Re: [PATCH v2 1/4] crypto: essiv - create wrapper template for ESSIV generation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 19 Jun 2019 at 17:18, Ondrej Mosnáček <omosnacek@xxxxxxxxx> wrote:
>
> Hi Ard,
>
> ut 18. 6. 2019 o 23:28 Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> napísal(a):
> > Implement a template that wraps a (skcipher,cipher,shash) or
> > (aead,cipher,shash) tuple so that we can consolidate the ESSIV handling
> > in fscrypt and dm-crypt and move it into the crypto API. This will result
> > in better test coverage, and will allow future changes to make the bare
> > cipher interface internal to the crypto subsystem, in order to increase
> > robustness of the API against misuse.
> >
> > Note that especially the AEAD handling is a bit complex, and is tightly
> > coupled to the way dm-crypt combines AEAD based on the authenc() template
> > with the ESSIV handling.
>
> Wouldn't it work better to have a template only for skcipher and in
> dm-crypt just inject the essiv() template into the cipher string? For
> example: "authenc(hmac(sha256),cbc(aes))-essiv:sha256" ->
> "authenc(hmac(sha256),essiv(cbc(aes),aes,sha256))". That seems to me a
> much simpler hack. (But maybe I'm missing some issue in that
> approach...)
>

Unfortunately, that doesn't work. When using AEADs, dm-crypt also puts
the IV in the AAD area.




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux