Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp4028605ybd; Tue, 25 Jun 2019 12:44:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqxWirVSQqFJr4qCfp3Eh/7z/U9MG3dJuvYy5y3s6qa5U1Rf9iUKwUA4CmPr646Gw2YYT+SH X-Received: by 2002:a17:902:d695:: with SMTP id v21mr397673ply.342.1561491857496; Tue, 25 Jun 2019 12:44:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561491857; cv=none; d=google.com; s=arc-20160816; b=jXmFEzvJZK4VSc6FKi3cCoZDX4CT6kSw2z8rrZaYzRwVVkjocKVpWMHcmkICuw7tqp 77Rfz8j1JN3FUYXtwTambYns8AjpLgrgiLFgwyRDF/ZAg+21+bxsigs2r55rITnhEZjc Mf4VCCR+ZpbhJn9laOnY3xziHyu5l3R/MOn1lnnmaVSeXeY9RLM6d3aHxKPYd9wyXLbv nyKY4tZbA8PxErZV6DjuK8+s2beDTZ/TR8DXGNk6HMRhXbDG79xvahexmsh1lFt/5v8y 4ndodu8jq/UJlJapuA9sLg0/ESOdzed0KZ/ogU5wo6JjQF1JE+EFcEUuO40VE9vlFK6d 12vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=45vGWzVlNykSbb0SikyyWESu3jvp1euDWJY49g4fPSA=; b=QpAsqlYAQw+gXDptOWUp5iNvympMNG0sigCG9uUto58PeO23Uf9IJ40hn72vxleMvF +AlNbFzI8Uk627BuSMeeiU5feDOndS+ZOtVgmDuckMLhC8a+NVFJOPtdVShqEo78/zBm x48TTfWzppffyS6GfjYvcTCI3JZvEBWrSKgqXlTaRUKNRlcggP6aAmtbSKwnT/EAeXYi v6tMQAoO7sn2bTVwA3rzKcTdgoo2Jp/VzUwM/5huHPPqhqiEStleUDH5zInKzSaWRpBH lS1UGG5VvYIRTEtSvMArmApWi23CtvQD15fPOYo04Hb6nR/AbYVMTH3YNlnH0MOMmJPI mhhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vkLPwk9x; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l68si1059892plb.416.2019.06.25.12.44.03; Tue, 25 Jun 2019 12:44:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vkLPwk9x; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729892AbfFYRMj (ORCPT + 99 others); Tue, 25 Jun 2019 13:12:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:36328 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727687AbfFYRMj (ORCPT ); Tue, 25 Jun 2019 13:12:39 -0400 Received: from gmail.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 96510208CA; Tue, 25 Jun 2019 17:12:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1561482757; bh=O2rccZsy2PvIAmAVzuj1EWVEjc4YLywh1wXT6zundPU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=vkLPwk9xZyQn5iWFrFsNBReSmNRVUUsOB2MqjQ6UTNpmVFS/uSO7Yp0UJMSfCDX2m +X4kHzrThALNHl+gqXdD+9ygNQ5fb60LXdoNqhRHlcMH+AOkglm/8uMSrLUUGNpGKH vixVSqW+9zfgN8cFP+nlyRzOfgLIAbWDGwiBsOr4= Date: Tue, 25 Jun 2019 10:12:36 -0700 From: Eric Biggers To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, omosnace@redhat.com, geert@linux-m68k.org, Milan Broz Subject: Re: [PATCH] crypto: morus - remove generic and x86 implementations Message-ID: <20190625171234.GB81914@gmail.com> References: <20190625145254.28510-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190625145254.28510-1-ard.biesheuvel@linaro.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org [+Cc Milan] On Tue, Jun 25, 2019 at 04:52:54PM +0200, Ard Biesheuvel wrote: > MORUS was not selected as a winner in the CAESAR competition, which > is not surprising since it is considered to be cryptographically > broken. (Note that this is not an implementation defect, but a flaw > in the underlying algorithm). Since it is unlikely to be in use > currently, let's remove it before we're stuck with it. > > Signed-off-by: Ard Biesheuvel > --- > arch/m68k/configs/amiga_defconfig | 2 - > arch/m68k/configs/apollo_defconfig | 2 - > arch/m68k/configs/atari_defconfig | 2 - > arch/m68k/configs/bvme6000_defconfig | 2 - > arch/m68k/configs/hp300_defconfig | 2 - > arch/m68k/configs/mac_defconfig | 2 - > arch/m68k/configs/multi_defconfig | 2 - > arch/m68k/configs/mvme147_defconfig | 2 - > arch/m68k/configs/mvme16x_defconfig | 2 - > arch/m68k/configs/q40_defconfig | 2 - > arch/m68k/configs/sun3_defconfig | 2 - > arch/m68k/configs/sun3x_defconfig | 2 - > arch/x86/crypto/Makefile | 13 - > arch/x86/crypto/morus1280-avx2-asm.S | 622 --------- > arch/x86/crypto/morus1280-avx2-glue.c | 66 - > arch/x86/crypto/morus1280-sse2-asm.S | 896 ------------- > arch/x86/crypto/morus1280-sse2-glue.c | 65 - > arch/x86/crypto/morus1280_glue.c | 209 --- > arch/x86/crypto/morus640-sse2-asm.S | 615 --------- > arch/x86/crypto/morus640-sse2-glue.c | 65 - > arch/x86/crypto/morus640_glue.c | 204 --- > crypto/Kconfig | 56 - > crypto/Makefile | 2 - > crypto/morus1280.c | 542 -------- > crypto/morus640.c | 533 -------- > crypto/testmgr.c | 12 - > crypto/testmgr.h | 1707 ------------------------- > include/crypto/morus1280_glue.h | 97 -- > include/crypto/morus640_glue.h | 97 -- > include/crypto/morus_common.h | 18 - > 30 files changed, 5843 deletions(-) > delete mode 100644 arch/x86/crypto/morus1280-avx2-asm.S > delete mode 100644 arch/x86/crypto/morus1280-avx2-glue.c > delete mode 100644 arch/x86/crypto/morus1280-sse2-asm.S > delete mode 100644 arch/x86/crypto/morus1280-sse2-glue.c > delete mode 100644 arch/x86/crypto/morus1280_glue.c > delete mode 100644 arch/x86/crypto/morus640-sse2-asm.S > delete mode 100644 arch/x86/crypto/morus640-sse2-glue.c > delete mode 100644 arch/x86/crypto/morus640_glue.c > delete mode 100644 crypto/morus1280.c > delete mode 100644 crypto/morus640.c > delete mode 100644 include/crypto/morus1280_glue.h > delete mode 100644 include/crypto/morus640_glue.h > delete mode 100644 include/crypto/morus_common.h Maybe include a link to the cryptanalysis paper https://eprint.iacr.org/2019/172.pdf in the commit message, so people seeing this commit can better understand the reasoning? Otherwise this patch itself looks fine to me, though I'm a little concerned we'll break someone actually using MORUS. An alternate approach would be to leave just the C implementation, and make it print a deprecation warning for a year or two before actually removing it. But I'm not sure that's needed, and it might be counterproductive as it would allow more people to start using it. From a Google search I don't see any documentation floating around specifically telling people to use MORUS with cryptsetup, other than an email on the dm-crypt mailing list (https://www.spinics.net/lists/dm-crypt/msg07763.html) which mentioned it alongside other options. So hopefully there are at most a couple odd adventurous users, who won't mind migrating their data to a new LUKS volume. - Eric