Re: [PATCH] crypto: morus - remove generic and x86 implementations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[+Cc Milan]

On Tue, Jun 25, 2019 at 04:52:54PM +0200, Ard Biesheuvel wrote:
> MORUS was not selected as a winner in the CAESAR competition, which
> is not surprising since it is considered to be cryptographically
> broken. (Note that this is not an implementation defect, but a flaw
> in the underlying algorithm). Since it is unlikely to be in use
> currently, let's remove it before we're stuck with it.
> 
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
>  arch/m68k/configs/amiga_defconfig     |    2 -
>  arch/m68k/configs/apollo_defconfig    |    2 -
>  arch/m68k/configs/atari_defconfig     |    2 -
>  arch/m68k/configs/bvme6000_defconfig  |    2 -
>  arch/m68k/configs/hp300_defconfig     |    2 -
>  arch/m68k/configs/mac_defconfig       |    2 -
>  arch/m68k/configs/multi_defconfig     |    2 -
>  arch/m68k/configs/mvme147_defconfig   |    2 -
>  arch/m68k/configs/mvme16x_defconfig   |    2 -
>  arch/m68k/configs/q40_defconfig       |    2 -
>  arch/m68k/configs/sun3_defconfig      |    2 -
>  arch/m68k/configs/sun3x_defconfig     |    2 -
>  arch/x86/crypto/Makefile              |   13 -
>  arch/x86/crypto/morus1280-avx2-asm.S  |  622 ---------
>  arch/x86/crypto/morus1280-avx2-glue.c |   66 -
>  arch/x86/crypto/morus1280-sse2-asm.S  |  896 -------------
>  arch/x86/crypto/morus1280-sse2-glue.c |   65 -
>  arch/x86/crypto/morus1280_glue.c      |  209 ---
>  arch/x86/crypto/morus640-sse2-asm.S   |  615 ---------
>  arch/x86/crypto/morus640-sse2-glue.c  |   65 -
>  arch/x86/crypto/morus640_glue.c       |  204 ---
>  crypto/Kconfig                        |   56 -
>  crypto/Makefile                       |    2 -
>  crypto/morus1280.c                    |  542 --------
>  crypto/morus640.c                     |  533 --------
>  crypto/testmgr.c                      |   12 -
>  crypto/testmgr.h                      | 1707 -------------------------
>  include/crypto/morus1280_glue.h       |   97 --
>  include/crypto/morus640_glue.h        |   97 --
>  include/crypto/morus_common.h         |   18 -
>  30 files changed, 5843 deletions(-)
>  delete mode 100644 arch/x86/crypto/morus1280-avx2-asm.S
>  delete mode 100644 arch/x86/crypto/morus1280-avx2-glue.c
>  delete mode 100644 arch/x86/crypto/morus1280-sse2-asm.S
>  delete mode 100644 arch/x86/crypto/morus1280-sse2-glue.c
>  delete mode 100644 arch/x86/crypto/morus1280_glue.c
>  delete mode 100644 arch/x86/crypto/morus640-sse2-asm.S
>  delete mode 100644 arch/x86/crypto/morus640-sse2-glue.c
>  delete mode 100644 arch/x86/crypto/morus640_glue.c
>  delete mode 100644 crypto/morus1280.c
>  delete mode 100644 crypto/morus640.c
>  delete mode 100644 include/crypto/morus1280_glue.h
>  delete mode 100644 include/crypto/morus640_glue.h
>  delete mode 100644 include/crypto/morus_common.h

Maybe include a link to the cryptanalysis paper
https://eprint.iacr.org/2019/172.pdf in the commit message, so people seeing
this commit can better understand the reasoning?

Otherwise this patch itself looks fine to me, though I'm a little concerned
we'll break someone actually using MORUS.  An alternate approach would be to
leave just the C implementation, and make it print a deprecation warning for a
year or two before actually removing it.  But I'm not sure that's needed, and it
might be counterproductive as it would allow more people to start using it.

>From a Google search I don't see any documentation floating around specifically
telling people to use MORUS with cryptsetup, other than an email on the dm-crypt
mailing list (https://www.spinics.net/lists/dm-crypt/msg07763.html) which
mentioned it alongside other options.  So hopefully there are at most a couple
odd adventurous users, who won't mind migrating their data to a new LUKS volume.

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux