On Thu, 20 Jun 2019 at 00:37, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > On Wed, Jun 19, 2019 at 06:29:21PM +0200, Ard Biesheuvel wrote: > > Add an accelerated version of the 'essiv(cbc(aes),aes,sha256)' > > skcipher, which is used by fscrypt, and in some cases, by dm-crypt. > > This avoids a separate call into the AES cipher for every invocation. > > > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > > I'm not sure we should bother with this, since fscrypt normally uses AES-256-XTS > for contents encryption. AES-128-CBC-ESSIV support was only added because > people wanted something that is fast on low-powered embedded devices with crypto > accelerators such as CAAM or CESA that don't support XTS. > > In the case of Android, the CDD doesn't even allow AES-128-CBC-ESSIV with > file-based encryption (fscrypt). It's still the default for "full disk > encryption" (which uses dm-crypt), but that's being deprecated. > > So maybe dm-crypt users will want this, but I don't think it's very useful for > fscrypt. > If nobody cares, we can drop it. I don't feel too strongly about this, and since it is on the mailinglist now, people will be able to find it and ask for it to be merged if they have a convincing use case.