Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp6821079ybh;
        Thu, 8 Aug 2019 06:14:06 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxEALKwyE+Gikj5h31aPbRQv1PtfdepV93TNrF9/K21lgd0HS9i+yYTBs57zQChSiFlhp9b
X-Received: by 2002:a63:b11:: with SMTP id 17mr12337608pgl.283.1565270045790;
        Thu, 08 Aug 2019 06:14:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565270045; cv=none;
        d=google.com; s=arc-20160816;
        b=HstRDlZB/o6XzUpoCW21+V20ncAYr1uHbS7LY1Dwd5m8ehAQuedInebzU6gOkdo9ws
         dsQk/N+xtTLuDwbTJzh8FXaM0edvANbb/pIrWrf07pBHAt05d6DSJlxWphE+9U+h3a4r
         js+w5pHgwWhRYo2Xtp80zRSXY5SeBMRlKtWiyKGooxpP+ZZ1/LUfQE0/S1W+2+f7Im0j
         qf6+g1uZs1FDbp9yBttFmM48FbT1IEHsqSQcLZQaarGdI79E3eEP5GkjewGgX7TNLc80
         NIhMKDt36EnvvRLX+PwvNkehc62V6vSXYwjNbKRg6FAAwn5frVxGF4tmmjB4vUbpmqy1
         GN/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:openpgp:from:references:cc:to:subject:dkim-signature;
        bh=H9YOmFmn+dobIgV9UHgPg756iVEpHTNA5mVXaVj8BrA=;
        b=vZrUG8qKaeD+xLK1fLrVegzN09uxK61AUXZ9ahKf/PayuMHL5Du7vhMP2OpYrT+H7a
         CbF7dGv1aJ8YUVdtFlBHWz/eTevryKiR1BFCJz7MesuImsu0iP5z68oFU+XXjmZc5Foc
         ROky+Wu2ZydgJUPuFt+NKriG83zKV/MDITXTcWoek0IHa3KPqEIuKr+WDo9hWQi/2QHI
         Bz+rHf13CS+arW6zcsf1ifU+TN2q2TpAH36Ip63gzRasqkADcX/bgDfrAGVBggQuwzeT
         A7dy16EJ5ML480fahdk1mgZ5AZJWuQTtaWaMtm27K1Jci+Yo8OX32PlaFpFC+kUPho/q
         Ru/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="Lw9P/Ahs";
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v16si53869412pfe.39.2019.08.08.06.13.44;
        Thu, 08 Aug 2019 06:14:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="Lw9P/Ahs";
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732912AbfHHNLP (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Thu, 8 Aug 2019 09:11:15 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:39146 "EHLO
        mail-wm1-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732645AbfHHNLO (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 8 Aug 2019 09:11:14 -0400
Received: by mail-wm1-f53.google.com with SMTP id u25so2368419wmc.4
        for <linux-crypto@vger.kernel.org>; Thu, 08 Aug 2019 06:11:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:openpgp:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=H9YOmFmn+dobIgV9UHgPg756iVEpHTNA5mVXaVj8BrA=;
        b=Lw9P/Ahs3xvyfSma97fMbcUcEqmVMndFpmFuzJ5zYLss3gBnE4wWeDP+hgFR26tYcx
         Gt5QIbaQf+4/mzdLVgxmyGPwOcMwVCuns8eoQeaNxeRQOyUfWLrvGZclIIdcN5hn0qPV
         uEzc9nCHKxCX1+t8VmAHnLsM5xSznrpTNMJo8l8Ub7983vA4OdXNFfOJ2CSLyQsBYMfH
         rouRr34PYompL8naiXqtfdn8/ONdVSyT8FrGR9nucc8YzRlxk5C/j5Rp//Rx8C2vR5pT
         lII46+EV66hL3nVTT+gq8t4OuyUd5Ilts6snyT6XBD1MlCsnyNt2WZDCrzmMqK0RsRjx
         zZ3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=H9YOmFmn+dobIgV9UHgPg756iVEpHTNA5mVXaVj8BrA=;
        b=d6IS+q43k6puOVH87+0iENfEtEdbcZbPxwKIUlbO/flxCYEAK5RshuuOj0qVbOHZlA
         2e4a04Z5FXttp8xtXUXNSyez2db+dvwYsZBJvoQ60YBfluN/vBKlXFeDPvcDyNVkhZDC
         IA2I36RXlZG7QBsDR0r4PSYyVZiz/wzCLAhpLJyVp2CsJKsRccchC2mavhSh9GOrk6UO
         T7JAxNStVLWqKpsCSk5Ln+Ym1mJgDmYYISvQY2Ua2WSSpiazVZl+HTjzlh+iVTHJi3Fo
         dE4idqnEyLQXAqT4iHSaimb+plrM8mreooZJQAFYgk90luQQqQtuCu+akcTyFcXC1E+u
         V3ig==
X-Gm-Message-State: APjAAAWgrH2oM+VH4np0Ou/ArOOPNN7Z1VRJSpzi8LJk3v/Qt5TpHjNW
        i7rR3AuAraZ/7Gf9FEgU9Uxmt7n+Mcg=
X-Received: by 2002:a05:600c:2218:: with SMTP id z24mr4402430wml.84.1565269872766;
        Thu, 08 Aug 2019 06:11:12 -0700 (PDT)
Received: from [10.43.17.10] (nat-pool-brq-t.redhat.com. [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id 4sm220376865wro.78.2019.08.08.06.11.11
        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);
        Thu, 08 Aug 2019 06:11:12 -0700 (PDT)
Subject: Re: [PATCHv2] crypto: xts - Add support for Cipher Text Stealing
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
Cc:     Pascal van Leeuwen <pascalvanl@gmail.com>,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>
References: <1565245094-8584-1-git-send-email-pvanleeuwen@verimatrix.com>
 <CAKv+Gu_r+iF=gWk_sMesKSyxSZB5Z5pC6jNQmi8uf+0cY7K-6g@mail.gmail.com>
 <CH2PR20MB296824F38C44E32D8C82D0B8CAD70@CH2PR20MB2968.namprd20.prod.outlook.com>
 <CAKv+Gu_uzt-cQF9ZPuM=4zot7UTogifWk3Pjr7Rcz1QWnqKaog@mail.gmail.com>
 <MN2PR20MB297393DA81B7FFE9C1B904DBCAD70@MN2PR20MB2973.namprd20.prod.outlook.com>
 <CAKv+Gu-vT2tf-UEyxMSE2kRsWEYy+ab6T+37pF23jy_0+M-z2Q@mail.gmail.com>
From:   Milan Broz <gmazyland@gmail.com>
Openpgp: preference=signencrypt
Message-ID: <1353558c-ea2f-b94b-a570-4ca8f3a653ee@gmail.com>
Date:   Thu, 8 Aug 2019 15:11:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAKv+Gu-vT2tf-UEyxMSE2kRsWEYy+ab6T+37pF23jy_0+M-z2Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On 08/08/2019 12:37, Ard Biesheuvel wrote:
>>> True. Which is another historical mistake imo, since XTS is only
>>> specified for AES, but I digress ... :-)
>>>
>> Yes, I was also surprised by the use of XTS with other blockciphers.
>> It sort of violates the don't roll your own crypto paradigm ...
>> (although some might argue that XTS is supposed to be secure if the
>> underlying blockcipher is, regardless of what that cipher actually is)
>>
> 
> That doesn't really matter. What matters is that nobody took a careful
> look whether XTS combined with other ciphers is a good idea before
> throwing it out into the world.

Couldn't resist, but tell that to TrueCrypt authors (if you know them :)

They used XTS for other AES candidates (Serpent, Twofish, also in
chained modes together).

Older versions used LRW mode, doing the same.
Even implementing LRW over Blowfish that has 8-byte block size, so you
need GF(2^64) operations - that is luckily not implemented in Linux kernel
crypto API :-)

VeraCrypt continued the tradition, adding the Camellia and
Kuznyetchik (actually discussed GOST standard) to the XTS mix.

But without sarcasm, I do want to support this for users,
we can map (but not create) such images in cryptsetup, and it is partially
reason I want dm-crypt to be fully configurable...

Milan