From: Mike Snitzer <snitzer@redhat.com>
To: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Milan Broz <gmazyland@gmail.com>,
linux-crypto@vger.kernel.org, dm-devel@redhat.com,
Alasdair Kergon <agk@redhat.com>,
Mikulas Patocka <mpatocka@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Binoy Jayan <binoy.jayan@linaro.org>,
Gilad Ben-Yossef <gilad@benyossef.com>
Subject: Re: dm-crypt IV generation (summary)
Date: Mon, 13 Mar 2017 14:23:52 -0400 [thread overview]
Message-ID: <20170313182344.GA11766@redhat.com> (raw)
In-Reply-To: <CAFqZXNs0=6+PvpGq3weRwCJkUOfSn06i_fD6ZuvXo_0rms9zeA@mail.gmail.com>
On Fri, Mar 10 2017 at 8:44am -0500,
Ondrej Mosnacek <omosnace@redhat.com> wrote:
> Hi all,
>
> I was tasked to post a summary the whole dm-crypt IV generation
> problem and all the suggested solutions along with their drawbacks, so
> here it goes...
Thanks for the summary.
...
> 2. Restrict the keycount parameter to allow only reasonable
> combinations and then move IV generators to crypto API.
> In Loop-AES, the multi-key mode always uses exactly 64 keys and
> there is no reasonable scenario where someone would like to use
> keycount != 1 with other IV mode than LMK. Thus it might be acceptable
> to only work with multiple keys in LMK (and only allow keycount == 64
> for it) and work with just one key in all other modes (and only allow
> keycount == 1 for them). I.e., the cipher format would remain the
> same, just with more restricted values.
>
> Note that this would be basically a breaking change (the keycount
> parameter is documented [4], so there may be users somewhere that use
> it in some unusual combination...). Still, such combinations would
> have to be used explicitly, as they are never used with common
> LUKS/Loop-AES/TrueCrypt partitions (something like cryptsetup --type
> plain ... or dmsetup would have to be used directly).
>
> Applying this change would allow implementing the IV generators as
> simple crypto algorithms that honor the usual interface (without
> setkey hacks and passing of special structures via IV).
>
> ISSUES:
> a) Backward incompatibility (see above).
> b) Again need to somehow handle the new 'random' IV generator.
...
>
> QUESTIONS:
> @Mike/dm-devel: Do you think it would be feasible to apply solution 2
> (thus introducing the small incompatibility)?
Of all the proposals I think 2 is the best. But I'm not in a position
to _know_ how problematic such an incompatible change would be. As such
I unfortunately would need to defer to Milan, Herbert and others to say
how risky such a change would be. If the real-world risk is very
limited then I think it would enable the most effective solution (moving
the IV generators to crypto without carrying excess dm-crypt baggage).
The other part mentioned ("need to somehow handle the new 'random' IV
generator"): Milan or others, do you have ideas for this? Presummably
that is a prereq to moving forward with restricting keycount.
Mike
next prev parent reply other threads:[~2017-03-13 18:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-10 13:44 dm-crypt IV generation (summary) Ondrej Mosnacek
2017-03-13 18:23 ` Mike Snitzer [this message]
2017-04-06 9:29 ` Herbert Xu
2017-04-06 14:37 ` Mike Snitzer
2017-04-07 6:12 ` Herbert Xu
2017-05-18 11:40 ` Ondrej Mosnacek
2017-06-23 8:49 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170313182344.GA11766@redhat.com \
--to=snitzer@redhat.com \
--cc=agk@redhat.com \
--cc=binoy.jayan@linaro.org \
--cc=dm-devel@redhat.com \
--cc=gilad@benyossef.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=omosnace@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.