Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3100914ybi;
        Fri, 5 Jul 2019 01:56:21 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxaouVtEj/eYAxxKtoujTybP6S+/KvrGOLEiFayEiVkJtYijR/ypvjvfXo3vaAE4/Gqnlwa
X-Received: by 2002:a17:90a:21ac:: with SMTP id q41mr3925499pjc.31.1562316981318;
        Fri, 05 Jul 2019 01:56:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562316981; cv=none;
        d=google.com; s=arc-20160816;
        b=K+0lWpwSQ7Xx5hQbUO3ptf3iM8im4FRXATAFu6w4x3RAW3UsyU7eNTmbpggqlPui1M
         lk3cF1f0uDH5G+sK0isqK+1K6KC+ow2BFB49o3zBjg9AirvRpwt0n7yEKXnn982lNizA
         hSRHA3OYIV37Te7/jSLCZqQBFL9DL2raTRuk1oinvNpllbxkUakEvaUEyw9Rtle6FTSR
         QHgBZkG3YN8A5glci7rW7k+qKiqTnEprUnt0twCX591IS6VBYDY2u+7Jk04PAKTnJnBa
         vaNlazPPcp7S83FL3t/icA5Kwd9D2tzmi0sPYD0JIAukzB0wZCDexztJlwiEejvDLpCi
         yGqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=wRPHon4G2w014tdFtlDOcwZtX+BzcXeL3tRnPb9GQU4=;
        b=Fysg9wZKQw2xejlpO0bEHUTZ2x2U1plNevTeDdE4vrF91jA/oeHXPxCHOlbVwvTAE+
         2zxXwEOh3fnCqv0i8uF3we/h5Q25Jrzxn94+nBT2/c4BDh2pXYU51GPQpjR3FzaQMAGb
         /Ygo8wsjQBLVcSP/VMbfIxUiZHEzTXTCN99jydWHwbGWyIhSz9Zy6EsvpUQaghPJC3aF
         XfsZMl3j4pyCfzYm65ZJHPPyyBpSxS1MOYGgtLSodNxlBquUN6m/CuQGMYqq4VGE5pi4
         vRWk+Z2vFrmRMdJRynKay1uRNtJOraDRJoltg7M4/23WNQG+ftpUJpZ9DLiCM6QM+w44
         mZAA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q42si8139819pjc.103.2019.07.05.01.56.04;
        Fri, 05 Jul 2019 01:56:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726977AbfGEIvV (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Fri, 5 Jul 2019 04:51:21 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:40692 "EHLO deadmen.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726427AbfGEIvV (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 5 Jul 2019 04:51:21 -0400
Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar)
        by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian))
        id 1hjJw2-0004ul-QO; Fri, 05 Jul 2019 16:51:14 +0800
Received: from herbert by gondobar with local (Exim 4.89)
        (envelope-from <herbert@gondor.apana.org.au>)
        id 1hjJvz-00030Q-8S; Fri, 05 Jul 2019 16:51:11 +0800
Date:   Fri, 5 Jul 2019 16:51:11 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc:     Milan Broz <gmazyland@gmail.com>,
        Eric Biggers <ebiggers@google.com>,
        device-mapper development <dm-devel@redhat.com>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH 3/3] dm-crypt: Implement eboiv - encrypted byte-offset
 initialization vector.
Message-ID: <20190705085111.ibpv3bmbxzy4mxgo@gondor.apana.org.au>
References: <20190704131033.9919-1-gmazyland@gmail.com>
 <20190704131033.9919-3-gmazyland@gmail.com>
 <7a8d13ee-2d3f-5357-48c6-37f56d7eff07@gmail.com>
 <CAKv+Gu_c+OpOwrr0dSM=j=HiDpfM4sarq6u=6AXrU8jwLaEr-w@mail.gmail.com>
 <CAKv+Gu8a6cBQYsbYs8CDyGbhHx0E=+1SU7afqoy9Cs+K8PMfqA@mail.gmail.com>
 <4286b8f6-03b5-a8b4-4db2-35dda954e518@gmail.com>
 <CAKv+Gu_Nesqtz-xs0LkHYZ6HXrKkbJjq8dKL6Cnrk9ZsQ=T3jg@mail.gmail.com>
 <20190705030827.k6f7hnhxjsoxdj6b@gondor.apana.org.au>
 <CAKv+Gu-Nye8TF68bZ=fKzU-SBpW7nx3F8ECcZjLjKD_TTbtsmw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAKv+Gu-Nye8TF68bZ=fKzU-SBpW7nx3F8ECcZjLjKD_TTbtsmw@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Fri, Jul 05, 2019 at 08:32:03AM +0200, Ard Biesheuvel wrote:
>
> > AFAICS this is using the same key as the actual data.  So why
> > don't you combine it with the actual data when encrypting/decrypting?
> >
> > That is, add a block at the front of the actual data containing
> > the little-endian byte offset and then use an IV of zero.
> >
> 
> That would only work for encryption.

True.  So this doesn't obviate the need to access the single-block
cipher.  But the code probably should still do it that way for
encryption for performance reasons.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt