Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp869086pxk; Sat, 12 Sep 2020 03:06:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBrlVM3OL4icNCXYWyocNXTmZUN2F7yHfoZ/9CjmwpagoJtTG5d6v/IDo83LnpQjkWeMHe X-Received: by 2002:a05:6402:1151:: with SMTP id g17mr7594745edw.227.1599905187050; Sat, 12 Sep 2020 03:06:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599905187; cv=none; d=google.com; s=arc-20160816; b=e+V3xt3iLREqwiReLek6PlTFaPyW+SX5xvRsZ4b/vsBYMjIyiFqtlZMLioioSEprKs ha5YnFBm3CnYc2mHmzdP9Fuzi4Vj63RlUpJrGo0G+9Mcv8px6IyMn0+/+X5ymow+o896 ns7En5eTZl2efVG4He8ZXWxyf4sEmIhNAlhz63JbZTgz8hPuvEr7Ei7mdg8oSk9bfIjJ i0MAYZAcT9yJa2tA+Jk7uBuLjpltoJBPKYO7Jeq+t6P2xjDADk6kWwfrge0VM8KDntPp LjwASSHdlTwj97GmFfbJczcVNfrhxv+74Wa2lZE47YKNF3RwtDZSJmn2LBKd/P5nG9zH LXfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=90YY4GCj9MCnBhlZ4jV2qidPe5U41jo2zEaDvX7aM4Q=; b=W62HIZH2/BV/sHDiSpJkru9dSK3CGKhQR+uvGPppHQndZpAogLt/+XJx2IgVpNtf/R ghHhqIW5HX7xVS2ekd1xlcPV7IKrK1pHdG2OTqrloiXa9s2etVRmFawCuYUgMQF3LZIb T6FY8RMQMGkKnwDMlA+heh597giApEwfjlTqVq6Yf6Zhy7kf9K+ls1DZ6fNox/yXQseu 5lfZw7dBeV76Q4NpyRYS9oEKxv/LoRDyYEkGaqA8O/GDy8/xiW7apZlAB6pOOKvirgHv PFDhrhEaOdCvvZItZtbBuBi2gSC6A1pglvx2OZpNlcUZIY2XB4tDFvGHO/zyrfFh8baV 6FrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ldfJmLVF; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v13si3009419eja.325.2020.09.12.03.05.52; Sat, 12 Sep 2020 03:06:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ldfJmLVF; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725820AbgILKFt (ORCPT + 99 others); Sat, 12 Sep 2020 06:05:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725813AbgILKFr (ORCPT ); Sat, 12 Sep 2020 06:05:47 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1703C061573 for ; Sat, 12 Sep 2020 03:05:46 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id l9so6905572wme.3 for ; Sat, 12 Sep 2020 03:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=90YY4GCj9MCnBhlZ4jV2qidPe5U41jo2zEaDvX7aM4Q=; b=ldfJmLVFOGl4H3Z8v/CWbsGSr1VumYHgra/HDUsYfeWMXnuf7uYtH0f8Lq047aB+NI 7HM7plddd3nNxPqCML41L+EMFONmrcwBZ5q9eG6gfloMnThSgprmRUAWWqxBR8zAPowK lKF8DuZZe6mYh2UrsjUvLGOeGvKk7gqkTEUJ7/0nn6+BVO9Uu+/Xf2jyWRBh1mK6l6WK HWgwT5/nFWwbOr+/hQi/3K5dHIH7V4bzpDOFuEFoFySScVWSpF+uo56xpNe2LDhv8wZ0 HaBXASFKfJs0zqI0JY/Z8ttPggJxLjOhPd67e5rtiS0LYPVXMF0czG/k5xkRajOHxDJA vyKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=90YY4GCj9MCnBhlZ4jV2qidPe5U41jo2zEaDvX7aM4Q=; b=LVsxn//ZyBNaIqWlRshSyz2aJww8iwZoG/9qfLGgDukuvGh69xXVS745S71nPYVJZI rNHosvlGRKjWXx7BZroFmn7Z8acV2NzlJpRsVw26DhyHg5B8DCs0bJ/4QTZIBd6n7O9w wSQqC8NYbzpHXbt5ypX3/2j2kbVpF6rXswZgOMCQa1yl+oVwbFFbX2dwURZSBTpbwX9z g/tsWFV7VdF5ZF3MknktA7uHZc8YcADkrBVTTQPC/9p5uLJ6WOruGHMi3PI8gSjLRn0m OEOaopBRNC0NQgqvy4M/YH1QQ1EBa7vKtP5CRRy9QXoDTdPTMNhFS8VjqsnzPQf3/DGG IWJQ== X-Gm-Message-State: AOAM531ckGWIrbZ6vTBiRQvpuwMk9ZK/xvTHLAuBwX4wHrF+5G5KoN/u p1NihFKbmjgpCWCfgwqx404= X-Received: by 2002:a05:600c:2118:: with SMTP id u24mr6126485wml.59.1599905143839; Sat, 12 Sep 2020 03:05:43 -0700 (PDT) Received: from [192.168.8.102] (37-48-59-155.nat.epc.tmcz.cz. [37.48.59.155]) by smtp.gmail.com with ESMTPSA id b187sm9154522wmb.8.2020.09.12.03.05.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 12 Sep 2020 03:05:42 -0700 (PDT) Subject: Re: [PATCH] crypto: mark unused ciphers as obsolete To: Ard Biesheuvel , "Van Leeuwen, Pascal" , dm-devel@redhat.com Cc: "linux-crypto@vger.kernel.org" , "herbert@gondor.apana.org.au" , "ebiggers@kernel.org" References: <20200911141103.14832-1-ardb@kernel.org> From: Milan Broz Message-ID: Date: Sat, 12 Sep 2020 12:05:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 11/09/2020 18:30, Ard Biesheuvel wrote: > (cc Milan and dm-devel) > > On Fri, 11 Sep 2020 at 19:24, Van Leeuwen, Pascal > wrote: >> >>> -----Original Message----- >>> From: linux-crypto-owner@vger.kernel.org On Behalf Of Ard Biesheuvel >>> Sent: Friday, September 11, 2020 4:11 PM >>> To: linux-crypto@vger.kernel.org >>> Cc: herbert@gondor.apana.org.au; ebiggers@kernel.org; Ard Biesheuvel >>> Subject: [PATCH] crypto: mark unused ciphers as obsolete >>> >>> <<< External Email >>> >>> We have a few interesting pieces in our cipher museum, which are never >>> used internally, and were only ever provided as generic C implementations. >>> >>> Unfortunately, we cannot simply remove this code, as we cannot be sure >>> that it is not being used via the AF_ALG socket API, however unlikely. >>> So let's mark the Anubis, Khazad, SEED and TEA algorithms as obsolete, >>> >> Wouldn't the IKE deamon be able to utilize these algorithms through the XFRM API? >> I'm by no means an expert on the subject, but it looks like the cipher template is >> provided there directly via XFRM, so it does not need to live in the kernel source. >> And I know for a fact that SEED is being used for IPsec (and TLS) in Korea. >> > > I have been staring at net/xfrm/xfrm_algo.c, and as far as I can tell, > algorithms have to be mentioned there in order to be usable. None of > the ciphers that this patch touches are listed there or anywhere else > in the kernel. > >> The point being, there are more users to consider beyond "internal" (meaning hard >> coded in the kernel source in this context?) and AF_ALG. >> > > That is a good point, actually, since dm-crypt could be affected here > as well, hence the CCs. > > Milan (or others): are you aware of any of these ciphers being used > for dm-crypt? Cryptsetup/dm-crypt can use them (talking about Seed, Khazad, Anubis, TEA), but I think there is no real use of these. (IOW these are used only if someone deliberately uses them - manually specifying on format.) For dm-crypt. there should be no big harm if these are marked obsolete. Milan