Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4915233ybi; Sat, 20 Jul 2019 08:44:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqzaYVnKm6WfuSkAUKUWmjtJ+gwX9qxG7Pou0HfXsQ71oCyeT7YGPLh0V7ywsR9RDwNCBXUF X-Received: by 2002:a17:902:ac85:: with SMTP id h5mr64399789plr.198.1563637489502; Sat, 20 Jul 2019 08:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563637489; cv=none; d=google.com; s=arc-20160816; b=ZBR8Fkgw4pAwbPOcsl0a8fQXpZqOF9Py4yBtwWWO47Xh4c6RYdNxLnRtWe+o6w1buZ 7jNXTmATjKAXm8H23FTC8dtZiSXaRZDSkSoTY019mJppssOuZH1cQCJLl6bVVbjQrHuZ sWP/WoPVfAxs43tnFeA4qTu+sZQgVat6kDHYhqHQgzoJdTT7+5JBRYNn4K2099Jk4MtO uHVbmdv6KUF6tWQPAbi05PjFXa4Imqs+0CKzeJicd7PcmZhYw9LWzmfvo2vkt9KWTHGs qrnEcdsPa2T6TPc7TWSply21lXTCsiNRKhimETS+dCcoNeh81bp9HMuaa2NVwkeztYVw ATrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:to:subject:dkim-signature; bh=aTgqFuUx+iLi6PHQcMOEzebXL2+OwnsPRMPIdzzMI50=; b=IhIGaJ3IsvSM9CplnUIxeMdWpoCdE10S4Gl/k1XXpLnp4qFiR6l9qi9E2hwjcEhS/m KdsOYMRYNn+ZxzQpGcSAoWOkJXdxpvDY/AGODsT43vHcsnaR8cLTp2Z5IPekCQaCWPH+ VKjGXtRT0r5Y4OAXxEMijckmGCkdUeocDRxyyPQ04Gfrgwrdp+9QX2zAD4p3c2drvwcz nFhVJktSse54SSIug0NxFtasLvha0uhNxnh3JNFJCEOl9UqCuL3IoF4L7v4oMfObrYlf YPGwR6VhW0iylVjzfPDSrbDgAh6QUGQs66Ysw5Op+fBhJmJvlaB6kABvLQmIGq4Mu+zR uv6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=N98VZMUn; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l185si2873439pgd.379.2019.07.20.08.44.30; Sat, 20 Jul 2019 08:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=N98VZMUn; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726704AbfGTHfa (ORCPT + 99 others); Sat, 20 Jul 2019 03:35:30 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:44410 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726681AbfGTHfa (ORCPT ); Sat, 20 Jul 2019 03:35:30 -0400 Received: by mail-wr1-f65.google.com with SMTP id p17so34256624wrf.11 for ; Sat, 20 Jul 2019 00:35:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=aTgqFuUx+iLi6PHQcMOEzebXL2+OwnsPRMPIdzzMI50=; b=N98VZMUn7EWiC0MbiNP40BvMrQe6p/Gx2mE8wmrMIVNtjMd+JpagvU0arbPSWEYp81 z7mvzLbLjYXz8BkgtHt5Ul+GRXesG4W/QYbuM/TxkcbADf571wVtIlD90aAuJRkjxHhh 7s2l6XXzn57y0zimmCg1VTQxeVT7NRp/Fa/SmC6JbknLplEVj6oF/bvRKdm1AVa/Ydkh QpcXz5yiyOF4NUDCfpzc1a17PAgr5+RuxaGj5v8UjqSFR8kTAFO4HkzA5MLHYBZFFQqZ 3QJTUEqSRDhXMuodbt0PgyPjfFiRZofYaHaeT/KM3iDpxcsPU3M6MY4vOZgLieHdV3bX cpCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=aTgqFuUx+iLi6PHQcMOEzebXL2+OwnsPRMPIdzzMI50=; b=CzINJ3wbky8/9HCPkp2TUg+aa4X8Yc+dWSaw4UkwvocWUhs0JnD2PhnIt+cvqtFhso 7Y4mCah5NWRWnzvk3k/vcw68vp1DA2gAillqJUzt1P7eR6YDVUPYi2KOzhX0BUUE7QAf oafx4Fz687pHwkTfZV/ZB7jo0cz3ihh2pUlWuGN6suhn5188VV275bJhkfRB2YEiHT2/ ASRPQs50dzzibVl7St7J28cMc/IKHHwD3EoW6UaHgf79wj7Rllbg/gQHyYAvg+8M9TCx 3MB+63Fo+/XZI5m/J7FygCidO+5kYiAVHpQKHGI9KVC77hWd4euQCZCcvcqFudHHvqER jCQA== X-Gm-Message-State: APjAAAXZoYczZQazuv1JULT6q67d8K9MTy9KEW0gZ1vpmYsA7cRWuiYD cJCODxPIYnLR/p45crWz+cs= X-Received: by 2002:adf:dd8e:: with SMTP id x14mr59960579wrl.344.1563608128567; Sat, 20 Jul 2019 00:35:28 -0700 (PDT) Received: from [192.168.8.100] (37-48-49-65.nat.epc.tmcz.cz. [37.48.49.65]) by smtp.gmail.com with ESMTPSA id p14sm27232138wrx.17.2019.07.20.00.35.27 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Sat, 20 Jul 2019 00:35:27 -0700 (PDT) Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing support To: Pascal Van Leeuwen , Herbert Xu , Ard Biesheuvel , "dm-devel@redhat.com" , "linux-crypto@vger.kernel.org" , Horia Geanta References: <20190716221639.GA44406@gmail.com> <20190717172823.GA205944@gmail.com> <20190718065223.4xaefcwjoxvujntw@gondor.apana.org.au> <20190718072154.m2umem24x4grbf6w@gondor.apana.org.au> <36e78459-1594-6d19-0ab4-95b03a6de036@gmail.com> <20190720065807.GA711@sol.localdomain> From: Milan Broz Openpgp: preference=signencrypt Message-ID: <0d4d6387-777c-bfd3-e54a-e7244fde0096@gmail.com> Date: Sat, 20 Jul 2019 09:35:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190720065807.GA711@sol.localdomain> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 20/07/2019 08:58, Eric Biggers wrote: > On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote: >> Also, I would like to avoid another "just because it is nicer" module dependence (XTS->XEX->ECB). >> Last time (when XTS was reimplemented using ECB) we have many reports with initramfs >> missing ECB module preventing boot from AES-XTS encrypted root after kernel upgrade... >> Just saying. (Despite the last time it was keyring what broke encrypted boot ;-) >> > > Can't the "missing modules in initramfs" issue be solved by using a > MODULE_SOFTDEP()? Actually, why isn't that being used for xts -> ecb already? > > (There was also a bug where CONFIG_CRYPTO_XTS didn't select CONFIG_CRYPTO_ECB, > but that was simply a bug, which was fixed.) Sure, and it is solved now. (Some systems with a hardcoded list of modules have to be manually updated etc., but that is just bad design). It can be done properly from the beginning. I just want to say that that switching to XEX looks like wasting time to me for no additional benefit. Fully implementing XTS does make much more sense for me, even though it is long-term the effort and the only user, for now, would be testmgr. So, there are no users because it does not work. It makes no sense to implement it, because there are no users... (sorry, sounds like catch 22 :) (Maybe someone can use it for keyslot encryption for keys not aligned to block size, dunno. Actually, some filesystem encryption could have use for it.) > Or "xts" and "xex" could go in the same kernel module xts.ko, which would make > this a non-issue. If it is not available for users, I really see no reason to introduce XEX when it is just XTS with full blocks. If it is visible to users, it needs some work in userspace - XEX (as XTS) need two keys, people are already confused enough that 256bit key in AES-XTS means AES-128... So the examples, hints, man pages need to be updated, at least. Milan