From: Eric Biggers <ebiggers3@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Binoy Jayan <binoy.jayan@linaro.org>,
broonie@kernel.org, arnd@arndb.de, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, rnayak@codeaurora.org,
David Gstir <david@sigma-star.at>
Subject: Re: [PATCH v6 0/2] IV Generation algorithms for dm-crypt
Date: Fri, 23 Jun 2017 11:21:56 -0700 [thread overview]
Message-ID: <20170623182156.GB84943@gmail.com> (raw)
In-Reply-To: <20170623081341.GA29748@gondor.apana.org.au>
On Fri, Jun 23, 2017 at 04:13:41PM +0800, Herbert Xu wrote:
> Binoy Jayan <binoy.jayan@linaro.org> wrote:
> > ===============================================================================
> > dm-crypt optimization for larger block sizes
> > ===============================================================================
> >
> > Currently, the iv generation algorithms are implemented in dm-crypt.c. The goal
> > is to move these algorithms from the dm layer to the kernel crypto layer by
> > implementing them as template ciphers so they can be used in relation with
> > algorithms like aes, and with multiple modes like cbc, ecb etc. As part of this
> > patchset, the iv-generation code is moved from the dm layer to the crypto layer
> > and adapt the dm-layer to send a whole 'bio' (as defined in the block layer)
> > at a time. Each bio contains the in memory representation of physically
> > contiguous disk blocks. Since the bio itself may not be contiguous in main
> > memory, the dm layer sets up a chained scatterlist of these blocks split into
> > physically contiguous segments in memory so that DMA can be performed.
>
> There is currently a patch-set for fscrypt to add essiv support. It
> would be interesting to know whether your implementation of essiv
> can also be used in that patchset. That would confirm that we're on
> the right track.
>
You can find the fscrypt patch at https://patchwork.kernel.org/patch/9795327/
Note that it's encrypting 4096-byte blocks, not 512-byte. Also, it's using
AES-256 for the ESSIV tfm (since it uses a SHA-256 hash) but AES-128 for the
"real" encryption. It's possible this is a mistake and it should be AES-128 for
both. (If it is, it needs to be fixed before it's released in 4.13.)
Eric
prev parent reply other threads:[~2017-06-23 18:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-22 4:41 [PATCH v6 0/2] IV Generation algorithms for dm-crypt Binoy Jayan
2017-06-22 4:41 ` [PATCH v6 1/2] crypto: Add IV generation algorithms Binoy Jayan
2017-06-22 4:41 ` [PATCH v6 2/2] crypto: Multikey template for essiv Binoy Jayan
2017-06-23 8:13 ` [PATCH v6 0/2] IV Generation algorithms for dm-crypt Herbert Xu
2017-06-23 8:13 ` Herbert Xu
2017-06-23 18:21 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170623182156.GB84943@gmail.com \
--to=ebiggers3@gmail.com \
--cc=arnd@arndb.de \
--cc=binoy.jayan@linaro.org \
--cc=broonie@kernel.org \
--cc=david@sigma-star.at \
--cc=dm-devel@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=rnayak@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.