From: Milan Broz <gmazyland@gmail.com>
To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Horia Geanta <horia.geanta@nxp.com>
Subject: Re: xts fuzz testing and lack of ciphertext stealing support
Date: Sat, 20 Jul 2019 09:35:26 +0200 [thread overview]
Message-ID: <0d4d6387-777c-bfd3-e54a-e7244fde0096@gmail.com> (raw)
In-Reply-To: <20190720065807.GA711@sol.localdomain>
On 20/07/2019 08:58, Eric Biggers wrote:
> On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
>> Also, I would like to avoid another "just because it is nicer" module dependence (XTS->XEX->ECB).
>> Last time (when XTS was reimplemented using ECB) we have many reports with initramfs
>> missing ECB module preventing boot from AES-XTS encrypted root after kernel upgrade...
>> Just saying. (Despite the last time it was keyring what broke encrypted boot ;-)
>>
>
> Can't the "missing modules in initramfs" issue be solved by using a
> MODULE_SOFTDEP()? Actually, why isn't that being used for xts -> ecb already?
>
> (There was also a bug where CONFIG_CRYPTO_XTS didn't select CONFIG_CRYPTO_ECB,
> but that was simply a bug, which was fixed.)
Sure, and it is solved now. (Some systems with a hardcoded list of modules
have to be manually updated etc., but that is just bad design).
It can be done properly from the beginning.
I just want to say that that switching to XEX looks like wasting time to me
for no additional benefit.
Fully implementing XTS does make much more sense for me, even though it is long-term
the effort and the only user, for now, would be testmgr.
So, there are no users because it does not work. It makes no sense
to implement it, because there are no users... (sorry, sounds like catch 22 :)
(Maybe someone can use it for keyslot encryption for keys not aligned to
block size, dunno. Actually, some filesystem encryption could have use for it.)
> Or "xts" and "xex" could go in the same kernel module xts.ko, which would make
> this a non-issue.
If it is not available for users, I really see no reason to introduce XEX when
it is just XTS with full blocks.
If it is visible to users, it needs some work in userspace - XEX (as XTS) need two keys,
people are already confused enough that 256bit key in AES-XTS means AES-128...
So the examples, hints, man pages need to be updated, at least.
Milan
WARNING: multiple messages have this Message-ID (diff)
From: Milan Broz <gmazyland@gmail.com>
To: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Horia Geanta <horia.geanta@nxp.com>
Subject: Re: [dm-devel] xts fuzz testing and lack of ciphertext stealing support
Date: Sat, 20 Jul 2019 09:35:26 +0200 [thread overview]
Message-ID: <0d4d6387-777c-bfd3-e54a-e7244fde0096@gmail.com> (raw)
In-Reply-To: <20190720065807.GA711@sol.localdomain>
On 20/07/2019 08:58, Eric Biggers wrote:
> On Thu, Jul 18, 2019 at 01:19:41PM +0200, Milan Broz wrote:
>> Also, I would like to avoid another "just because it is nicer" module dependence (XTS->XEX->ECB).
>> Last time (when XTS was reimplemented using ECB) we have many reports with initramfs
>> missing ECB module preventing boot from AES-XTS encrypted root after kernel upgrade...
>> Just saying. (Despite the last time it was keyring what broke encrypted boot ;-)
>>
>
> Can't the "missing modules in initramfs" issue be solved by using a
> MODULE_SOFTDEP()? Actually, why isn't that being used for xts -> ecb already?
>
> (There was also a bug where CONFIG_CRYPTO_XTS didn't select CONFIG_CRYPTO_ECB,
> but that was simply a bug, which was fixed.)
Sure, and it is solved now. (Some systems with a hardcoded list of modules
have to be manually updated etc., but that is just bad design).
It can be done properly from the beginning.
I just want to say that that switching to XEX looks like wasting time to me
for no additional benefit.
Fully implementing XTS does make much more sense for me, even though it is long-term
the effort and the only user, for now, would be testmgr.
So, there are no users because it does not work. It makes no sense
to implement it, because there are no users... (sorry, sounds like catch 22 :)
(Maybe someone can use it for keyslot encryption for keys not aligned to
block size, dunno. Actually, some filesystem encryption could have use for it.)
> Or "xts" and "xex" could go in the same kernel module xts.ko, which would make
> this a non-issue.
If it is not available for users, I really see no reason to introduce XEX when
it is just XTS with full blocks.
If it is visible to users, it needs some work in userspace - XEX (as XTS) need two keys,
people are already confused enough that 256bit key in AES-XTS means AES-128...
So the examples, hints, man pages need to be updated, at least.
Milan
next prev parent reply other threads:[~2019-07-20 7:35 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 17:46 xts fuzz testing and lack of ciphertext stealing support Horia Geanta
2019-07-16 22:16 ` Eric Biggers
2019-07-17 17:09 ` Horia Geanta
2019-07-17 17:09 ` Horia Geanta
2019-07-17 17:28 ` Eric Biggers
2019-07-17 17:28 ` Eric Biggers
2019-07-17 18:08 ` Ard Biesheuvel
2019-07-18 6:52 ` Herbert Xu
2019-07-18 6:52 ` Herbert Xu
2019-07-18 7:15 ` Ard Biesheuvel
2019-07-18 7:15 ` Ard Biesheuvel
2019-07-18 7:21 ` Herbert Xu
2019-07-18 7:21 ` Herbert Xu
2019-07-18 7:28 ` Ard Biesheuvel
2019-07-18 7:28 ` Ard Biesheuvel
2019-07-18 7:50 ` Herbert Xu
2019-07-18 7:50 ` Herbert Xu
2019-07-18 7:40 ` Milan Broz
2019-07-18 7:40 ` Milan Broz
2019-07-18 10:40 ` Pascal Van Leeuwen
2019-07-18 11:19 ` Milan Broz
2019-07-18 11:19 ` Milan Broz
2019-07-18 15:27 ` Herbert Xu
2019-07-18 15:27 ` Herbert Xu
2019-07-20 6:58 ` Eric Biggers
2019-07-20 6:58 ` [dm-devel] " Eric Biggers
2019-07-20 7:35 ` Milan Broz [this message]
2019-07-20 7:35 ` Milan Broz
2019-07-20 10:13 ` Markus
2019-07-21 9:50 ` Ard Biesheuvel
2019-07-21 9:50 ` [dm-devel] " Ard Biesheuvel
2019-07-22 9:44 ` Pascal Van Leeuwen
2019-07-22 16:43 ` Ard Biesheuvel
2019-07-22 16:43 ` [dm-devel] " Ard Biesheuvel
2019-07-22 22:46 ` Pascal Van Leeuwen
2019-07-24 12:23 ` Pascal Van Leeuwen
2019-07-24 12:50 ` Pascal Van Leeuwen
2019-07-24 16:10 ` Pascal Van Leeuwen
2019-07-25 6:22 ` Ard Biesheuvel
2019-07-25 6:22 ` [dm-devel] " Ard Biesheuvel
2019-07-25 7:49 ` Pascal Van Leeuwen
2019-07-25 8:01 ` Ard Biesheuvel
2019-07-25 8:01 ` [dm-devel] " Ard Biesheuvel
2019-07-26 10:31 ` Pascal Van Leeuwen
2019-07-26 19:59 ` Horia Geanta
2019-07-26 19:59 ` [dm-devel] " Horia Geanta
2019-07-26 21:43 ` Pascal Van Leeuwen
2019-07-27 5:39 ` Ard Biesheuvel
2019-07-27 5:39 ` [dm-devel] " Ard Biesheuvel
2019-07-27 12:56 ` Pascal Van Leeuwen
2019-07-27 16:04 ` Milan Broz
2019-07-27 16:04 ` [dm-devel] " Milan Broz
2019-08-04 8:36 ` Ard Biesheuvel
2019-08-04 8:36 ` [dm-devel] " Ard Biesheuvel
[not found] ` <20f4832e-e3af-e3c2-d946-13bf8c367a60@nxp.com>
2019-08-07 15:51 ` Horia Geanta
2019-08-07 15:51 ` [dm-devel] " Horia Geanta
2019-08-07 20:57 ` Pascal Van Leeuwen
2019-08-08 14:50 ` Horia Geanta
2019-08-08 14:50 ` [dm-devel] " Horia Geanta
2019-08-09 8:35 ` Pascal Van Leeuwen
2019-08-08 13:43 ` Pascal Van Leeuwen
2019-08-08 18:01 ` Horia Geanta
2019-08-08 18:01 ` [dm-devel] " Horia Geanta
2019-08-09 2:48 ` Herbert Xu
2019-08-09 2:48 ` [dm-devel] " Herbert Xu
2019-08-09 6:45 ` Ard Biesheuvel
2019-08-09 6:45 ` [dm-devel] " Ard Biesheuvel
2019-08-09 7:44 ` Horia Geanta
2019-08-09 7:44 ` [dm-devel] " Horia Geanta
2019-08-09 17:49 ` Ard Biesheuvel
2019-08-09 17:49 ` [dm-devel] " Ard Biesheuvel
2019-08-09 20:57 ` Pascal Van Leeuwen
2019-08-10 4:39 ` Ard Biesheuvel
2019-08-10 4:39 ` [dm-devel] " Ard Biesheuvel
2019-08-11 11:12 ` Milan Broz
2019-08-11 11:12 ` [dm-devel] " Milan Broz
2019-08-11 20:34 ` Eric Biggers
2019-08-11 20:34 ` [dm-devel] " Eric Biggers
2019-08-11 21:39 ` Pascal Van Leeuwen
2019-08-11 21:29 ` Pascal Van Leeuwen
2019-08-12 4:51 ` Herbert Xu
2019-08-12 4:51 ` [dm-devel] " Herbert Xu
2019-08-11 21:15 ` Pascal Van Leeuwen
2019-08-11 22:24 ` Ard Biesheuvel
2019-08-11 22:24 ` [dm-devel] " Ard Biesheuvel
2019-08-12 1:04 ` Pascal Van Leeuwen
2019-07-18 15:29 ` Herbert Xu
2019-07-18 15:29 ` Herbert Xu
2019-07-18 15:43 ` Pascal Van Leeuwen
2019-07-18 15:51 ` Herbert Xu
2019-07-18 15:51 ` Herbert Xu
2019-07-18 16:19 ` Ard Biesheuvel
2019-07-18 16:19 ` Ard Biesheuvel
2019-07-18 16:22 ` Herbert Xu
2019-07-18 16:22 ` Herbert Xu
2019-07-18 17:03 ` Pascal Van Leeuwen
2019-07-19 5:34 ` Ard Biesheuvel
2019-07-19 5:34 ` Ard Biesheuvel
2019-07-19 7:29 ` Pascal Van Leeuwen
2019-07-19 17:14 ` Ard Biesheuvel
2019-07-19 17:14 ` Ard Biesheuvel
2019-07-19 20:07 ` Pascal Van Leeuwen
2019-07-19 7:29 ` Pascal Van Leeuwen
2019-07-18 17:03 ` Pascal Van Leeuwen
2019-07-18 16:35 ` Pascal Van Leeuwen
2019-07-19 1:47 ` Herbert Xu
2019-07-19 1:47 ` Herbert Xu
2019-07-18 16:35 ` Pascal Van Leeuwen
2019-07-18 15:43 ` Pascal Van Leeuwen
2019-07-18 10:40 ` Pascal Van Leeuwen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0d4d6387-777c-bfd3-e54a-e7244fde0096@gmail.com \
--to=gmazyland@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dm-devel@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=pvanleeuwen@verimatrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.