Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp3474297ybl;
        Mon, 12 Aug 2019 00:45:21 -0700 (PDT)
X-Google-Smtp-Source: APXvYqweQ+8J3kE2UZYkRZyksdKiHC3/Rz9F5PFH1gHs8gR8wd2aKoUITdpFbsqfdL8nxjIH0Act
X-Received: by 2002:a17:90a:7788:: with SMTP id v8mr22727290pjk.132.1565595921072;
        Mon, 12 Aug 2019 00:45:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565595921; cv=none;
        d=google.com; s=arc-20160816;
        b=mmKi8IjNlNDJbEazEe2x/W7GlnTd5eOJ4RWUrfRvG8S56xmwkhu+voAg8bcOUrPBUL
         Eb87K+g8W5FPoUBC+GTAg0ye5GkD/h64WC22Qomhf/eRrIWSe7/+lVjtRSUAuLZHKMK+
         xjU87tbQ7eJbssvA7cQXkfulBVazfKoT/eDHafsNZ04TLo92JpAacXIJzSZkXbKf1whf
         hTYNm2UAfoq2dlaHQx3S/hbtrxJ2QoEnmfOJEx5FP0PehinTaCKg09BimsY4Qk6TYuNv
         eGSOWkk4RGzlnohP6HhW3l0YNPUkAKdvHiX6mlA7i3FKLTr39hhaWA8SL7J91tSTwb3f
         ayNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:openpgp:from:references:cc:to:subject:dkim-signature;
        bh=OhVdiPgQteGnfIdg/BzXWc5BJR5a7K5kl8o5O+S23zA=;
        b=y9KmSNgdf41FIYwVp5qS+ffnC+e9EUAWJNG4DlKF1GJ0DSyHrG8tPx3dp0z5sRg6Qc
         sWRoGyMsqGoIwG3/G3fjijuJ0lns0EQNgYU7LuASnADYlYnmEM656vr/mRr4udL6xljl
         v7umYsbTgXBekKsSM55p/zp+Yy2sr9zX25wJnutt26Cg05DZvNYnR0KSj52/v2AWNfmF
         DLlCgEtS012Etu3j75wbJAb2qDKNot25BIeodRsHzqgPIXhRbtmK4D1pdYgBtNatPqS2
         lScGbFJowaoxS+kYRjtM+VTrsZ33RDO/YpouZwqLEljYBafEqnum+URSIK+xrpBtLgKR
         RFPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=r1jtMvZ9;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t129si67466734pfb.16.2019.08.12.00.45.02;
        Mon, 12 Aug 2019 00:45:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=r1jtMvZ9;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726495AbfHLHov (ORCPT <rfc822;cvimail81@gmail.com> + 99 others);
        Mon, 12 Aug 2019 03:44:51 -0400
Received: from mail-wr1-f65.google.com ([209.85.221.65]:34050 "EHLO
        mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725774AbfHLHov (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 12 Aug 2019 03:44:51 -0400
Received: by mail-wr1-f65.google.com with SMTP id 31so103738051wrm.1;
        Mon, 12 Aug 2019 00:44:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:openpgp:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=OhVdiPgQteGnfIdg/BzXWc5BJR5a7K5kl8o5O+S23zA=;
        b=r1jtMvZ9jhoJPy9hDsGIBBNm+hpcmV9G+1pklBjb6Kec5H4LT+5spFLbW9+mYD8lJa
         jLk647pvhccAwgkKS/nWvPNzEAuaRevgM8wFgRNzk/C6P4IXjKj2LC+YG/Zh7HwR+7vT
         J4PdXf11cxfYr+3zK6eGeCzd4Qi3p8ivQ4zukHFB+Cewdp4dD1dpuSidDEfRYNVtRqdi
         oYb8bTDCvqabSwAdyKlns+c5BMNub62RZy7QDkhOAM9AxtiGdfdB5tKGMFRJcWPPbY/A
         9myhrgXnUoEIox5M/NJTzDejt8M1oX+4zP4wO85Sp1yAbV7A80VvSnTYiRUekLYwnynj
         wJMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=OhVdiPgQteGnfIdg/BzXWc5BJR5a7K5kl8o5O+S23zA=;
        b=ovHF7XRGnbY4woR9ouegZb6dm9NDQQ38mVpaW++U83D4PzGs06xteOc3S7YWq0CV3v
         a/fA88sRm7H/dcTNDUw+guwe4B2l/YMcPLWMYmCM39ZDYEH/lPPxAfw1hds3U4gFN2Cf
         WdJH3qG7kkVAg7WNt3fHTzvK4RO2ONg2uCYDajzHE9FPmN7jBx4wT4X5e8ODQrzS7yiG
         fNNTIDjPg7Mf1NMT8SkYDgytMgSeoFYzj0yg4mFtUoJmAO5vBJMqeqI5CpbddMemp5vi
         36CwOZJHoeiAh1VmAmU/Z9XjRobyT0IWiq4xoHxvBAX82LVc3DwMSHCOb2R7TLlis3Ps
         /0IQ==
X-Gm-Message-State: APjAAAVYqFNhi1Ox4fiZKerAN5P22OKaAQjkLQu7Fku+tBYBlQK8TfXL
        dNm7YRVQSCxirchyElxW4p4=
X-Received: by 2002:a5d:494d:: with SMTP id r13mr31737059wrs.82.1565595889035;
        Mon, 12 Aug 2019 00:44:49 -0700 (PDT)
Received: from [172.22.36.64] (redhat-nat.vtp.fi.muni.cz. [78.128.215.6])
        by smtp.gmail.com with ESMTPSA id c15sm50995266wrb.80.2019.08.12.00.44.48
        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);
        Mon, 12 Aug 2019 00:44:48 -0700 (PDT)
Subject: Re: [PATCH v9 3/7] md: dm-crypt: switch to ESSIV crypto API template
To:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc:     "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Eric Biggers <ebiggers@google.com>,
        device-mapper development <dm-devel@redhat.com>,
        linux-fscrypt@vger.kernel.org,
        Gilad Ben-Yossef <gilad@benyossef.com>
References: <20190810094053.7423-1-ard.biesheuvel@linaro.org>
 <20190810094053.7423-4-ard.biesheuvel@linaro.org>
 <8679d2f5-b005-cd89-957e-d79440b78086@gmail.com>
 <CAKv+Gu-ZPPR5xQSR6T4o+8yJvsHY2a3xXZ5zsM_aGS3frVChgQ@mail.gmail.com>
From:   Milan Broz <gmazyland@gmail.com>
Openpgp: preference=signencrypt
Message-ID: <82a87cae-8eb7-828c-35c3-fb39a9abe692@gmail.com>
Date:   Mon, 12 Aug 2019 09:44:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAKv+Gu-ZPPR5xQSR6T4o+8yJvsHY2a3xXZ5zsM_aGS3frVChgQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On 12/08/2019 08:54, Ard Biesheuvel wrote:
> On Mon, 12 Aug 2019 at 09:33, Milan Broz <gmazyland@gmail.com> wrote:
>> Try for example
>> # cryptsetup luksFormat /dev/sdc -c aes-cbc-essiv:sha256 --integrity hmac-sha256 -q -i1
>>
>> It should produce Crypto API string
>>   authenc(hmac(sha256),essiv(cbc(aes),sha256))
>> while it produces
>>   essiv(authenc(hmac(sha256),cbc(aes)),sha256)
>> (and fails).
>>
> 
> No. I don't know why it fails, but the latter is actually the correct
> string. The essiv template is instantiated either as a skcipher or as
> an aead, and it encapsulates the entire transformation. (This is
> necessary considering that the IV is passed via the AAD and so the
> ESSIV handling needs to touch that as well)

Hm. Constructing these strings seems to be more confusing than dmcrypt mode combinations :-)

But you are right, I actually tried the former string (authenc(hmac(sha256),essiv(cbc(aes),sha256)))
and it worked, but I guess the authenticated IV (AAD) was actually the input to IV (plain sector number)
not the output of ESSIV? Do I understand it correctly now?

Milan