR, and HCH. Adiantum and these modes are > true wide-block modes (tweakable super-pseudorandom permutations), so > they actually provide a stronger notion of security than XTS. Great, I'm very happy to see you've created such a high performance alternative. Before merging this into the kernel, do you want to wait until you've received some public review from academia? Jason