From: Michael Heyse <mhk@designassembly.de>
To: kernel list <linux-kernel@vger.kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Subject: which one is broken: VIA padlock aes or aes_i586?
Date: Tue, 21 Feb 2006 13:27:50 +0100 [thread overview]
Message-ID: <43FB0746.5010200@designassembly.de> (raw)
Hi,
after upgrading the kernel from 2.6.12.5 to 2.6.16-rc4, decryption of my disk fails. As I am using the Nehemia's Padlock and aes-cbc-essiv, I guess this is the reason:
(from ChangeLog-2.6.13)
commit 476df259cd577e20379b02a7f7ffd086ea925a83
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed Jul 6 13:54:09 2005 -0700
[CRYPTO] Update IV correctly for Padlock CBC encryption
When the Padlock does CBC encryption, the memory pointed to by EAX is
not updated at all. Instead, it updates the value of EAX by pointing
it to the last block in the output. Therefore to maintain the correct
semantics we need to copy the IV.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This probably means, that the on-disk format has changed, and the new aes routine can't decrypt my data any more.
The strange thing is: if I disable the padlock driver and use the software-only aes_i586 module, I can read my disk with 2.6.16-rc4. So obviously one of the implementations produces wrong results (they are supposed to do the same thing, right?). So before I try to re-encrypt my disk: which one is doing it right?
Thanks,
Michael
next reply other threads:[~2006-02-21 12:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-21 12:27 Michael Heyse [this message]
2006-02-22 1:31 ` which one is broken: VIA padlock aes or aes_i586? Herbert Xu
2006-02-22 11:45 ` Herbert Xu
2006-02-22 12:05 ` Michael Heyse
2006-02-22 12:32 ` [SOLVED] " Michael Heyse
2006-02-22 12:43 ` Herbert Xu
2006-02-22 11:49 ` Michael Heyse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43FB0746.5010200@designassembly.de \
--to=mhk@designassembly.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox