Re: dm-crypt IV generation (summary)

2017-06-23 Thread Herbert Xu
On Thu, May 18, 2017 at 01:40:38PM +0200, Ondrej Mosnacek wrote: > > > Actually I think this one can probably easily handled in the crypto > > layer. All we need is to add a multikey template that sits on top > > of an underlying IV generator. The multikey instance can then accept > > a key

Re: dm-crypt IV generation (summary)

2017-05-18 Thread Ondrej Mosnacek
2017-04-07 8:12 GMT+02:00 Herbert Xu : > On Fri, Mar 10, 2017 at 02:44:26PM +0100, Ondrej Mosnacek wrote: >> >> ISSUES: >> a) The 'keycount' parameter. >> In order to support multi-key modes from Loop-AES, >> dm-crypt accepts a keycount

Re: dm-crypt IV generation (summary)

2017-04-07 Thread Herbert Xu
On Fri, Mar 10, 2017 at 02:44:26PM +0100, Ondrej Mosnacek wrote: > > ISSUES: > a) The 'keycount' parameter. > In order to support multi-key modes from Loop-AES, > dm-crypt accepts a keycount parameter which, if it != 1, causes > consecutive sectors to be encrypted with a

Re: dm-crypt IV generation (summary)

2017-04-06 Thread Mike Snitzer
On Thu, Apr 06 2017 at 5:29am -0400, Herbert Xu wrote: > On Fri, Mar 10, 2017 at 02:44:26PM +0100, Ondrej Mosnacek wrote: > > Hi all, > > > > I was tasked to post a summary the whole dm-crypt IV generation > > problem and all the suggested solutions along with

Re: dm-crypt IV generation (summary)

2017-04-06 Thread Herbert Xu
On Fri, Mar 10, 2017 at 02:44:26PM +0100, Ondrej Mosnacek wrote: > Hi all, > > I was tasked to post a summary the whole dm-crypt IV generation > problem and all the suggested solutions along with their drawbacks, so > here it goes... Thanks for the summary. It looks good to me. Something else

Re: dm-crypt IV generation (summary)

2017-03-13 Thread Mike Snitzer
On Fri, Mar 10 2017 at 8:44am -0500, Ondrej Mosnacek wrote: > Hi all, > > I was tasked to post a summary the whole dm-crypt IV generation > problem and all the suggested solutions along with their drawbacks, so > here it goes... Thanks for the summary. ... > 2. Restrict

dm-crypt IV generation (summary)

2017-03-10 Thread Ondrej Mosnacek
Hi all, I was tasked to post a summary the whole dm-crypt IV generation problem and all the suggested solutions along with their drawbacks, so here it goes... PROBLEM STATEMENT: Currently, dm-crypt uses a fixed 512-byte sector size and handles en-/decrypting of a bio by submitting a separate