On Mon, Jun 19, 2017 at 09:27:58AM +0200, David Gstir wrote: > From: Daniel Walter <dwalter@xxxxxxxxxxxxx> > > fscrypt provides facilities to use different encryption algorithms which > are selectable by userspace when setting the encryption policy. Currently, > only AES-256-XTS for file contents and AES-256-CBC-CTS for file names are > implemented. This is a clear case of kernel offers the mechanism and > userspace selects a policy. Similar to what dm-crypt and ecryptfs have. > > This patch adds support for using AES-128-CBC for file contents and > AES-128-CBC-CTS for file name encryption. To mitigate watermarking > attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is > actually slightly less secure than AES-XTS from a security point of view, > there is more widespread hardware support. Using AES-CBC gives us the > acceptable performance while still providing a moderate level of security > for persistent storage. > > Especially low-powered embedded devices with crypto accelerators such as > CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS > is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC > since it has less encryption rounds and yields noticeable better > performance starting from a file size of just a few kB. > > Signed-off-by: Daniel Walter <dwalter@xxxxxxxxxxxxx> > [david@xxxxxxxxxxxxx: addressed review comments] > Signed-off-by: David Gstir <david@xxxxxxxxxxxxx> > Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> Thanks, applied. - Ted
