From: Max Vozeler Subject: Re: [PATCH 1/4] dm-crypt: clarify cipher vs. cipher mode Date: Tue, 29 Dec 2009 02:46:39 +0100 Message-ID: <20091229014639.GC26723@chaos.nusquama.org> References: <1262026755-23056-1-git-send-email-max@hinterhof.net> <1262026755-23056-2-git-send-email-max@hinterhof.net> <4B390907.8010609@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-crypto@vger.kernel.org, linux-crypto@nl.linux.org, Jari Ruusu , Alasdair G Kergon To: Milan Broz Return-path: Received: from chaos.nusquama.org ([85.131.211.23]:53605 "EHLO chaos.nusquama.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751653AbZL2Bqm (ORCPT ); Mon, 28 Dec 2009 20:46:42 -0500 Content-Disposition: inline In-Reply-To: <4B390907.8010609@redhat.com> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Mon, Dec 28, 2009 at 08:37:43PM +0100, Milan Broz wrote: > On 12/28/2009 07:59 PM, Max Vozeler wrote: > > The original code used cc->cipher for two things: > > > @@ -1014,6 +1014,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) > > char *ivopts; > > unsigned int key_size; > > unsigned long long tmpll; > > + char ciphermode[CRYPTO_MAX_ALG_NAME]; > > Today is CRYPTO_MAX_ALG_NAME 64 bytes but it can increase in future. > This should not be allocated on the stack. OK. The mode string is only ever used within crypt_ctr(). It does not seem worth to move it into struct crypt_config or have it dynamically allocated, so I'll drop this cleanup. > But anyway, I see that the reason for this is to introduce multikey feature > (compatible with loop-AES mode). That's interesting idea. > > But please can you add more explanation into documentation about this mode? Sure, let me see what I can do. The most detailed description I know of is [1]. Besides the description in the Loop-AES documentation there are also some notes I took while doing the reimplementation. I'll see if I can put all these bits together into a document to have one mode and format specification. > Is there any paper which analyses that mode - if so can you add link > to description? > (and yes, I know loop-AES documentation:-) I'm not aware of any papers which analyze these modes. The 2004 paper by Saarinen[2] I think is what prompted the creation of these modes, specifically do protect against the weaknesses pointed out therein. The resulting v2 and v3 modes have not been independently analyzed as far as I'm aware. Anyone know better? Thanks for your comments, Max -- [1] http://mail.nl.linux.org/linux-crypto/2006-01/msg00006.html [2] http://mareichelt.de/pub/notmine/diskenc.pdf