Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-11 Thread Ondrej Mosnáček
Hi Binoy, 2016-12-13 9:49 GMT+01:00 Binoy Jayan : > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be >

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-11 Thread Ondrej Mosnáček
Hi Binoy, 2016-12-13 9:49 GMT+01:00 Binoy Jayan : > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be > implemented in hardware for

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-04 Thread Binoy Jayan
Hi Herbert, On 2 January 2017 at 12:23, Herbert Xu wrote: > On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: > > Right. The actual number of underlying tfms that do the work > won't change compared to the status quo. We're just structuring > it such

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-04 Thread Binoy Jayan
Hi Herbert, On 2 January 2017 at 12:23, Herbert Xu wrote: > On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: > > Right. The actual number of underlying tfms that do the work > won't change compared to the status quo. We're just structuring > it such that if the overall scheme is

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-03 Thread Binoy Jayan
Hi Gilad, On 3 January 2017 at 19:53, Gilad Ben-Yossef wrote: > Good idea. I wanted to test the patch but alas it does not apply cleanly. > You seem to have a blank line at the end of files and other small > transgressions that makes checkpatch grumpy. I think that is

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-03 Thread Binoy Jayan
Hi Gilad, On 3 January 2017 at 19:53, Gilad Ben-Yossef wrote: > Good idea. I wanted to test the patch but alas it does not apply cleanly. > You seem to have a blank line at the end of files and other small > transgressions that makes checkpatch grumpy. I think that is because there were some

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-03 Thread Gilad Ben-Yossef
Hi Binoy, On Tue, Dec 13, 2016 at 02:19:09PM +0530, Binoy Jayan wrote: > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be >

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-03 Thread Gilad Ben-Yossef
Hi Binoy, On Tue, Dec 13, 2016 at 02:19:09PM +0530, Binoy Jayan wrote: > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be >

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Binoy Jayan
On 2 January 2017 at 12:23, Herbert Xu wrote: > On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: >> >> Even if ciphers are allocated this way, all the encryption requests >> for cbc should still go through IV generators? So that should mean, >> create one

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Binoy Jayan
On 2 January 2017 at 12:23, Herbert Xu wrote: > On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: >> >> Even if ciphers are allocated this way, all the encryption requests >> for cbc should still go through IV generators? So that should mean, >> create one instance of IV generator

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Herbert Xu
On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: > > Even if ciphers are allocated this way, all the encryption requests > for cbc should still go through IV generators? So that should mean, > create one instance of IV generator using 'crypto_alloc_skcipher' > and create tfms_count

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Herbert Xu
On Mon, Jan 02, 2017 at 12:16:45PM +0530, Binoy Jayan wrote: > > Even if ciphers are allocated this way, all the encryption requests > for cbc should still go through IV generators? So that should mean, > create one instance of IV generator using 'crypto_alloc_skcipher' > and create tfms_count

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Binoy Jayan
Hi Herbert, On 30 December 2016 at 15:57, Herbert Xu wrote: > This is just a matter of structuring the key for the IV generator. > The IV generator's key in this case should be a combination of the > key to the underlying CBC plus the set of all keys for the IV >

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2017-01-01 Thread Binoy Jayan
Hi Herbert, On 30 December 2016 at 15:57, Herbert Xu wrote: > This is just a matter of structuring the key for the IV generator. > The IV generator's key in this case should be a combination of the > key to the underlying CBC plus the set of all keys for the IV > generator itself. It should

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-30 Thread Herbert Xu
On Thu, Dec 29, 2016 at 02:53:25PM +0530, Binoy Jayan wrote: > > When we keep these in dm-crypt and if more than one key is used > (it is actually more than one parts of the original key), > there are more than one cipher instance created - one for each > unique part of the key. Since the crypto

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-30 Thread Herbert Xu
On Thu, Dec 29, 2016 at 02:53:25PM +0530, Binoy Jayan wrote: > > When we keep these in dm-crypt and if more than one key is used > (it is actually more than one parts of the original key), > there are more than one cipher instance created - one for each > unique part of the key. Since the crypto

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-29 Thread Binoy Jayan
Hi Herbert, Sorry for the delayed response, I was busy with testing dm-crypt with bonnie++ for regressions. I tried to find some alternative way to keep the IV algorithms' registration in the dm-crypt. Also there were some changes done in dm-crypt keys structure too recently. c538f6e dm crypt:

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-29 Thread Binoy Jayan
Hi Herbert, Sorry for the delayed response, I was busy with testing dm-crypt with bonnie++ for regressions. I tried to find some alternative way to keep the IV algorithms' registration in the dm-crypt. Also there were some changes done in dm-crypt keys structure too recently. c538f6e dm crypt:

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Herbert Xu
On Thu, Dec 22, 2016 at 04:25:12PM +0530, Binoy Jayan wrote: > > > It doesn't have to live outside of dm-crypt. You can register > > these IV generators from there if you really want. > > Sorry, but I didn't understand this part. What I mean is that moving the IV generators into the crypto API

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Herbert Xu
On Thu, Dec 22, 2016 at 04:25:12PM +0530, Binoy Jayan wrote: > > > It doesn't have to live outside of dm-crypt. You can register > > these IV generators from there if you really want. > > Sorry, but I didn't understand this part. What I mean is that moving the IV generators into the crypto API

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Binoy Jayan
Hi Herbert, On 22 December 2016 at 14:25, Herbert Xu wrote: > On Tue, Dec 13, 2016 at 11:01:08AM +0100, Milan Broz wrote: >> >> By the move everything to cryptoAPI we are basically introducing some >> strange mix >> of IV and modes there, I wonder how this is going

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Binoy Jayan
Hi Herbert, On 22 December 2016 at 14:25, Herbert Xu wrote: > On Tue, Dec 13, 2016 at 11:01:08AM +0100, Milan Broz wrote: >> >> By the move everything to cryptoAPI we are basically introducing some >> strange mix >> of IV and modes there, I wonder how this is going to be maintained. >> Anyway,

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Herbert Xu
On Tue, Dec 13, 2016 at 11:01:08AM +0100, Milan Broz wrote: > > By the move everything to cryptoAPI we are basically introducing some strange > mix > of IV and modes there, I wonder how this is going to be maintained. > Anyway, Herbert should say if it is ok... Well there is precedent in how do

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-22 Thread Herbert Xu
On Tue, Dec 13, 2016 at 11:01:08AM +0100, Milan Broz wrote: > > By the move everything to cryptoAPI we are basically introducing some strange > mix > of IV and modes there, I wonder how this is going to be maintained. > Anyway, Herbert should say if it is ok... Well there is precedent in how do

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-15 Thread Binoy Jayan
Hi Milan, On 13 December 2016 at 15:31, Milan Broz wrote: > I think that IV generators should not modify or read encrypted data directly, > it should only generate IV. I was trying to find more information about what you said and how a iv generator should be written. I saw

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-15 Thread Binoy Jayan
Hi Milan, On 13 December 2016 at 15:31, Milan Broz wrote: > I think that IV generators should not modify or read encrypted data directly, > it should only generate IV. I was trying to find more information about what you said and how a iv generator should be written. I saw two examples of IV

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Binoy Jayan
Hi Milan, Thank you for the reply. On 13 December 2016 at 15:31, Milan Broz wrote: > I really do not think the disk encryption key management should be moved > outside of dm-crypt. We cannot then change key structure later easily. Yes, I agree. but the key selection based

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Binoy Jayan
Hi Milan, Thank you for the reply. On 13 December 2016 at 15:31, Milan Broz wrote: > I really do not think the disk encryption key management should be moved > outside of dm-crypt. We cannot then change key structure later easily. Yes, I agree. but the key selection based on sector number

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Milan Broz
On 12/13/2016 09:49 AM, Binoy Jayan wrote: > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be > implemented in hardware for

Re: [RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Milan Broz
On 12/13/2016 09:49 AM, Binoy Jayan wrote: > Currently, the iv generation algorithms are implemented in dm-crypt.c. > The goal is to move these algorithms from the dm layer to the kernel > crypto layer by implementing them as template ciphers so they can be > implemented in hardware for

[RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Binoy Jayan
Currently, the iv generation algorithms are implemented in dm-crypt.c. The goal is to move these algorithms from the dm layer to the kernel crypto layer by implementing them as template ciphers so they can be implemented in hardware for performance. As part of this patchset, the iv-generation code

[RFC PATCH v2] crypto: Add IV generation algorithms

2016-12-13 Thread Binoy Jayan
Currently, the iv generation algorithms are implemented in dm-crypt.c. The goal is to move these algorithms from the dm layer to the kernel crypto layer by implementing them as template ciphers so they can be implemented in hardware for performance. As part of this patchset, the iv-generation code