From: "Horia Geantă" <horia.geanta@freescale.com>
To: Martin Hicks <mort@bork.org>
Cc: Milan Broz <gmazyland@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
<linux-crypto@vger.kernel.org>,
Scott Wood <scottwood@freescale.com>,
<linuxppc-dev@lists.ozlabs.org>
Subject: Re: [PATCH 0/2] crypto: talitos: Add AES-XTS mode
Date: Mon, 9 Mar 2015 12:16:04 +0200 [thread overview]
Message-ID: <54FD72E4.1060701@freescale.com> (raw)
In-Reply-To: <CAJUS3Xnw66Eu6tvGPpdcet6KLjhKM=ptj8NRaztAVr0h_r+LqQ@mail.gmail.com>
On 3/3/2015 7:44 PM, Martin Hicks wrote:
> On Tue, Mar 3, 2015 at 10:44 AM, Horia Geantă
> <horia.geanta@freescale.com> wrote:
>> On 3/3/2015 12:09 AM, Martin Hicks wrote:
>>>
>>> On Mon, Mar 02, 2015 at 03:37:28PM +0100, Milan Broz wrote:
>>>>
>>>> If crypto API allows to encrypt more sectors in one run
>>>> (handling IV internally) dmcrypt can be modified of course.
>>>>
>>>> But do not forget we can use another IV (not only sequential number)
>>>> e.g. ESSIV with XTS as well (even if it doesn't make much sense, some people
>>>> are using it).
>>>
>>> Interesting, I'd not considered using XTS with an IV other than plain/64.
>>> The talitos hardware would not support aes/xts in any mode other than
>>> plain/plain64 I don't think...Although perhaps you could push in an 8-byte
>>> IV and the hardware would interpret it as the sector #.
>>>
>>
>> For talitos, there are two cases:
>>
>> 1. request data size is <= data unit / sector size
>> talitos can handle any IV / tweak scheme
>>
>> 2. request data size > sector size
>> since talitos internally generates the IV for the next sector by
>> incrementing the previous IV, only IV schemes that allocate consecutive
>> IV to consecutive sectors will function correctly.
>>
>
> it's not clear to me that #1 is right. I guess it could be, but the
> IV length would be limited to 8 bytes.
Yes, there's a limitation in talitos wrt. XTS IV / tweak size - it's up
to 8 bytes.
So I guess ESSIV won't work with talitos-xts, since the encrypted IV
output is 16 bytes.
But as previously said, ESSIV breaks the XTS standard requirement for
having a consecutive IV for consecutive blocks. ESSIV should really be
used only with disk-level encryption schemes that require an
unpredictable IV.
>
> This also points out that claiming that the XTS IV size is 16 bytes,
> as my current patch does, could be problematic. It's handy because
> the first 8 bytes should contain a plain64 sector #, and the second
> u64 can be used to encode the sector size but it would be a mistake
> for someone to use the second 8 bytes for the rest of a 16byte IV.
XTS IV *is* 16 bytes. The fact that xts-talitos can handle only 8 bytes
is a problem indeed, but for plain and plain64 should not matter.
Horia
WARNING: multiple messages have this Message-ID (diff)
From: "Horia Geantă" <horia.geanta@freescale.com>
To: Martin Hicks <mort@bork.org>
Cc: linux-crypto@vger.kernel.org,
Scott Wood <scottwood@freescale.com>,
linuxppc-dev@lists.ozlabs.org, Milan Broz <gmazyland@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: [PATCH 0/2] crypto: talitos: Add AES-XTS mode
Date: Mon, 9 Mar 2015 12:16:04 +0200 [thread overview]
Message-ID: <54FD72E4.1060701@freescale.com> (raw)
In-Reply-To: <CAJUS3Xnw66Eu6tvGPpdcet6KLjhKM=ptj8NRaztAVr0h_r+LqQ@mail.gmail.com>
On 3/3/2015 7:44 PM, Martin Hicks wrote:
> On Tue, Mar 3, 2015 at 10:44 AM, Horia Geantă
> <horia.geanta@freescale.com> wrote:
>> On 3/3/2015 12:09 AM, Martin Hicks wrote:
>>>
>>> On Mon, Mar 02, 2015 at 03:37:28PM +0100, Milan Broz wrote:
>>>>
>>>> If crypto API allows to encrypt more sectors in one run
>>>> (handling IV internally) dmcrypt can be modified of course.
>>>>
>>>> But do not forget we can use another IV (not only sequential number)
>>>> e.g. ESSIV with XTS as well (even if it doesn't make much sense, some people
>>>> are using it).
>>>
>>> Interesting, I'd not considered using XTS with an IV other than plain/64.
>>> The talitos hardware would not support aes/xts in any mode other than
>>> plain/plain64 I don't think...Although perhaps you could push in an 8-byte
>>> IV and the hardware would interpret it as the sector #.
>>>
>>
>> For talitos, there are two cases:
>>
>> 1. request data size is <= data unit / sector size
>> talitos can handle any IV / tweak scheme
>>
>> 2. request data size > sector size
>> since talitos internally generates the IV for the next sector by
>> incrementing the previous IV, only IV schemes that allocate consecutive
>> IV to consecutive sectors will function correctly.
>>
>
> it's not clear to me that #1 is right. I guess it could be, but the
> IV length would be limited to 8 bytes.
Yes, there's a limitation in talitos wrt. XTS IV / tweak size - it's up
to 8 bytes.
So I guess ESSIV won't work with talitos-xts, since the encrypted IV
output is 16 bytes.
But as previously said, ESSIV breaks the XTS standard requirement for
having a consecutive IV for consecutive blocks. ESSIV should really be
used only with disk-level encryption schemes that require an
unpredictable IV.
>
> This also points out that claiming that the XTS IV size is 16 bytes,
> as my current patch does, could be problematic. It's handy because
> the first 8 bytes should contain a plain64 sector #, and the second
> u64 can be used to encode the sector size but it would be a mistake
> for someone to use the second 8 bytes for the rest of a 16byte IV.
XTS IV *is* 16 bytes. The fact that xts-talitos can handle only 8 bytes
is a problem indeed, but for plain and plain64 should not matter.
Horia
next prev parent reply other threads:[~2015-03-09 10:16 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-20 17:00 [PATCH 0/2] crypto: talitos: Add AES-XTS mode Martin Hicks
2015-02-20 17:00 ` Martin Hicks
2015-02-20 17:00 ` [PATCH 1/2] crypto: talitos: Clean ups and comment fixes for ablkcipher commands Martin Hicks
2015-02-20 17:00 ` Martin Hicks
2015-02-20 17:00 ` [PATCH 2/2] crypto: talitos: Add AES-XTS Support Martin Hicks
2015-02-20 17:00 ` Martin Hicks
2015-02-27 15:46 ` Horia Geantă
2015-02-27 15:46 ` Horia Geantă
2015-03-06 0:16 ` Kim Phillips
2015-03-06 0:16 ` Kim Phillips
2015-03-06 16:49 ` Martin Hicks
2015-03-06 16:49 ` Martin Hicks
2015-03-06 19:28 ` Martin Hicks
2015-03-06 19:28 ` Martin Hicks
2015-03-07 1:16 ` Kim Phillips
2015-03-07 1:16 ` Kim Phillips
2015-03-09 9:22 ` Horia Geantă
2015-03-09 9:22 ` Horia Geantă
2015-03-02 13:25 ` [PATCH 0/2] crypto: talitos: Add AES-XTS mode Horia Geantă
2015-03-02 13:25 ` Horia Geantă
2015-03-02 14:37 ` Milan Broz
2015-03-02 22:09 ` Martin Hicks
2015-03-02 22:09 ` Martin Hicks
2015-03-03 15:44 ` Horia Geantă
2015-03-03 15:44 ` Horia Geantă
2015-03-03 17:44 ` Martin Hicks
2015-03-03 17:44 ` Martin Hicks
2015-03-09 10:16 ` Horia Geantă [this message]
2015-03-09 10:16 ` Horia Geantă
2015-03-09 15:08 ` Martin Hicks
2015-03-09 15:08 ` Martin Hicks
2015-03-11 15:48 ` Horia Geantă
2015-03-11 15:48 ` Horia Geantă
2015-03-13 14:08 ` Martin Hicks
2015-03-13 14:08 ` Martin Hicks
2015-03-16 18:46 ` Horia Geantă
2015-03-16 18:46 ` Horia Geantă
2015-03-02 21:44 ` Martin Hicks
2015-03-02 21:44 ` Martin Hicks
2015-03-02 22:03 ` Martin Hicks
2015-03-02 22:03 ` Martin Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54FD72E4.1060701@freescale.com \
--to=horia.geanta@freescale.com \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mort@bork.org \
--cc=scottwood@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.