Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1816603ybi; Thu, 20 Jun 2019 04:23:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqyAcUsxVl41jATQoUlWRWi13rM3qf9W0PfpRK/EHVdIIQPaytBf5lQkN9rYpeG9moPMaR8N X-Received: by 2002:aa7:8106:: with SMTP id b6mr57922370pfi.5.1561029807267; Thu, 20 Jun 2019 04:23:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561029807; cv=none; d=google.com; s=arc-20160816; b=UGQW+kVfDZhTlV1G0fRtEBhHMEMPd3vYUiuDyICoj2xOV/VCl5Ez0kKtjNnZxRxJ/d F7YXjUwRXBs6K3NXQqxfx3wmt85FG81apmCanwtPX6hul6pymRZ9DYB02rZW16TgV4wy L8LdhdwUynhKSvhEJkMvryMfHejyxOKvlj9Ri0uyrsec2YCB8V86AxkoOZOlyC1DViGA 4gooBhbZlvhCjMnPsgLARmRSVU237rvt5updFmPPQ+G/5jHK2829w/81X1kJPnQHRudI 1MHnZwCM2nShtvvYXQq1+uDFsDEhgg6qYqj5xtVZlCtSJe0ZFLJYkJpBxY2+ERv9uhI0 Vitg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:cc:to:subject:dkim-signature; bh=KqQ/0lNgatbAFjvI+UVLmFxYwFfw0GJxlYHEsE9riuI=; b=aARnWBZT9Cgp0WaUPf7/tnl2nPByWnVhH86zLJoN0eIzAwwFN5Zjd6swB6MAPrMeD4 ASoqfh5745hww63d/CwKK8Upu8qk8niPdQEsEcpAAOptyUMTopVGCPyK6rFrslSlwYHj /bglQw+6m6HnDP8BoCCC05cjVluiIofg7OSYfzwKqsyQ0Z2kwZavcSkhOvnjD+CCiwOl DSztD3XQ+BWC2moRA1W2pCF766SMDpf86uXZ+xGx0T+c75mJnPQVYTH2PbpeKAra+1z4 UlfwB1lsBwNgPke8/CpFJZjfdUQR6WAbXDeLLIIiuXcTXSaqmz4OsU3fJ3Pwjdl3D+qm /ynQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=EqwlB9wr; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f17si4005247pjq.18.2019.06.20.04.23.07; Thu, 20 Jun 2019 04:23:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=EqwlB9wr; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726392AbfFTLXC (ORCPT + 99 others); Thu, 20 Jun 2019 07:23:02 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:38055 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726391AbfFTLXB (ORCPT ); Thu, 20 Jun 2019 07:23:01 -0400 Received: by mail-wm1-f65.google.com with SMTP id s15so2765687wmj.3; Thu, 20 Jun 2019 04:23:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=KqQ/0lNgatbAFjvI+UVLmFxYwFfw0GJxlYHEsE9riuI=; b=EqwlB9wrZg7QLGcc8q6YnqqCrDzdvMYEbGXNYG+FRDI5VxzNfajkiCb20/BAbsgSDN Vef7665o/zWK17Zp1xRcjyn6ZuIkR5fWhViv4hP5sWLzwEVuW+t/ohGYx6/2/3EKgZmC SIBY5QU9w0krvt+zTIkUukCY3KDAjmZz6aEDUyaN+Gd7k+hmRVIBeXbl5svknvqxgENX j9dLelMWUZj97HgfgBxHcrWJ5oG1X7OC07ctG8ubYz+EMOASHlvKYnxzRCPPu/FH3FWN zqujdMNR2NoKYC0LE12m3vOlgJYa2lBzQJP7PtpPgDvUwlw07PPEVe9x+tITHlhIAMoI ZO9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=KqQ/0lNgatbAFjvI+UVLmFxYwFfw0GJxlYHEsE9riuI=; b=aZLJbbCzep8ZRP+73wiamc3g5rV9e4Vl0qnxVcxaJRbSc3LeyPu5BsWOMYbQ4KT0Bp WDy53DFjnfvEGhbi4QDEKgBbeIN0DYXXkU+YfIRiPU0MQci2IEIQ7BKrBWVWXW1/3qUO X1ZCSgeLxswgdK2emQqpJtGEloDd88HXQyTtVrzFVX0w1iuMkNfBPPq/V8K37N5xz6Ls OD2rzUXE0Kq2U6dwhRcrURIvV3vk1IH6WRylW9bnBhtFD4VlaAUJz6gzKaCG8TPvV14t MmLhMPuZs4qfiPUY/MSirwzmNn9CbFkGRI5XECO4dA3ErcVPs10ytIgLIF11c+d9WysL f86g== X-Gm-Message-State: APjAAAV9MOQ2CuHdOyGMRLWGlG+gzqFlFuwpxoLAEIFgiOxwYLS7qd/Q xOE6HxfMo0RzYt64FdATe9y7Xx9D6KebeA== X-Received: by 2002:a1c:f61a:: with SMTP id w26mr2678480wmc.75.1561029779427; Thu, 20 Jun 2019 04:22:59 -0700 (PDT) Received: from [172.22.36.64] (redhat-nat.vtp.fi.muni.cz. [78.128.215.6]) by smtp.gmail.com with ESMTPSA id n1sm16511014wrx.39.2019.06.20.04.22.58 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jun 2019 04:22:58 -0700 (PDT) Subject: Re: [PATCH v3 0/6] crypto: switch to crypto API for ESSIV generation To: Ard Biesheuvel , linux-crypto@vger.kernel.org Cc: Herbert Xu , Eric Biggers , dm-devel@redhat.com, linux-fscrypt@vger.kernel.org, Gilad Ben-Yossef References: <20190619162921.12509-1-ard.biesheuvel@linaro.org> From: Milan Broz Openpgp: preference=signencrypt Message-ID: <459f5760-3a1c-719d-2b44-824ba6283dd7@gmail.com> Date: Thu, 20 Jun 2019 13:22:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 In-Reply-To: <20190619162921.12509-1-ard.biesheuvel@linaro.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 19/06/2019 18:29, Ard Biesheuvel wrote: > This series creates an ESSIV template that produces a skcipher or AEAD > transform based on a tuple of the form ',,' > (or ',,' for the AEAD case). It exposes the > encapsulated sync or async skcipher/aead by passing through all operations, > while using the cipher/shash pair to transform the input IV into an ESSIV > output IV. > > This matches what both users of ESSIV in the kernel do, and so it is proposed > as a replacement for those, in patches #2 and #4. > > This code has been tested using the fscrypt test suggested by Eric > (generic/549), as well as the mode-test script suggested by Milan for > the dm-crypt case. I also tested the aead case in a virtual machine, > but it definitely needs some wider testing from the dm-crypt experts. > > Changes since v2: > - fixed a couple of bugs that snuck in after I'd done the bulk of my > testing > - some cosmetic tweaks to the ESSIV template skcipher setkey function > to align it with the aead one > - add a test case for essiv(cbc(aes),aes,sha256) > - add an accelerated implementation for arm64 that combines the IV > derivation and the actual en/decryption in a single asm routine I run tests for the whole patchset, including some older scripts and seems it works for dm-crypt now. For the new CRYPTO_ESSIV option - dm-crypt must unconditionally select it (we rely on all IV generators availability in userspace), but that's already done in patch 4. Thanks, Milan