Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1923158ybi;
        Thu, 18 Jul 2019 00:24:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxO3a0h2Bk0FnLdPxC5JYwJyAP+QJ7WA022tNKChyYTP1ZT5p6GDaHUMsjWk+MmsV25hO9y
X-Received: by 2002:a65:504c:: with SMTP id k12mr46821437pgo.252.1563434669376;
        Thu, 18 Jul 2019 00:24:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1563434669; cv=none;
        d=google.com; s=arc-20160816;
        b=AWglww72eVNNJBs6ndyA1iJjLQweo6VXIgGr3VGfSYXtXxB6LVd2XtafQGkJv82oUg
         zSBy0RXuFj8+muDlxjcLZLZbRPmA7LMxCmZMswKzfMBQ1t1tbYpwyeX17kVwnOGDzyY9
         whCRfjHlxEF7nV/D+unQonNeTSjVrD2Zjl/QFG88u5iIbqQgbGlnEfg8uGZB67wIQhSc
         9uJrHwMhgbrO+KtN+qnkuHry+nUXZyvghGEGqncmI6T8lHi/YmdEJe6h2I73bhOtw6HG
         CjMakEGZuVVhI2TEtE/eDEPmXUUQEw1nRG1+Pe7XqQZRwMl9EdI5lvSxjeOIUW8yDirz
         EamQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=XOe4DnLtsfsaAKStficcXnzIWg2vjkPyI2b3eJ7FuMQ=;
        b=ijEuaLCz/V7aqylAwhu9kJBAsOIYcV3IJdzDSjr0ebnG15Oq1GuIx1YoMbRnFdu00A
         DZFdFCYQDiwEQne0n2Aixg0RRFnSmxliX2CrDxMedvWVg5FEeSBtmAh1DGrESXpxxq14
         /sE9+GvJ3fUY2yUkjobv4/MXzhhbuccto45i8Qbf4dsSzt1PODAEPZpDRRcK/NsUbmm8
         O7pA/rWKbJrqbKnk3UPb6eDVhq7tMCtsyXFlN8vMCMo0xdIwXD65hgkmHPBMUW3WpIaV
         7ZtpmnwEc90tZONf/cK0RYvZNQWYD4zemjPmbuE+vg7JfzwR0ZOe+q3q9bY+vkJFCsvB
         XW0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z6si557319plo.193.2019.07.18.00.24.13;
        Thu, 18 Jul 2019 00:24:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726572AbfGRHWC (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Thu, 18 Jul 2019 03:22:02 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:36384 "EHLO deadmen.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726386AbfGRHWC (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 18 Jul 2019 03:22:02 -0400
Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar)
        by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian))
        id 1ho0jm-00009d-Nz; Thu, 18 Jul 2019 15:21:58 +0800
Received: from herbert by gondobar with local (Exim 4.89)
        (envelope-from <herbert@gondor.apana.org.au>)
        id 1ho0jj-0005oQ-0g; Thu, 18 Jul 2019 15:21:55 +0800
Date:   Thu, 18 Jul 2019 15:21:55 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc:     Horia Geanta <horia.geanta@nxp.com>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
        "dm-devel@redhat.com" <dm-devel@redhat.com>
Subject: Re: xts fuzz testing and lack of ciphertext stealing support
Message-ID: <20190718072154.m2umem24x4grbf6w@gondor.apana.org.au>
References: <VI1PR0402MB34858E4EF0ACA7CDB446FF5798CE0@VI1PR0402MB3485.eurprd04.prod.outlook.com>
 <20190716221639.GA44406@gmail.com>
 <VI1PR0402MB34857BBB18C2BB8CBA2DEC7198C90@VI1PR0402MB3485.eurprd04.prod.outlook.com>
 <20190717172823.GA205944@gmail.com>
 <CAKv+Gu__offPaWvyURJr8v56ig58q-Deo16QhP26EJ32uf5m3w@mail.gmail.com>
 <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au>
 <CAKv+Gu9-EWNpJ9viSsjhYRdOZb=7a=Mpddmyt8SLEq9aFtawjg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAKv+Gu9-EWNpJ9viSsjhYRdOZb=7a=Mpddmyt8SLEq9aFtawjg@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, Jul 18, 2019 at 09:15:39AM +0200, Ard Biesheuvel wrote:
>
> Not just the generic implementation: there are numerous synchronous
> and asynchronous implementations of xts(aes) in the kernel that would
> have to be fixed, while there are no in-kernel users that actually
> rely on CTS. Also, in the cbc case, we support CTS by wrapping it into
> another template, i.e., cts(cbc(aes)).
> 
> So retroactively redefining what xts(...) means seems like a bad idea
> to me. If we want to support XTS ciphertext stealing for the benefit
> of userland, let's do so via the existing cts template, and add
> support for wrapping XTS to it.

XTS without stealing should be renamed as XEX.  Sure you can then
wrap it inside cts to form xts but the end result needs to be called
xts.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt