[dm-devel] [PATCH v2 1/4] crypto: essiv - create wrapper template for ESSIV generation
Ard Biesheuvel
ard.biesheuvel at linaro.org
Wed Jun 19 15:45:13 UTC 2019
On Wed, 19 Jun 2019 at 17:18, Ondrej Mosnáček <omosnacek at gmail.com> wrote:
>
> Hi Ard,
>
> ut 18. 6. 2019 o 23:28 Ard Biesheuvel <ard.biesheuvel at linaro.org> napísal(a):
> > Implement a template that wraps a (skcipher,cipher,shash) or
> > (aead,cipher,shash) tuple so that we can consolidate the ESSIV handling
> > in fscrypt and dm-crypt and move it into the crypto API. This will result
> > in better test coverage, and will allow future changes to make the bare
> > cipher interface internal to the crypto subsystem, in order to increase
> > robustness of the API against misuse.
> >
> > Note that especially the AEAD handling is a bit complex, and is tightly
> > coupled to the way dm-crypt combines AEAD based on the authenc() template
> > with the ESSIV handling.
>
> Wouldn't it work better to have a template only for skcipher and in
> dm-crypt just inject the essiv() template into the cipher string? For
> example: "authenc(hmac(sha256),cbc(aes))-essiv:sha256" ->
> "authenc(hmac(sha256),essiv(cbc(aes),aes,sha256))". That seems to me a
> much simpler hack. (But maybe I'm missing some issue in that
> approach...)
>
Unfortunately, that doesn't work. When using AEADs, dm-crypt also puts
the IV in the AAD area.
More information about the dm-devel
mailing list