On Mon, 12 Aug 2019 at 22:47, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > On Mon, Aug 12, 2019 at 05:53:19PM +0300, Ard Biesheuvel wrote: > > Instead of open coding the calculations for ESSIV handling, use a > > ESSIV skcipher which does all of this under the hood. > > > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> > > This looks fine (except for one comment below), but this heavily conflicts with > the fscrypt patches planned for v5.4. So I suggest moving this to the end of > the series and having Herbert take only 1-6, and I'll apply this one to the > fscrypt tree later. > I think the same applies to dm-crypt: at least patch #7 cannot be applied until my eboiv patch is applied there as well, but [Milan should confirm] I'd expect them to prefer taking those patches via the dm tree anyway. Herbert, what would you prefer: - taking a pull request from a [signed] tag based on v4.3-rc1 that contains patches #1, #4, #5 and #6, allowing Eric and Milan/Mike to merge it as well, and apply the respective fscrypt and dm-crypt changes on top - just take patches #1, #4, #5 and #6 as usual, and let the fscrypt and dm-crypt changes be reposted to the respective lists during the next cycle > > > --- > > fs/crypto/Kconfig | 1 + > > fs/crypto/crypto.c | 5 -- > > fs/crypto/fscrypt_private.h | 9 -- > > fs/crypto/keyinfo.c | 92 +------------------- > > 4 files changed, 4 insertions(+), 103 deletions(-) > > > > diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig > > index 5fdf24877c17..6f3d59b880b7 100644 > > --- a/fs/crypto/Kconfig > > +++ b/fs/crypto/Kconfig > > @@ -5,6 +5,7 @@ config FS_ENCRYPTION > > select CRYPTO_AES > > select CRYPTO_CBC > > select CRYPTO_ECB > > + select CRYPTO_ESSIV > > select CRYPTO_XTS > > select CRYPTO_CTS > > select KEYS > > In v5.3 I removed the 'select CRYPTO_SHA256', so now ESSIV shouldn't be selected > here either. Instead we should just update the documentation: > > diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst > index 82efa41b0e6c02..a1e2ab12a99943 100644 > --- a/Documentation/filesystems/fscrypt.rst > +++ b/Documentation/filesystems/fscrypt.rst > @@ -193,7 +193,8 @@ If unsure, you should use the (AES-256-XTS, AES-256-CTS-CBC) pair. > AES-128-CBC was added only for low-powered embedded devices with > crypto accelerators such as CAAM or CESA that do not support XTS. To > use AES-128-CBC, CONFIG_CRYPTO_SHA256 (or another SHA-256 > -implementation) must be enabled so that ESSIV can be used. > +implementation) and CONFIG_CRYPTO_ESSIV must be enabled so that ESSIV > +can be used. > > Adiantum is a (primarily) stream cipher-based mode that is fast even > on CPUs without dedicated crypto instructions. It's also a true