Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1774469rwd; Thu, 1 Jun 2023 23:07:31 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6OwVYHI0rRUIOSYGuaT414RbX0Hzx3UvdZYbCUdHuWLFz0f4Y/8gL7c92133siyqwNZUY9 X-Received: by 2002:a05:6a20:938f:b0:10f:f672:6e50 with SMTP id x15-20020a056a20938f00b0010ff6726e50mr8335789pzh.5.1685686051543; Thu, 01 Jun 2023 23:07:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685686051; cv=none; d=google.com; s=arc-20160816; b=nqElkmTAyWlBVBg7C1a2iQyHMSnKd18gaCW3n/TFjEquALx5j0QkhH8iak6jzJII01 cg8DfcCtf4qme9XOWA1VcsbRoJYulNjPLogmhZg7RkIyn4MeWqx4TmjlhTwAZt8OsZ2A o4lW/GUhVejng8JMq4Y9CI5EsIoS5qY/DZF4u7Egqmo0hz78M0J8+HrF+HeDHyPJ+pq0 0uusHRodvqsRD/15eEPsR4Ik8kWeSaNhGw8PC4kCNVKqJ92OKijpFYHtWBc9lvPzOVmd Kt4gJMtQXagQFa/HK73lnwOqXhUUVie/aR8KlWR4Jk1b2v1Lioy162/MdaMOAZ3rgwtd A1ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:content-language :content-transfer-encoding:mime-version:message-id:date:subject :in-reply-to:references:cc:to:from:dkim-signature; bh=jvAAoIR7hWpzPGIvCqAL3GkKmLXxTRf22KLx1FttpVI=; b=AfnIO6tvfnOdu55pgwYWOZ7NLf9PL6bCz/RQOURHYy/qEA+GcoFmSFeAgEkGGR9vJ8 gN0xUZ3q7bBOl5l6mi553ZKhGQZ0WKHCaPMJVzIXFAshW4ZjuSFTtESd0p0qGi3l78rx JlMh1ZGyjSzsFRXKdLmhi/KLYua4YFRG5QEBtEVHwvihcU0qxyJCCDMu3rMJvqwB3994 UcgOE1DhB60KTJpRsJSP+mqEDrg8hrJAEs854QukJ2cThZ1JmzNqNHOKJ8Q2OpuJ5ImC rQAGM1/UlxfckPPs3EhDrGygbbUTjVLRkHKmjYMZb8OdD6RZIiDie/OzHgAiq2gPVn3Y CUIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@nsr.re.kr header.s=LIY0OQ3MUMW6182UNI14 header.b=biXsuUl1; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nsr.re.kr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q29-20020a63751d000000b0050bd4b86169si468287pgc.414.2023.06.01.23.06.56; Thu, 01 Jun 2023 23:07:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@nsr.re.kr header.s=LIY0OQ3MUMW6182UNI14 header.b=biXsuUl1; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nsr.re.kr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232000AbjFBGFs (ORCPT + 99 others); Fri, 2 Jun 2023 02:05:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231354AbjFBGFr (ORCPT ); Fri, 2 Jun 2023 02:05:47 -0400 Received: from mail.nsr.re.kr (unknown [210.104.33.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B54019A; Thu, 1 Jun 2023 23:05:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; s=LIY0OQ3MUMW6182UNI14; d=nsr.re.kr; t=1685685818; c=relaxed/relaxed; h=content-type:date:from:message-id:mime-version:subject:to; bh=jvAAoIR7hWpzPGIvCqAL3GkKmLXxTRf22KLx1FttpVI=; b=biXsuUl1SHeh1YWBtqNITK0BNzQrygKmK5g7REAZ/eo/10bdmydFU2U8eX9tAHl30FYqSYNQkm6KIHIDkGKD80u8OlYjDxP1FNxzUZIUSsve9Kmz+zqojCm58dQhyvdfM8yjJOF0gZRIHtlkuW85riYkoqPYfvjT8+2dSm25Y8PM6oqsZsXkzU6szqhEiimP73EbPfJ97qn9XgHtXFbAP5NYUbqldzjaD34rzoSftTYJTFO1BHFqGVpkmhY450uncjLBUiq2WZP+h5xC68bMtDUbCijo0u9uPfB7xu4ZXF3GMv/wj88IE21lrjyz31eiQRYWvtkMlKVacFQnpv14aA== Received: from 210.104.33.70 (nsr.re.kr) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128 bits)) by mail.nsr.re.kr with SMTP; Fri, 02 Jun 2023 15:03:23 +0900 Received: from 192.168.155.188 ([192.168.155.188]) by mail.nsr.re.kr (Crinity Message Backbone-7.0.1) with SMTP ID 161; Fri, 2 Jun 2023 15:05:15 +0900 (KST) From: Dongsoo Lee To: 'Herbert Xu' Cc: linux-crypto@vger.kernel.org, davem@davemloft.net, linux-kernel@vger.kernel.org, letrhee@gmail.com References: <20230525121301.722682-1-letrhee@nsr.re.kr> In-Reply-To: Subject: RE: [PATCH v2 0/2] crypto: LEA block cipher implementation Date: Fri, 2 Jun 2023 15:05:16 +0900 Message-ID: <008d01d99518$33db63f0$9b922bd0$@nsr.re.kr> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Content-Language: ko Thread-Index: AQEgJe7QK/GSa6QvS9/PE8EqZ6STfbDp46/Q X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org >> >> We expect that the first application of the patch would be disk encryption on the Gooroom platform ('Gooroom' is a Korean word, meaning 'cloud') [3]. Currently, the Gooroom platform uses AES-XTS for disk encryption. The main reason for submitting this patch is to make disk encryption with LEA (e.g. LEA-XTS) available on there. > >We don't add kernel algorithms without an in-kernel user. Is there an existing in-kernel user that can use this as is or are you going to add one? > >Thanks, Our current goal is to encrypt with LEA in a data-at-rest environment. One option we are considering is utilizing the `dm-crypt` module for disk encryption. The `dm-crypt` module can use various ciphers provided by the Linux Crypto API. By specifying the `lea-xts-plain` option in the `cryptsetup` tool, it can immediately work without further modification. Additionally, we are exploring the possibility of using `blk-crypto` for encryption. Currently, the ciphers available for `blk-crypto` are AES-256-XTS, AES-128-CBC-ESSIV, Adiantum, and SM4-XTS. We would like to add LEA-256-XTS to these. ( https://github.com/torvalds/linux/blob/master/block/blk-crypto.c#L21 ) Instead of disk encryption, it is also possible to use `fscrypt` to encrypt the file system for data-at-rest environments. `fscrypt` currently supports AES-256-XTS, AES-256-CTS-CBC, AES-128-CBC-ESSIV, AES-128-CTS-CBC, SM4-XTS, SM4-CTS-CBC, Adiantum, and AES-256-HCTR2. ( https://github.com/torvalds/linux/blob/master/fs/crypto/keysetup.c#L16 ) The above are what we will do with LEA. Thank you.